last executing test programs: 9m43.773213211s ago: executing program 1 (id=1617): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008840) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x1, [{0xfe, 0x80000000}]}}) 9m42.058698292s ago: executing program 1 (id=1619): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) socket$inet(0x2, 0x1, 0x100) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}}) 9m35.763998297s ago: executing program 1 (id=1623): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a31000000000500010007000000180007800c00018008000140ffffffff0800"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 9m35.090391904s ago: executing program 1 (id=1627): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f51, 0x0, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000580)={@void, @void, @eth={@broadcast, @link_local, @val, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x17c1, 0x18, 0x0, @wg=@data}}}}}}, 0x6c) 9m34.619156194s ago: executing program 1 (id=1629): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008840) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x1, [{0xfe, 0x80000000}]}}) 9m32.72089477s ago: executing program 1 (id=1630): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$rtc(0xffffff9c, &(0x7f0000000040), 0xa200, 0x0) r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0xdc1b, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r7, &(0x7f0000000400)=""/4096, 0x1000) umount2(&(0x7f0000000100)='./file0\x00', 0x8) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x9) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000000)={0x7, 0x8, 0x80, 0x7, 0x0, "9e444feb197f9434861fdf43173722104ef280"}) 9m17.591933318s ago: executing program 32 (id=1630): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$rtc(0xffffff9c, &(0x7f0000000040), 0xa200, 0x0) r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0xdc1b, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r7, &(0x7f0000000400)=""/4096, 0x1000) umount2(&(0x7f0000000100)='./file0\x00', 0x8) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x9) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000000)={0x7, 0x8, 0x80, 0x7, 0x0, "9e444feb197f9434861fdf43173722104ef280"}) 6m47.119606707s ago: executing program 2 (id=1892): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r0 = socket(0x1, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8, 0x395, 0x5, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x20024010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$inet6(r0, 0x0, &(0x7f0000000280), 0x0) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) fcntl$getown(r0, 0x9) ptrace$cont(0x1f, r1, 0xc, 0x8001) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r4 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) socketpair$unix(0x1, 0x2, 0x0, 0x0) 6m44.055737223s ago: executing program 2 (id=1902): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @empty, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x4c}, 0x1c) 6m43.651602975s ago: executing program 2 (id=1904): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000000000f195"], 0x0}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0xe, 0x0, &(0x7f0000000080)="63b0328e46002e92e40ccbbd6865", 0x0, 0x8002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r5, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1}) ptrace(0x10, r2) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000009c0)=@newsa={0xec, 0x10, 0x5c3b37380d70341, 0x0, 0x0, {{@in6=@private1, @in6=@dev, 0xffff, 0x10}, {@in=@broadcast, 0x0, 0x3c}, @in=@remote, {0x0, 0x0, 0x3, 0x7}, {0x0, 0x1}, {0x0, 0x2}, 0x0, 0x0, 0xa}}, 0xec}}, 0x0) ptrace(0x10, r2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x108, 0x0, 0x0, 0x4) r7 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0) copy_file_range(0xffffffffffffffff, &(0x7f00000001c0)=0x18001, r7, 0x0, 0x5, 0x10000000000000) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="50000000100039047300000000000000004777dbd70dadc005ae1503fed7ead2e95915759a285ef259aac00000001a3a2f19968d97bea513d4f040163c9fd554a1f5211d01d6080bfb279d3b0f7f9761cfb21446be1380c67eb53360268f186cc0d2fbe16950cf030302ca5ab56db00130ef7318b71b2140e0e7802742aa5e608daad87fa2d0212d6dcbee52a852a4441adc219617154660242c672d95837ff2dfb6694331bf3b14fd46bbf8834cd68fa071be196c6e5d688b2758000007541c102509b8a0862c74fb99ee3706c5b2ac33ddb33dfddb227ab88c7f9da1fa5fb010d2360b35ca768cfbb556fc9a1da25a73c3c664958cd6183875a395c0ab3980b0336d6c99ed2940726ebad1059c4dd1ee7047c1cfbeda2979eaacf4c6eb77d4fa992f55c425403b42984de1a8", @ANYBLOB="0198000000000000300012800b0001006970366772650000200002801400060000000000000000000000ffff0a010100060011004e200000"], 0x50}}, 0x20000080) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f00000006c0)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x0) r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/udp\x00') pread64(r9, &(0x7f0000001600)=""/4103, 0x1007, 0x4b) 6m39.992709479s ago: executing program 2 (id=1907): mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1c1) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x2101015, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100419, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./cgroup\x00', 0x0, 0x2001015, 0x0) mount$9p_unix(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x80010, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x1000, 0x0) 6m39.652191383s ago: executing program 2 (id=1909): syz_clone3(0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @private}}}}}}, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x50) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x1e3003, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f0000000080)={0x4, 0x1, 0x17, 0x1, 0x100, &(0x7f0000000440)="387ed7626d850509a2d6c1aa38f15cd0c234cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88731b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d461d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a750ecb3421143c5c4ded0f06affc524dcf3418272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955582efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8ddbf5e20d604413ed2ddf9bcbf881caf811852806175d638909f6234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284a3e90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def9122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a7e58b4f8c6a1c6b9b5ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef72c5d42cece59181fcb5bad8c24bd9f8f78dd85b82831325501e80d899e9252f99d3a266639438ac5252d9bccff4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2b046c6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd600000013139929cefec965c0c761785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829ed0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1aa1ab704782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c413923167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29a814bd8fed1ab6d2846c73345962895d289ac718aacac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"}) 6m38.36291384s ago: executing program 2 (id=1913): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0x10, r0) ptrace$getregs(0xc, r0, 0x4, &(0x7f0000000040)=""/117) 6m37.771837526s ago: executing program 33 (id=1913): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0x10, r0) ptrace$getregs(0xc, r0, 0x4, &(0x7f0000000040)=""/117) 9.74078994s ago: executing program 5 (id=2982): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x800, &(0x7f0000000080)={0xa, 0x0, 0x2, @local, 0x9}, 0x1c) 9.567700872s ago: executing program 3 (id=2983): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000006b00000008000300", @ANYRES32=r2], 0x28}}, 0x0) 9.401642774s ago: executing program 3 (id=2984): close(0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmmsg$inet(r2, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0) 9.051676299s ago: executing program 4 (id=2987): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000000000f195"], 0x0}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0xe, 0x0, &(0x7f0000000080)="63b0328e46002e92e40ccbbd6865", 0x0, 0x8002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="50000000100039047300000000000000004777dbd70dadc005ae1503fed7ead2e95915759a285ef259aac00000001a3a2f19968d97bea513d4f040163c9fd554a1f5211d01d6080bfb279d3b0f7f9761cfb21446be1380c67eb53360268f186cc0d2fbe16950cf030302ca5ab56db00130ef7318b71b2140e0e7802742aa5e608daad87fa2d0212d6dcbee52a852a4441adc219617154660242c672d95837ff2dfb6694331bf3b14fd46bbf8834cd68fa071be196c6e5d688b2758000007541c102509b8a0862c74fb99ee3706c5b2ac33ddb33dfddb227ab88c7f9da1fa5fb010d2360b35ca768cfbb556fc9a1da25a73c3c664958cd6183875a395c0ab3980b0336d6c99ed2940726ebad1059c4dd1ee7047c1cfbeda2979eaacf4c6eb77d4fa992f55c425403b42984de1a8", @ANYBLOB="0198000000000000300012800b0001006970366772650000200002801400060000000000000000000000ffff0a010100060011004e200000"], 0x50}}, 0x20000080) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/udp\x00') pread64(r2, &(0x7f0000001600)=""/4103, 0x1007, 0x4b) 8.987627868s ago: executing program 4 (id=2988): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2c00c884}, 0x20048050) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0x5, 0x4, 0x2, 0x4, 0x5, 0x2234, 0x83, 0x81b, 0x800, 0x8, 0x0, 0x3, 0x7ed53619, 0x1, 0x2, 0x9644, 0x800004, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x10001, 0x790, 0x5, 0x1, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0xffffffff, 0x1, 0x3, 0x3, 0x5b1f, 0x7b0, 0x7, 0x100, 0x2, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x11ff, 0x80, 0x4, 0x7, 0x3, 0xa14, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x5, 0x10001, 0xf7, 0x3, 0xfffffef9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x3, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x6, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x7, 0x80000000, 0x7f, 0x7, 0x9, 0xff, 0x24, 0x5, 0x7, 0x6, 0x10007a, 0x8, 0x0, 0x7, 0x470, 0x7f, 0x6, 0x0, 0x1, 0x0, 0x4, 0x10009, 0x61, 0x200, 0x6, 0x2, 0x2, 0x6, 0x10001, 0x8, 0x7, 0x11, 0xda56, 0x7ffffffe, 0x80, 0x2f0cb955, 0x7, 0xfed, 0xf, 0x6ae, 0x9, 0xfffffffd, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0x9, 0x7, 0x8, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6b, 0x5, 0xf7800000, 0xac, 0x8, 0x3, 0x10, 0x9, 0x8, 0x80000001, 0x0, 0x74, 0x2, 0x7fffffff, 0x0, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x0, 0xa, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x5, 0xb, 0x399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x5, 0x2, 0x1, 0x7, 0x0, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x107e, 0x4, 0xec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xfffffeff, 0x5, 0x37f, 0x8, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x3, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xfffeffff, 0x2, 0x10000, 0xa6, 0x3, 0x10000, 0x1000, 0x4, 0x0, 0x3, 0x0, 0x3, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94b, 0x9, 0x8, 0x6, 0x100, 0x2, 0xffff, 0x4, 0x2, 0x3ff, 0x2, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7fff, 0x92, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0xffffff37, 0x3, 0x9, 0xc, 0xff, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xadd9, 0x1, 0x0, 0x7, 0x7fffffff, 0x40, 0x4, 0x0, 0x5, 0x4, 0x1, 0x8, 0x9, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x9, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x1, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x6, 0x0, 0x81, 0xfff80000, 0x0, 0x1, 0x6, 0x3, 0x7ef8, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x0, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0x4000fff, 0x8, 0x7, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x400003, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x8, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x9, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0xc000, 0xffffff97, 0x2, 0x40, 0x1, 0x40, 0x8, 0x3, 0x710, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0xfff, 0xe, 0x3, 0x9, 0xa, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x20000000, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0xb}, {0x6, 0x2, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x0, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x27, 0x0) 8.638059503s ago: executing program 5 (id=2989): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x15, 0x0, 0xb, 0xb, 0xfffffffe}) write$bt_hci(r0, &(0x7f0000000080)=ANY=[], 0x6) 8.42384547s ago: executing program 5 (id=2990): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x40882) 8.333545632s ago: executing program 5 (id=2991): syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, 0x0, 0x4080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000fc0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000001000)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 4.199520597s ago: executing program 5 (id=2993): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0xfffffffb, 0x4, 0x2, 0xffffffc0, 0x5, 0x2234, 0x7f, 0x81b, 0x800, 0x8, 0x0, 0x3, 0x7ed53619, 0x1, 0xff, 0x9644, 0x4, 0x58b, 0x852, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x10001, 0x790, 0x5, 0xab2, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0xffffffff, 0x1, 0x5, 0x1, 0x3ff, 0x7b0, 0x7, 0x100, 0x6, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x1ff, 0x80, 0x0, 0x7, 0x3, 0xa14, 0x3, 0x7, 0x80000000, 0x81, 0x7, 0x2f6, 0x5, 0x10001, 0xf7, 0x3, 0xfffffff9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x1, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x6, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x9, 0x0, 0x7f, 0x7, 0x863c, 0xff, 0x24, 0x5, 0xb, 0x6, 0x7a, 0x8, 0xffffffff, 0x8, 0x470, 0x7f, 0x6, 0x0, 0x1, 0x0, 0x4, 0x9, 0x61, 0x200, 0x6, 0x2, 0x2, 0x6, 0x10001, 0x8, 0x7, 0xf, 0xda56, 0x7ffffffe, 0x80, 0x8000, 0x7, 0xfed, 0xf, 0x6ae, 0x2, 0x1, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x5, 0x2, 0xfffffffb, 0x7, 0x8, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6b, 0x5, 0x0, 0xac, 0x9, 0x6, 0x10, 0x9, 0x80008, 0x80000001, 0x0, 0x74, 0x6, 0x7fffffff, 0x0, 0xa, 0xfffffc01, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x200, 0x9, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x5, 0xfca, 0x399d, 0x6, 0x8ab2, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x1000, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x4, 0x1, 0x5, 0x354d, 0x0, 0x2, 0x1, 0x7, 0x1, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7e, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x8004b75, 0x6, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1080, 0x4, 0x80000ec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xffffff01, 0x5, 0x381, 0x8, 0x6, 0x3, 0xb, 0x800, 0xd2f5, 0x40, 0x4, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xffffffff, 0x2, 0x10000, 0x2, 0x3, 0x10000, 0x5, 0x4, 0x0, 0x3, 0x0, 0xd, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94d, 0x9, 0x8, 0x6, 0x100, 0xec0, 0xffff, 0x4, 0x2, 0x3ff, 0x3e, 0xb827, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7ff, 0x92, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0x1, 0x3, 0x9, 0xc, 0x7, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x2, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xadd9, 0xe, 0x0, 0x7, 0x7fffffff, 0x2, 0x4, 0x0, 0x5, 0x4, 0x3, 0x8, 0x9, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x401, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x3, 0x1f6, 0x751, 0x7, 0x40000000, 0x4, 0xffffdbb7, 0x50, 0xf, 0xf, 0x7, 0x3, 0x7, 0x6, 0xfff80000, 0x7ff, 0xfffffffd, 0x6, 0x3, 0x8, 0x4, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x4, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x9, 0x40, 0x2, 0xfff, 0x8, 0x3, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x101, 0x6, 0x0, 0x1ff, 0x3, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x74, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x8, 0xffffff01, 0xc0a1, 0x2, 0x8, 0xa, 0x59, 0x9, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0x3, 0xffffff97, 0x2, 0xfff, 0x1, 0x40, 0x8, 0x3, 0x710, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0x3, 0xe, 0x10000, 0x9, 0x9, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x8, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0x5}, {0x6, 0x0, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x0, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) socket(0x2, 0x5, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) sendmmsg$inet(r4, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0) 4.199302087s ago: executing program 0 (id=2994): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') socket(0x1, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) socketpair$unix(0x1, 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 4.166922071s ago: executing program 3 (id=2995): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001c00010000000000000000a007000000", @ANYRES32, @ANYBLOB="400096040a000200aaaaaaaaaa0c"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001d000100050000060000000207000000", @ANYRES32=r1], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 4.115997128s ago: executing program 4 (id=2996): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000000000f195"], 0x0}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0xe, 0x0, &(0x7f0000000080)="63b0328e46002e92e40ccbbd6865", 0x0, 0x8002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="50000000100039047300000000000000004777dbd70dadc005ae1503fed7ead2e95915759a285ef259aac00000001a3a2f19968d97bea513d4f040163c9fd554a1f5211d01d6080bfb279d3b0f7f9761cfb21446be1380c67eb53360268f186cc0d2fbe16950cf030302ca5ab56db00130ef7318b71b2140e0e7802742aa5e608daad87fa2d0212d6dcbee52a852a4441adc219617154660242c672d95837ff2dfb6694331bf3b14fd46bbf8834cd68fa071be196c6e5d688b2758000007541c102509b8a0862c74fb99ee3706c5b2ac33ddb33dfddb227ab88c7f9da1fa5fb010d2360b35ca768cfbb556fc9a1da25a73c3c664958cd6183875a395c0ab3980b0336d6c99ed2940726ebad1059c4dd1ee7047c1cfbeda2979eaacf4c6eb77d4fa992f55c425403b42984de1a8", @ANYBLOB="0198000000000000300012800b0001006970366772650000200002801400060000000000000000000000ffff0a010100060011004e200000"], 0x50}}, 0x20000080) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/udp\x00') pread64(r2, &(0x7f0000001600)=""/4103, 0x1007, 0x4b) 3.811795827s ago: executing program 3 (id=2997): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, 0x0, 0x41) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000a40)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={&(0x7f0000001e00)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="0a000600080211000000000034002d800a00000001010101010100000a00000001010101010100000a000001010101010100000a0000000202020202020000"], 0xb0}, 0x1, 0x0, 0x0, 0x20008004}, 0x0) 3.681036894s ago: executing program 4 (id=2998): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x15, 0x0, 0xb, 0xb, 0xfffffffe}) write$bt_hci(r0, &(0x7f0000000080)=ANY=[], 0x6) 3.585567056s ago: executing program 0 (id=2999): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x40882) 3.359758376s ago: executing program 4 (id=3000): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c6572"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000380)="89e7ee0c7cdad9b4b47380c988cafbe863cac505", 0x14}, {&(0x7f0000000000)="cc965a9778d7", 0x6}, {&(0x7f0000000440)="38a3464d79fcee2c527818afef9c40b1d17d80ac12a5e0747c5e3c32f212", 0x1e}, {&(0x7f0000000500)="ebcc6a", 0x3}], 0x4) 3.359608545s ago: executing program 3 (id=3001): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x800, &(0x7f0000000080)={0xa, 0x0, 0x2, @local, 0x9}, 0x1c) 3.359429426s ago: executing program 0 (id=3002): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=ANY=[@ANYBLOB="340000001800dd8d00000000000000000200000000000005000000000600150006000000100016800c00088008000180040004003c"], 0x34}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a88000000060a0b040000000000000000020000005c000480580001800a000100696e6e657200000048000280080004400000000f0800014000000000241005800c0001007061796c6f6164001400028008000340000000b908000840000000010900010073797a30000000000900020073797a3200000000140000001100010000000000000000000300000a5748bd9c"], 0xb0}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x11, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000640)={0x34, r1, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8, 0x8f}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x31}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000100ffff0000000000000000850000007b00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0xcbfc0f2606956c3f, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r4, 0x0, 0x20008000) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 3.356654226s ago: executing program 5 (id=3003): close(0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0}}], 0x1, 0x0) 3.101022369s ago: executing program 0 (id=3004): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 2.411352188s ago: executing program 3 (id=3005): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2c00c884}, 0x20048050) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0x5, 0x4, 0x2, 0x4, 0x5, 0x2234, 0x83, 0x81b, 0x800, 0x8, 0x0, 0x3, 0x7ed53619, 0x1, 0x2, 0x9644, 0x800004, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x10001, 0x790, 0x5, 0x1, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0xffffffff, 0x1, 0x3, 0x3, 0x5b1f, 0x7b0, 0x7, 0x100, 0x2, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x11ff, 0x80, 0x4, 0x7, 0x3, 0xa14, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x5, 0x10001, 0xf7, 0x3, 0xfffffef9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x3, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x6, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x7, 0x80000000, 0x7f, 0x7, 0x9, 0xff, 0x24, 0x5, 0x7, 0x6, 0x10007a, 0x8, 0x0, 0x7, 0x470, 0x7f, 0x6, 0x0, 0x1, 0x0, 0x4, 0x10009, 0x61, 0x200, 0x6, 0x2, 0x2, 0x6, 0x10001, 0x8, 0x7, 0x11, 0xda56, 0x7ffffffe, 0x80, 0x2f0cb955, 0x7, 0xfed, 0xf, 0x6ae, 0x9, 0xfffffffd, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0x9, 0x7, 0x8, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6b, 0x5, 0xf7800000, 0xac, 0x8, 0x3, 0x10, 0x9, 0x8, 0x80000001, 0x0, 0x74, 0x2, 0x7fffffff, 0x0, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x0, 0xa, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x5, 0xb, 0x399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x5, 0x2, 0x1, 0x7, 0x0, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x107e, 0x4, 0xec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xfffffeff, 0x5, 0x37f, 0x8, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x3, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xfffeffff, 0x2, 0x10000, 0xa6, 0x3, 0x10000, 0x1000, 0x4, 0x0, 0x3, 0x0, 0x3, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94b, 0x9, 0x8, 0x6, 0x100, 0x2, 0xffff, 0x4, 0x2, 0x3ff, 0x2, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7fff, 0x92, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0xffffff37, 0x3, 0x9, 0xc, 0xff, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xadd9, 0x1, 0x0, 0x7, 0x7fffffff, 0x40, 0x4, 0x0, 0x5, 0x4, 0x1, 0x8, 0x9, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x9, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x1, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x6, 0x0, 0x81, 0xfff80000, 0x0, 0x1, 0x6, 0x3, 0x7ef8, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x0, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0x4000fff, 0x8, 0x7, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x400003, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x8, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x9, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0xc000, 0xffffff97, 0x2, 0x40, 0x1, 0x40, 0x8, 0x3, 0x710, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0xfff, 0xe, 0x3, 0x9, 0xa, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x20000000, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0xb}, {0x6, 0x2, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x0, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x27, 0x0) 2.155669632s ago: executing program 0 (id=3006): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000000000f195"], 0x0}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0xe, 0x0, &(0x7f0000000080)="63b0328e46002e92e40ccbbd6865", 0x0, 0x8002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="50000000100039047300000000000000004777dbd70dadc005ae1503fed7ead2e95915759a285ef259aac00000001a3a2f19968d97bea513d4f040163c9fd554a1f5211d01d6080bfb279d3b0f7f9761cfb21446be1380c67eb53360268f186cc0d2fbe16950cf030302ca5ab56db00130ef7318b71b2140e0e7802742aa5e608daad87fa2d0212d6dcbee52a852a4441adc219617154660242c672d95837ff2dfb6694331bf3b14fd46bbf8834cd68fa071be196c6e5d688b2758000007541c102509b8a0862c74fb99ee3706c5b2ac33ddb33dfddb227ab88c7f9da1fa5fb010d2360b35ca768cfbb556fc9a1da25a73c3c664958cd6183875a395c0ab3980b0336d6c99ed2940726ebad1059c4dd1ee7047c1cfbeda2979eaacf4c6eb77d4fa992f55c425403b42984de1a8", @ANYBLOB="0198000000000000300012800b0001006970366772650000200002801400060000000000000000000000ffff0a010100060011004e200000"], 0x50}}, 0x20000080) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/udp\x00') pread64(r2, &(0x7f0000001600)=""/4103, 0x1007, 0x4b) 2.004666221s ago: executing program 0 (id=3007): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2c00c884}, 0x20048050) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0x5, 0x4, 0x2, 0x4, 0x5, 0x2234, 0x83, 0x81b, 0x800, 0x8, 0x0, 0x3, 0x7ed53619, 0x1, 0x2, 0x9644, 0x800004, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x10001, 0x790, 0x5, 0x1, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0xffffffff, 0x1, 0x3, 0x3, 0x5b1f, 0x7b0, 0x7, 0x100, 0x2, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x11ff, 0x80, 0x4, 0x7, 0x3, 0xa14, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x5, 0x10001, 0xf7, 0x3, 0xfffffef9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x3, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x6, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x7, 0x80000000, 0x7f, 0x7, 0x9, 0xff, 0x24, 0x5, 0x7, 0x6, 0x10007a, 0x8, 0x0, 0x7, 0x470, 0x7f, 0x6, 0x0, 0x1, 0x0, 0x4, 0x10009, 0x61, 0x200, 0x6, 0x2, 0x2, 0x6, 0x10001, 0x8, 0x7, 0x11, 0xda56, 0x7ffffffe, 0x80, 0x2f0cb955, 0x7, 0xfed, 0xf, 0x6ae, 0x9, 0xfffffffd, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0x9, 0x7, 0x8, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6b, 0x5, 0xf7800000, 0xac, 0x8, 0x3, 0x10, 0x9, 0x8, 0x80000001, 0x0, 0x74, 0x2, 0x7fffffff, 0x0, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x0, 0xa, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x5, 0xb, 0x399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x5, 0x2, 0x1, 0x7, 0x0, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x107e, 0x4, 0xec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xfffffeff, 0x5, 0x37f, 0x8, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x3, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xfffeffff, 0x2, 0x10000, 0xa6, 0x3, 0x10000, 0x1000, 0x4, 0x0, 0x3, 0x0, 0x3, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94b, 0x9, 0x8, 0x6, 0x100, 0x2, 0xffff, 0x4, 0x2, 0x3ff, 0x2, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7fff, 0x92, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0xffffff37, 0x3, 0x9, 0xc, 0xff, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xadd9, 0x1, 0x0, 0x7, 0x7fffffff, 0x40, 0x4, 0x0, 0x5, 0x4, 0x1, 0x8, 0x9, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x9, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x1, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x6, 0x0, 0x81, 0xfff80000, 0x0, 0x1, 0x6, 0x3, 0x7ef8, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x0, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0x4000fff, 0x8, 0x7, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x400003, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x8, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x9, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0xc000, 0xffffff97, 0x2, 0x40, 0x1, 0x40, 0x8, 0x3, 0x710, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0xfff, 0xe, 0x3, 0x9, 0xa, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x20000000, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0xb}, {0x6, 0x2, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x0, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0) 0s ago: executing program 4 (id=3008): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') socket(0x1, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r3 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10}) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) socketpair$unix(0x1, 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): closed [ 364.007073][ T8446] vhci_hcd: connection closed [ 364.012051][ T8439] vhci_hcd: connection reset by peer [ 364.037164][ T11] vhci_hcd: release socket [ 364.041786][ T11] vhci_hcd: disconnect device [ 364.050512][ T11] vhci_hcd: stop threads [ 364.066458][ T11] vhci_hcd: release socket [ 364.076253][ T11] vhci_hcd: disconnect device [ 364.087470][ T11] vhci_hcd: stop threads [ 364.098879][ T11] vhci_hcd: release socket [ 364.109108][ T11] vhci_hcd: disconnect device [ 364.120193][ T11] vhci_hcd: stop threads [ 364.129089][ T11] vhci_hcd: release socket [ 364.141526][ T11] vhci_hcd: disconnect device [ 364.153598][ T11] vhci_hcd: stop threads [ 364.173679][ T11] vhci_hcd: release socket [ 364.187296][ T11] vhci_hcd: disconnect device [ 366.166395][ T8466] netlink: 8 bytes leftover after parsing attributes in process `syz.2.609'. [ 366.175922][ T8466] netlink: 'syz.2.609': attribute type 5 has an invalid length. [ 366.183847][ T8466] netlink: 20 bytes leftover after parsing attributes in process `syz.2.609'. [ 366.527324][ T51] Bluetooth: hci0: command tx timeout [ 368.334879][ T8479] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 369.020532][ T5889] vhci_hcd: vhci_device speed not set [ 369.662979][ T8497] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(14) [ 369.669720][ T8497] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 369.690275][ T8497] vhci_hcd vhci_hcd.0: Device attached [ 369.728091][ T8500] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(16) [ 369.734721][ T8500] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 369.799818][ T8500] vhci_hcd vhci_hcd.0: Device attached [ 369.870576][ T8497] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 369.923580][ T8497] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(20) [ 369.930218][ T8497] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 369.957220][ T5771] usb 37-1: new low-speed USB device number 12 using vhci_hcd [ 369.988458][ T8497] vhci_hcd vhci_hcd.0: Device attached [ 369.996020][ T8500] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(23) [ 370.002642][ T8500] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 370.057893][ T8500] vhci_hcd vhci_hcd.0: Device attached [ 370.091124][ T8497] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 370.140317][ T8500] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(25) [ 370.146953][ T8500] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 370.196729][ T8497] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 370.207412][ T8500] vhci_hcd vhci_hcd.0: Device attached [ 370.405547][ T8507] vhci_hcd: connection closed [ 370.405841][ T2933] vhci_hcd: stop threads [ 370.415644][ T8503] vhci_hcd: connection closed [ 370.418301][ T8505] vhci_hcd: connection closed [ 370.423237][ T8501] vhci_hcd: connection closed [ 370.437605][ T5813] usb usb40-port1: attempt power cycle [ 371.043875][ T2933] vhci_hcd: release socket [ 371.051698][ T8498] vhci_hcd: connection reset by peer [ 372.217181][ T2933] vhci_hcd: disconnect device [ 372.232027][ T2933] vhci_hcd: stop threads [ 372.236396][ T2933] vhci_hcd: release socket [ 373.083249][ T2933] vhci_hcd: disconnect device [ 373.088789][ T2933] vhci_hcd: stop threads [ 373.093094][ T2933] vhci_hcd: release socket [ 373.147260][ T2933] vhci_hcd: disconnect device [ 373.185592][ T2933] vhci_hcd: stop threads [ 373.222317][ T2933] vhci_hcd: release socket [ 373.244062][ T2933] vhci_hcd: disconnect device [ 373.255252][ T2933] vhci_hcd: stop threads [ 373.260691][ T2933] vhci_hcd: release socket [ 373.304837][ T2933] vhci_hcd: disconnect device [ 373.584074][ T8525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'. [ 373.668378][ T5813] usb usb40-port1: unable to enumerate USB device [ 374.887420][ T8544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.626'. [ 374.896707][ T8544] netlink: 'syz.0.626': attribute type 5 has an invalid length. [ 374.904609][ T8544] netlink: 20 bytes leftover after parsing attributes in process `syz.0.626'. [ 376.224505][ T8546] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(14) [ 376.231190][ T8546] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 376.289006][ T5771] vhci_hcd: vhci_device speed not set [ 377.207181][ T51] Bluetooth: hci0: command tx timeout [ 377.227712][ T8546] vhci_hcd vhci_hcd.0: Device attached [ 377.806136][ T8546] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 377.851090][ T8554] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(17) [ 377.857902][ T8554] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 377.881929][ T8554] vhci_hcd vhci_hcd.0: Device attached [ 377.917365][ T8546] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(21) [ 377.924042][ T8546] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 377.979660][ T8546] vhci_hcd vhci_hcd.0: Device attached [ 378.021197][ T8554] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 378.029585][ T6260] usb 39-1: new low-speed USB device number 15 using vhci_hcd [ 378.077403][ T8562] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(24) [ 378.084076][ T8562] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 378.177471][ T8562] vhci_hcd vhci_hcd.0: Device attached [ 378.192740][ T8566] vhci_hcd vhci_hcd.0: pdev(3) rhport(5) sockfd(23) [ 378.199468][ T8566] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 378.230903][ T8546] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 378.234245][ T8566] vhci_hcd vhci_hcd.0: Device attached [ 378.275976][ T8567] vhci_hcd: connection closed [ 378.276259][ T59] vhci_hcd: stop threads [ 378.297749][ T8563] vhci_hcd: connection closed [ 378.298180][ T8557] vhci_hcd: connection closed [ 378.299107][ T8555] vhci_hcd: connection closed [ 378.307852][ T59] vhci_hcd: release socket [ 378.326606][ T8550] vhci_hcd: connection reset by peer [ 378.333039][ T59] vhci_hcd: disconnect device [ 378.338264][ T59] vhci_hcd: stop threads [ 378.342759][ T59] vhci_hcd: release socket [ 378.348466][ T59] vhci_hcd: disconnect device [ 378.363332][ T59] vhci_hcd: stop threads [ 378.369070][ T59] vhci_hcd: release socket [ 378.373964][ T59] vhci_hcd: disconnect device [ 378.379441][ T59] vhci_hcd: stop threads [ 378.383730][ T59] vhci_hcd: release socket [ 378.397611][ T59] vhci_hcd: disconnect device [ 378.402817][ T59] vhci_hcd: stop threads [ 378.412643][ T59] vhci_hcd: release socket [ 378.417538][ T59] vhci_hcd: disconnect device [ 380.207947][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 380.214511][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.221333][ T8] usb usb38-port1: attempt power cycle [ 382.068415][ T8] usb usb38-port1: unable to enumerate USB device [ 382.361630][ T8601] netlink: 8 bytes leftover after parsing attributes in process `syz.0.644'. [ 383.187271][ T6260] vhci_hcd: vhci_device speed not set [ 383.507983][ T8611] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 383.609687][ T8609] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(17) [ 383.616375][ T8609] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 383.668560][ T8607] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(14) [ 383.675225][ T8607] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 383.684365][ T8609] vhci_hcd vhci_hcd.0: Device attached [ 383.703464][ T8607] vhci_hcd vhci_hcd.0: Device attached [ 383.765574][ T8607] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(16) [ 383.772209][ T8607] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 383.877280][ T8615] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(22) [ 383.883927][ T8615] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 383.891500][ T5771] vhci_hcd: vhci_device speed not set [ 383.917495][ T8607] vhci_hcd vhci_hcd.0: Device attached [ 383.929606][ T8609] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 383.947514][ T8615] vhci_hcd vhci_hcd.0: Device attached [ 383.953439][ T8622] netlink: 8 bytes leftover after parsing attributes in process `syz.3.645'. [ 383.963377][ T8622] netlink: 'syz.3.645': attribute type 5 has an invalid length. [ 383.984080][ T5771] usb 35-2: new full-speed USB device number 11 using vhci_hcd [ 384.004315][ T8607] vhci_hcd vhci_hcd.0: pdev(1) rhport(5) sockfd(24) [ 384.011044][ T8607] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 384.019335][ T8607] vhci_hcd vhci_hcd.0: Device attached [ 384.024916][ T8622] netlink: 20 bytes leftover after parsing attributes in process `syz.3.645'. [ 384.047400][ T8607] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 384.086010][ T8623] vhci_hcd: connection closed [ 384.086280][ T149] vhci_hcd: stop threads [ 384.105644][ T149] vhci_hcd: release socket [ 384.110644][ T8616] vhci_hcd: connection closed [ 384.111064][ T8619] vhci_hcd: connection closed [ 384.120718][ T8610] vhci_hcd: connection reset by peer [ 384.121033][ T8608] vhci_hcd: connection closed [ 384.139725][ T149] vhci_hcd: disconnect device [ 384.163972][ T149] vhci_hcd: stop threads [ 384.173793][ T149] vhci_hcd: release socket [ 384.181887][ T149] vhci_hcd: disconnect device [ 384.198180][ T149] vhci_hcd: stop threads [ 384.204085][ T149] vhci_hcd: release socket [ 384.218799][ T149] vhci_hcd: disconnect device [ 384.261144][ T149] vhci_hcd: stop threads [ 384.283196][ T149] vhci_hcd: release socket [ 384.290577][ T149] vhci_hcd: disconnect device [ 384.296188][ T149] vhci_hcd: stop threads [ 384.471095][ T149] vhci_hcd: release socket [ 384.497326][ T149] vhci_hcd: disconnect device [ 386.207311][ T51] Bluetooth: hci0: command tx timeout [ 387.197982][ T5820] usb usb40-port1: attempt power cycle [ 388.218033][ T5820] usb usb40-port1: unable to enumerate USB device [ 388.366682][ T8651] netlink: 8 bytes leftover after parsing attributes in process `syz.2.655'. [ 391.207359][ T5771] vhci_hcd: vhci_device speed not set [ 392.055397][ T8660] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14) [ 392.062079][ T8660] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 392.077866][ T8660] vhci_hcd vhci_hcd.0: Device attached [ 392.250386][ T8669] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 392.287430][ T8660] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(16) [ 392.294102][ T8660] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 392.353976][ T9] usb 33-1: new low-speed USB device number 12 using vhci_hcd [ 392.367435][ T8660] vhci_hcd vhci_hcd.0: Device attached [ 394.207641][ T8] usb usb36-port1: attempt power cycle [ 394.235333][ T8676] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 395.203353][ T8669] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(21) [ 395.210025][ T8669] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 395.224078][ T8676] vhci_hcd vhci_hcd.0: pdev(0) rhport(5) sockfd(29) [ 395.230779][ T8676] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 395.317817][ T8669] vhci_hcd vhci_hcd.0: Device attached [ 395.324336][ T8673] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(26) [ 395.330995][ T8673] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 395.343048][ T8676] vhci_hcd vhci_hcd.0: Device attached [ 395.349338][ T8673] vhci_hcd vhci_hcd.0: Device attached [ 395.358583][ T8660] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 395.398010][ T8685] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 395.458854][ T8] usb usb36-port1: unable to enumerate USB device [ 395.529558][ T8678] vhci_hcd: connection closed [ 395.529964][ T1077] vhci_hcd: stop threads [ 395.539439][ T8663] vhci_hcd: connection reset by peer [ 395.544991][ T8665] vhci_hcd: connection closed [ 395.545158][ T8672] vhci_hcd: connection closed [ 395.550944][ T8677] vhci_hcd: connection closed [ 395.589772][ T1077] vhci_hcd: release socket [ 395.627333][ T1077] vhci_hcd: disconnect device [ 395.637201][ T1077] vhci_hcd: stop threads [ 395.647164][ T1077] vhci_hcd: release socket [ 395.665118][ T1077] vhci_hcd: disconnect device [ 395.681157][ T1077] vhci_hcd: stop threads [ 395.693063][ T1077] vhci_hcd: release socket [ 395.722540][ T1077] vhci_hcd: disconnect device [ 395.749901][ T1077] vhci_hcd: stop threads [ 395.770117][ T1077] vhci_hcd: release socket [ 395.799648][ T1077] vhci_hcd: disconnect device [ 395.805962][ T1077] vhci_hcd: stop threads [ 395.812803][ T1077] vhci_hcd: release socket [ 395.818815][ T1077] vhci_hcd: disconnect device [ 399.687358][ T9] vhci_hcd: vhci_device speed not set [ 399.920258][ T8722] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(14) [ 399.927038][ T8722] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 399.947279][ T8722] vhci_hcd vhci_hcd.0: Device attached [ 399.978587][ T8722] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(16) [ 399.985271][ T8722] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 400.014873][ T8722] vhci_hcd vhci_hcd.0: Device attached [ 400.050155][ T8734] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 400.086473][ T8729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.674'. [ 400.096945][ T8733] Bluetooth: MGMT ver 1.22 [ 400.097896][ T8722] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(20) [ 400.108450][ T8722] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 400.147229][ T8722] vhci_hcd vhci_hcd.0: Device attached [ 400.161227][ T8734] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(23) [ 400.167897][ T8734] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 400.231318][ T8734] vhci_hcd vhci_hcd.0: Device attached [ 400.237338][ T6260] usb 37-1: new low-speed USB device number 13 using vhci_hcd [ 400.252690][ T8722] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 400.276841][ T8741] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(28) [ 400.283484][ T8741] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 400.331727][ T8741] vhci_hcd vhci_hcd.0: Device attached [ 400.335853][ T8722] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 400.537211][ T8742] vhci_hcd: connection closed [ 400.567480][ T59] vhci_hcd: stop threads [ 400.604754][ T8737] vhci_hcd: connection closed [ 400.609762][ T8735] vhci_hcd: connection closed [ 400.614750][ T8727] vhci_hcd: connection closed [ 400.620167][ T59] vhci_hcd: release socket [ 400.632650][ T8724] vhci_hcd: connection reset by peer [ 402.206945][ T5859] usb usb34-port1: attempt power cycle [ 403.225225][ T59] vhci_hcd: disconnect device [ 403.355938][ T59] vhci_hcd: stop threads [ 403.640009][ T59] vhci_hcd: release socket [ 403.722676][ T59] vhci_hcd: disconnect device [ 403.738302][ T5859] usb usb34-port1: unable to enumerate USB device [ 403.777193][ T59] vhci_hcd: stop threads [ 403.781522][ T59] vhci_hcd: release socket [ 403.820064][ T59] vhci_hcd: disconnect device [ 403.848726][ T59] vhci_hcd: stop threads [ 403.855439][ T59] vhci_hcd: release socket [ 403.860414][ T59] vhci_hcd: disconnect device [ 403.877240][ T59] vhci_hcd: stop threads [ 403.881572][ T59] vhci_hcd: release socket [ 403.908980][ T59] vhci_hcd: disconnect device [ 404.611262][ T8772] netlink: 32 bytes leftover after parsing attributes in process `syz.3.689'. [ 404.966193][ T8782] netlink: 8 bytes leftover after parsing attributes in process `syz.1.682'. [ 404.975236][ T8782] netlink: 'syz.1.682': attribute type 5 has an invalid length. [ 404.983472][ T8782] netlink: 20 bytes leftover after parsing attributes in process `syz.1.682'. [ 407.207634][ T6260] vhci_hcd: vhci_device speed not set [ 407.217236][ T51] Bluetooth: hci0: command tx timeout [ 408.262667][ T8798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.696'. [ 409.050960][ T5813] usb usb38-port1: attempt power cycle [ 412.266235][ T5813] usb usb38-port1: unable to enumerate USB device [ 415.261688][ T27] audit: type=1326 audit(1768346277.707:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8835 comm="syz.3.710" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x0 [ 416.269570][ T8855] netlink: 8 bytes leftover after parsing attributes in process `syz.1.708'. [ 416.278587][ T8855] netlink: 'syz.1.708': attribute type 5 has an invalid length. [ 417.034134][ T8855] netlink: 20 bytes leftover after parsing attributes in process `syz.1.708'. [ 417.327788][ T51] Bluetooth: hci0: command tx timeout [ 417.925628][ T8873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.719'. [ 425.515424][ T8915] netlink: 8 bytes leftover after parsing attributes in process `syz.0.729'. [ 425.525207][ T8915] netlink: 'syz.0.729': attribute type 5 has an invalid length. [ 425.533451][ T8915] netlink: 20 bytes leftover after parsing attributes in process `syz.0.729'. [ 426.219249][ T8927] netlink: 20 bytes leftover after parsing attributes in process `syz.3.739'. [ 426.527295][ T51] Bluetooth: hci0: command tx timeout [ 426.659202][ T8936] netlink: 8 bytes leftover after parsing attributes in process `syz.2.741'. [ 431.765005][ T8979] mkiss: ax0: crc mode is auto. [ 434.065919][ T8997] netlink: 8 bytes leftover after parsing attributes in process `syz.3.756'. [ 434.098320][ T8997] netlink: 'syz.3.756': attribute type 5 has an invalid length. [ 434.123825][ T8997] netlink: 20 bytes leftover after parsing attributes in process `syz.3.756'. [ 434.471803][ T9006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.766'. [ 436.047803][ T51] Bluetooth: hci0: command tx timeout [ 437.666541][ T9036] netlink: 8 bytes leftover after parsing attributes in process `syz.0.777'. [ 437.687338][ T9036] netlink: 'syz.0.777': attribute type 5 has an invalid length. [ 437.710766][ T9036] netlink: 20 bytes leftover after parsing attributes in process `syz.0.777'. [ 438.445809][ T9042] netlink: 8 bytes leftover after parsing attributes in process `syz.1.779'. [ 439.210889][ T9056] input: syz0 as /devices/virtual/input/input11 [ 439.763137][ T51] Bluetooth: hci0: command tx timeout [ 440.452570][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.459116][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.855573][ T9076] netlink: 8 bytes leftover after parsing attributes in process `syz.1.789'. [ 441.933190][ T9076] netlink: 'syz.1.789': attribute type 5 has an invalid length. [ 442.004324][ T9076] netlink: 20 bytes leftover after parsing attributes in process `syz.1.789'. [ 443.897160][ T51] Bluetooth: hci0: command tx timeout [ 444.204178][ T5889] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 444.399930][ T5889] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 444.408799][ T5889] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 444.427379][ T5889] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 444.447176][ T5889] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 444.466090][ T5889] usb 2-1: config 1 has no interface number 0 [ 444.477724][ T5889] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 444.487771][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.543718][ T5889] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 444.811247][ T5889] snd_usb_pod 2-1:1.1: endpoint not available, using fallback values [ 445.532778][ T5889] snd_usb_pod 2-1:1.1: invalid control EP [ 445.538936][ T5889] snd_usb_pod 2-1:1.1: cannot start listening: -22 [ 445.546098][ T5889] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 445.554107][ T5889] snd_usb_pod: probe of 2-1:1.1 failed with error -22 [ 445.564760][ T5889] usb 2-1: USB disconnect, device number 3 [ 445.879048][ T9128] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 445.885719][ T9128] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 445.929404][ T9128] vhci_hcd vhci_hcd.0: Device attached [ 446.187364][ T5813] usb 37-1: new low-speed USB device number 14 using vhci_hcd [ 446.505470][ T9134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.808'. [ 446.517505][ T9134] netlink: 'syz.0.808': attribute type 5 has an invalid length. [ 446.531855][ T9134] netlink: 20 bytes leftover after parsing attributes in process `syz.0.808'. [ 446.625849][ T9129] vhci_hcd: connection reset by peer [ 446.642805][ T59] vhci_hcd: stop threads [ 446.650594][ T59] vhci_hcd: release socket [ 446.667912][ T59] vhci_hcd: disconnect device [ 448.467263][ T51] Bluetooth: hci0: command tx timeout [ 451.327523][ T5813] vhci_hcd: vhci_device speed not set [ 453.830216][ T9196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.823'. [ 453.854438][ T9196] netlink: 'syz.3.823': attribute type 5 has an invalid length. [ 453.878758][ T9196] netlink: 20 bytes leftover after parsing attributes in process `syz.3.823'. [ 455.817735][ T51] Bluetooth: hci0: command tx timeout [ 456.680197][ T9222] netlink: 40 bytes leftover after parsing attributes in process `syz.2.840'. [ 459.804174][ T9248] netlink: 8 bytes leftover after parsing attributes in process `syz.3.845'. [ 459.814213][ T9248] netlink: 'syz.3.845': attribute type 5 has an invalid length. [ 459.859569][ T9248] netlink: 20 bytes leftover after parsing attributes in process `syz.3.845'. [ 459.906546][ T9250] netlink: 40 bytes leftover after parsing attributes in process `syz.1.849'. [ 461.807536][ T51] Bluetooth: hci0: command tx timeout [ 463.777466][ T9285] netlink: 40 bytes leftover after parsing attributes in process `syz.0.859'. [ 466.585297][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.864'. [ 466.594423][ T9311] netlink: 'syz.2.864': attribute type 5 has an invalid length. [ 466.602273][ T9311] netlink: 20 bytes leftover after parsing attributes in process `syz.2.864'. [ 468.527215][ T51] Bluetooth: hci0: command tx timeout [ 471.312203][ T9378] netlink: 8 bytes leftover after parsing attributes in process `syz.1.886'. [ 471.321293][ T9378] netlink: 'syz.1.886': attribute type 5 has an invalid length. [ 471.331707][ T9378] netlink: 20 bytes leftover after parsing attributes in process `syz.1.886'. [ 473.405736][ T51] Bluetooth: hci0: command tx timeout [ 473.643364][ T9394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.898'. [ 473.705459][ T9394] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 473.736027][ T9394] team0: Device ipvlan2 is already an upper device of the team interface [ 473.896770][ T9397] bond0: (slave veth0_to_hsr): Enslaving as an active interface with an up link [ 475.686732][ T9422] netlink: 12 bytes leftover after parsing attributes in process `syz.2.909'. [ 476.074707][ T9433] netlink: 8 bytes leftover after parsing attributes in process `syz.0.906'. [ 476.160200][ T9433] netlink: 'syz.0.906': attribute type 5 has an invalid length. [ 476.249406][ T9433] netlink: 20 bytes leftover after parsing attributes in process `syz.0.906'. [ 478.047178][ T51] Bluetooth: hci0: command tx timeout [ 479.166727][ T9454] netlink: 12 bytes leftover after parsing attributes in process `syz.3.921'. [ 479.359606][ T5771] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 479.567197][ T5771] usb 3-1: Using ep0 maxpacket: 32 [ 479.592607][ T5771] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 41, changing to 9 [ 479.641622][ T5771] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid maxpacket 1246, setting to 1024 [ 479.654325][ T5771] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB7, skipping [ 479.673129][ T5771] usb 3-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 479.682777][ T5771] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.692594][ T5771] usb 3-1: Product: syz [ 479.696853][ T5771] usb 3-1: Manufacturer: syz [ 479.702812][ T5771] usb 3-1: SerialNumber: syz [ 479.719813][ T5771] usb 3-1: config 0 descriptor?? [ 479.736480][ T9452] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 480.053977][ T9452] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 480.712388][ T5771] usb 3-1: USB disconnect, device number 2 [ 482.674165][ T9498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.932'. [ 482.686050][ T9498] netlink: 'syz.2.932': attribute type 5 has an invalid length. [ 482.698538][ T9498] netlink: 20 bytes leftover after parsing attributes in process `syz.2.932'. [ 484.527453][ T51] Bluetooth: hci0: command tx timeout [ 488.498184][ T9560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.950'. [ 488.570489][ T9560] netlink: 'syz.1.950': attribute type 5 has an invalid length. [ 488.734812][ T9560] netlink: 20 bytes leftover after parsing attributes in process `syz.1.950'. [ 490.447242][ T51] Bluetooth: hci0: command tx timeout [ 492.172238][ T9591] netlink: 32 bytes leftover after parsing attributes in process `syz.3.966'. [ 498.354720][ T9628] netlink: 8 bytes leftover after parsing attributes in process `syz.0.982'. [ 498.365094][ T9628] netlink: 'syz.0.982': attribute type 5 has an invalid length. [ 498.374393][ T9628] netlink: 20 bytes leftover after parsing attributes in process `syz.0.982'. [ 498.582993][ T9634] netlink: 32 bytes leftover after parsing attributes in process `syz.2.980'. [ 500.647617][ T51] Bluetooth: hci0: command tx timeout [ 501.122430][ T51] Bluetooth: hci2: unexpected event for opcode 0x0c25 [ 501.905043][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.156339][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.819034][ T9671] netlink: 32 bytes leftover after parsing attributes in process `syz.0.994'. [ 505.276096][ T9696] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1004'. [ 505.520656][ T9704] netlink: 8 bytes leftover after parsing attributes in process `syz.1.998'. [ 505.530919][ T9704] netlink: 'syz.1.998': attribute type 5 has an invalid length. [ 505.540485][ T9704] netlink: 20 bytes leftover after parsing attributes in process `syz.1.998'. [ 507.185484][ T51] Bluetooth: hci2: unexpected event for opcode 0x0c26 [ 507.203969][ T9727] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1014'. [ 507.537204][ T51] Bluetooth: hci0: command tx timeout [ 509.532958][ T9755] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 509.769748][ T9733] ksmbd: Unknown IPC event: 6, ignore. [ 510.121928][ T9758] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1022'. [ 510.131142][ T9758] netlink: 'syz.3.1022': attribute type 5 has an invalid length. [ 510.141303][ T9758] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1022'. [ 511.282288][ T9763] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1024'. [ 512.058563][ T51] Bluetooth: hci0: command tx timeout [ 512.067430][ T5889] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 512.299402][ T5889] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4 [ 512.338411][ T5889] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023 [ 512.378840][ T5889] usb 1-1: config 0 interface 0 has no altsetting 0 [ 512.408414][ T5889] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 512.424136][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 512.514695][ T5889] usb 1-1: Product: syz [ 512.526853][ T5889] usb 1-1: Manufacturer: syz [ 512.537000][ T5889] usb 1-1: SerialNumber: syz [ 512.552047][ T5889] usb 1-1: config 0 descriptor?? [ 512.642658][ T5889] usb 1-1: selecting invalid altsetting 0 [ 512.893897][ T6260] usb 1-1: USB disconnect, device number 5 [ 513.100751][ T9795] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 513.385700][ T9795] ksmbd: Unknown IPC event: 6, ignore. [ 513.717899][ T9800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1036'. [ 513.727314][ T9800] netlink: 'syz.1.1036': attribute type 5 has an invalid length. [ 513.759873][ T9800] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1036'. [ 516.247198][ T51] Bluetooth: hci0: command tx timeout [ 519.546256][ T9848] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 520.169369][ T9848] ksmbd: Unknown IPC event: 6, ignore. [ 521.157983][ T9871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1058'. [ 521.187316][ T9871] netlink: 'syz.3.1058': attribute type 5 has an invalid length. [ 521.197891][ T9871] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1058'. [ 523.087188][ T51] Bluetooth: hci0: command tx timeout [ 523.406922][ T9898] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 523.486740][ T9898] ksmbd: Unknown IPC event: 6, ignore. [ 524.986673][ T9913] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 525.311968][ T9913] ksmbd: Unknown IPC event: 6, ignore. [ 526.298861][ T9918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1077'. [ 526.328195][ T9918] netlink: 'syz.0.1077': attribute type 5 has an invalid length. [ 526.339808][ T9918] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1077'. [ 528.287909][ T51] Bluetooth: hci0: command tx timeout [ 529.039514][ T9959] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1095'. [ 532.004210][ T9977] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1102'. [ 532.103444][ T9984] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1104'. [ 532.186106][ T9986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1094'. [ 532.195994][ T9986] netlink: 'syz.1.1094': attribute type 5 has an invalid length. [ 532.204089][ T9986] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1094'. [ 533.134953][ T9995] XFS (nullb0): Invalid superblock magic number [ 533.683704][T10018] bridge0: entered promiscuous mode [ 533.691221][T10018] bridge0: left promiscuous mode [ 534.217309][ T51] Bluetooth: hci0: command tx timeout [ 534.225438][T10030] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1113'. [ 537.901905][T10073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1125'. [ 537.930839][T10073] netlink: 'syz.2.1125': attribute type 5 has an invalid length. [ 537.942584][T10073] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1125'. [ 538.717203][ T6266] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 538.941717][ T6266] usb 4-1: Using ep0 maxpacket: 8 [ 538.967273][ T6266] usb 4-1: config 0 interface 0 has no altsetting 0 [ 538.996725][ T6266] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 539.068025][ T6266] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.087855][ T6266] usb 4-1: config 0 descriptor?? [ 539.577361][ T6266] mcp2221 0003:04D8:00DD.0001: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 539.801619][ T6266] usb 4-1: USB disconnect, device number 3 [ 539.887353][ T51] Bluetooth: hci0: command tx timeout [ 541.533881][T10097] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2166916015 (4333832030 ns) > initial count (2654969024 ns). Using initial count to start timer. [ 544.659538][T10128] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1143'. [ 544.672636][T10128] netlink: 'syz.1.1143': attribute type 5 has an invalid length. [ 544.681136][T10128] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1143'. [ 547.107234][ T51] Bluetooth: hci0: command tx timeout [ 550.617178][ T5859] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 550.807186][ T5859] usb 4-1: Using ep0 maxpacket: 8 [ 550.815717][ T5859] usb 4-1: config 0 has an invalid interface number: 186 but max is 0 [ 550.834535][ T5859] usb 4-1: config 0 has no interface number 0 [ 550.841165][ T5859] usb 4-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 550.891894][ T5859] usb 4-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x9A, skipping [ 550.924224][ T5859] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 550.952556][ T5859] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 550.967136][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.983405][ T5859] usb 4-1: Product: syz [ 550.997510][ T5859] usb 4-1: Manufacturer: syz [ 551.017419][ T5859] usb 4-1: SerialNumber: syz [ 551.045668][ T5859] usb 4-1: config 0 descriptor?? [ 551.059133][ T5859] iowarrior 4-1:0.186: no interrupt-in endpoint found [ 551.415794][T10182] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1162'. [ 551.425296][T10182] netlink: 'syz.2.1162': attribute type 5 has an invalid length. [ 551.452106][T10182] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1162'. [ 552.725029][ T5859] usb 4-1: USB disconnect, device number 4 [ 553.215359][T10205] ntfs3: nullb0: Primary boot signature is not NTFS. [ 553.232606][T10205] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 553.541479][ T51] Bluetooth: hci0: command tx timeout [ 555.234374][T10228] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1178'. [ 555.257380][T10228] netlink: 'syz.3.1178': attribute type 5 has an invalid length. [ 555.321411][T10228] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1178'. [ 556.274294][T10239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1185'. [ 557.170686][ T51] Bluetooth: hci0: command tx timeout [ 560.621995][T10288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1198'. [ 560.631239][T10288] netlink: 'syz.1.1198': attribute type 5 has an invalid length. [ 560.639523][T10288] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1198'. [ 562.527153][ T51] Bluetooth: hci0: command tx timeout [ 562.877618][T10304] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1210'. [ 563.860990][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.867713][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 566.578671][T10334] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1220'. [ 567.747304][T10357] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1225'. [ 567.756391][T10357] netlink: 'syz.1.1225': attribute type 5 has an invalid length. [ 567.764258][T10357] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1225'. [ 567.844034][T10359] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 567.994761][T10359] bridge_slave_0: left allmulticast mode [ 568.022952][T10359] bridge_slave_0: left promiscuous mode [ 568.044640][T10359] bridge0: port 1(bridge_slave_0) entered disabled state [ 568.077539][T10359] bridge_slave_1: left allmulticast mode [ 568.083465][T10359] bridge_slave_1: left promiscuous mode [ 568.091433][T10359] bridge0: port 2(bridge_slave_1) entered disabled state [ 568.129834][T10359] bond0: (slave bond_slave_0): Releasing backup interface [ 568.165726][T10359] bond0: (slave bond_slave_1): Releasing backup interface [ 568.332416][T10359] team0: Port device team_slave_0 removed [ 568.514080][T10359] team0: Port device team_slave_1 removed [ 568.850583][T10359] team0: Port device geneve0 removed [ 568.888710][T10368] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1233'. [ 569.567165][ T51] Bluetooth: hci0: command tx timeout [ 569.946157][T10390] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1243'. [ 571.819904][T10417] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 571.917286][ T5889] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 571.945503][T10417] bridge_slave_0: left allmulticast mode [ 572.019015][T10417] bridge_slave_0: left promiscuous mode [ 572.082796][T10417] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.175113][T10417] bridge_slave_1: left allmulticast mode [ 572.206320][ T5889] usb 1-1: Using ep0 maxpacket: 16 [ 572.224286][ T5889] usb 1-1: config 0 has no interfaces? [ 572.230917][T10417] bridge_slave_1: left promiscuous mode [ 572.238011][ T5889] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 572.258258][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 572.266308][ T5889] usb 1-1: SerialNumber: syz [ 572.299072][ T5889] usb 1-1: config 0 descriptor?? [ 572.320722][T10417] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.556311][ T5889] usb 1-1: USB disconnect, device number 6 [ 572.631012][T10417] bond0: (slave bond_slave_0): Releasing backup interface [ 572.828994][T10417] bond0: (slave bond_slave_1): Releasing backup interface [ 573.073533][T10417] team0: Port device team_slave_0 removed [ 573.192250][T10417] team0: Port device team_slave_1 removed [ 573.201327][T10417] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 573.281981][T10417] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 573.292127][T10417] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 573.464242][T10417] team0: Port device geneve0 removed [ 573.584649][T10419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1247'. [ 573.631108][T10419] netlink: 'syz.1.1247': attribute type 5 has an invalid length. [ 573.677236][T10419] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1247'. [ 573.889846][ T51] Bluetooth: hci0: command tx timeout [ 573.933585][T10429] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1252'. [ 576.487195][T10462] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1261'. [ 580.413449][T10485] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1269'. [ 580.681756][T10487] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1270'. [ 581.107156][ T6266] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 581.329319][ T6266] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 581.427230][ T6266] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 581.458776][ T6266] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 581.488779][ T6266] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.558480][ T6266] usb 3-1: config 0 descriptor?? [ 581.824793][ T6266] usbhid 3-1:0.0: can't add hid device: -71 [ 581.831497][ T6266] usbhid: probe of 3-1:0.0 failed with error -71 [ 581.859371][ T6266] usb 3-1: USB disconnect, device number 3 [ 588.202012][T10536] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1282'. [ 588.846238][T10553] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1290'. [ 592.484236][T10573] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1296'. [ 598.132702][T10613] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1307'. [ 598.673531][T10619] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1305'. [ 598.682936][T10619] netlink: 'syz.3.1305': attribute type 5 has an invalid length. [ 598.694899][T10619] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1305'. [ 603.017477][T10668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1320'. [ 603.139116][T10668] netlink: 'syz.0.1320': attribute type 5 has an invalid length. [ 603.341376][T10668] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1320'. [ 604.614576][T10700] syzkaller0: entered promiscuous mode [ 604.627332][T10700] syzkaller0: entered allmulticast mode [ 607.702662][ T51] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 612.921436][T10769] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 621.375772][T10843] ubi31: attaching mtd0 [ 621.395476][T10843] ubi31 error: ubi_attach_mtd_dev: bad VID header (2) or data offsets (66) [ 622.927187][ T51] Bluetooth: hci0: command tx timeout [ 625.053193][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.065260][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.373686][T10877] syzkaller0: entered promiscuous mode [ 626.379568][T10877] syzkaller0: entered allmulticast mode [ 631.511704][T10922] netlink: 'syz.1.1405': attribute type 10 has an invalid length. [ 631.571580][T10922] 8021q: adding VLAN 0 to HW filter on device team0 [ 631.600480][T10925] netlink: 'syz.1.1405': attribute type 1 has an invalid length. [ 631.612725][T10922] bond0: (slave team0): Enslaving as an active interface with an up link [ 631.622563][T10924] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0 [ 631.642590][T10924] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.654345][T10922] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1405'. [ 631.666254][T10922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1405'. [ 634.197254][ T5889] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 634.387181][ T5889] usb 2-1: Using ep0 maxpacket: 32 [ 634.400473][ T5889] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 634.416293][ T5889] usb 2-1: config 155 interface 0 altsetting 0 has an invalid endpoint with address 0xE2, skipping [ 634.435891][ T5889] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 634.459112][ T5889] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 634.472388][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.481667][ T5889] usb 2-1: Product: syz [ 634.491011][ T5889] usb 2-1: Manufacturer: syz [ 634.495756][ T5889] usb 2-1: SerialNumber: syz [ 634.508907][ T5889] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 634.527845][ T5889] imon 2-1:155.0: unable to initialize intf0, err -19 [ 634.534989][ T5889] imon:imon_probe: failed to initialize context! [ 634.548512][ T5889] imon 2-1:155.0: unable to register, err -19 [ 635.500221][ T51] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 635.510019][ T51] Bluetooth: hci0: Injecting HCI hardware error event [ 635.520261][ T51] Bluetooth: hci0: hardware error 0x00 [ 635.570327][T10962] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 635.582707][T10962] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 256 - 0 [ 637.286777][ T6260] usb 2-1: USB disconnect, device number 4 [ 637.587552][ T51] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 638.948269][ T51] Bluetooth: hci1: unexpected event for opcode 0x0c23 [ 639.228085][T10997] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0 [ 639.288237][T10997] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.141024][T11085] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0 [ 651.150073][T11085] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.974738][ T27] audit: type=1326 audit(2000000016.870:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11107 comm="syz.3.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 653.587159][ T27] audit: type=1326 audit(2000000016.870:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11107 comm="syz.3.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 654.168187][T11127] MTD: Couldn't look up './file0': -15 [ 654.195178][T11127] netlink: 'syz.2.1470': attribute type 10 has an invalid length. [ 654.250720][T11127] syz_tun: entered promiscuous mode [ 654.308427][T11127] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 663.910720][ T27] audit: type=1326 audit(2000000027.810:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55be98f749 code=0x7ffc0000 [ 663.976911][ T27] audit: type=1326 audit(2000000027.810:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55be98f749 code=0x7ffc0000 [ 664.013833][ T27] audit: type=1326 audit(2000000027.850:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f55be98df90 code=0x7ffc0000 [ 664.059402][ T27] audit: type=1326 audit(2000000027.850:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55be98f34b code=0x7ffc0000 [ 664.105642][ T27] audit: type=1326 audit(2000000027.850:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55be98f34b code=0x7ffc0000 [ 664.150320][ T27] audit: type=1326 audit(2000000027.870:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55be98f34b code=0x7ffc0000 [ 664.183735][ T27] audit: type=1326 audit(2000000027.870:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55be98f34b code=0x7ffc0000 [ 664.237162][ T5771] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 664.260304][ T27] audit: type=1326 audit(2000000028.140:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55be98f34b code=0x7ffc0000 [ 664.300766][ T27] audit: type=1326 audit(2000000028.150:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55be98f34b code=0x7ffc0000 [ 664.429424][ T5771] usb 3-1: Using ep0 maxpacket: 32 [ 664.458401][ T27] audit: type=1326 audit(2000000028.360:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.2.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55be98f34b code=0x7ffc0000 [ 664.506021][ T5771] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 664.531069][ T5771] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 664.552660][ T5771] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 664.576078][ T5771] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.627624][ T5771] usb 3-1: config 0 descriptor?? [ 664.926469][ T5771] usbhid 3-1:0.0: can't add hid device: -71 [ 664.932992][ T5771] usbhid: probe of 3-1:0.0 failed with error -71 [ 664.958358][ T5771] usb 3-1: USB disconnect, device number 4 [ 668.695422][T11229] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 668.713960][T11229] random: crng reseeded on system resumption [ 668.985509][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 668.995318][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 671.657127][ T5889] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 673.027783][T11250] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1510'. [ 673.749015][T11260] netlink: 'syz.0.1514': attribute type 11 has an invalid length. [ 673.909661][T11262] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 678.737459][T11283] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1521'. [ 680.733817][T11305] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 680.942362][T11308] random: crng reseeded on system resumption [ 681.251004][ T9224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 681.277514][ T9224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 681.305263][T11312] "syz.0.1528" (11312) uses obsolete ecb(arc4) skcipher [ 683.489348][T11322] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1531'. [ 684.821886][ T51] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 685.251670][T11348] input: syz0 as /devices/virtual/input/input13 [ 686.212803][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 687.367168][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.377104][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 690.203476][T11382] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 690.241485][T11382] random: crng reseeded on system resumption [ 690.560539][ T9224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 690.577008][ T9224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 698.152700][T11444] loop5: detected capacity change from 0 to 7 [ 698.185726][T11149] Dev loop5: unable to read RDB block 7 [ 698.203980][T11149] loop5: AHDI p1 p2 p3 [ 698.212773][T11149] loop5: partition table partially beyond EOD, truncated [ 698.234937][T11149] loop5: p1 start 1601398130 is beyond EOD, truncated [ 698.257356][T11149] loop5: p2 start 1702059890 is beyond EOD, truncated [ 698.395409][T11448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1573'. [ 698.940813][T11444] Dev loop5: unable to read RDB block 7 [ 698.950418][T11444] loop5: AHDI p1 p2 p3 [ 698.956222][T11444] loop5: partition table partially beyond EOD, truncated [ 698.964647][T11444] loop5: p1 start 1601398130 is beyond EOD, truncated [ 698.978522][T11444] loop5: p2 start 1702059890 is beyond EOD, truncated [ 700.596330][T11466] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 700.644726][T11466] random: crng reseeded on system resumption [ 700.981691][ T9224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 701.023756][ T9224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 701.371488][T11481] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1582'. [ 701.567247][T11486] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1583' sets config #4095 [ 701.769573][T11488] afs: Unknown parameter 'dyn¼U' [ 708.114569][T11510] 9pnet_virtio: no channels available for device syz [ 708.171122][T11510] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 708.221190][T11510] overlayfs: overlapping lowerdir path [ 708.334794][T11514] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1591'. [ 712.577675][T11535] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1597'. [ 713.136025][T11540] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1600'. [ 713.317834][T11546] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1598'. [ 713.327101][T11546] netlink: 'syz.1.1598': attribute type 5 has an invalid length. [ 713.334921][T11546] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1598'. [ 718.281189][T11569] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1611'. [ 718.525198][T11577] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1620'. [ 721.656559][T11593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1613'. [ 721.666489][T11593] netlink: 'syz.3.1613': attribute type 5 has an invalid length. [ 722.321267][T11593] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1613'. [ 734.043039][T11652] 9pnet_virtio: no channels available for device syz [ 734.117307][T11652] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 734.137734][T11652] overlayfs: overlapping lowerdir path [ 746.829238][T11717] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1650'. [ 747.652347][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.667078][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.042380][T11364] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 748.052826][T11364] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 748.069006][T11364] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 748.077427][T11364] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 748.087844][T11364] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 748.101300][T11364] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 748.789059][T11647] bond0: (slave syz_tun): Releasing backup interface [ 750.207137][T10959] Bluetooth: hci4: command tx timeout [ 752.255702][ T149] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.266574][ T149] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 752.413037][ T149] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.432007][ T149] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 752.595261][ T149] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.615574][ T149] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 752.687126][T10959] Bluetooth: hci4: command tx timeout [ 752.702870][T11731] chnl_net:caif_netlink_parms(): no params data found [ 753.120292][T11731] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.172732][T11731] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.200039][T11731] bridge_slave_0: entered allmulticast mode [ 753.261924][T11731] bridge_slave_0: entered promiscuous mode [ 753.303320][T11731] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.357318][T11731] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.397352][T11731] bridge_slave_1: entered allmulticast mode [ 753.404929][T11731] bridge_slave_1: entered promiscuous mode [ 753.674588][T11731] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 753.747924][T11731] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 754.022417][T11779] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1666'. [ 754.132546][ T149] tipc: Left network mode [ 754.178438][T11731] team0: Port device team_slave_0 added [ 754.195222][T11731] team0: Port device team_slave_1 added [ 754.373234][ T27] kauditd_printk_skb: 12 callbacks suppressed [ 754.373255][ T27] audit: type=1326 audit(2000000118.240:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.0.1667" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f718878f749 code=0x0 [ 754.640132][T11731] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 754.677235][T11731] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 754.857347][T10959] Bluetooth: hci4: command tx timeout [ 754.884302][T11731] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 754.898493][T11731] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 754.905635][T11731] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 756.682791][T11731] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 756.987057][T10959] Bluetooth: hci4: command tx timeout [ 758.708705][T11731] hsr_slave_0: entered promiscuous mode [ 758.740841][T11731] hsr_slave_1: entered promiscuous mode [ 758.794282][T11731] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 758.807370][T11731] Cannot create hsr debugfs directory [ 760.114194][ T149] hsr_slave_0: left promiscuous mode [ 760.138509][ T149] hsr_slave_1: left promiscuous mode [ 760.151176][ T149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 760.174216][ T149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 760.192855][ T149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 760.212773][ T149] bridge_slave_1: left allmulticast mode [ 760.219884][ T149] bridge_slave_1: left promiscuous mode [ 760.249468][ T149] bridge0: port 2(bridge_slave_1) entered disabled state [ 760.305791][ T149] bridge_slave_0: left allmulticast mode [ 760.324782][ T149] bridge_slave_0: left promiscuous mode [ 760.348061][ T149] bridge0: port 1(bridge_slave_0) entered disabled state [ 760.597234][ T149] veth1_macvtap: left promiscuous mode [ 760.603473][ T149] veth0_macvtap: left promiscuous mode [ 760.676712][ T149] veth1_vlan: left promiscuous mode [ 760.682883][ T149] veth0_vlan: left promiscuous mode [ 761.749160][ T149] team0 (unregistering): Port device geneve0 removed [ 762.843858][ T149] team0 (unregistering): Port device team_slave_1 removed [ 762.935275][ T149] team0 (unregistering): Port device team_slave_0 removed [ 763.043061][ T149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 763.136218][ T149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 765.814272][ T149] bond0 (unregistering): (slave team0): Releasing backup interface [ 766.105356][ T149] bond0 (unregistering): Released all slaves [ 766.393079][T11871] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1680'. [ 766.432976][T11731] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 766.501312][T11731] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 766.560896][T11731] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 766.635388][T11731] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 767.059614][T11731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 767.149275][T11731] 8021q: adding VLAN 0 to HW filter on device team0 [ 767.223541][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 767.230947][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 767.309970][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 767.317945][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 768.570335][T11731] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 772.717304][T11731] veth0_vlan: entered promiscuous mode [ 772.741357][T11731] veth1_vlan: entered promiscuous mode [ 772.861500][T11731] veth0_macvtap: entered promiscuous mode [ 772.890015][T11731] veth1_macvtap: entered promiscuous mode [ 772.930861][T11731] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 772.945474][T11731] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 772.956898][T11731] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.966274][T11731] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.981389][T11731] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.990867][T11731] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.120303][ T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 773.141282][ T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 773.170133][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 773.181488][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 775.795360][T11999] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1694'. [ 779.239339][T12011] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 780.410842][T12038] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 780.489316][T12029] syzkaller0: entered promiscuous mode [ 780.495122][T12029] syzkaller0: entered allmulticast mode [ 787.987188][T12105] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1714'. [ 791.790114][T12129] fuse: Unknown parameter 'use00000000000000000000' [ 793.477256][ T6266] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 793.818749][ T6266] usb 5-1: Using ep0 maxpacket: 8 [ 793.885059][ T6266] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 793.951741][ T6266] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 793.986855][ T6266] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 794.025066][ T6266] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 794.175510][ T6266] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 794.228261][ T6266] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.810984][ T6266] usb 5-1: GET_CAPABILITIES returned 0 [ 794.854703][ T6266] usbtmc 5-1:16.0: can't read capabilities [ 795.040487][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 795.094250][ T5813] usb 5-1: USB disconnect, device number 2 [ 800.688195][T12186] syz.4.1735 (12186) used greatest stack depth: 17960 bytes left [ 802.517371][T12212] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1741'. [ 805.552214][T12231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1743'. [ 809.358785][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.365375][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 818.223387][T12315] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 818.240091][T12314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1755'. [ 818.304862][T12314] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1755'. [ 818.714685][T12314] geneve2: entered promiscuous mode [ 818.781268][T12314] geneve2: entered allmulticast mode [ 822.219837][T12346] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1763'. [ 832.137206][ T5889] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 832.351380][ T5889] usb 1-1: Using ep0 maxpacket: 16 [ 832.397844][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 832.441458][ T5889] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 832.482818][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 832.517046][ T5889] usb 1-1: Product: syz [ 832.535970][ T5889] usb 1-1: Manufacturer: syz [ 832.557023][ T5889] usb 1-1: SerialNumber: syz [ 832.648704][ T5889] usb 1-1: config 0 descriptor?? [ 832.689360][ T5889] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 832.726260][ T5889] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 832.930033][T12432] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1774'. [ 835.319608][ T5889] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 835.447434][ T5889] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 836.320176][ T5889] em28xx 1-1:0.0: board has no eeprom [ 837.267428][ T5889] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 837.275351][ T5889] em28xx 1-1:0.0: dvb set to bulk mode. [ 837.362222][T11922] em28xx 1-1:0.0: Binding DVB extension [ 837.373730][ T5889] usb 1-1: USB disconnect, device number 8 [ 837.407093][T12468] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1785'. [ 837.465382][ T5889] em28xx 1-1:0.0: Disconnecting em28xx [ 837.483860][T12468] IPv6: Can't replace route, no match found [ 837.690953][T11922] em28xx 1-1:0.0: Registering input extension [ 837.728349][ T5889] em28xx 1-1:0.0: Closing input extension [ 837.865312][ T5889] em28xx 1-1:0.0: Freeing device [ 845.963168][ T27] audit: type=1326 audit(2000000209.860:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 846.080177][ T27] audit: type=1326 audit(2000000209.890:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 846.113895][ T27] audit: type=1326 audit(2000000209.910:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 846.138006][T12544] pim6reg: entered allmulticast mode [ 846.171882][ T27] audit: type=1326 audit(2000000209.910:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 846.224495][ T27] audit: type=1326 audit(2000000209.920:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 846.303173][ T27] audit: type=1326 audit(2000000209.940:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 846.356213][ T27] audit: type=1326 audit(2000000209.940:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 846.547063][ T27] audit: type=1326 audit(2000000209.940:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 846.632397][ T27] audit: type=1326 audit(2000000209.940:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 846.752474][ T27] audit: type=1326 audit(2000000209.940:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.3.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8878f749 code=0x7ffc0000 [ 847.150916][T12571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1805'. [ 847.291570][T12571] netlink: 'syz.0.1805': attribute type 5 has an invalid length. [ 847.445804][T12571] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1805'. [ 847.622523][T12571] geneve3: entered promiscuous mode [ 847.690350][T12571] geneve3: entered allmulticast mode [ 848.015626][T12584] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1810'. [ 855.897954][T12643] nfs4: Unknown parameter 'rd}aMT±w½¢Â ÄùçZ½ÄÃàˆZã_ªÍ{¥]â#ŒÞÜ‘Þþ#:39«Ý86@Á{' [ 857.831671][T12657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1822'. [ 857.850656][T12657] netlink: 'syz.3.1822': attribute type 5 has an invalid length. [ 857.860168][T12657] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1822'. [ 860.482319][T12657] geneve3: entered promiscuous mode [ 860.528313][T12657] geneve3: entered allmulticast mode [ 862.386298][T12676] nfs4: Unknown parameter 'rd}aMT±w½¢Â ÄùçZ½ÄÃàˆZã_ªÍ{¥]â#ŒÞÜ‘Þþ#:39«Ý86@Á{' [ 862.847060][T10959] Bluetooth: hci4: command tx timeout [ 864.448673][T12695] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1839'. [ 864.474171][T12695] netlink: 'syz.0.1839': attribute type 5 has an invalid length. [ 864.540450][T12695] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1839'. [ 864.564952][T12695] geneve4: entered promiscuous mode [ 864.570987][T12695] geneve4: entered allmulticast mode [ 869.886719][T12723] hub 8-0:1.0: USB hub found [ 869.946661][T12729] nfs4: Unknown parameter 'rd}aMT±w½¢Â ÄùçZ½ÄÃàˆZã_ªÍ{¥]â#ŒÞÜ‘Þþ#:39«Ý86@Á{' [ 870.776183][T12723] hub 8-0:1.0: 1 port detected [ 870.803882][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.837103][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.235752][T12738] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1847'. [ 874.499182][T10959] Bluetooth: hci4: command 0x0406 tx timeout [ 876.635519][ T27] kauditd_printk_skb: 12 callbacks suppressed [ 876.635536][ T27] audit: type=1326 audit(2000000240.530:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.0.1853" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f718878f749 code=0x0 [ 876.719076][T12773] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1853'. [ 877.654518][T12783] nfs4: Unknown parameter 'rd}aMT±w½¢Â ÄùçZ½ÄÃàˆZã_ªÍ{¥]â#ŒÞÜ‘Þþ#:39«Ý86@Á{' [ 883.691701][T12812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1863'. [ 884.272625][T12812] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 884.282143][T12812] team0: Device ipvlan0 is already an upper device of the team interface [ 884.404826][T12811] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1862'. [ 884.441968][T12811] netlink: 'syz.4.1862': attribute type 5 has an invalid length. [ 884.487158][T12811] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1862'. [ 884.544676][T12811] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 884.567034][T12811] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 884.577180][T12811] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 884.587326][T12811] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 884.608224][T12811] geneve3: entered promiscuous mode [ 884.637100][T12811] geneve3: entered allmulticast mode [ 885.547109][ T27] audit: type=1326 audit(2000000249.200:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12817 comm="syz.3.1866" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3e8878f749 code=0x0 [ 885.659348][T12818] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1866'. [ 888.964711][ T27] audit: type=1326 audit(2000000252.860:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12826 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f718878f749 code=0x7ffc0000 [ 889.005845][ T27] audit: type=1326 audit(2000000252.860:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12826 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f718872b829 code=0x7ffc0000 [ 889.028444][ C0] vkms_vblank_simulate: vblank timer overrun [ 889.037017][ T27] audit: type=1326 audit(2000000252.860:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12826 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f718872b829 code=0x7ffc0000 [ 889.059436][ C0] vkms_vblank_simulate: vblank timer overrun [ 889.070127][ T27] audit: type=1326 audit(2000000252.860:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12826 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f718872b829 code=0x7ffc0000 [ 889.092362][ C0] vkms_vblank_simulate: vblank timer overrun [ 889.104062][ T27] audit: type=1326 audit(2000000252.860:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12826 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f718872b829 code=0x7ffc0000 [ 889.126595][ C0] vkms_vblank_simulate: vblank timer overrun [ 889.141452][ T27] audit: type=1326 audit(2000000252.860:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12826 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f718872b829 code=0x7ffc0000 [ 889.171342][ T27] audit: type=1326 audit(2000000252.860:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12826 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f718872b829 code=0x7ffc0000 [ 889.193736][ C0] vkms_vblank_simulate: vblank timer overrun [ 889.204232][ T27] audit: type=1326 audit(2000000252.860:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12826 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f718872b829 code=0x7ffc0000 [ 889.226837][ C0] vkms_vblank_simulate: vblank timer overrun [ 889.241120][ T27] audit: type=1326 audit(2000000252.860:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12826 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f718872b829 code=0x7ffc0000 [ 892.322777][ T27] kauditd_printk_skb: 63 callbacks suppressed [ 892.322791][ T27] audit: type=1326 audit(2000000256.220:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12867 comm="syz.2.1878" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f55be98f749 code=0x0 [ 892.458919][T12875] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1878'. [ 893.186588][T12882] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1882'. [ 893.272693][T12882] bridge0: entered allmulticast mode [ 893.652887][T12888] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1879'. [ 893.688186][T12888] netlink: 'syz.0.1879': attribute type 5 has an invalid length. [ 893.743307][T12888] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1879'. [ 893.845105][T12890] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1880'. [ 893.909910][T12890] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 893.919984][T12890] team0: Device ipvlan2 is already an upper device of the team interface [ 896.765939][ T27] audit: type=1326 audit(2000000260.660:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.1891" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba818f749 code=0x0 [ 896.871499][T12919] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1891'. [ 897.558497][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1893'. [ 897.745298][T12922] bridge0: entered allmulticast mode [ 897.782556][T12922] bridge_slave_1: left allmulticast mode [ 897.801751][T12922] bridge_slave_1: left promiscuous mode [ 897.814057][T12922] bridge0: port 2(bridge_slave_1) entered disabled state [ 897.855475][T12922] bridge_slave_0: left allmulticast mode [ 897.927105][T12922] bridge_slave_0: left promiscuous mode [ 897.948689][T12922] bridge0: port 1(bridge_slave_0) entered disabled state [ 900.796401][T12954] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1900'. [ 900.823571][T12954] netlink: 'syz.3.1900': attribute type 5 has an invalid length. [ 900.886436][T12954] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1900'. [ 900.999389][T12962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1901'. [ 901.254228][T12962] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 901.268001][T12962] team0: Device ipvlan2 is already an upper device of the team interface [ 901.507921][ T27] audit: type=1326 audit(2000000265.410:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12958 comm="syz.2.1904" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f55be98f749 code=0x0 [ 903.774728][T12964] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1906'. [ 903.840096][T12966] bridge0: port 2(bridge_slave_1) entered disabled state [ 903.848799][T12966] bridge0: port 1(bridge_slave_0) entered disabled state [ 903.858587][T12966] bridge0: entered allmulticast mode [ 904.007076][T12969] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1904'. [ 904.045235][T12964] bridge_slave_1: left allmulticast mode [ 904.073417][T12964] bridge_slave_1: left promiscuous mode [ 904.097233][T12964] bridge0: port 2(bridge_slave_1) entered disabled state [ 904.157398][T12964] bridge_slave_0: left allmulticast mode [ 904.193702][T12964] bridge_slave_0: left promiscuous mode [ 904.221275][T12964] bridge0: port 1(bridge_slave_0) entered disabled state [ 905.297749][T12872] bond0: (slave syz_tun): Releasing backup interface [ 906.170427][ T149] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 906.201840][ T149] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 906.481848][ T149] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 906.507268][ T149] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 906.706555][ T149] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 906.750695][ T149] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 906.896094][T13001] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1917'. [ 906.981767][T13001] bridge0: entered allmulticast mode [ 908.638673][T10959] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 908.681387][T10959] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 908.690842][T10959] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 908.700810][T10959] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 908.709475][T10959] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 908.717067][T10959] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 908.944439][T13025] dccp_invalid_packet: P.Data Offset(4) too small [ 909.093808][T13022] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1920'. [ 909.120004][T13022] netlink: 'syz.4.1920': attribute type 5 has an invalid length. [ 909.135168][T13022] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1920'. [ 909.356082][T13022] geneve4: entered promiscuous mode [ 909.364594][T13022] geneve4: entered allmulticast mode [ 909.374186][T13021] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1919'. [ 909.403456][T13021] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 909.615680][T13021] team0: Device ipvlan2 is already an upper device of the team interface [ 910.767461][T10959] Bluetooth: hci0: command tx timeout [ 912.043008][T13016] chnl_net:caif_netlink_parms(): no params data found [ 912.148218][ T149] hsr_slave_0: left promiscuous mode [ 912.169592][ T149] hsr_slave_1: left promiscuous mode [ 912.229206][ T149] veth1_macvtap: left promiscuous mode [ 912.244366][ T149] veth0_macvtap: left promiscuous mode [ 912.254632][ T149] veth1_vlan: left promiscuous mode [ 912.271422][ T149] veth0_vlan: left promiscuous mode [ 912.847095][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 914.927139][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 916.228390][ T149] bond0 (unregistering): Released all slaves [ 916.308398][T13093] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1932'. [ 916.325026][T13093] netlink: 'syz.3.1932': attribute type 5 has an invalid length. [ 916.333658][T13093] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1932'. [ 917.129141][T13016] bridge0: port 1(bridge_slave_0) entered blocking state [ 917.136398][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 917.157166][T13016] bridge0: port 1(bridge_slave_0) entered disabled state [ 917.165459][T13016] bridge_slave_0: entered allmulticast mode [ 917.202245][T13016] bridge_slave_0: entered promiscuous mode [ 917.225200][T13016] bridge0: port 2(bridge_slave_1) entered blocking state [ 917.233547][T13016] bridge0: port 2(bridge_slave_1) entered disabled state [ 917.252593][T13016] bridge_slave_1: entered allmulticast mode [ 917.315197][T13016] bridge_slave_1: entered promiscuous mode [ 917.461867][ T27] audit: type=1326 audit(2000000281.360:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13124 comm="syz.0.1944" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f718878f749 code=0x0 [ 919.167097][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 919.195812][T13131] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1944'. [ 920.059362][T13016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 920.160963][T13016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 920.317864][T13016] team0: Port device team_slave_0 added [ 920.379750][T13016] team0: Port device team_slave_1 added [ 920.468351][T13016] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 920.475515][T13016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 920.577030][T13016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 920.579965][T13016] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 920.579984][T13016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 920.580012][T13016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 920.737979][T13016] hsr_slave_0: entered promiscuous mode [ 920.742984][T13016] hsr_slave_1: entered promiscuous mode [ 921.247225][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 922.271394][ T27] audit: type=1326 audit(2000000285.570:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13163 comm="syz.0.1953" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f718878f749 code=0x0 [ 922.293627][ C1] vkms_vblank_simulate: vblank timer overrun [ 922.308020][T13170] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1953'. [ 922.666579][T13016] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 922.693151][T13016] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 922.762112][T13016] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 922.821266][T13016] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 923.189167][T13192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1952'. [ 923.229193][T13192] netlink: 'syz.3.1952': attribute type 5 has an invalid length. [ 923.411905][T13192] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1952'. [ 924.091441][T13016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 924.178765][T13016] 8021q: adding VLAN 0 to HW filter on device team0 [ 924.223351][T10009] bridge0: port 1(bridge_slave_0) entered blocking state [ 924.231660][T10009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 924.298672][T10009] bridge0: port 2(bridge_slave_1) entered blocking state [ 924.306196][T10009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 924.937096][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 925.353476][T13016] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 926.511135][ T27] audit: type=1326 audit(2000000290.350:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13222 comm="syz.0.1962" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f718878f749 code=0x0 [ 926.844539][T13229] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1962'. [ 928.404822][T13266] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1968'. [ 928.449884][T13016] veth0_vlan: entered promiscuous mode [ 928.510118][T13016] veth1_vlan: entered promiscuous mode [ 928.688481][T13016] veth0_macvtap: entered promiscuous mode [ 928.711719][T13016] veth1_macvtap: entered promiscuous mode [ 928.783238][T13016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 928.827407][T13016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 928.840744][T13016] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 928.852937][T13016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 928.864147][T13016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 928.878863][T13016] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 928.910389][T13016] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 928.920085][T13016] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 928.937590][T13016] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 928.946733][T13016] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.200296][ T3439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 930.086959][ T3439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 930.211912][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 930.240497][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 930.621215][ T27] audit: type=1326 audit(2000000294.520:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13279 comm="syz.4.1972" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba818f749 code=0x0 [ 931.098578][T13285] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1972'. [ 931.695784][T13299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1969'. [ 931.725653][T13299] netlink: 'syz.0.1969': attribute type 5 has an invalid length. [ 931.752877][T13299] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1969'. [ 932.047709][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.054906][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.647009][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 935.190815][ T27] audit: type=1326 audit(2000000299.090:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13346 comm="syz.3.1986" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3e8878f749 code=0x0 [ 938.352112][T13357] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1986'. [ 941.337808][T13400] netlink: 'syz.0.1993': attribute type 4 has an invalid length. [ 941.945454][T13412] tipc: Started in network mode [ 941.971340][T13412] tipc: Node identity 525c1f29be95, cluster identity 4711 [ 942.005239][T13412] tipc: Enabled bearer , priority 0 [ 942.277035][T13414] syzkaller0: entered promiscuous mode [ 942.297360][T13414] syzkaller0: entered allmulticast mode [ 942.324995][T13414] tipc: Resetting bearer [ 942.356522][T13408] tipc: Resetting bearer [ 942.975221][ T27] audit: type=1326 audit(2000000306.870:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.1998" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd820f8f749 code=0x0 [ 943.109985][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 946.096583][T13408] tipc: Disabling bearer [ 946.152614][T13427] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1998'. [ 946.181708][ T5889] tipc: Node number set to 3972603689 [ 946.404477][T13444] tipc: Started in network mode [ 946.414628][T13444] tipc: Node identity f6fd9322723e, cluster identity 4711 [ 946.439320][T13444] tipc: Enabled bearer , priority 0 [ 946.532894][T13449] syzkaller0: entered promiscuous mode [ 946.532970][T13449] syzkaller0: entered allmulticast mode [ 947.142350][T13449] tipc: Resetting bearer [ 947.322151][T13443] tipc: Resetting bearer [ 947.663994][T13443] tipc: Disabling bearer [ 947.706089][ T787] tipc: Node number set to 2227409698 [ 948.219218][T13468] tipc: Started in network mode [ 948.224206][T13468] tipc: Node identity 766f8e7d3bcc, cluster identity 4711 [ 948.265558][T13468] tipc: Enabled bearer , priority 0 [ 948.456794][T13468] syzkaller0: entered promiscuous mode [ 948.485522][T13468] syzkaller0: entered allmulticast mode [ 948.513238][T13468] tipc: Resetting bearer [ 948.657092][T13467] tipc: Resetting bearer [ 952.058144][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 952.616232][T13467] tipc: Disabling bearer [ 952.651337][T13481] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 952.671227][T13481] bond1: (slave lo): speed changed to 0 on port 1 [ 952.681808][T13481] bond1: (slave lo): Enslaving as a backup interface with an up link [ 952.709870][T13481] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 952.736419][ T5889] tipc: Node number set to 1302564477 [ 953.238932][ T27] audit: type=1326 audit(2000000317.140:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13492 comm="syz.5.2012" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd820f8f749 code=0x0 [ 959.659240][T13521] bond0: (slave bond_slave_0): Releasing backup interface [ 959.692926][T13521] bond0: (slave bond_slave_1): Releasing backup interface [ 959.774377][T13521] team0: Port device team_slave_0 removed [ 959.822359][T13521] team0: Port device team_slave_1 removed [ 959.846247][T13521] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 959.854410][T13521] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 959.863741][T13521] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 959.872064][T13521] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 960.040682][T13537] tipc: Enabled bearer , priority 0 [ 960.270999][T13540] syzkaller0: entered promiscuous mode [ 960.286811][T13540] syzkaller0: entered allmulticast mode [ 960.308144][T13540] tipc: Resetting bearer [ 960.478380][T13534] tipc: Resetting bearer [ 962.542743][ T27] audit: type=1326 audit(2000000326.010:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13555 comm="syz.4.2028" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba818f749 code=0x0 [ 963.737239][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 965.701442][T13534] tipc: Disabling bearer [ 968.856080][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 969.461977][ T27] audit: type=1326 audit(2000000333.360:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13627 comm="syz.4.2043" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba818f749 code=0x0 [ 973.069632][ T27] audit: type=1326 audit(2000000336.970:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13684 comm="syz.3.2054" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3e8878f749 code=0x0 [ 974.447400][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 976.461708][ T27] audit: type=1326 audit(2000000340.360:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13747 comm="syz.5.2067" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd820f8f749 code=0x0 [ 976.483645][ C1] vkms_vblank_simulate: vblank timer overrun [ 979.941581][T13789] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2075'. [ 980.065715][T13791] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2074'. [ 981.027245][T13793] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2076'. [ 981.327152][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 982.294138][ T27] audit: type=1326 audit(2000000346.190:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13809 comm="syz.4.2078" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba818f749 code=0x0 [ 982.979478][T13833] tipc: Enabled bearer , priority 0 [ 983.056953][T13831] tipc: Disabling bearer [ 985.088006][T13867] mac80211_hwsim hwsim13 ÿ: renamed from wlan1 (while UP) [ 985.496933][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 986.564673][ T27] audit: type=1326 audit(2000000350.460:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13878 comm="syz.5.2093" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd820f8f749 code=0x0 [ 991.346990][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 991.821311][T13889] tipc: Enabling of bearer rejected, failed to enable media [ 993.084588][ T27] audit: type=1326 audit(2000000356.590:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13930 comm="syz.0.2107" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f718878f749 code=0x0 [ 993.138432][ C0] vkms_vblank_simulate: vblank timer overrun [ 993.414566][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.421208][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 996.296339][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 997.200665][ T27] audit: type=1326 audit(2000000361.100:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13992 comm="syz.5.2121" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd820f8f749 code=0x0 [ 999.021712][T13972] tipc: Started in network mode [ 999.026718][T13972] tipc: Node identity 46e759c36187, cluster identity 4711 [ 999.035766][T13972] tipc: Enabled bearer , priority 0 [ 999.062909][T13967] tipc: Disabling bearer [ 999.087356][T13986] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2119'. [ 999.117355][T13987] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2119'. [ 999.288669][T14004] bridge_slave_1: entered allmulticast mode [ 1002.843058][ T27] audit: type=1326 audit(2000000366.740:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14051 comm="syz.0.2133" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f718878f749 code=0x0 [ 1003.337043][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1005.894749][T14047] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2127'. [ 1006.237222][T14066] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2134'. [ 1006.260524][T14066] block nbd0: not configured, cannot reconfigure [ 1007.277357][ T27] audit: type=1326 audit(2000000371.180:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14090 comm="syz.5.2144" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd820f8f749 code=0x0 [ 1011.897118][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1012.204695][T14121] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2146'. [ 1012.768285][T14140] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1012.778111][T14140] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1012.787043][T14140] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1013.336234][ T27] audit: type=1326 audit(2000000377.230:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14145 comm="syz.5.2155" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd820f8f749 code=0x0 [ 1014.344625][T14174] syzkaller0: entered promiscuous mode [ 1014.350413][T14174] syzkaller0: entered allmulticast mode [ 1017.649687][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1019.597128][T14196] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2162'. [ 1020.758507][ T27] audit: type=1326 audit(2000000384.210:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14208 comm="syz.0.2168" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f718878f749 code=0x0 [ 1021.503900][T14228] syzkaller0: entered promiscuous mode [ 1021.509668][T14228] syzkaller0: entered allmulticast mode [ 1024.647220][T14248] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2177'. [ 1025.497354][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1026.144461][ T27] audit: type=1326 audit(2000000390.040:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14257 comm="syz.5.2181" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd820f8f749 code=0x0 [ 1028.903752][T14283] syzkaller0: entered promiscuous mode [ 1028.947132][T14283] syzkaller0: entered allmulticast mode [ 1031.106360][ T27] audit: type=1326 audit(2000000394.710:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14301 comm="syz.3.2197" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3e8878f749 code=0x0 [ 1031.888134][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1034.386711][T14299] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2190'. [ 1034.911226][T14337] syzkaller0: entered promiscuous mode [ 1034.916809][T14337] syzkaller0: entered allmulticast mode [ 1041.428258][T14408] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2213'. [ 1043.336997][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1054.855669][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.875724][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.413974][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1055.875594][T14482] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2233'. [ 1056.350111][T14493] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2243'. [ 1061.063521][T14541] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2250'. [ 1062.678941][T14563] tipc: Enabled bearer , priority 0 [ 1062.700820][T14562] tipc: Disabling bearer [ 1063.007515][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1064.883998][T14598] tipc: Enabled bearer , priority 0 [ 1064.912795][T14597] tipc: Disabling bearer [ 1065.961273][T14616] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2274'. [ 1067.333816][T14630] tipc: Enabled bearer , priority 0 [ 1067.382564][T14625] tipc: Disabling bearer [ 1067.407483][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1069.636860][T14657] tipc: Enabled bearer , priority 0 [ 1069.732897][T14655] tipc: Disabling bearer [ 1072.341042][T14690] tipc: Enabled bearer , priority 0 [ 1072.439074][T14687] tipc: Disabling bearer [ 1072.722910][T14698] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2303'. [ 1074.564295][T14721] tipc: Enabled bearer , priority 0 [ 1074.640212][T14720] tipc: Disabling bearer [ 1074.777147][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1076.488217][T14756] tipc: Enabling of bearer rejected, failed to enable media [ 1077.328651][T14767] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2334'. [ 1077.619426][T11922] IPVS: starting estimator thread 0... [ 1077.717288][T14773] IPVS: using max 18 ests per chain, 43200 per kthread [ 1079.060045][T14790] tipc: Enabling of bearer rejected, failed to enable media [ 1079.247345][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1079.694235][T14804] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 1080.727086][T14829] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2362'. [ 1080.895442][T14831] syzkaller1: entered promiscuous mode [ 1080.915101][T14831] syzkaller1: entered allmulticast mode [ 1081.275963][T14835] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2360'. [ 1081.370410][T14837] tipc: Enabling of bearer rejected, failed to enable media [ 1082.557058][T14825] Bluetooth: hci0: command 0x041b tx timeout [ 1083.487688][T14875] tipc: Enabling of bearer rejected, failed to enable media [ 1084.607351][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1084.672028][T14907] tipc: Enabling of bearer rejected, failed to enable media [ 1086.223122][T14926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2385'. [ 1086.237187][T14926] netlink: 'syz.0.2385': attribute type 5 has an invalid length. [ 1086.245063][T14926] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2385'. [ 1087.784776][T14825] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1087.797223][T14825] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1087.807140][T14825] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1087.837239][T14825] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1087.845242][T14825] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1087.856949][T14825] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1088.127533][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1089.888802][T10959] Bluetooth: hci2: command tx timeout [ 1090.372620][T10959] Bluetooth: hci0: command 0x041b tx timeout [ 1090.769573][T14947] tipc: Enabling of bearer rejected, failed to enable media [ 1090.904332][T14935] chnl_net:caif_netlink_parms(): no params data found [ 1091.594393][T14970] syzkaller0: entered promiscuous mode [ 1091.600161][T14970] syzkaller0: entered allmulticast mode [ 1091.611718][T14935] bridge0: port 1(bridge_slave_0) entered blocking state [ 1091.627066][T14935] bridge0: port 1(bridge_slave_0) entered disabled state [ 1091.634869][T14935] bridge_slave_0: entered allmulticast mode [ 1091.659805][T14935] bridge_slave_0: entered promiscuous mode [ 1091.739017][T14935] bridge0: port 2(bridge_slave_1) entered blocking state [ 1091.766991][T14935] bridge0: port 2(bridge_slave_1) entered disabled state [ 1091.774480][T14935] bridge_slave_1: entered allmulticast mode [ 1091.817042][T14935] bridge_slave_1: entered promiscuous mode [ 1091.996966][T10959] Bluetooth: hci2: command tx timeout [ 1092.133376][T14935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1092.193841][T14935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1092.364707][T14935] team0: Port device team_slave_0 added [ 1092.391791][T14935] team0: Port device team_slave_1 added [ 1092.506244][T14935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1092.646373][T14935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1092.672404][ C0] vkms_vblank_simulate: vblank timer overrun [ 1092.809738][T14935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1092.824862][T14935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1092.832345][T14935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1092.859738][T14935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1093.115628][T14988] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2408'. [ 1093.212929][T14988] netlink: 'syz.4.2408': attribute type 5 has an invalid length. [ 1093.220989][T14988] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2408'. [ 1093.340671][T14990] tipc: Enabling of bearer rejected, failed to enable media [ 1093.435688][T14935] hsr_slave_0: entered promiscuous mode [ 1093.448216][T14935] hsr_slave_1: entered promiscuous mode [ 1093.486571][T14935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1093.517233][T14935] Cannot create hsr debugfs directory [ 1093.829228][T14996] netlink: 'syz.0.2413': attribute type 1 has an invalid length. [ 1093.909317][T14996] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1093.968799][T14998] bond2: (slave geneve6): making interface the new active one [ 1093.983593][T14998] bond2: (slave geneve6): Enslaving as an active interface with an up link [ 1094.049337][T14825] Bluetooth: hci2: command tx timeout [ 1094.529155][T14825] Bluetooth: hci0: command 0x041b tx timeout [ 1096.146977][T14825] Bluetooth: hci2: command tx timeout [ 1096.693790][T14935] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1096.706333][T14935] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1096.718141][T14935] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1096.854397][T14935] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1096.886878][T14935] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1096.915714][T14935] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1097.132908][T14935] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1097.132994][T14935] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1097.133023][T14935] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1098.249720][T15029] tipc: Enabling of bearer rejected, failed to enable media [ 1098.358026][T14935] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1098.386164][T14935] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1098.452884][T14935] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1098.578383][T14935] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1101.409005][T14825] Bluetooth: hci0: command 0x041b tx timeout [ 1102.346058][T15051] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2423'. [ 1102.355908][T15051] netlink: 'syz.0.2423': attribute type 5 has an invalid length. [ 1102.365846][T15051] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2423'. [ 1102.519750][T14935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1102.603645][T14935] 8021q: adding VLAN 0 to HW filter on device team0 [ 1102.635393][ T2933] bridge0: port 1(bridge_slave_0) entered blocking state [ 1102.642660][ T2933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1102.711126][ T2933] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.718492][ T2933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1102.794833][T15073] netlink: 'syz.5.2427': attribute type 1 has an invalid length. [ 1102.862790][T15073] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1102.889423][T15078] bond1: (slave geneve3): making interface the new active one [ 1102.901299][T15078] bond1: (slave geneve3): Enslaving as an active interface with an up link [ 1103.560528][T14935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1103.783221][T14935] veth0_vlan: entered promiscuous mode [ 1104.069776][T14935] veth1_vlan: entered promiscuous mode [ 1104.080180][T15100] tipc: Enabling of bearer rejected, failed to enable media [ 1104.344843][T14935] veth0_macvtap: entered promiscuous mode [ 1104.363148][T14935] veth1_macvtap: entered promiscuous mode [ 1104.387102][T14935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1104.397942][T14935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.429212][T14935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1104.471396][T14935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1104.513421][T14935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.538754][T14935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1104.574080][T14935] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.597554][T14935] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.606506][T14935] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.624253][T14935] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.913608][ T9224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1104.931934][ T9224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1105.043106][T13512] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1105.139435][T13512] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1107.252589][T15140] tipc: Enabling of bearer rejected, failed to enable media [ 1107.396438][T10959] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1107.408012][T10959] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1107.417601][T10959] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1107.426741][T10959] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1107.434840][T10959] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1107.442749][T10959] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1107.483495][ T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1107.530004][ T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1107.711676][ T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1107.731203][ T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1107.878381][ T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1107.904074][ T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1108.052567][T15162] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2448'. [ 1109.492447][T10959] Bluetooth: hci1: command tx timeout [ 1110.925738][T15181] tipc: Enabling of bearer rejected, failed to enable media [ 1110.975686][ T59] tipc: Left network mode [ 1111.127390][T15144] chnl_net:caif_netlink_parms(): no params data found [ 1111.361934][T15191] netlink: 'syz.3.2452': attribute type 1 has an invalid length. [ 1111.567242][T10959] Bluetooth: hci1: command tx timeout [ 1111.659265][T15144] bridge0: port 1(bridge_slave_0) entered blocking state [ 1111.676749][T15144] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.684136][T15144] bridge_slave_0: entered allmulticast mode [ 1111.732324][T15144] bridge_slave_0: entered promiscuous mode [ 1111.861932][T15144] bridge0: port 2(bridge_slave_1) entered blocking state [ 1111.882447][T15144] bridge0: port 2(bridge_slave_1) entered disabled state [ 1111.903586][T15144] bridge_slave_1: entered allmulticast mode [ 1111.927039][T15144] bridge_slave_1: entered promiscuous mode [ 1112.476595][T15144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1112.613349][T15144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1112.822138][T15144] team0: Port device team_slave_0 added [ 1112.832917][T15144] team0: Port device team_slave_1 added [ 1113.100995][T15144] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1113.137034][T15144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1113.233193][T15144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1113.269820][T15144] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1113.297562][T15144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1113.347940][T15144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1113.417138][T15242] tipc: Enabling of bearer rejected, failed to enable media [ 1113.649623][T10959] Bluetooth: hci1: command tx timeout [ 1113.788715][T15144] hsr_slave_0: entered promiscuous mode [ 1113.795488][T15144] hsr_slave_1: entered promiscuous mode [ 1113.822573][T15144] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1113.852165][T15144] Cannot create hsr debugfs directory [ 1113.878422][ T59] hsr_slave_0: left promiscuous mode [ 1113.891230][ T59] hsr_slave_1: left promiscuous mode [ 1113.952021][ T59] veth1_macvtap: left promiscuous mode [ 1113.961886][ T59] veth0_macvtap: left promiscuous mode [ 1113.975140][ T59] veth1_vlan: left promiscuous mode [ 1113.984710][ T59] veth0_vlan: left promiscuous mode [ 1114.319418][ T59] bond2 (unregistering): (slave geneve6): Releasing active interface [ 1114.488806][ T59] bond2 (unregistering): Released all slaves [ 1114.509896][ T59] bond1 (unregistering): (slave lo): Releasing backup interface [ 1114.519621][ T59] bond1 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 1114.534653][ T59] bond1 (unregistering): Released all slaves [ 1115.728448][T10959] Bluetooth: hci1: command tx timeout [ 1115.794777][ T59] bond0 (unregistering): Released all slaves [ 1116.314536][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.321148][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 1118.130870][T15269] netlink: 'syz.5.2464': attribute type 1 has an invalid length. [ 1118.139450][T15269] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 1119.143062][T15303] tipc: Started in network mode [ 1119.193089][T15303] tipc: Node identity b23b0a42d59b, cluster identity 4711 [ 1119.217114][T15303] tipc: Enabled bearer , priority 0 [ 1119.371794][T15302] tipc: Disabling bearer [ 1119.885640][T15144] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1119.905585][T15144] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1119.942466][T15144] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1119.969949][T15144] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1120.379615][T15144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1120.458560][T15144] 8021q: adding VLAN 0 to HW filter on device team0 [ 1120.509221][ T149] bridge0: port 1(bridge_slave_0) entered blocking state [ 1120.516544][ T149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1120.563716][ T149] bridge0: port 2(bridge_slave_1) entered blocking state [ 1120.570956][ T149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1120.923625][T15144] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1121.006477][T15144] veth0_vlan: entered promiscuous mode [ 1121.031982][T15144] veth1_vlan: entered promiscuous mode [ 1121.098435][T15144] veth0_macvtap: entered promiscuous mode [ 1121.114107][T15144] veth1_macvtap: entered promiscuous mode [ 1121.139834][T15144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1121.151016][T15144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1121.163745][T15144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1121.185525][T15144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1121.198373][T15144] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1121.220224][T15144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1121.230882][T15144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1121.242438][T15144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1121.254541][T15144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1121.267096][T15144] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1121.290944][T15144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.300069][T15144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.310795][T15144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.322251][T15144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.467706][ T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1121.475603][ T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1121.516660][ T149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1121.525877][ T149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1122.827413][T15391] tipc: Enabled bearer , priority 0 [ 1122.870132][T15390] tipc: Disabling bearer [ 1123.209018][T15405] 0: reclassify loop, rule prio 0, protocol 800 [ 1127.309267][T15472] tipc: Enabled bearer , priority 0 [ 1127.322899][T15471] tipc: Disabling bearer [ 1127.684079][T15488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2505'. [ 1131.378685][T15522] 0: reclassify loop, rule prio 0, protocol 800 [ 1135.406298][T15549] syzkaller0: entered promiscuous mode [ 1135.414988][T15549] syzkaller0: entered allmulticast mode [ 1140.108092][T15618] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2546'. [ 1140.206064][T15618] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2546'. [ 1143.155930][T15637] 0: reclassify loop, rule prio 0, protocol 800 [ 1143.972655][T15648] syzkaller0: entered promiscuous mode [ 1143.986077][T15648] syzkaller0: entered allmulticast mode [ 1144.074916][T15646] syzkaller0: entered promiscuous mode [ 1144.080586][T15646] syzkaller0: entered allmulticast mode [ 1149.616150][T15707] netlink: 'syz.5.2564': attribute type 1 has an invalid length. [ 1149.725083][T15707] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1149.864221][T15716] bond2: (slave gretap1): making interface the new active one [ 1149.882324][T15716] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 1150.605306][T15731] syzkaller0: entered promiscuous mode [ 1150.622690][T15731] syzkaller0: entered allmulticast mode [ 1153.545903][T15752] sch_tbf: burst 1885 is lower than device lo mtu (65550) ! [ 1153.664038][T15754] netlink: 'syz.4.2575': attribute type 1 has an invalid length. [ 1153.746136][T15754] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1153.786308][T15759] bond1: (slave gretap1): making interface the new active one [ 1153.798392][T15759] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 1157.800438][T15811] netlink: 'syz.0.2589': attribute type 1 has an invalid length. [ 1159.249932][T15850] syzkaller0: entered promiscuous mode [ 1159.256376][T15850] syzkaller0: entered allmulticast mode [ 1162.262006][T15860] netlink: 'syz.3.2605': attribute type 1 has an invalid length. [ 1162.293843][T15860] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1162.391455][T15866] bond1: (slave gretap1): making interface the new active one [ 1162.402374][T15866] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 1166.689952][T15932] netlink: 'syz.0.2620': attribute type 1 has an invalid length. [ 1166.707848][T15932] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1167.452686][T15957] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1168.011706][T15969] syzkaller0: entered promiscuous mode [ 1168.054123][T15969] syzkaller0: entered allmulticast mode [ 1168.962470][T15990] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2637'. [ 1172.137443][T16012] netlink: 'syz.3.2644': attribute type 19 has an invalid length. [ 1172.145878][T16012] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2644'. [ 1172.175038][T16012] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1172.184696][T16012] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1172.193817][T16012] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1172.202953][T16012] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1172.274462][T16012] netlink: 'syz.3.2644': attribute type 19 has an invalid length. [ 1172.297026][T16012] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2644'. [ 1177.741548][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 1179.630521][T16082] syzkaller0: entered promiscuous mode [ 1179.642854][T16082] syzkaller0: entered allmulticast mode [ 1179.925863][ T59] nci: nci_rsp_packet: unknown rsp opcode 0x306 [ 1186.174827][T16148] netlink: 'syz.4.2674': attribute type 39 has an invalid length. [ 1186.353988][T16152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2676'. [ 1186.367078][T16152] netlink: 'syz.0.2676': attribute type 8 has an invalid length. [ 1186.792392][T16158] syzkaller0: entered promiscuous mode [ 1186.799633][T16158] syzkaller0: entered allmulticast mode [ 1193.416639][T16202] Bluetooth: MGMT ver 1.22 [ 1194.007284][T16214] syzkaller0: entered promiscuous mode [ 1194.021041][T16214] syzkaller0: entered allmulticast mode [ 1201.927755][T16296] syzkaller0: entered promiscuous mode [ 1201.933304][T16296] syzkaller0: entered allmulticast mode [ 1208.845824][T16413] "syz.3.2737" (16413) uses obsolete ecb(arc4) skcipher [ 1210.535950][T10959] Bluetooth: hci2: command 0x0406 tx timeout [ 1210.818701][T16432] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2742'. [ 1210.843515][T16432] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2742'. [ 1212.745478][T16462] tipc: Enabled bearer , priority 0 [ 1212.861747][T16462] syzkaller0: entered promiscuous mode [ 1212.879293][T16462] syzkaller0: entered allmulticast mode [ 1212.885785][T16462] tipc: Resetting bearer [ 1212.925149][T16461] tipc: Resetting bearer [ 1215.770115][T16461] tipc: Disabling bearer [ 1218.422991][ T5889] tipc: Node number set to 1738541634 [ 1219.235360][T16528] syzkaller0: entered promiscuous mode [ 1219.272057][T16528] syzkaller0: entered allmulticast mode [ 1222.969948][T16584] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2779'. [ 1226.955467][T16631] syzkaller0: entered promiscuous mode [ 1226.993285][T16631] syzkaller0: entered allmulticast mode [ 1231.027821][T10959] Bluetooth: hci1: command 0x0406 tx timeout [ 1231.729824][T16677] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2806'. [ 1239.184061][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 1248.173581][T16806] syzkaller0: entered promiscuous mode [ 1248.180625][T16806] syzkaller0: entered allmulticast mode [ 1248.187730][T16819] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2849'. [ 1250.373550][T14825] Bluetooth: hci1: command 0x0406 tx timeout [ 1250.759790][T16825] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2850'. [ 1255.010589][T16909] team0: Device ip6gre1 is of different type [ 1255.410887][T16915] syzkaller0: entered promiscuous mode [ 1255.427060][T16915] syzkaller0: entered allmulticast mode [ 1265.550934][ T3439] tipc: Left network mode [ 1265.661908][T17028] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1269.897900][T17058] tipc: Enabling of bearer rejected, failed to enable media [ 1269.958669][T17060] syzkaller0: entered promiscuous mode [ 1269.964231][T17060] syzkaller0: entered allmulticast mode [ 1273.147619][T17081] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2909'. [ 1273.585173][ T3439] hsr_slave_0: left promiscuous mode [ 1273.603365][ T3439] hsr_slave_1: left promiscuous mode [ 1273.611368][ T3439] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1273.625484][ T3439] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1273.773352][ T3439] pim6reg (unregistering): left allmulticast mode [ 1273.916557][ T3439] team0 (unregistering): Port device geneve0 removed [ 1274.831431][ T3439] bond0 (unregistering): (slave veth0_to_hsr): Releasing backup interface [ 1275.056418][ T3439] team0 (unregistering): Port device team_slave_1 removed [ 1275.140308][ T3439] team0 (unregistering): Port device team_slave_0 removed [ 1275.245812][ T3439] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1275.315370][ T3439] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1276.197627][ T3439] bond0 (unregistering): Released all slaves [ 1278.669007][T17136] tipc: Enabling of bearer rejected, failed to enable media [ 1278.758456][T17137] syzkaller0: entered promiscuous mode [ 1278.763996][T17137] syzkaller0: entered allmulticast mode [ 1286.653405][T17245] tipc: Enabling of bearer rejected, failed to enable media [ 1290.703796][T17312] tipc: Enabling of bearer rejected, failed to enable media [ 1292.854851][T10959] Bluetooth: hci1: command 0x0406 tx timeout [ 1294.162951][T17360] tipc: Enabling of bearer rejected, failed to enable media [ 1294.388124][T17383] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2978'. [ 1294.895410][T17407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2983'. [ 1295.166302][T17411] tipc: Enabling of bearer rejected, failed to enable media [ 1295.266110][T17411] syzkaller0: entered promiscuous mode [ 1295.279291][T17411] syzkaller0: entered allmulticast mode [ 1300.618047][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.868373][T17462] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2997'. [ 1301.091827][T17469] tipc: Enabling of bearer rejected, failed to enable media [ 1301.166346][T17469] syzkaller0: entered promiscuous mode [ 1301.178224][T17469] syzkaller0: entered allmulticast mode [ 1303.408276][T10959] Bluetooth: hci1: command 0x0406 tx timeout [ 1304.659836][ T2933] ------------[ cut here ]------------ [ 1304.665952][ T2933] wlan1: Dropped data frame as no usable bitrate found while scanning and associated. Target station: 08:02:11:00:00:00 on 5 GHz band [ 1304.680687][ T2933] WARNING: CPU: 1 PID: 2933 at net/mac80211/tx.c:769 ieee80211_tx_h_rate_ctrl+0xc7e/0x1770 [ 1304.690809][ T2933] Modules linked in: [ 1304.694778][ T2933] CPU: 1 PID: 2933 Comm: kworker/u4:7 Not tainted syzkaller #0 [ 1304.702525][ T2933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1304.712669][ T2933] Workqueue: events_unbound cfg80211_wiphy_work [ 1304.719564][ T2933] RIP: 0010:ieee80211_tx_h_rate_ctrl+0xc7e/0x1770 [ 1304.726060][ T2933] Code: 8b 36 45 31 f6 83 e6 07 41 0f 95 c6 31 ff e8 39 69 9e f7 43 8d 4c 76 02 48 c7 c7 80 9c be 8b 48 89 de 4c 89 fa e8 62 c7 68 f7 <0f> 0b 41 bf 01 00 00 00 e9 eb 02 00 00 e8 60 65 9e f7 e9 70 fa ff [ 1304.745791][ T2933] RSP: 0018:ffffc9000bdc74e0 EFLAGS: 00010246 [ 1304.751960][ T2933] RAX: ad26f6fa6d241600 RBX: ffff8880664515b0 RCX: ffff88802bb30000 [ 1304.760059][ T2933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 1304.768124][ T2933] RBP: ffffc9000bdc7650 R08: ffffc9000bdc70e7 R09: 1ffff920017b8e1c [ 1304.776150][ T2933] R10: dffffc0000000000 R11: fffff520017b8e1d R12: dffffc0000000000 [ 1304.784251][ T2933] R13: ffffc9000bdc7808 R14: 0000000000000001 R15: ffff88805f617444 [ 1304.792327][ T2933] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1304.801364][ T2933] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1304.808053][ T2933] CR2: 00007f8ba8ffaf98 CR3: 000000005d90a000 CR4: 00000000003506e0 [ 1304.816084][ T2933] Call Trace: [ 1304.819484][ T2933] [ 1304.822490][ T2933] ? ieee80211_tx_h_select_key+0x19e0/0x19e0 [ 1304.828592][ T2933] ? ieee80211_is_bufferable_mmpdu+0xfb/0x1f0 [ 1304.834734][ T2933] invoke_tx_handlers_late+0xb6/0x1810 [ 1304.840315][ T2933] ? invoke_tx_handlers_early+0xa11/0x1cf0 [ 1304.846194][ T2933] ieee80211_tx+0x2ad/0x420 [ 1304.850836][ T2933] ? ieee80211_skb_resize+0x630/0x630 [ 1304.856280][ T2933] ? ieee80211_set_qos_hdr+0x1ca/0x510 [ 1304.861849][ T2933] ? __bpf_trace_tasklet+0x140/0x140 [ 1304.867327][ T2933] ? ieee80211_xmit+0x310/0x3f0 [ 1304.872247][ T2933] ? __ieee80211_tx_skb_tid_band+0x490/0x610 [ 1304.878341][ T2933] __ieee80211_tx_skb_tid_band+0x4d5/0x610 [ 1304.884215][ T2933] ? ieee80211_scan_state_send_probe+0x4b4/0x930 [ 1304.890667][ T2933] ieee80211_scan_state_send_probe+0x560/0x930 [ 1304.896943][ T2933] ieee80211_scan_work+0x4e8/0x1c30 [ 1304.902244][ T2933] cfg80211_wiphy_work+0x225/0x260 [ 1304.907469][ T2933] ? process_scheduled_works+0x957/0x15b0 [ 1304.913248][ T2933] process_scheduled_works+0xa45/0x15b0 [ 1304.919636][ T2933] ? assign_work+0x400/0x400 [ 1304.924566][ T2933] ? assign_work+0x39e/0x400 [ 1304.929729][ T2933] worker_thread+0xa55/0xfc0 [ 1304.935041][ T2933] kthread+0x2fa/0x390 [ 1304.939563][ T2933] ? pr_cont_work+0x560/0x560 [ 1304.944326][ T2933] ? kthread_blkcg+0xd0/0xd0 [ 1304.949011][ T2933] ret_from_fork+0x48/0x80 [ 1304.953494][ T2933] ? kthread_blkcg+0xd0/0xd0 [ 1304.958328][ T2933] ret_from_fork_asm+0x11/0x20 [ 1304.963187][ T2933] [ 1304.966256][ T2933] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1304.973577][ T2933] CPU: 1 PID: 2933 Comm: kworker/u4:7 Not tainted syzkaller #0 [ 1304.981162][ T2933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1304.991264][ T2933] Workqueue: events_unbound cfg80211_wiphy_work [ 1304.997741][ T2933] Call Trace: [ 1305.001066][ T2933] [ 1305.004022][ T2933] dump_stack_lvl+0x16c/0x230 [ 1305.008735][ T2933] ? show_regs_print_info+0x20/0x20 [ 1305.014067][ T2933] ? load_image+0x3b0/0x3b0 [ 1305.018647][ T2933] panic+0x2c0/0x710 [ 1305.022597][ T2933] ? bpf_jit_dump+0xd0/0xd0 [ 1305.027175][ T2933] ? ret_from_fork_asm+0x11/0x20 [ 1305.032201][ T2933] __warn+0x2e0/0x470 [ 1305.036230][ T2933] ? ieee80211_tx_h_rate_ctrl+0xc7e/0x1770 [ 1305.042132][ T2933] ? ieee80211_tx_h_rate_ctrl+0xc7e/0x1770 [ 1305.047997][ T2933] report_bug+0x2be/0x4f0 [ 1305.052367][ T2933] ? ieee80211_tx_h_rate_ctrl+0xc7e/0x1770 [ 1305.058249][ T2933] ? ieee80211_tx_h_rate_ctrl+0xc7e/0x1770 [ 1305.064107][ T2933] ? ieee80211_tx_h_rate_ctrl+0xc80/0x1770 [ 1305.069962][ T2933] handle_bug+0xcf/0x120 [ 1305.074255][ T2933] exc_invalid_op+0x1a/0x50 [ 1305.078808][ T2933] asm_exc_invalid_op+0x1a/0x20 [ 1305.083705][ T2933] RIP: 0010:ieee80211_tx_h_rate_ctrl+0xc7e/0x1770 [ 1305.090176][ T2933] Code: 8b 36 45 31 f6 83 e6 07 41 0f 95 c6 31 ff e8 39 69 9e f7 43 8d 4c 76 02 48 c7 c7 80 9c be 8b 48 89 de 4c 89 fa e8 62 c7 68 f7 <0f> 0b 41 bf 01 00 00 00 e9 eb 02 00 00 e8 60 65 9e f7 e9 70 fa ff [ 1305.109833][ T2933] RSP: 0018:ffffc9000bdc74e0 EFLAGS: 00010246 [ 1305.115949][ T2933] RAX: ad26f6fa6d241600 RBX: ffff8880664515b0 RCX: ffff88802bb30000 [ 1305.123962][ T2933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 1305.131980][ T2933] RBP: ffffc9000bdc7650 R08: ffffc9000bdc70e7 R09: 1ffff920017b8e1c [ 1305.140017][ T2933] R10: dffffc0000000000 R11: fffff520017b8e1d R12: dffffc0000000000 [ 1305.148044][ T2933] R13: ffffc9000bdc7808 R14: 0000000000000001 R15: ffff88805f617444 [ 1305.156108][ T2933] ? ieee80211_tx_h_select_key+0x19e0/0x19e0 [ 1305.162172][ T2933] ? ieee80211_is_bufferable_mmpdu+0xfb/0x1f0 [ 1305.168313][ T2933] invoke_tx_handlers_late+0xb6/0x1810 [ 1305.173846][ T2933] ? invoke_tx_handlers_early+0xa11/0x1cf0 [ 1305.179742][ T2933] ieee80211_tx+0x2ad/0x420 [ 1305.184304][ T2933] ? ieee80211_skb_resize+0x630/0x630 [ 1305.189767][ T2933] ? ieee80211_set_qos_hdr+0x1ca/0x510 [ 1305.195769][ T2933] ? __bpf_trace_tasklet+0x140/0x140 [ 1305.201115][ T2933] ? ieee80211_xmit+0x310/0x3f0 [ 1305.206020][ T2933] ? __ieee80211_tx_skb_tid_band+0x490/0x610 [ 1305.213438][ T2933] __ieee80211_tx_skb_tid_band+0x4d5/0x610 [ 1305.221901][ T2933] ? ieee80211_scan_state_send_probe+0x4b4/0x930 [ 1305.229497][ T2933] ieee80211_scan_state_send_probe+0x560/0x930 [ 1305.236223][ T2933] ieee80211_scan_work+0x4e8/0x1c30 [ 1305.241620][ T2933] cfg80211_wiphy_work+0x225/0x260 [ 1305.246805][ T2933] ? process_scheduled_works+0x957/0x15b0 [ 1305.252589][ T2933] process_scheduled_works+0xa45/0x15b0 [ 1305.258231][ T2933] ? assign_work+0x400/0x400 [ 1305.262869][ T2933] ? assign_work+0x39e/0x400 [ 1305.267504][ T2933] worker_thread+0xa55/0xfc0 [ 1305.272201][ T2933] kthread+0x2fa/0x390 [ 1305.276316][ T2933] ? pr_cont_work+0x560/0x560 [ 1305.281039][ T2933] ? kthread_blkcg+0xd0/0xd0 [ 1305.285679][ T2933] ret_from_fork+0x48/0x80 [ 1305.290149][ T2933] ? kthread_blkcg+0xd0/0xd0 [ 1305.294812][ T2933] ret_from_fork_asm+0x11/0x20 [ 1305.299646][ T2933] [ 1305.303277][ T2933] Kernel Offset: disabled [ 1305.307750][ T2933] Rebooting in 86400 seconds..