last executing test programs: 26m29.58256724s ago: executing program 32 (id=2230): syz_io_uring_setup(0x2b68, 0x0, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) epoll_create(0x1) 24m24.292741561s ago: executing program 33 (id=3611): capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x8}) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@userxattr}]}) 21m54.328351695s ago: executing program 34 (id=5463): sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f00000e1000/0x800000)=nil, 0x800000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x40000000) r1 = syz_pidfd_open(r0, 0x0) wait4(r0, 0x0, 0x8, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc040ff0b, &(0x7f0000000180)) 21m38.022023656s ago: executing program 35 (id=5632): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="4c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800e00010069703665727370616e000000100002800400120006001800177b000008000a00", @ANYRES32=r2], 0x4c}, 0x1, 0x0, 0x0, 0x40001}, 0x4000) 20m29.339469562s ago: executing program 36 (id=6239): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)=""/23, 0x17}, 0x43}], 0x1, 0x2b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0xe7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 19m21.000499163s ago: executing program 37 (id=7010): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x11, r3, 0xbd5e4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x38011, r1, 0x0) 13m36.516149365s ago: executing program 38 (id=9011): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40800) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = inotify_init1(0x800) r3 = dup(r2) r4 = syz_io_uring_setup(0x86a, &(0x7f00000000c0)={0x0, 0x6357, 0x400, 0x6, 0xc1}, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r3, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r4, 0x47f5, 0x0, 0x0, 0x0, 0x0) 9m50.625248999s ago: executing program 9 (id=9782): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f00000023c0)=[{}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001300)="1f", 0x1}], 0x1}}], 0x2, 0x880) socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getrusage(0x0, &(0x7f0000000340)) getpriority(0x0, r1) mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)) r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r4, 0x1) 9m49.225840389s ago: executing program 9 (id=9787): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c) listen(r0, 0x200204) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000012380)="580000001500add427323b470c47b45602067fffffff81004e220700000000000000a8002000eaa57b00090080020efffeffe809020000ff0004f03a980000008ddc1fdd00000000000004ffffffe7ee0000000044c60000", 0x58}], 0x1) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, 0x0, 0x24008840) 9m47.203856285s ago: executing program 9 (id=9794): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x60008090) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000078000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000213c0011800a0001006c696d69"], 0xc0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6(0xa, 0x6, 0x10002) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="041817aaaaaaaa"], 0x1a) lstat(&(0x7f0000000080)='./file0\x00', 0x0) chmod(&(0x7f0000000180)='./file0/file0\x00', 0x44) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@mpls_delroute={0x30, 0x18, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_VIA={0x14, 0x13, {0x11, "8f997fa6ce8400a0286048c10b6b"}}]}, 0x30}}, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0xd) 9m45.617953339s ago: executing program 9 (id=9798): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) fanotify_mark(0xffffffffffffffff, 0x105, 0x40001032, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002300)={0x2020}, 0x2020) r4 = openat$sndseq(0xffffff9c, &(0x7f0000000200), 0x80080) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file0\x00', 0x0, 0x8}, 0x18) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r4, 0x80045300, 0x0) r5 = syz_open_dev$vbi(0x0, 0x0, 0x2) ioctl$VIDIOC_PREPARE_BUF(r5, 0xc058565d, 0x0) 9m44.395533157s ago: executing program 9 (id=9804): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "7c80690ea8c8123e", "f92dafad9e3b473a1eaac151fe41ea97", "ee367a98", "74aff2072572aca8"}, 0x28) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000300)="fb", 0x1}], 0x1) r5 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r5, 0x47f6, 0x0, 0x2, 0x0, 0x0) 9m43.050255872s ago: executing program 9 (id=9805): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, r4) creat(0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) write(r5, &(0x7f0000000680)="fc0000001a00", 0x6) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f00000002c0)=@ethtool_wolinfo={0x5, 0x2, 0xff, "dc461208fbd4"}}) close_range(r3, 0xffffffffffffffff, 0x0) 9m24.797157645s ago: executing program 39 (id=9805): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, r4) creat(0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) write(r5, &(0x7f0000000680)="fc0000001a00", 0x6) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f00000002c0)=@ethtool_wolinfo={0x5, 0x2, 0xff, "dc461208fbd4"}}) close_range(r3, 0xffffffffffffffff, 0x0) 6m0.70831394s ago: executing program 5 (id=10453): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) syz_usb_connect(0x3, 0x36, 0x0, 0x0) close(0x3) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00') socket$kcm(0x10, 0x2, 0x0) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xd) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) sendfile(r0, r1, 0x0, 0x2000fb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000300)=0x11) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x200000000000000) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 5m54.789582226s ago: executing program 5 (id=10463): syz_open_dev$sg(&(0x7f0000007700), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) socket$key(0xf, 0x3, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$can_j1939(0x1d, 0x2, 0x7) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) fcntl$dupfd(r0, 0x406, r0) socket$inet(0x2, 0x4000000000000001, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r2 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r3], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1}) 5m53.829655334s ago: executing program 5 (id=10471): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x48, &(0x7f0000001600), 0x4) connect$unix(r1, &(0x7f00000007c0)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_link_settings={0x4d, 0x20080, 0x3, 0xf, 0xd, 0xf6, 0x4, 0x10, 0x9d, 0x4, [0x1, 0x4, 0x1, 0x468, 0x80, 0x3, 0x9, 0x80]}}) syz_emit_vhci(0x0, 0xf8) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) pipe2(0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, 0x0, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x4, @local}, 0x10) connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) 5m52.080137202s ago: executing program 5 (id=10475): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x4d, 0x0, &(0x7f0000cab000)) close(r0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 5m49.866087659s ago: executing program 5 (id=10479): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd70100400000003"], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "7c80690ea8c8123e", "f92dafad9e3b473a1eaac151fe41ea97", "ee367a98", "74aff2072572aca8"}, 0x28) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000300)="fb", 0x1}], 0x1) r7 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r7, 0x47f6, 0x0, 0x2, 0x0, 0x0) 5m46.814627049s ago: executing program 5 (id=10484): socket$nl_route(0x10, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000)=0x5fd, 0x4) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = openat$incfs(0xffffffffffffff9c, 0x0, 0x400000, 0x110) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet(0x2, 0x800, 0x9) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, 0x0) mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x892031, &(0x7f0000000280)={'trans=unix,', {[{@directio}, {@access_client}, {@loose}], [{@pcr={'pcr', 0x3d, 0x14}}, {@subj_role={'subj_role', 0x3d, './cgroup.cpu/syz1\x00'}}, {@uid_eq}, {@appraise_type}, {@smackfsroot}, {@dont_hash}]}}) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000005880)={0x0, 0x0, &(0x7f0000005840)={&(0x7f0000000000)=@getsa={0x28, 0x12, 0x1, 0x70bd2b, 0x25dfdbfd, {@in6=@mcast1, 0x4d4, 0x2, 0xff}}, 0x28}, 0x1, 0x0, 0x0, 0x4001090}, 0x40080) syz_emit_ethernet(0x1046, 0x0, 0x0) setfsgid(0xee00) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000640)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f0000000401a800080008000c4004000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d93337568b26948fc700870ec38edc9761fdc", 0xd8}], 0x1}, 0x0) sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, 0x0, 0x40810) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) 5m30.554393469s ago: executing program 40 (id=10484): socket$nl_route(0x10, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000)=0x5fd, 0x4) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = openat$incfs(0xffffffffffffff9c, 0x0, 0x400000, 0x110) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet(0x2, 0x800, 0x9) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, 0x0) mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x892031, &(0x7f0000000280)={'trans=unix,', {[{@directio}, {@access_client}, {@loose}], [{@pcr={'pcr', 0x3d, 0x14}}, {@subj_role={'subj_role', 0x3d, './cgroup.cpu/syz1\x00'}}, {@uid_eq}, {@appraise_type}, {@smackfsroot}, {@dont_hash}]}}) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000005880)={0x0, 0x0, &(0x7f0000005840)={&(0x7f0000000000)=@getsa={0x28, 0x12, 0x1, 0x70bd2b, 0x25dfdbfd, {@in6=@mcast1, 0x4d4, 0x2, 0xff}}, 0x28}, 0x1, 0x0, 0x0, 0x4001090}, 0x40080) syz_emit_ethernet(0x1046, 0x0, 0x0) setfsgid(0xee00) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000640)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f0000000401a800080008000c4004000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d93337568b26948fc700870ec38edc9761fdc", 0xd8}], 0x1}, 0x0) sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, 0x0, 0x40810) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) 4m2.318793109s ago: executing program 2 (id=10741): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xe1956000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0xc0c40) ioctl$CEC_DQEVENT(r3, 0xc0506107, 0x0) ppoll(&(0x7f0000000040)=[{r3, 0x20}], 0x1, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r5, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r5, &(0x7f0000000540)="b8", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, &(0x7f0000000300), 0x8) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=']) r6 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r6, 0x0, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, &(0x7f0000000400)) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r7, 0xc018937e, &(0x7f00000019c0)={{0x1, 0x1, 0x1018}, './file1\x00'}) 4m0.158250639s ago: executing program 2 (id=10744): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_NAN(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x54, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xc}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xcd}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004004}, 0x40) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000080)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "b33883", 0x10, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_ra={0xc0}}}}}}, 0x0) ioctl$BLKRASET(0xffffffffffffffff, 0x1262, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, &(0x7f0000000380), &(0x7f00000003c0)=0xc) file_setattr(0xffffffffffffffff, 0x0, 0x0, 0x7f, 0x100) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) accept4(r2, 0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x38, r3, 0x1, 0x70bd25, 0x25dfdbfa, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x8}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0xfffffffe}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x40880) shutdown(r2, 0x1) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000280)=0xfffff908, 0x4) 3m55.697776918s ago: executing program 2 (id=10754): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x11e0, &(0x7f0000004400)=ANY=[]) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r1, 0x6, &(0x7f0000002000)={0x3, 0x2}) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000240), 0x280101, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r3, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0xff, 0x2, 0x9}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a) quotactl_fd$Q_SETQUOTA(r2, 0xffffffff80000802, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000180)) fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x2, 0x1, 0x8, 0x2}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004}, 0x4804) r6 = accept4(r0, 0x0, 0x0, 0x1c0000) sendmmsg$alg(r6, 0x0, 0x0, 0x40800) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) 3m53.169225396s ago: executing program 2 (id=10766): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0) close(r2) socket$kcm(0x10, 0x2, 0x10) ioctl$SIOCSIFHWADDR(r2, 0x8b0f, &(0x7f0000000000)={'virt_wifi0\x00', @random="a59b58aac764"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x80800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r7, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c00148008", @ANYRES64=r1], 0x34}, 0x1, 0x0, 0x0, 0x4048010}, 0x8000) r8 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r8, 0x4008941a, &(0x7f0000000040)=0x2) ioctl$TCSBRK(r8, 0x5409, 0x6) 3m51.627966482s ago: executing program 2 (id=10770): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_clone(0x22029400, &(0x7f0000000780)="aba8f03e1a", 0x5, &(0x7f0000000880), 0x0, 0x0) ptrace(0x10, r2) connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x34) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) sched_setattr(r3, &(0x7f0000000040)={0x38, 0x0, 0x10, 0xb85, 0x0, 0x80, 0xa, 0xf7, 0xdaff}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_subtree(r4, &(0x7f0000000200), 0x2, 0x0) rmdir(&(0x7f0000000240)='./cgroup/../file0\x00') r6 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r6, r5, 0x0, 0xa175) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, 0x0) r8 = bpf$MAP_CREATE(0x0, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff}) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000240), 0xa7c, r8}, 0x38) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) 3m38.252323238s ago: executing program 2 (id=10794): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') lseek(r2, 0x6, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80) acct(&(0x7f0000000180)='./file1\x00') acct(0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r8, r9, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x19, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ec0)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r10, {0x8, 0x4}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xd, 0x6}}, @TCA_BASIC_EMATCHES={0xc, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_BASIC_POLICE={0x24, 0x4, [@TCA_POLICE_RESULT={0x8, 0x5, 0x8}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x401}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x1}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) sendmsg$nl_route_sched(r3, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0) 3m19.204275473s ago: executing program 41 (id=10794): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') lseek(r2, 0x6, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80) acct(&(0x7f0000000180)='./file1\x00') acct(0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r8, r9, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x19, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ec0)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r10, {0x8, 0x4}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xd, 0x6}}, @TCA_BASIC_EMATCHES={0xc, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_BASIC_POLICE={0x24, 0x4, [@TCA_POLICE_RESULT={0x8, 0x5, 0x8}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x401}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x1}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) sendmsg$nl_route_sched(r3, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0) 1m7.759207136s ago: executing program 7 (id=11322): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000001280)={&(0x7f0000000180)={0xa, 0x4e22, 0x3, @local, 0x2a}, 0x1c, &(0x7f0000001200)=[{&(0x7f00000001c0)="1aa31df7b1144abc0721eae6ec95556625959188011617312db6d933598e11e951f8e307cc43c3708c439d22a0a2d454e53cf8630afcf11bbeeb8113a6bf182031c23412d506dec4063bd3802c7440cdc302e55fab7abab83b857b7dcc2f3902aada4897aeec435962bc2254895b7d9edccb945767d11bd87f33debf2f17595994881fd2b919f36b1d1d0e5b9d2517a26f0c41c25d43284debe6f2ec16a9535fea336b34b3d86266d529c0a7ecdaa2ec7b8cbc1541712fa2f220961f0ecce93408699c6bd6d770b07f0925c8efc918a125b384f5ded58ee842bb5095a3dfcfe71911763f5b87c1958d93c79117fe8020edaef7a27f7ea8e93b01cd24df0a38e1cae1c2ed01a5cbb1756bf4887a262850224fa0f1b16e93996d62c5aa51588b48be03860d41c78a37b4dee55916f245affccf2e1683be966311fe06e0a8ac432ad5a0510873d3e551f0897b2e8ec9b97c5ed14b26321b2ea470623f098e8eb1392fc1e1b3c5f9e8a8cc6905d4f6f0f9e16e9f803785de70c15e485aee3907513f58c2379adf978a8e67fd0da6b9a720e9c444fb16ba6a7ed474e05b5766a0e2a5ed9304a55734ed24f613450dbfb78001d3623df2693c1ae62796c788aa48b7e02a704676ae65109056a35630bdcfb8dc4e70a0cfa5534147d93a96a3549d12e10bf1a6e5e2786fd4d52eda9402feff86c88dae141ef2b03a1d5efad28a19a930f2153a34976209013fa726ab8bc65652d95e5ff87b4ac3797f73542c68568d200d1e35c933f92849063c200e286ae10b09258fcc3aa2179f8818040181ad5d65c9d5ac20fcf0660c7ca864b3beaf97a8792d488699f5d73d55514117eab38ad3207bc9fc3a7dd835c65a482b9ee3f4d6cfc04ae3c9dd2a155fa59d5e6308da4ada51a64d7a494ffd04fb6bfb900e5b377b50254197d1b3487ae911b465d1c752acf857d11d982f8410476088cba66da5a7d3f2b01f12ec29a97191113df9ba2bdb1cfaebdfac967ca249ea50e427e694acbec7ad48ca3d90c43462864817284c656d4359e998be5f65e89633c86c3f81ed4db304290ac55bbac81bf03d565deaba34c161ec80588663dd05e6ad2d0525bdaf2b7ba6c704fc22d5c6347774fa5fbb76ca35cfecfa4282a43b44f680f8b2d39213149ec2e26b0557d2c4eef851fb1d7f64eb54fc37a53350aa1b0001ce4a13c0782b9fa4d9a10d4acc44bdf691628a3b1b4a2b64a64da84adabb3e1303ad23c06c7a6bcd1745978b0599842a2bb3d956ce8bab5414dff345feb450a8b7d7190868290b10ac60fc0bdb13a7d33831d7cd5999157c22a4d2f5179f7d1f4e2523f71f8aec4b3da0e65051ef167de09c668986b8a907bbb892af45870136da28ca5b537fca4f6df4c5fd38235835673f56e359a745d259a58dd1da1c2d6901ed916084fdc4676d323fc03ffcd4aa112d15f2f20b38172fbb6e00d6daa7bd57314df7262a9e0767801c2b66b02e650d30950426dae1b7575aa078068404305148cf5b456f891134d47d184790e1086203a47a78f58c0e96b89adfebd5c2ee7e1988cb9383dd053654032d233534a932c1604ef50f8da9a6194833f6570a14486bc0ea339794eedd26c1fd774212cb3311cb5989a07493171d82b89a2d03663634d86922082dc3f49df8f7478061ae0d81acc629651a711d290861bf9ac33f7cb25f2053f28fedba78f5130d015308f26ea1edf45908c58103fa2e7cf0d20b54af5db06d5095d41d1b5e300da990db80b47a71a8cdc9194d72f031f9c832b36ce38f7c24f078f81bd38e9e8540eef4bbade5e932a196f3eb7d7aa0490ba34150b90008a2111e2440d92dff1113d362e8324d47e205d734840aca067b4ad7", 0x52d}], 0x1, &(0x7f0000000000)=[@dstopts_2292={{0x90, 0x29, 0x4, {0x67, 0xf, '\x00', [@calipso={0x7, 0x48, {0x3, 0x10, 0x34, 0x8001, [0x187f, 0x7fff, 0x4000000000000001, 0x0, 0x1, 0x2, 0xffffffffffffffff, 0x2]}}, @pad1, @padn={0x1, 0x2, [0x0, 0x0]}, @pad1, @hao={0xc9, 0x10, @mcast1}, @hao={0xc9, 0x10, @empty}]}}}], 0x90}, 0x800) 1m7.454503722s ago: executing program 7 (id=11326): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='update default'], 0x1d, 0xfffffffffffffffd) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 1m7.261386798s ago: executing program 7 (id=11329): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000740)=@ipv6_getaddr={0x20, 0x16, 0x1, 0x0, 0x0, {0xa, 0x0, 0xa8, 0xfe}, [@IFA_TARGET_NETNSID={0x8}]}, 0x20}}, 0x0) 1m7.046727366s ago: executing program 7 (id=11334): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000340)={0x14, 0x17, 0x1, 0xf0bd29, 0x25dfdbfc, {0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20044002) 1m6.836235017s ago: executing program 7 (id=11337): r0 = openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/smackfs/cipso\x00', 0x2, 0x0) read(r0, &(0x7f0000000040)=""/4096, 0x1000) 1m6.534515971s ago: executing program 7 (id=11340): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000002600010025bd7000f8dbdf2506"], 0x14}}, 0x20006004) 50.364153773s ago: executing program 42 (id=11340): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000002600010025bd7000f8dbdf2506"], 0x14}}, 0x20006004) 49.518884742s ago: executing program 4 (id=11563): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0xfffff63d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28649, 0xd009}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x4}, @IFLA_GRE_IKEY={0x8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40001}, 0x10) 49.052225735s ago: executing program 4 (id=11569): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000040)={0x8, @sdr={0x31303453, 0x7}}) 48.520372139s ago: executing program 4 (id=11573): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000000200000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000000, 0xfe7f, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 47.776716897s ago: executing program 4 (id=11580): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x48100) ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000080)={0x9, {0x36, 0x2, 0x402, 0xbb8f}, {0x9, 0x4, 0x8bb4d08f, 0xfdfd}, {0x802, 0x8}}) 47.438707894s ago: executing program 4 (id=11582): r0 = socket$kcm(0x22, 0x3, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x80044944, 0x0) 47.122075588s ago: executing program 4 (id=11586): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000032c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000e80)={0x14, 0x26, 0x1, 0x70bd25, 0x25dfdbff, {0x3}}, 0x14}, 0x1, 0xffffffff, 0x0, 0x1}, 0x0) 30.982779263s ago: executing program 43 (id=11586): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000032c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000e80)={0x14, 0x26, 0x1, 0x70bd25, 0x25dfdbff, {0x3}}, 0x14}, 0x1, 0xffffffff, 0x0, 0x1}, 0x0) 1.593638096s ago: executing program 0 (id=12010): r0 = syz_open_dev$vbi(&(0x7f0000000200), 0x1, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000080)={0xff7f, [0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80, 0x0, 0x400, 0x0, 0xc4, 0x0, 0x0, 0x638, 0x8, 0x0, 0x0, 0x0, 0x7, 0x2, 0x1, 0x0, 0x0, 0x4, 0xfffc, 0x0, 0x81, 0xefff, 0x0, 0xffff, 0x0, 0x1000, 0x6, 0x4], 0x5}) 1.416071842s ago: executing program 0 (id=12011): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="020300091c00000000000000000000001200080008040000d7884a389e967b9e894705b077c135fd1c4a37d5988b14f336aefd5769361ced9d4ae3916383fc275e11f5bed4ec3469dd878bea99114e2f6bc329d7acd8a89b2b2917fdeb71d607edd3d677414d4e22f99e072d04ea919734bc15cbfbbf5004f18378a4cc482d747ef47e91ccbd3d62000000000000000000000000000000ac6000000000000000030006000000000002004e20ac14140000000000000000000200010000000000ffffffff00000000030005000000000002"], 0xe0}, 0x1, 0x7}, 0x0) 1.399672382s ago: executing program 8 (id=12012): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f00000000c0)={0x2, @output={0x1000, 0x1, {0x3, 0x2}, 0x401, 0x8}}) 1.248496454s ago: executing program 1 (id=12015): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r0, 0xc0c0128e, &(0x7f0000000240)={0x4000000000002000, 0x2}) 1.155300457s ago: executing program 8 (id=12016): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400030064766d727009000000000000000000001800128008000100707070000c00028008000100"], 0x4c}}, 0x0) 1.098172524s ago: executing program 6 (id=12017): r0 = socket$inet(0x2, 0x3, 0x3) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) 1.098071174s ago: executing program 0 (id=12018): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r0, 0x6, 0x2b, 0xffffffffffffffff, 0x0) 1.097982817s ago: executing program 3 (id=12019): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)={0x18, 0x2d, 0xc05, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}]}, 0x18}], 0x1}, 0x0) 984.037205ms ago: executing program 1 (id=12020): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000380)={0x1, 0x48574653, 0x3, @discrete={0x4, 0x71}}) 970.875156ms ago: executing program 0 (id=12021): r0 = socket(0x2a, 0x2, 0x0) sendto$isdn(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x22, 0xe, 0x6, 0x81, 0x10}, 0x6) 962.185265ms ago: executing program 8 (id=12022): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021040100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000d80003"], 0x188}}, 0x0) 906.407196ms ago: executing program 3 (id=12023): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r0, 0x0, 0x23, 0x0, 0x0) 906.260436ms ago: executing program 6 (id=12024): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040), 0x4) 821.146883ms ago: executing program 1 (id=12025): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0xcb, 0x0, 0x58) 779.755249ms ago: executing program 0 (id=12026): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x3, 0x0, 0x7, 0x0}) 717.846247ms ago: executing program 3 (id=12027): r0 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) readv(r0, &(0x7f00000005c0)=[{&(0x7f00000002c0)=""/172, 0xac}, {0x0}], 0x2) 652.621944ms ago: executing program 6 (id=12028): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x1b02, 0x1a010}, [@IFLA_ADDRESS={0xa, 0x1, @broadcast}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x4}}}]}, 0x40}}, 0x28048084) 609.840146ms ago: executing program 8 (id=12029): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)="5c00000013006bec9e3be35c6e17aa31076b876c1d0000007ea60864160af3653c000cc004000202080003000300070007000200eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0000300000000000200ffffc6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 565.768034ms ago: executing program 1 (id=12030): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=@newlink={0x11c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4e310}, [@IFLA_MASTER={0x8}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_FD={0x8}, @IFLA_NET_NS_PID={0x8}, @IFLA_AF_SPEC={0xb8, 0x1a, 0x0, 0x1, [@AF_INET={0x58, 0x2, 0x0, 0x1, {0x54, 0x1, 0x0, 0x1, [{0x8, 0x1a, 0x0, 0x0, 0x3ff}, {0x8, 0x1e, 0x0, 0x0, 0x4}, {0x8, 0x1d, 0x0, 0x0, 0x401}, {0x8, 0xc, 0x0, 0x0, 0x6294}, {0x8, 0x8, 0x0, 0x0, 0x1}, {0x8, 0xd, 0x0, 0x0, 0x4}, {0xfffffffffffffdc6, 0xc, 0x0, 0x0, 0x7fff}, {0x8, 0xa}, {0x8, 0x3, 0x0, 0x0, 0x5}, {0x8, 0x1b, 0x0, 0x0, 0xd9}]}}, @AF_BRIDGE={0x4}, @AF_BRIDGE={0x4}, @AF_INET6={0x50, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x5}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast1}, @IFLA_INET6_TOKEN={0x14, 0x7, @local}, @IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x8}, @IFLA_INET6_ADDR_GEN_MODE={0x0, 0x8, 0x4}]}, @AF_BRIDGE={0x4}]}, @IFLA_CARRIER_CHANGES={0x8, 0x23, 0x5}, @IFLA_IFALIASn={0x4}, @IFLA_IFALIASn={0x4}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x2}]}, 0x11c}}, 0x0) 560.330985ms ago: executing program 0 (id=12031): socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$igmp6(0xa, 0x3, 0x2) pselect6(0x40, &(0x7f0000000080)={0x2, 0x4, 0x0, 0x7fffffff, 0x19a, 0x0, 0x100, 0x9}, 0x0, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socket$inet_sctp(0x2, 0x3, 0x84) socket$inet6_icmp(0xa, 0x2, 0x3a) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sysvipc/msg\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000002080)='net/dev_mcast\x00') r0 = socket$inet(0x2, 0xa, 0xb) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r0], 0x20) 537.602336ms ago: executing program 3 (id=12032): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x20, 0x1, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24008880}, 0x0) 451.349037ms ago: executing program 1 (id=12033): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x36}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000040)="f7edad00"/14, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 349.69827ms ago: executing program 8 (id=12034): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0xe403, 0x0, 0x10, 0x72200}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_PREFIXLEN={0x6, 0xd, 0xffff}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @private=0xa010101}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x80000) 341.836741ms ago: executing program 6 (id=12035): r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r0, 0x107, 0x18, 0x0, &(0x7f0000000200)) 254.161541ms ago: executing program 3 (id=12036): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002500)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000500000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6939fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a34b8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8f23e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae0000c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025e2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da09fe8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910a3193e90be231a05fd82e6003969c31082ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a3d19c158a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b884057aeb68f3d675a79907a72ace70902459f6950a06a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb511164f1502ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbd488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc816df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d044fa492aa38717481455e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c52be71d780c300000000000000000000000000000000000044ff72f96f084f4b6cdcb1b4a9d8e9f99f1b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded502cc08a485c804e4fd107a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b0d87a6ed800000000000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634e89aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3319f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f9863800f127d6b4518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c104fe52837a19dd6952fe2724c0105ab158a54a6a73000000000000000000"], &(0x7f0000000140)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="dd4b8d18989cc14532398c388345", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 188.462511ms ago: executing program 6 (id=12037): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="500000001000810500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000030001280080001007369740024000280050009000000000008000200e0000002060008000000000005000a"], 0x50}}, 0x4040802) 21.811105ms ago: executing program 3 (id=12038): futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000000080), 0x2) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 21.624015ms ago: executing program 1 (id=12039): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x10, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x87, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1000000}, {0x85, 0x0, 0x0, 0x86}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x8000000}}, [@jmp={0x5, 0x0, 0x3, 0x9, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x2a}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x7000000}}}, &(0x7f0000000140)='syzkaller\x00', 0x3, 0x1016, &(0x7f0000001880)=""/4118, 0x41000, 0xf}, 0x94) 14.356869ms ago: executing program 6 (id=12040): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 0s ago: executing program 8 (id=12041): r0 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x4020940d, &(0x7f00000000c0)={0x6, 'tunl0\x00', {0xc59}, 0xd}) kernel console output (not intermixed with test programs): xecutor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 942.770890][ T37] audit: type=1326 audit(1772416326.585:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26584 comm="syz.0.8590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 957.924880][T26713] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8631'. [ 976.171392][T26917] netlink: 'syz.4.8696': attribute type 2 has an invalid length. [ 977.089356][T26919] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 984.698634][ T5813] Bluetooth: hci5: command 0x0406 tx timeout [ 990.850993][T21535] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 992.340711][T21535] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 992.340746][T21535] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 992.340769][T21535] usb 5-1: Product: syz [ 992.340785][T21535] usb 5-1: Manufacturer: syz [ 992.340808][T21535] usb 5-1: SerialNumber: syz [ 993.192309][T21535] usb 5-1: config 0 descriptor?? [ 993.213955][T21535] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 993.377847][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.379978][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.489567][T21535] gspca_sunplus: reg_r err -71 [ 993.538001][T21535] usb 5-1: USB disconnect, device number 93 [ 996.156765][T27093] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 996.251328][T27093] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 998.058744][T27098] syz.4.8759 (27098): drop_caches: 2 [ 1006.672650][T27186] vlan2: entered promiscuous mode [ 1006.672678][T27186] team0: entered promiscuous mode [ 1006.672693][T27186] team_slave_0: entered promiscuous mode [ 1006.672912][T27186] team_slave_1: entered promiscuous mode [ 1006.673080][T27186] dummy0: entered promiscuous mode [ 1007.461996][T27190] netlink: 'syz.1.8790': attribute type 3 has an invalid length. [ 1007.462021][T27190] netlink: 3 bytes leftover after parsing attributes in process `syz.1.8790'. [ 1013.594208][T27239] 9pnet_virtio: no channels available for device syz [ 1013.722159][T27239] pim6reg99999999: entered allmulticast mode [ 1013.829636][T27246] trusted_key: encrypted_key: master key parameter '4rusted:Ì08' is invalid [ 1020.837195][T27302] binder: 27301:27302 ioctl c0306201 200000000540 returned -14 [ 1021.431200][ T37] audit: type=1326 audit(1772416405.265:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27322 comm="syz.9.8837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad2f3c799 code=0x7ffc0000 [ 1021.431262][ T37] audit: type=1326 audit(1772416405.265:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27322 comm="syz.9.8837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad2f3c799 code=0x7ffc0000 [ 1021.940823][T27337] netlink: 'syz.1.8841': attribute type 2 has an invalid length. [ 1024.002948][ T5181] usb 5-1: new full-speed USB device number 94 using dummy_hcd [ 1024.266006][ T5181] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1024.266038][ T5181] usb 5-1: config 0 has no interface number 0 [ 1024.266092][ T5181] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1024.266115][ T5181] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1024.279068][ T5181] usb 5-1: config 0 descriptor?? [ 1024.305469][ T5181] usb 5-1: selecting invalid altsetting 1 [ 1024.306957][ T5181] dvb_ttusb_budget: ttusb_init_controller: error [ 1024.306972][ T5181] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1025.700511][ T5181] DVB: Unable to find symbol cx22700_attach() [ 1026.816613][ T5181] DVB: Unable to find symbol tda10046_attach() [ 1026.816632][ T5181] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1028.011024][T23745] usb 5-1: USB disconnect, device number 94 [ 1028.189739][T27388] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8860'. [ 1028.216622][T27387] binder: 27384:27387 ioctl c0306201 0 returned -14 [ 1038.746575][T27493] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8896'. [ 1045.948574][T21535] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 1047.260495][T21535] usb 5-1: Using ep0 maxpacket: 32 [ 1047.295456][T21535] usb 5-1: New USB device found, idVendor=17cc, idProduct=1010, bcdDevice= 0.40 [ 1047.295478][T21535] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1047.295492][T21535] usb 5-1: Product: syz [ 1047.295502][T21535] usb 5-1: Manufacturer: syz [ 1047.295510][T21535] usb 5-1: SerialNumber: syz [ 1048.010739][T27586] tipc: Enabling of bearer rejected, failed to enable media [ 1049.214975][T21535] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 1049.231188][T21535] snd-usb-audio 5-1:1.1: probe with driver snd-usb-audio failed with error -71 [ 1049.245525][T21535] snd-usb-audio 5-1:1.2: probe with driver snd-usb-audio failed with error -71 [ 1049.254968][T21535] usb 5-1: USB disconnect, device number 95 [ 1050.457698][T27614] netlink: 'syz.0.8935': attribute type 1 has an invalid length. [ 1050.499923][T27614] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1051.855998][T27614] bond2: (slave ip6erspan0): making interface the new active one [ 1051.859630][T27614] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link [ 1056.163837][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1056.163921][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1061.131726][T27687] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8957'. [ 1061.478028][ T37] audit: type=1326 audit(1772416445.305:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1061.478372][ T37] audit: type=1326 audit(1772416445.305:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1062.641943][ T37] audit: type=1326 audit(1772416445.365:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1062.642003][ T37] audit: type=1326 audit(1772416446.475:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1062.642049][ T37] audit: type=1326 audit(1772416446.475:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1062.645818][ T37] audit: type=1326 audit(1772416446.475:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1062.660032][T27696] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8963'. [ 1062.660555][ T37] audit: type=1326 audit(1772416446.485:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1062.660615][ T37] audit: type=1326 audit(1772416446.485:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1062.660664][ T37] audit: type=1326 audit(1772416446.485:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1062.660714][ T37] audit: type=1326 audit(1772416446.485:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27695 comm="syz.1.8963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efddfe4c799 code=0x7ffc0000 [ 1062.803860][T27704] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1063.281439][T27716] netlink: 'syz.4.8971': attribute type 12 has an invalid length. [ 1063.281464][T27716] netlink: 'syz.4.8971': attribute type 29 has an invalid length. [ 1063.281480][T27716] netlink: 148 bytes leftover after parsing attributes in process `syz.4.8971'. [ 1065.743462][T27763] netlink: 'syz.4.8989': attribute type 12 has an invalid length. [ 1065.858315][T27772] tipc: Enabling of bearer rejected, failed to enable media [ 1090.349363][T27914] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1090.395344][T27914] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1090.432400][T27914] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1090.435171][T27914] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1090.439012][T27914] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1094.239054][T27912] chnl_net:caif_netlink_parms(): no params data found [ 1094.380401][T27914] Bluetooth: hci4: command tx timeout [ 1095.058859][T27912] bridge0: port 1(bridge_slave_0) entered blocking state [ 1095.068548][T27912] bridge0: port 1(bridge_slave_0) entered disabled state [ 1095.068913][T27912] bridge_slave_0: entered allmulticast mode [ 1095.102065][T27912] bridge_slave_0: entered promiscuous mode [ 1095.138247][T27912] bridge0: port 2(bridge_slave_1) entered blocking state [ 1095.208885][T27912] bridge0: port 2(bridge_slave_1) entered disabled state [ 1095.209090][T27912] bridge_slave_1: entered allmulticast mode [ 1095.212344][T27912] bridge_slave_1: entered promiscuous mode [ 1095.465196][T27912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1095.485471][T27912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1096.632561][T27914] Bluetooth: hci4: command tx timeout [ 1096.994662][T27912] team0: Port device team_slave_0 added [ 1097.036293][T27912] team0: Port device team_slave_1 added [ 1097.113732][T27912] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1097.113753][T27912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1097.113783][T27912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1097.116368][T27912] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1097.116386][T27912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1097.116418][T27912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1097.287559][T27912] hsr_slave_0: entered promiscuous mode [ 1097.289064][T27912] hsr_slave_1: entered promiscuous mode [ 1098.125994][T27983] random: crng reseeded on system resumption [ 1098.765924][T27914] Bluetooth: hci4: command tx timeout [ 1100.800074][T27914] Bluetooth: hci4: command tx timeout [ 1101.312720][T10685] libceph: connect (1)[c::]:6789 error -13 [ 1101.312957][T10685] libceph: mon0 (1)[c::]:6789 connect error [ 1101.366299][T28003] ceph: No mds server is up or the cluster is laggy [ 1106.800769][T28055] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 1111.134037][T28092] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1113.571590][T28103] orangefs_mount: mount request failed with -4 [ 1114.840809][T28121] random: crng reseeded on system resumption [ 1116.491098][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.491182][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.251107][T28154] random: crng reseeded on system resumption [ 1122.468532][T28210] Can't find ip_set type h [ 1123.427469][T28233] 9p: Bad value for 'wfdno' [ 1127.215748][T16950] wlan1: Trigger new scan to find an IBSS to join [ 1128.635102][T28326] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9161'. [ 1128.655823][T28326] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9161'. [ 1129.811263][T27912] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1130.037207][ T1848] vlan2: left promiscuous mode [ 1130.037224][ T1848] bridge_slave_0: left promiscuous mode [ 1130.037531][ T1848] bridge0: port 1(vlan2) entered disabled state [ 1132.304713][ T3519] wlan1: Trigger new scan to find an IBSS to join [ 1133.001485][ T1848] bond1 (unregistering): (slave erspan1): Releasing active interface [ 1133.001528][ T1848] erspan1 (unregistering): left promiscuous mode [ 1133.483769][ T1848] bond0 (unregistering): Released all slaves [ 1133.494842][ T1848] bond1 (unregistering): Released all slaves [ 1133.680581][T27912] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1133.736458][T27912] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1133.776463][T27912] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1133.881932][ T3597] wlan1: Creating new IBSS network, BSSID ee:4d:07:ca:32:3b [ 1135.689883][T27912] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1136.663402][T27912] 8021q: adding VLAN 0 to HW filter on device team0 [ 1136.685505][T16950] bridge0: port 1(bridge_slave_0) entered blocking state [ 1136.730028][T16950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1136.744402][T16950] bridge0: port 2(bridge_slave_1) entered blocking state [ 1136.744555][T16950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1140.019923][T28458] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9198'. [ 1140.039161][ T1848] hsr_slave_0: left promiscuous mode [ 1140.086224][ T1848] hsr_slave_1: left promiscuous mode [ 1140.800723][T13546] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1140.950377][T13546] usb 5-1: Using ep0 maxpacket: 16 [ 1140.952666][T13546] usb 5-1: config 0 has an invalid interface number: 216 but max is 0 [ 1140.952697][T13546] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1140.952718][T13546] usb 5-1: config 0 has no interface number 0 [ 1140.952767][T13546] usb 5-1: config 0 interface 216 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1140.955342][T13546] usb 5-1: New USB device found, idVendor=c877, idProduct=d477, bcdDevice=ca.74 [ 1140.955372][T13546] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1140.955394][T13546] usb 5-1: Product: syz [ 1140.955410][T13546] usb 5-1: Manufacturer: syz [ 1140.955425][T13546] usb 5-1: SerialNumber: syz [ 1141.059513][T13546] usb 5-1: config 0 descriptor?? [ 1141.291951][T13546] usb-storage 5-1:0.216: USB Mass Storage device detected [ 1141.578428][T13546] usb 5-1: USB disconnect, device number 96 [ 1143.000146][T28453] vlan2: entered promiscuous mode [ 1143.009528][T28453] vlan2: entered allmulticast mode [ 1143.009553][T28453] hsr_slave_1: entered allmulticast mode [ 1145.523658][T27912] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1146.463453][T28557] syz.4.9230 (28557): drop_caches: 2 [ 1150.970722][T28600] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9240'. [ 1152.037831][ T809] IPVS: starting estimator thread 0... [ 1152.161098][T28620] IPVS: using max 7 ests per chain, 16800 per kthread [ 1152.451898][ T5811] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1152.511038][ T5811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1152.541153][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1152.580823][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1152.659726][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1154.430362][T28660] tipc: Started in network mode [ 1154.430636][T28660] tipc: Node identity 7f000001, cluster identity 4711 [ 1154.489457][T28660] tipc: Enabled bearer , priority 10 [ 1155.010493][ T5811] Bluetooth: hci1: command tx timeout [ 1155.941417][ T809] tipc: Node number set to 2130706433 [ 1157.058181][ T5811] Bluetooth: hci1: command tx timeout [ 1159.298994][ T5811] Bluetooth: hci1: command tx timeout [ 1159.426168][T28721] syz.4.9277 (28721): drop_caches: 2 [ 1161.355408][ T5811] Bluetooth: hci1: command tx timeout [ 1162.951267][T28624] chnl_net:caif_netlink_parms(): no params data found [ 1164.307879][ T3597] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1166.583318][T28830] binder: 28818:28830 ioctl c0306201 2000000003c0 returned -14 [ 1166.584067][T28830] binder_alloc: 28818: binder_alloc_buf, no vma [ 1168.772731][T28856] syz.3.9316 (28856): drop_caches: 2 [ 1169.055591][T28624] bridge0: port 1(bridge_slave_0) entered blocking state [ 1169.078364][T28624] bridge0: port 1(bridge_slave_0) entered disabled state [ 1169.078566][T28624] bridge_slave_0: entered allmulticast mode [ 1169.080171][T28624] bridge_slave_0: entered promiscuous mode [ 1169.334432][T28624] bridge0: port 2(bridge_slave_1) entered blocking state [ 1169.334592][T28624] bridge0: port 2(bridge_slave_1) entered disabled state [ 1169.334859][T28624] bridge_slave_1: entered allmulticast mode [ 1169.435509][T28624] bridge_slave_1: entered promiscuous mode [ 1174.460127][T28624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1174.828871][T28624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1175.833429][T28902] random: crng reseeded on system resumption [ 1176.232449][T28914] netlink: 'syz.0.9332': attribute type 10 has an invalid length. [ 1176.688721][T28914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1176.786831][T28914] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1177.088980][T28624] team0: Port device team_slave_0 added [ 1178.534158][T28624] team0: Port device team_slave_1 added [ 1178.612791][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1178.612873][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.818164][ T3519] bridge_slave_1: left allmulticast mode [ 1178.818200][ T3519] bridge_slave_1: left promiscuous mode [ 1178.818480][ T3519] bridge0: port 2(bridge_slave_1) entered disabled state [ 1179.138082][ T3519] bridge_slave_0: left allmulticast mode [ 1179.138117][ T3519] bridge_slave_0: left promiscuous mode [ 1179.138551][ T3519] bridge0: port 1(bridge_slave_0) entered disabled state [ 1180.000894][T28944] netlink: set zone limit has 4 unknown bytes [ 1181.903565][ T5811] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 1181.912212][T27914] Bluetooth: hci5: hardware error 0x00 [ 1183.011736][ T3519] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1183.098450][ T3519] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1183.158775][ T3519] bond0 (unregistering): Released all slaves [ 1183.342651][T28917] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1184.026765][T27914] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1184.365547][T28925] bond3: (slave ip6gretap0): making interface the new active one [ 1184.366569][T28925] bond3: (slave ip6gretap0): Enslaving as an active interface with an up link [ 1184.816971][T28624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1184.816991][T28624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1184.817022][T28624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1185.841041][T28624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1185.841062][T28624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1185.841094][T28624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1189.621463][ T3519] hsr_slave_0: left promiscuous mode [ 1189.658993][ T3519] hsr_slave_1: left promiscuous mode [ 1189.660199][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1189.714103][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1191.411796][ T3519] team0 (unregistering): Port device team_slave_1 removed [ 1191.496362][ T3519] team0 (unregistering): Port device team_slave_0 removed [ 1191.912463][T28624] hsr_slave_0: entered promiscuous mode [ 1191.913928][T28624] hsr_slave_1: entered promiscuous mode [ 1193.126905][T29098] netlink: 'syz.9.9399': attribute type 3 has an invalid length. [ 1193.127286][T29098] netlink: 'syz.9.9399': attribute type 3 has an invalid length. [ 1199.566731][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1200.383431][T29174] team0: No ports can be present during mode change [ 1200.384246][T29174] netlink: 4 bytes leftover after parsing attributes in process `syz.9.9420'. [ 1200.815084][T29174] team0 (unregistering): Port device team_slave_0 removed [ 1201.591374][T29174] team0 (unregistering): Port device team_slave_1 removed [ 1209.487820][T28624] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1209.534583][T28624] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1209.612105][T28624] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1209.700189][T28624] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1209.809486][ T37] kauditd_printk_skb: 175 callbacks suppressed [ 1209.809509][ T37] audit: type=1326 audit(1772416593.635:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad2f3c799 code=0x7ffc0000 [ 1209.843468][ T37] audit: type=1326 audit(1772416593.635:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faad2f3c42b code=0x7ffc0000 [ 1209.843874][ T37] audit: type=1326 audit(1772416593.675:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faad2f3c42b code=0x7ffc0000 [ 1209.844163][ T37] audit: type=1326 audit(1772416593.675:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faad2f3c42b code=0x7ffc0000 [ 1209.844511][ T37] audit: type=1326 audit(1772416593.675:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faad2f3c42b code=0x7ffc0000 [ 1209.844794][ T37] audit: type=1326 audit(1772416593.675:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faad2f3c42b code=0x7ffc0000 [ 1209.845064][ T37] audit: type=1326 audit(1772416593.675:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faad2f3c42b code=0x7ffc0000 [ 1209.845345][ T37] audit: type=1326 audit(1772416593.675:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faad2f3c42b code=0x7ffc0000 [ 1209.845724][ T37] audit: type=1326 audit(1772416593.675:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faad2f3c42b code=0x7ffc0000 [ 1209.845994][ T37] audit: type=1326 audit(1772416593.675:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29255 comm="syz.9.9446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faad2f3c42b code=0x7ffc0000 [ 1212.149895][ T5811] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1212.251661][ T5811] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1212.259791][ T5811] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1212.284277][ T5811] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1212.285982][ T5811] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1214.474681][ T5811] Bluetooth: hci4: command tx timeout [ 1216.395243][T29339] netlink: 8 bytes leftover after parsing attributes in process `syz.9.9471'. [ 1216.395271][T29339] netlink: 4 bytes leftover after parsing attributes in process `syz.9.9471'. [ 1216.562192][ T5811] Bluetooth: hci4: command tx timeout [ 1218.518744][ T37] kauditd_printk_skb: 22 callbacks suppressed [ 1218.518765][ T37] audit: type=1804 audit(1772416602.345:880): pid=29383 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.9484" name="/newroot/1420/file1" dev="fuse" ino=1 res=1 errno=0 [ 1218.632626][ T5811] Bluetooth: hci4: command tx timeout [ 1218.676433][T29290] chnl_net:caif_netlink_parms(): no params data found [ 1220.328431][ T10] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 1220.610754][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 1220.613869][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1220.615439][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1220.615494][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 1220.618925][ T10] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 1220.618957][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1220.618978][ T10] usb 5-1: Product: syz [ 1220.618994][ T10] usb 5-1: Manufacturer: syz [ 1220.619010][ T10] usb 5-1: SerialNumber: syz [ 1220.767155][ T10] usb 5-1: config 0 descriptor?? [ 1220.786892][ T5811] Bluetooth: hci4: command tx timeout [ 1220.809820][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1220.945029][ T10] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1222.473493][T29425] udevd[29425]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1222.884910][T29290] bridge0: port 1(bridge_slave_0) entered blocking state [ 1222.885048][T29290] bridge0: port 1(bridge_slave_0) entered disabled state [ 1222.885420][T29290] bridge_slave_0: entered allmulticast mode [ 1222.892552][T29290] bridge_slave_0: entered promiscuous mode [ 1222.912190][T29290] bridge0: port 2(bridge_slave_1) entered blocking state [ 1222.912340][T29290] bridge0: port 2(bridge_slave_1) entered disabled state [ 1222.912627][T29290] bridge_slave_1: entered allmulticast mode [ 1222.918030][T29290] bridge_slave_1: entered promiscuous mode [ 1223.019793][T29290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1223.041430][T29290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1223.291978][T29444] team0 (unregistering): Port device team_slave_0 removed [ 1223.337407][T29444] team0 (unregistering): Port device team_slave_1 removed [ 1223.580653][T23745] usb 5-1: USB disconnect, device number 97 [ 1224.605009][T29290] team0: Port device team_slave_0 added [ 1224.712813][T29290] team0: Port device team_slave_1 added [ 1224.720821][T29462] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9511'. [ 1225.135147][T29290] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1225.135169][T29290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1225.135197][T29290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1225.138306][T29290] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1225.138324][T29290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1225.138352][T29290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1226.081578][ T1822] bridge_slave_1: left allmulticast mode [ 1226.081612][ T1822] bridge_slave_1: left promiscuous mode [ 1226.081913][ T1822] bridge0: port 2(bridge_slave_1) entered disabled state [ 1227.605464][ T1822] bridge_slave_0: left allmulticast mode [ 1227.605498][ T1822] bridge_slave_0: left promiscuous mode [ 1227.605818][ T1822] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.722792][ T1822] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1230.801337][ T1822] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1230.852431][ T1822] bond0 (unregistering): Released all slaves [ 1231.527982][T29290] hsr_slave_0: entered promiscuous mode [ 1232.083873][T29290] hsr_slave_1: entered promiscuous mode [ 1232.084983][T29290] debugfs: 'hsr0' already exists in 'hsr' [ 1232.085011][T29290] Cannot create hsr debugfs directory [ 1232.333134][T16938] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1234.015715][ T1822] hsr_slave_0: left promiscuous mode [ 1234.059889][ T1822] hsr_slave_1: left promiscuous mode [ 1234.061340][ T1822] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1237.162214][ T1822] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1238.233535][T29584] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9549'. [ 1239.037466][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.037517][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.267588][T29596] tipc: Failed to remove unknown binding: 66,0,0/0:2776960474/2776960476 [ 1239.267626][T29596] tipc: Failed to remove unknown binding: 66,0,0/0:2776960474/2776960475 [ 1239.271090][T29596] tipc: Failed to remove unknown binding: 66,0,0/0:2776960474/2776960476 [ 1239.271115][T29596] tipc: Failed to remove unknown binding: 66,0,0/0:2776960474/2776960475 [ 1239.935624][ T1822] team0 (unregistering): Port device team_slave_1 removed [ 1240.041241][ T1822] team0 (unregistering): Port device team_slave_0 removed [ 1242.905533][T29584] bridge_slave_1: left allmulticast mode [ 1242.905569][T29584] bridge_slave_1: left promiscuous mode [ 1242.906144][T29584] bridge0: port 2(bridge_slave_1) entered disabled state [ 1243.025207][T29584] bridge_slave_0: left allmulticast mode [ 1243.025243][T29584] bridge_slave_0: left promiscuous mode [ 1243.025578][T29584] bridge0: port 1(bridge_slave_0) entered disabled state [ 1245.468929][T29687] netlink: 'syz.0.9587': attribute type 4 has an invalid length. [ 1245.468969][T29687] netlink: 1601 bytes leftover after parsing attributes in process `syz.0.9587'. [ 1246.811020][T29689] netlink: 4 bytes leftover after parsing attributes in process `syz.9.9590'. [ 1247.832666][T29704] bond0: (slave batadv0): Releasing backup interface [ 1247.980308][T29713] netlink: 'syz.4.9597': attribute type 10 has an invalid length. [ 1249.211736][T29704] bond0: (slave bond_slave_0): Releasing backup interface [ 1249.290365][T29704] bond0: (slave bond_slave_1): Releasing backup interface [ 1249.348597][T29704] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1249.348627][T29704] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1249.402839][T29704] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1249.405393][T29713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1249.406642][T29713] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1262.158816][T29290] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1262.289463][T29290] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1262.367934][T29290] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1263.499086][T29290] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1265.985798][T29290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1266.047007][T29290] 8021q: adding VLAN 0 to HW filter on device team0 [ 1266.095981][ T3597] bridge0: port 1(bridge_slave_0) entered blocking state [ 1266.110455][ T3597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1266.133040][ T1822] bridge0: port 2(bridge_slave_1) entered blocking state [ 1266.139346][ T1822] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1267.832168][T16954] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1269.622693][T29290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1274.797187][T27914] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1274.861489][T27914] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1274.885272][T27914] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1274.918278][T27914] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1274.941981][T27914] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1277.070253][ T5811] Bluetooth: hci1: command tx timeout [ 1279.237635][ T5811] Bluetooth: hci1: command tx timeout [ 1281.100356][T29965] chnl_net:caif_netlink_parms(): no params data found [ 1281.268013][ T5811] Bluetooth: hci1: command tx timeout [ 1283.357845][ T5811] Bluetooth: hci1: command tx timeout [ 1288.539257][T29965] bridge0: port 1(bridge_slave_0) entered blocking state [ 1288.539394][T29965] bridge0: port 1(bridge_slave_0) entered disabled state [ 1288.539740][T29965] bridge_slave_0: entered allmulticast mode [ 1288.541526][T29965] bridge_slave_0: entered promiscuous mode [ 1288.548172][T29965] bridge0: port 2(bridge_slave_1) entered blocking state [ 1288.548324][T29965] bridge0: port 2(bridge_slave_1) entered disabled state [ 1288.548558][T29965] bridge_slave_1: entered allmulticast mode [ 1288.584370][T29965] bridge_slave_1: entered promiscuous mode [ 1289.826382][T29965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1291.038053][T29965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1291.537004][T23745] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 1291.687246][T23745] usb 5-1: Using ep0 maxpacket: 8 [ 1291.696089][T23745] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1291.696114][T23745] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1291.696129][T23745] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1291.696144][T23745] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1291.696171][T23745] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1291.696185][T23745] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1292.054661][T23745] usb 5-1: GET_CAPABILITIES returned 0 [ 1292.054780][T23745] usbtmc 5-1:16.0: can't read capabilities [ 1292.151471][T29965] team0: Port device team_slave_0 added [ 1292.155343][T29965] team0: Port device team_slave_1 added [ 1292.369433][T29965] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1292.369452][T29965] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1292.369478][T29965] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1292.371823][T29965] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1292.371839][T29965] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1292.371863][T29965] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1292.498415][T30123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1292.498987][T30123] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1292.563637][T30123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1292.564255][T30123] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1292.602838][T13545] usb 5-1: USB disconnect, device number 98 [ 1292.678754][T30147] netlink: 'syz.0.9714': attribute type 2 has an invalid length. [ 1293.035991][T29965] hsr_slave_0: entered promiscuous mode [ 1293.056115][T29965] hsr_slave_1: entered promiscuous mode [ 1296.952350][ T12] bridge_slave_1: left allmulticast mode [ 1296.952384][ T12] bridge_slave_1: left promiscuous mode [ 1296.952675][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1297.031640][ T12] bridge_slave_0: left allmulticast mode [ 1297.031675][ T12] bridge_slave_0: left promiscuous mode [ 1297.031993][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1299.003218][T30204] fuse: Bad value for 'group_id' [ 1299.003242][T30204] fuse: Bad value for 'group_id' [ 1300.621477][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.621566][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1301.111513][T11482] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1303.552176][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1303.637478][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1303.691304][ T12] bond0 (unregistering): Released all slaves [ 1303.875722][T30228] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1304.748737][ T12] hsr_slave_0: left promiscuous mode [ 1304.797538][ T12] hsr_slave_1: left promiscuous mode [ 1304.799029][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1304.883666][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1306.807568][ T10] libceph: connect (1)[c::]:6789 error -101 [ 1306.807798][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 1307.068858][ T10] libceph: connect (1)[c::]:6789 error -101 [ 1307.069090][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 1307.069673][T30285] ceph: No mds server is up or the cluster is laggy [ 1307.249645][T30297] overlayfs: failed to clone upperpath [ 1307.808975][ T10] libceph: connect (1)[c::]:6789 error -101 [ 1307.809108][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 1311.466999][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1311.581093][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1316.184548][T30365] Can't find ip_set type bitmap:ip [ 1322.345560][T13546] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 1322.497529][T13546] usb 5-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x24, changing to 0x4 [ 1322.497567][T13546] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1322.497590][T13546] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1322.503307][T13546] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1322.503352][T13546] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1322.503374][T13546] usb 5-1: Product: syz [ 1322.503389][T13546] usb 5-1: Manufacturer: syz [ 1322.503406][T13546] usb 5-1: SerialNumber: syz [ 1322.512967][T13546] usb 5-1: config 0 descriptor?? [ 1322.532661][T13546] usb 5-1: selecting invalid altsetting 0 [ 1324.277874][T30433] snd-usb-audio 5-1:0.0: Runtime PM usage count underflow! [ 1324.295181][T21535] usb 5-1: USB disconnect, device number 99 [ 1326.328608][T21535] usb 5-1: new full-speed USB device number 100 using dummy_hcd [ 1326.496025][T21535] usb 5-1: config 8 has an invalid interface number: 223 but max is 0 [ 1326.496058][T21535] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1326.496079][T21535] usb 5-1: config 8 has no interface number 0 [ 1326.496131][T21535] usb 5-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1326.501209][T21535] usb 5-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 1326.501244][T21535] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1326.501265][T21535] usb 5-1: Product: syz [ 1326.501282][T21535] usb 5-1: Manufacturer: syz [ 1326.501298][T21535] usb 5-1: SerialNumber: syz [ 1326.770726][T29965] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1326.857336][T29965] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1331.035084][T21535] usb 5-1: USB disconnect, device number 100 [ 1331.037865][T29965] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1331.149932][T29965] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1334.162707][T23770] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1334.318799][T27914] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1334.340792][T27914] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1334.343542][T27914] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1334.355976][T27914] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1334.356931][T27914] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1335.116596][T30530] netlink: 84 bytes leftover after parsing attributes in process `syz.4.9830'. [ 1335.164153][T30530] vlan0: entered promiscuous mode [ 1338.088578][T30541] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9833'. [ 1339.578430][T27914] Bluetooth: hci4: command tx timeout [ 1340.986475][ T5811] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1341.512973][ T5811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1342.110065][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1342.165563][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1342.166487][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1342.203681][ T5811] Bluetooth: hci4: command tx timeout [ 1342.611862][T30585] loop2: detected capacity change from 0 to 7 [ 1342.651183][T30440] Dev loop2: unable to read RDB block 7 [ 1342.651234][T30440] loop2: unable to read partition table [ 1342.651508][T30440] loop2: partition table beyond EOD, truncated [ 1342.766656][T30585] Dev loop2: unable to read RDB block 7 [ 1342.766709][T30585] loop2: unable to read partition table [ 1342.766962][T30585] loop2: partition table beyond EOD, truncated [ 1342.767002][T30585] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 1344.462245][ T5811] Bluetooth: hci4: command tx timeout [ 1344.469310][ T5811] Bluetooth: hci1: command tx timeout [ 1346.163659][T30628] bridge1: entered allmulticast mode [ 1346.624099][ T5811] Bluetooth: hci4: command tx timeout [ 1346.624141][ T5811] Bluetooth: hci1: command tx timeout [ 1346.855084][T30516] chnl_net:caif_netlink_parms(): no params data found [ 1348.959729][T27914] Bluetooth: hci1: command tx timeout [ 1350.042950][T30516] bridge0: port 1(bridge_slave_0) entered blocking state [ 1350.043115][T30516] bridge0: port 1(bridge_slave_0) entered disabled state [ 1350.043387][T30516] bridge_slave_0: entered allmulticast mode [ 1350.070640][T30516] bridge_slave_0: entered promiscuous mode [ 1350.095873][T30516] bridge0: port 2(bridge_slave_1) entered blocking state [ 1350.096096][T30516] bridge0: port 2(bridge_slave_1) entered disabled state [ 1350.096363][T30516] bridge_slave_1: entered allmulticast mode [ 1350.099446][T30516] bridge_slave_1: entered promiscuous mode [ 1350.317599][T30516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1350.348544][T30516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1351.782507][T27914] Bluetooth: hci1: command tx timeout [ 1352.201780][T30516] team0: Port device team_slave_0 added [ 1352.219542][T30712] fuse: Unknown parameter 'group_i00000000000000000000' [ 1352.300091][T30516] team0: Port device team_slave_1 added [ 1353.883574][T30516] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1353.883595][T30516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1353.883625][T30516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1354.068573][T30516] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1354.068593][T30516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1354.068623][T30516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1354.293885][T30564] chnl_net:caif_netlink_parms(): no params data found [ 1354.337529][T30735] fuse: Unknown parameter 'group_i00000000000000000000' [ 1354.454238][T16950] bridge_slave_1: left allmulticast mode [ 1354.454271][T16950] bridge_slave_1: left promiscuous mode [ 1354.454550][T16950] bridge0: port 2(bridge_slave_1) entered disabled state [ 1354.552242][T16950] bridge_slave_0: left allmulticast mode [ 1354.552277][T16950] bridge_slave_0: left promiscuous mode [ 1354.552575][T16950] bridge0: port 1(bridge_slave_0) entered disabled state [ 1356.424161][T16950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1356.525865][T16950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1356.601898][T16950] bond0 (unregistering): Released all slaves [ 1356.881403][T30516] hsr_slave_0: entered promiscuous mode [ 1356.886502][T30516] hsr_slave_1: entered promiscuous mode [ 1356.889831][T30516] debugfs: 'hsr0' already exists in 'hsr' [ 1356.889862][T30516] Cannot create hsr debugfs directory [ 1357.434762][T30778] random: crng reseeded on system resumption [ 1357.643415][T16950] hsr_slave_0: left promiscuous mode [ 1357.687103][T16950] hsr_slave_1: left promiscuous mode [ 1357.688814][T16950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1357.725491][T16950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1358.677072][T16950] team0 (unregistering): Port device team_slave_1 removed [ 1358.809061][T16950] team0 (unregistering): Port device team_slave_0 removed [ 1359.156658][T30564] bridge0: port 1(bridge_slave_0) entered blocking state [ 1359.156814][T30564] bridge0: port 1(bridge_slave_0) entered disabled state [ 1359.157080][T30564] bridge_slave_0: entered allmulticast mode [ 1359.213587][T30564] bridge_slave_0: entered promiscuous mode [ 1359.353370][T30564] bridge0: port 2(bridge_slave_1) entered blocking state [ 1359.353496][T30564] bridge0: port 2(bridge_slave_1) entered disabled state [ 1359.353692][T30564] bridge_slave_1: entered allmulticast mode [ 1359.355895][T30564] bridge_slave_1: entered promiscuous mode [ 1360.847032][T30814] fuse: Unknown parameter 'group_id00000000000000000000' [ 1360.882833][T30564] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1360.906039][T30564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1361.248083][T30564] team0: Port device team_slave_0 added [ 1361.261161][T30564] team0: Port device team_slave_1 added [ 1361.887385][T30564] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1361.887405][T30564] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1361.887431][T30564] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1361.889780][T30564] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1361.889796][T30564] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1361.889820][T30564] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1361.968617][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.968695][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.898154][T30564] hsr_slave_0: entered promiscuous mode [ 1362.899801][T30564] hsr_slave_1: entered promiscuous mode [ 1365.163154][T30886] random: crng reseeded on system resumption [ 1370.184448][T30516] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1370.345676][T30516] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1370.652940][T20438] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1370.763124][ T37] audit: type=1326 audit(1772417607.321:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1370.763809][ T37] audit: type=1326 audit(1772417607.321:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1370.764099][ T37] audit: type=1326 audit(1772417607.331:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1370.764492][ T37] audit: type=1326 audit(1772417607.341:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1370.764773][ T37] audit: type=1326 audit(1772417607.351:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1370.765097][ T37] audit: type=1326 audit(1772417607.361:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1370.765421][ T37] audit: type=1326 audit(1772417607.361:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1370.765804][ T37] audit: type=1326 audit(1772417607.371:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1370.766080][ T37] audit: type=1326 audit(1772417607.371:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1370.766352][ T37] audit: type=1326 audit(1772417607.381:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30942 comm="syz.4.9969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1371.501248][T30516] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1371.758084][T30958] syz.4.9974 (30958): drop_caches: 2 [ 1374.636707][T30516] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1376.968411][T30516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1377.152704][T30564] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1377.217526][T30564] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1377.400012][T30516] 8021q: adding VLAN 0 to HW filter on device team0 [ 1377.423079][T30564] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1378.663686][T30564] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1378.755845][T23770] bridge0: port 1(bridge_slave_0) entered blocking state [ 1378.756002][T23770] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1378.864685][T23770] bridge0: port 2(bridge_slave_1) entered blocking state [ 1378.869788][T23770] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1379.754066][T30564] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1379.905907][T30564] 8021q: adding VLAN 0 to HW filter on device team0 [ 1379.959087][T16935] bridge0: port 1(bridge_slave_0) entered blocking state [ 1379.959332][T16935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1380.136257][T16935] bridge0: port 2(bridge_slave_1) entered blocking state [ 1380.136349][T16935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1381.029067][T30516] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1382.549536][T30564] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1382.881312][T30564] veth0_vlan: entered promiscuous mode [ 1382.908276][T30564] veth1_vlan: entered promiscuous mode [ 1383.035699][T30564] veth0_macvtap: entered promiscuous mode [ 1383.111933][T31118] random: crng reseeded on system resumption [ 1383.165151][T30564] veth1_macvtap: entered promiscuous mode [ 1383.292997][T30564] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1383.368062][T30564] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1383.379461][T30516] veth0_vlan: entered promiscuous mode [ 1383.418539][T30516] veth1_vlan: entered promiscuous mode [ 1383.633535][T20438] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1383.654628][T20438] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1383.657182][T16950] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1383.657582][T16950] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.117713][T30516] veth0_macvtap: entered promiscuous mode [ 1384.205399][T30516] veth1_macvtap: entered promiscuous mode [ 1384.335414][T16950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1384.335439][T16950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1384.763217][T30516] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1386.826649][T30516] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1387.066691][T23770] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1387.066716][T23770] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1387.337357][ T43] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1387.344615][ T43] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1387.370701][ T43] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1387.420198][ T43] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1389.791705][T20438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1389.791743][T20438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1390.336092][T23770] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1390.336114][T23770] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1393.930953][T31238] random: crng reseeded on system resumption [ 1404.833526][T16945] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1407.945816][T31368] random: crng reseeded on system resumption [ 1408.595405][T31381] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1416.322232][T31470] netlink: 'syz.5.10114': attribute type 11 has an invalid length. [ 1417.222865][T31470] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 1417.366753][T31473] 9p: Bad value for 'rfdno' [ 1417.841187][T31486] fuse: Bad value for 'rootmode' [ 1419.696469][T31498] syz.4.10121 (31498): drop_caches: 2 [ 1424.241704][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1424.241793][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1425.708899][ T12] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1432.106838][ T12] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1432.216236][T31585] batadv_slave_0: entered promiscuous mode [ 1433.602893][ T12] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1435.845851][T31633] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10161'. [ 1435.845885][T31633] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10161'. [ 1437.249832][ T12] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1437.738005][T16938] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1439.522506][T31658] random: crng reseeded on system resumption [ 1439.539758][ T10] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1439.980106][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 1440.638555][ T10] usb 3-1: device descriptor read/all, error -71 [ 1441.755680][T31690] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10170'. [ 1443.149299][ T12] bridge_slave_1: left allmulticast mode [ 1443.149337][ T12] bridge_slave_1: left promiscuous mode [ 1443.149654][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1443.358729][ T12] bridge_slave_0: left allmulticast mode [ 1443.358753][ T12] bridge_slave_0: left promiscuous mode [ 1443.358945][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1443.860216][T31722] random: crng reseeded on system resumption [ 1447.217101][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1447.335483][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1447.388888][ T12] bond0 (unregistering): Released all slaves [ 1447.831501][ T12] tipc: Disabling bearer [ 1447.831639][ T12] tipc: Left network mode [ 1447.879427][T31738] JFS: charset not found [ 1448.202954][T31764] Bluetooth: MGMT ver 1.23 [ 1448.202984][T31764] Bluetooth: hci0: invalid length 0, exp 2 for type 19 [ 1448.504253][T31777] dlm: non-version read from control device 0 [ 1449.663921][ T10] IPVS: starting estimator thread 0... [ 1449.684621][ T37] kauditd_printk_skb: 7 callbacks suppressed [ 1449.684640][ T37] audit: type=1804 audit(1772417684.425:898): pid=31787 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.10202" name="file0" dev="tmpfs" ino=2626 res=1 errno=0 [ 1449.827538][T31796] IPVS: using max 8 ests per chain, 19200 per kthread [ 1457.425529][ T12] hsr_slave_0: left promiscuous mode [ 1457.761274][ T12] hsr_slave_1: left promiscuous mode [ 1457.944432][ T12] veth1_macvtap: left promiscuous mode [ 1457.944548][ T12] veth0_macvtap: left promiscuous mode [ 1457.944837][ T12] veth1_vlan: left promiscuous mode [ 1457.945075][ T12] veth0_vlan: left promiscuous mode [ 1460.483471][ T12] pim6reg99999999 (unregistering): left allmulticast mode [ 1460.892686][T31889] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1464.213688][T31911] Bluetooth: hci4: command 0x0406 tx timeout [ 1464.695377][T31931] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1464.695397][T31931] IPv6: NLM_F_CREATE should be set when creating new route [ 1464.695469][T31931] IPv6: NLM_F_CREATE should be set when creating new route [ 1464.695507][T31931] IPv6: NLM_F_CREATE should be set when creating new route [ 1464.695884][T31931] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1465.063833][T31884] ip6erspan1: entered allmulticast mode [ 1467.343275][T31962] netlink: 32 bytes leftover after parsing attributes in process `syz.5.10259'. [ 1467.774885][T31966] tipc: New replicast peer: 255.255.255.255 [ 1467.776332][T31966] tipc: Enabled bearer , priority 10 [ 1468.340195][T10685] usb 5-1: new low-speed USB device number 101 using dummy_hcd [ 1468.480217][T10685] usb 5-1: device descriptor read/64, error -71 [ 1468.767835][T10685] usb 5-1: new low-speed USB device number 102 using dummy_hcd [ 1468.981659][T31495] tipc: Node number set to 4227923969 [ 1469.013681][T10685] usb 5-1: device descriptor read/64, error -71 [ 1469.132063][T10685] usb usb5-port1: attempt power cycle [ 1469.496528][T10685] usb 5-1: new low-speed USB device number 103 using dummy_hcd [ 1469.526869][T10685] usb 5-1: device descriptor read/8, error -71 [ 1470.948657][T31911] Bluetooth: hci1: command 0x0406 tx timeout [ 1471.043767][T10685] usb 5-1: new low-speed USB device number 104 using dummy_hcd [ 1471.116147][T10685] usb 5-1: device descriptor read/8, error -71 [ 1471.227102][T10685] usb usb5-port1: unable to enumerate USB device [ 1472.428117][ T12] IPVS: stop unused estimator thread 0... [ 1474.146222][T16945] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1489.257142][T31495] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 1489.365515][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1489.365602][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1489.743143][T32200] input: syz1 as /devices/virtual/input/input59 [ 1490.011140][T31495] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1490.011172][T31495] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1490.011227][T31495] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1490.021903][T31495] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1490.021939][T31495] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1490.021961][T31495] usb 3-1: Product: syz [ 1490.021975][T31495] usb 3-1: Manufacturer: syz [ 1490.021989][T31495] usb 3-1: SerialNumber: syz [ 1490.215617][T31495] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 1490.215905][T31495] cdc_ncm 3-1:1.0: bind() failure [ 1494.510502][T29855] usb 3-1: USB disconnect, device number 45 [ 1504.995578][T32319] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1504.995596][T32319] UDF-fs: Scanning with blocksize 512 failed [ 1504.996859][T32319] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1504.996873][T32319] UDF-fs: Scanning with blocksize 1024 failed [ 1504.997116][T32319] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1504.997127][T32319] UDF-fs: Scanning with blocksize 2048 failed [ 1504.997308][T32319] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1504.997318][T32319] UDF-fs: Scanning with blocksize 4096 failed [ 1510.875544][T32365] netlink: 'syz.0.10366': attribute type 21 has an invalid length. [ 1523.793392][ T37] audit: type=1326 audit(1772417753.831:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1523.793451][ T37] audit: type=1326 audit(1772417753.831:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1523.797022][ T37] audit: type=1326 audit(1772417753.831:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1523.797059][ T37] audit: type=1326 audit(1772417753.831:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1523.797256][ T37] audit: type=1326 audit(1772417753.831:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1523.799309][ T37] audit: type=1326 audit(1772417753.831:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1523.799343][ T37] audit: type=1326 audit(1772417753.831:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1523.800769][ T37] audit: type=1326 audit(1772417753.831:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f60610fe007 code=0x7ffc0000 [ 1523.800821][ T37] audit: type=1326 audit(1772417753.831:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1523.800851][ T37] audit: type=1326 audit(1772417753.831:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32481 comm="syz.0.10397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1531.575794][T32550] fuse: Unknown parameter 'fd0x0000000000000003' [ 1537.593490][T27914] Bluetooth: hci4: unexpected event for opcode 0x0c20 [ 1545.608339][T32661] can0: slcan on pty30. [ 1549.953588][T32649] can0 (unregistered): slcan off pty30. [ 1552.774714][T29855] usb 3-1: new full-speed USB device number 46 using dummy_hcd [ 1552.852142][ T809] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1553.108397][T29855] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1553.108420][T29855] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1553.108434][T29855] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1553.108460][T29855] usb 3-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 1553.108474][T29855] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1553.117632][T29855] usb 3-1: config 0 descriptor?? [ 1553.231960][T32741] netlink: 16 bytes leftover after parsing attributes in process `syz.5.10475'. [ 1553.945300][ T809] usb 5-1: device descriptor read/64, error -71 [ 1554.302978][ T809] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 1554.390102][T32743] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10469'. [ 1554.534958][ T809] usb 5-1: device descriptor read/64, error -71 [ 1554.906579][ T809] usb usb5-port1: attempt power cycle [ 1555.021089][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.021117][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.021135][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.021151][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.021167][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.021183][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.021210][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.021226][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.021242][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.021259][T29855] hid-multitouch 0003:0457:07DA.0033: unknown main item tag 0x0 [ 1555.034760][T29855] hid-multitouch 0003:0457:07DA.0033: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.2-1/input0 [ 1555.056138][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1555.056231][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1556.142112][ T809] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 1556.307286][T29855] usb 3-1: USB disconnect, device number 46 [ 1556.366594][ T809] usb 5-1: device not accepting address 107, error -71 [ 1556.447784][T32750] fido_id[32750]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1556.541699][T32761] netlink: 32 bytes leftover after parsing attributes in process `syz.5.10479'. [ 1566.779427][T29855] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 1567.140445][T29855] usb 5-1: Using ep0 maxpacket: 8 [ 1567.776713][T29855] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1567.778667][T29855] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1567.778693][T29855] usb 5-1: config 0 has no interfaces? [ 1567.785290][T29855] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 1567.785323][T29855] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 1567.785346][T29855] usb 5-1: Manufacturer: syz [ 1567.785362][T29855] usb 5-1: SerialNumber: syz [ 1568.044374][T29855] usb 5-1: config 0 descriptor?? [ 1572.424748][ T10] usb 5-1: USB disconnect, device number 109 [ 1576.758165][T31911] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1576.796559][T31911] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1576.826166][T31911] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1577.932924][T31911] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1577.941567][T31911] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1579.367595][ T403] chnl_net:caif_netlink_parms(): no params data found [ 1580.365549][T27914] Bluetooth: hci5: command tx timeout [ 1581.775332][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 1581.789605][ T403] bridge0: port 1(bridge_slave_0) entered disabled state [ 1581.789904][ T403] bridge_slave_0: entered allmulticast mode [ 1581.842988][ T403] bridge_slave_0: entered promiscuous mode [ 1581.861919][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 1581.878133][ T403] bridge0: port 2(bridge_slave_1) entered disabled state [ 1581.878420][ T403] bridge_slave_1: entered allmulticast mode [ 1581.910690][ T403] bridge_slave_1: entered promiscuous mode [ 1583.307383][T27914] Bluetooth: hci5: command tx timeout [ 1583.489585][ T403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1583.494436][ T403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1583.679521][ T403] team0: Port device team_slave_0 added [ 1583.692898][ T403] team0: Port device team_slave_1 added [ 1583.785719][ T403] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1583.785733][ T403] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1583.785749][ T403] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1583.787365][ T403] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1583.787382][ T403] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1583.787410][ T403] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1583.981777][ T403] hsr_slave_0: entered promiscuous mode [ 1583.982641][ T403] hsr_slave_1: entered promiscuous mode [ 1583.983453][ T403] debugfs: 'hsr0' already exists in 'hsr' [ 1583.983491][ T403] Cannot create hsr debugfs directory [ 1585.535800][T27914] Bluetooth: hci5: command tx timeout [ 1587.712632][T27914] Bluetooth: hci5: command tx timeout [ 1596.368364][ T403] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1596.505156][ T403] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1596.647145][ T403] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1598.341163][ T403] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1598.841789][ T403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1599.194535][ T403] 8021q: adding VLAN 0 to HW filter on device team0 [ 1600.178652][T16929] bridge0: port 1(bridge_slave_0) entered blocking state [ 1600.184675][T16929] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1600.263822][T11482] bridge0: port 2(bridge_slave_1) entered blocking state [ 1600.263973][T11482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1600.477853][ T640] random: crng reseeded on system resumption [ 1600.618210][ T638] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 1600.618230][ T638] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1600.758051][ T638] vhci_hcd vhci_hcd.0: Device attached [ 1600.915575][ T639] vhci_hcd: connection closed [ 1600.943302][T11482] vhci_hcd vhci_hcd.4: stop threads [ 1600.943330][T11482] vhci_hcd vhci_hcd.4: release socket [ 1600.945570][T11482] vhci_hcd vhci_hcd.4: disconnect device [ 1603.483369][ T403] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1605.981718][ T10] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1606.163854][ T10] usb 3-1: device descriptor read/64, error -71 [ 1606.667879][ T10] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1607.671034][ T10] usb 3-1: device descriptor read/64, error -71 [ 1607.799966][ T10] usb usb3-port1: attempt power cycle [ 1607.923211][ T403] veth0_vlan: entered promiscuous mode [ 1607.995672][ T403] veth1_vlan: entered promiscuous mode [ 1608.141751][ T403] veth0_macvtap: entered promiscuous mode [ 1608.148462][ T403] veth1_macvtap: entered promiscuous mode [ 1608.170757][ T10] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1608.198421][ T10] usb 3-1: device descriptor read/8, error -71 [ 1608.214319][ T403] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1608.254326][ T403] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1608.289943][T32207] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1608.307223][T32207] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1608.310555][T32207] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1608.320111][T32207] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1608.539571][ T10] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1608.561110][ T10] usb 3-1: device descriptor read/8, error -71 [ 1608.913218][ T10] usb usb3-port1: unable to enumerate USB device [ 1612.118199][T16945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1612.118223][T16945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1612.426900][T32206] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1612.426925][T32206] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1612.770307][T10685] usb 3-1: new full-speed USB device number 51 using dummy_hcd [ 1612.932924][T10685] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1612.932965][T10685] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1612.933007][T10685] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 1612.933033][T10685] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1613.132119][T10685] usb 3-1: config 0 descriptor?? [ 1613.621080][T10685] isku 0003:1E7D:319C.0034: item fetching failed at offset 6/7 [ 1613.621988][T10685] isku 0003:1E7D:319C.0034: parse failed [ 1613.622063][T10685] isku 0003:1E7D:319C.0034: probe with driver isku failed with error -22 [ 1613.877751][T31495] usb 3-1: USB disconnect, device number 51 [ 1615.999130][T31495] IPVS: starting estimator thread 0... [ 1616.993124][ T829] IPVS: using max 7 ests per chain, 16800 per kthread [ 1621.392718][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1621.392804][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1623.685693][ T10] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 1623.865889][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1623.866019][ T10] usb 5-1: New USB device found, idVendor=0b0e, idProduct=ffff, bcdDevice= 0.00 [ 1623.866048][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1624.465435][ T10] usb 5-1: config 0 descriptor?? [ 1624.968000][ T10] usb 5-1: string descriptor 0 read error: -71 [ 1624.973357][ T10] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1625.001288][ T900] syz.4.10653(900): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1625.077148][ T10] usb 5-1: USB disconnect, device number 110 [ 1633.265445][ T991] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 1648.777108][ T1148] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10713'. [ 1657.729438][ T1225] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 1666.879759][T31625] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1667.034460][ T1309] netlink: 44 bytes leftover after parsing attributes in process `syz.0.10748'. [ 1670.451307][ T12] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 1671.134531][T31625] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1671.917577][T31625] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1672.200999][ T1374] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1672.643797][T31911] Bluetooth: hci4: command 0x1003 tx timeout [ 1672.679834][T27914] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1673.517542][ T1381] ptrace attach of ""[1383] was attempted by "./syz-executor exec"[1381] [ 1674.875820][T31625] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1676.537966][ T809] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 1676.773236][ T809] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1676.773298][ T809] usb 5-1: New USB device found, idVendor=056a, idProduct=0309, bcdDevice= 0.00 [ 1676.773331][ T809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1676.835247][ T809] usb 5-1: config 0 descriptor?? [ 1676.858037][ T809] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1678.850911][T31625] bridge_slave_1: left allmulticast mode [ 1678.850945][T31625] bridge_slave_1: left promiscuous mode [ 1678.851244][T31625] bridge0: port 2(bridge_slave_1) entered disabled state [ 1678.980106][T31625] bridge_slave_0: left allmulticast mode [ 1678.980141][T31625] bridge_slave_0: left promiscuous mode [ 1678.980520][T31625] bridge0: port 1(bridge_slave_0) entered disabled state [ 1679.954312][ T809] usb 5-1: USB disconnect, device number 111 [ 1680.485835][ T809] usb 5-1: new full-speed USB device number 112 using dummy_hcd [ 1682.250314][ T1446] Unsupported ieee802154 address type: 0 [ 1683.606298][ T809] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1683.606347][ T809] usb 5-1: can't read configurations, error -71 [ 1686.466413][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1686.466500][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1687.166301][ T1474] netlink: 24 bytes leftover after parsing attributes in process `syz.4.10797'. [ 1688.356169][T31625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1688.612123][T31625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1688.641844][T13545] Process accounting resumed [ 1689.386988][T31625] bond0 (unregistering): Released all slaves [ 1689.973394][ T1494] Unsupported ieee802154 address type: 0 [ 1690.325586][ T1496] netlink: get zone limit has 4 unknown bytes [ 1696.396948][ T1520] overlayfs: failed to clone upperpath [ 1702.256909][ T1563] netlink: 'syz.3.10820': attribute type 1 has an invalid length. [ 1707.410721][T27914] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1707.435108][T27914] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1707.437349][T27914] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1707.438653][T27914] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1707.440232][T27914] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1708.955827][T31625] hsr_slave_0: left promiscuous mode [ 1709.018300][T31625] hsr_slave_1: left promiscuous mode [ 1709.019685][T31625] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1709.019714][T31625] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1709.252111][T31625] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1709.252142][T31625] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1709.678304][T27914] Bluetooth: hci4: command tx timeout [ 1710.349148][T31625] veth1_macvtap: left promiscuous mode [ 1710.349275][T31625] veth0_macvtap: left promiscuous mode [ 1710.349568][T31625] veth1_vlan: left promiscuous mode [ 1710.353250][T31625] veth0_vlan: left promiscuous mode [ 1711.917883][T27914] Bluetooth: hci4: command tx timeout [ 1714.021907][T31625] team0 (unregistering): Port device team_slave_1 removed [ 1714.086060][T31625] team0 (unregistering): Port device team_slave_0 removed [ 1714.302020][T27914] Bluetooth: hci4: command tx timeout [ 1716.812831][T27914] Bluetooth: hci4: command tx timeout [ 1724.809150][ T1582] chnl_net:caif_netlink_parms(): no params data found [ 1725.402066][ T1582] bridge0: port 1(bridge_slave_0) entered blocking state [ 1725.402212][ T1582] bridge0: port 1(bridge_slave_0) entered disabled state [ 1725.402488][ T1582] bridge_slave_0: entered allmulticast mode [ 1725.405638][ T1582] bridge_slave_0: entered promiscuous mode [ 1725.431187][ T1582] bridge0: port 2(bridge_slave_1) entered blocking state [ 1725.439032][ T1582] bridge0: port 2(bridge_slave_1) entered disabled state [ 1725.439306][ T1582] bridge_slave_1: entered allmulticast mode [ 1725.457095][ T1582] bridge_slave_1: entered promiscuous mode [ 1725.776071][ T1582] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1725.794719][ T1582] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1726.098019][ T1582] team0: Port device team_slave_0 added [ 1726.134205][ T1582] team0: Port device team_slave_1 added [ 1726.396954][ T1582] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1726.396975][ T1582] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1726.397007][ T1582] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1726.542685][ T1582] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1726.542705][ T1582] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1726.542737][ T1582] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1726.731052][ T1746] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10866'. [ 1726.905365][ T1748] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0 [ 1726.905386][ T1748] PKCS7: Only support pkcs7_signedData type [ 1727.597364][ T1582] hsr_slave_0: entered promiscuous mode [ 1727.606212][ T1582] hsr_slave_1: entered promiscuous mode [ 1727.610705][ T1582] debugfs: 'hsr0' already exists in 'hsr' [ 1727.610734][ T1582] Cannot create hsr debugfs directory [ 1729.562297][T31625] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1733.512237][T31625] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1737.768492][T31625] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1740.863712][T31625] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1742.007325][ T1871] syz.4.10908 (1871): drop_caches: 2 [ 1746.089745][ T1900] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 1746.089792][ T1900] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 1746.089813][ T1900] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1747.231403][ T1928] netlink: 20 bytes leftover after parsing attributes in process `syz.6.10922'. [ 1747.254291][ T1928] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1748.069165][ T1927] lo speed is unknown, defaulting to 1000 [ 1748.069306][ T1927] lo speed is unknown, defaulting to 1000 [ 1748.075488][ T1927] lo speed is unknown, defaulting to 1000 [ 1748.085392][ T1927] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1748.101408][ T1927] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1748.466495][ T1927] lo speed is unknown, defaulting to 1000 [ 1748.469378][ T1927] lo speed is unknown, defaulting to 1000 [ 1748.472260][ T1927] lo speed is unknown, defaulting to 1000 [ 1748.474981][ T1927] lo speed is unknown, defaulting to 1000 [ 1748.477537][ T1927] lo speed is unknown, defaulting to 1000 [ 1748.479091][ T1927] lo speed is unknown, defaulting to 1000 [ 1749.642652][T31625] bridge_slave_1: left allmulticast mode [ 1749.642686][T31625] bridge_slave_1: left promiscuous mode [ 1749.642983][T31625] bridge0: port 2(bridge_slave_1) entered disabled state [ 1749.857996][T31625] bridge_slave_0: left allmulticast mode [ 1749.858032][T31625] bridge_slave_0: left promiscuous mode [ 1749.858335][T31625] bridge0: port 1(bridge_slave_0) entered disabled state [ 1750.094981][ T1951] netlink: 'syz.0.10914': attribute type 10 has an invalid length. [ 1752.101417][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1752.101505][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1753.129876][T31625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1753.486909][T31625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1753.583548][T31625] bond0 (unregistering): Released all slaves [ 1753.621480][T31625] bond1 (unregistering): Released all slaves [ 1753.718936][ T1946] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 1757.643436][ T2040] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10953'. [ 1759.020251][ T37] kauditd_printk_skb: 180 callbacks suppressed [ 1759.020321][ T37] audit: type=1326 audit(1772417973.547:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1759.021509][ T37] audit: type=1326 audit(1772417973.547:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1759.021887][ T37] audit: type=1326 audit(1772417973.566:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1759.022846][ T37] audit: type=1326 audit(1772417973.575:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1759.023196][ T37] audit: type=1326 audit(1772417973.575:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1759.023667][ T37] audit: type=1326 audit(1772417973.594:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1759.025242][ T37] audit: type=1326 audit(1772417973.594:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1759.533986][ T37] audit: type=1326 audit(1772417973.594:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1759.534055][ T37] audit: type=1326 audit(1772417973.603:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1759.534105][ T37] audit: type=1326 audit(1772417973.603:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2048 comm="syz.6.10956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1765.569711][ T2123] netlink: zone id is out of range [ 1765.569756][ T2123] netlink: zone id is out of range [ 1765.569796][ T2123] netlink: zone id is out of range [ 1765.569832][ T2123] netlink: zone id is out of range [ 1765.569868][ T2123] netlink: zone id is out of range [ 1767.880506][T31625] hsr_slave_0: left promiscuous mode [ 1767.908426][T31625] hsr_slave_1: left promiscuous mode [ 1767.909292][T31625] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1767.909311][T31625] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1767.957455][T31625] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1767.957486][T31625] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1768.045224][T31625] veth1_macvtap: left promiscuous mode [ 1768.045342][T31625] veth0_macvtap: left promiscuous mode [ 1768.045631][T31625] veth1_vlan: left promiscuous mode [ 1768.045819][T31625] veth0_vlan: left promiscuous mode [ 1769.004237][T31625] team0 (unregistering): Port device team_slave_1 removed [ 1769.080421][T31625] team0 (unregistering): Port device team_slave_0 removed [ 1770.855249][T27914] Bluetooth: hci3: unexpected event for opcode 0x202a [ 1772.543251][T31911] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1772.592818][T31911] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1772.613396][T31911] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1772.614862][T31911] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1772.615766][T31911] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1775.187332][T31911] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1775.187726][T31911] Bluetooth: hci3: Injecting HCI hardware error event [ 1775.210053][T27914] Bluetooth: hci3: hardware error 0x00 [ 1775.412859][ T2234] lo speed is unknown, defaulting to 1000 [ 1775.624450][ T2249] cgroup: Invalid name [ 1776.360452][T31625] IPVS: stop unused estimator thread 0... [ 1777.320373][T31911] Bluetooth: hci1: command tx timeout [ 1777.406200][T27914] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1777.431830][ T2234] chnl_net:caif_netlink_parms(): no params data found [ 1777.769214][ T809] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 1777.932276][ T809] usb 5-1: config 160 has an invalid interface number: 200 but max is 0 [ 1777.932310][ T809] usb 5-1: config 160 has no interface number 0 [ 1777.932363][ T809] usb 5-1: config 160 interface 200 has no altsetting 0 [ 1777.935467][ T809] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 1777.935499][ T809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1777.935520][ T809] usb 5-1: Product: syz [ 1777.935536][ T809] usb 5-1: Manufacturer: syz [ 1777.935551][ T809] usb 5-1: SerialNumber: syz [ 1779.394769][ T809] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1779.394833][ T809] usb 5-1: MIDIStreaming interface descriptor not found [ 1779.544196][T27914] Bluetooth: hci1: command tx timeout [ 1780.040430][ T2234] bridge0: port 1(bridge_slave_0) entered blocking state [ 1780.040661][ T2234] bridge0: port 1(bridge_slave_0) entered disabled state [ 1780.040932][ T2234] bridge_slave_0: entered allmulticast mode [ 1780.044331][ T2234] bridge_slave_0: entered promiscuous mode [ 1780.050669][ T2234] bridge0: port 2(bridge_slave_1) entered blocking state [ 1780.050933][ T2234] bridge0: port 2(bridge_slave_1) entered disabled state [ 1780.051152][ T2234] bridge_slave_1: entered allmulticast mode [ 1780.054739][ T2234] bridge_slave_1: entered promiscuous mode [ 1780.239151][ T809] usb 5-1: USB disconnect, device number 114 [ 1781.698962][ T2234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1781.727227][ T2234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1781.767537][T27914] Bluetooth: hci1: command tx timeout [ 1781.873785][ T2386] udevd[2386]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1783.193097][ T2234] team0: Port device team_slave_0 added [ 1784.069665][T27914] Bluetooth: hci1: command tx timeout [ 1784.360921][ T2405] program syz.4.11053 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1784.592102][ T2234] team0: Port device team_slave_1 added [ 1785.293119][ T2408] mkiss: ax0: crc mode is auto. [ 1785.961524][ T2234] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1785.961561][ T2234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1785.961591][ T2234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1785.985550][ T2234] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1785.985572][ T2234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1785.985599][ T2234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1786.210475][T31625] bridge_slave_1: left allmulticast mode [ 1786.210499][T31625] bridge_slave_1: left promiscuous mode [ 1786.210686][T31625] bridge0: port 2(bridge_slave_1) entered disabled state [ 1786.384838][T31625] bridge_slave_0: left allmulticast mode [ 1786.384871][T31625] bridge_slave_0: left promiscuous mode [ 1786.407329][T31625] bridge0: port 1(bridge_slave_0) entered disabled state [ 1787.978342][T31625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1788.217359][T31625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1789.017891][T31625] bond0 (unregistering): Released all slaves [ 1791.095718][ T2234] hsr_slave_0: entered promiscuous mode [ 1791.097222][ T2234] hsr_slave_1: entered promiscuous mode [ 1791.963474][T31625] hsr_slave_0: left promiscuous mode [ 1792.020672][T31625] hsr_slave_1: left promiscuous mode [ 1792.021512][T31625] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1792.109374][T31625] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1794.602108][T31625] team0 (unregistering): Port device team_slave_1 removed [ 1794.736348][T31625] team0 (unregistering): Port device team_slave_0 removed [ 1795.686637][T31495] usb 5-1: new low-speed USB device number 115 using dummy_hcd [ 1795.891381][T31495] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 is Bulk; changing to Interrupt [ 1795.891419][T31495] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 is Bulk; changing to Interrupt [ 1795.937088][T31495] usb 5-1: string descriptor 0 read error: -22 [ 1795.937261][T31495] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1795.937287][T31495] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1796.206272][T31495] cdc_ncm 5-1:1.0: bind() failure [ 1796.260467][T31495] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1796.260525][T31495] cdc_ncm 5-1:1.1: bind() failure [ 1796.325176][T31495] usb 5-1: USB disconnect, device number 115 [ 1798.894307][T31911] Bluetooth: hci5: command 0x0406 tx timeout [ 1799.002045][ T2637] tmpfs: Bad value for 'mpol' [ 1800.984320][ T2234] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1801.100054][ T2234] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1801.220549][ T2234] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1801.349079][ T2234] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1802.961040][ T2234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1803.049211][ T2234] 8021q: adding VLAN 0 to HW filter on device team0 [ 1803.259707][T31625] bridge0: port 1(bridge_slave_0) entered blocking state [ 1803.260206][T31625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1803.305637][T11482] bridge0: port 2(bridge_slave_1) entered blocking state [ 1803.305788][T11482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1804.434068][ T2234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1808.170645][ T2234] veth0_vlan: entered promiscuous mode [ 1808.198952][ T2234] veth1_vlan: entered promiscuous mode [ 1808.243154][ T2234] veth0_macvtap: entered promiscuous mode [ 1808.255199][ T2234] veth1_macvtap: entered promiscuous mode [ 1808.315427][ T2234] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1808.321404][ T2234] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1808.361252][T16945] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1808.361501][T16945] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1808.361760][T16945] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1808.361967][T16945] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1809.018806][T16945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1809.018830][T16945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1809.470681][T11482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1809.470705][T11482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1814.990550][ T2920] netlink: 'syz.7.11189': attribute type 61 has an invalid length. [ 1815.257692][ T2931] futex_wake_op: syz.6.11195 tries to shift op by 32; fix this program [ 1817.221748][ T2964] netlink: 16 bytes leftover after parsing attributes in process `syz.6.11205'. [ 1817.848666][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1817.848748][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1819.858282][ T3016] netlink: 260 bytes leftover after parsing attributes in process `syz.6.11226'. [ 1825.870718][ T3087] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.11250'. [ 1830.905245][ T3136] vlan0: entered promiscuous mode [ 1830.905399][ T3136] vlan0: entered allmulticast mode [ 1830.905411][ T3136] veth0_vlan: entered allmulticast mode [ 1831.204906][ T3143] kAFS: unable to lookup cell '(' [ 1831.510007][ T3150] bridge1: entered allmulticast mode [ 1834.755122][ T3237] netlink: 'syz.6.11302': attribute type 8 has an invalid length. [ 1835.019346][ T3245] program syz.4.11306 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1836.750653][ T37] kauditd_printk_skb: 61 callbacks suppressed [ 1836.750676][ T37] audit: type=1326 audit(1772418046.555:1160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3268 comm="syz.6.11316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1836.750733][ T37] audit: type=1326 audit(1772418046.555:1161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3268 comm="syz.6.11316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1836.750783][ T37] audit: type=1326 audit(1772418046.555:1162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3268 comm="syz.6.11316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1836.750832][ T37] audit: type=1326 audit(1772418046.565:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3268 comm="syz.6.11316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1836.750881][ T37] audit: type=1326 audit(1772418046.565:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3268 comm="syz.6.11316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1836.750928][ T37] audit: type=1326 audit(1772418046.565:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3268 comm="syz.6.11316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1836.750974][ T37] audit: type=1326 audit(1772418046.565:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3268 comm="syz.6.11316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1836.751020][ T37] audit: type=1326 audit(1772418046.565:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3268 comm="syz.6.11316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1836.751067][ T37] audit: type=1326 audit(1772418046.565:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3268 comm="syz.6.11316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f920478c799 code=0x7ffc0000 [ 1837.484153][ T3289] trusted_key: encrypted_key: master key parameter is missing [ 1839.786016][ T3365] netlink: 'syz.0.11358': attribute type 11 has an invalid length. [ 1840.600211][ T3407] netlink: 'syz.6.11379': attribute type 1 has an invalid length. [ 1840.640630][ T3410] ÿ: renamed from bond_slave_0 [ 1844.387616][ T3576] openvswitch: netlink: Missing valid actions attribute. [ 1844.387655][ T3576] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1844.993698][ T3593] tmpfs: Bad value for 'mpol' [ 1845.327720][T20438] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1845.328024][T20438] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1845.328087][T20438] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1845.328123][T20438] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1847.818683][T27914] Bluetooth: hci5: Malformed Event: 0x2f [ 1848.715962][ T37] audit: type=1326 audit(1772418057.761:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3721 comm="syz.4.11488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1848.716029][ T37] audit: type=1326 audit(1772418057.761:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3721 comm="syz.4.11488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1848.752672][ T37] audit: type=1326 audit(1772418057.799:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3721 comm="syz.4.11488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1848.808567][ T37] audit: type=1326 audit(1772418057.855:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3721 comm="syz.4.11488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02437c799 code=0x7ffc0000 [ 1849.118969][ T3730] No source specified [ 1849.517834][ T3746] netlink: 116 bytes leftover after parsing attributes in process `syz.6.11496'. [ 1849.974256][ T3767] netlink: zone id is out of range [ 1850.963623][ T3785] overlay: Bad value for 'upperdir' [ 1853.216729][ T3851] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11536'. [ 1853.216761][ T3851] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11536'. [ 1853.216781][ T3851] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11536'. [ 1855.076294][T31911] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1855.111094][T31911] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1855.113136][T31911] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1855.114428][T31911] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1855.137231][T31911] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1855.418328][ T3914] lo speed is unknown, defaulting to 1000 [ 1856.612408][ T3914] chnl_net:caif_netlink_parms(): no params data found [ 1856.844957][ T3972] netlink: 20 bytes leftover after parsing attributes in process `syz.6.11576'. [ 1857.176399][ T3914] bridge0: port 1(bridge_slave_0) entered blocking state [ 1857.176517][ T3914] bridge0: port 1(bridge_slave_0) entered disabled state [ 1857.176805][ T3914] bridge_slave_0: entered allmulticast mode [ 1857.193040][ T3914] bridge_slave_0: entered promiscuous mode [ 1857.222608][ T3914] bridge0: port 2(bridge_slave_1) entered blocking state [ 1857.222886][ T3914] bridge0: port 2(bridge_slave_1) entered disabled state [ 1857.223154][ T3914] bridge_slave_1: entered allmulticast mode [ 1857.270924][ T3914] bridge_slave_1: entered promiscuous mode [ 1857.376155][T27914] Bluetooth: hci4: command tx timeout [ 1857.540662][ T3914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1857.561194][ T3914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1857.723527][ T3914] team0: Port device team_slave_0 added [ 1857.750630][ T3914] team0: Port device team_slave_1 added [ 1857.816870][ T3914] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1857.816890][ T3914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1857.816920][ T3914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1857.819451][ T3914] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1857.819466][ T3914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1857.819495][ T3914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1858.132809][ T3914] hsr_slave_0: entered promiscuous mode [ 1858.134520][ T3914] hsr_slave_1: entered promiscuous mode [ 1858.135708][ T3914] debugfs: 'hsr0' already exists in 'hsr' [ 1858.135735][ T3914] Cannot create hsr debugfs directory [ 1859.186529][T27914] Bluetooth: hci5: unexpected event 0x03 length: 3 < 11 [ 1859.595866][T27914] Bluetooth: hci4: command tx timeout [ 1859.771766][ T4070] netlink: 20 bytes leftover after parsing attributes in process `syz.6.11611'. [ 1859.771805][ T4070] netlink: 20 bytes leftover after parsing attributes in process `syz.6.11611'. [ 1860.227801][ T4074] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11613'. [ 1861.830497][T27914] Bluetooth: hci4: command tx timeout [ 1862.150002][ T4143] netlink: 28 bytes leftover after parsing attributes in process `syz.6.11635'. [ 1862.150515][ T4143] netlink: 28 bytes leftover after parsing attributes in process `syz.6.11635'. [ 1862.682558][ T3914] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1862.703026][ T3914] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1862.752960][ T3914] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1862.873445][ T3914] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1864.538831][ T3914] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1864.599977][T27914] Bluetooth: hci4: command tx timeout [ 1864.625153][ T3914] 8021q: adding VLAN 0 to HW filter on device team0 [ 1864.699365][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 1864.699530][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1864.794521][T16937] bridge0: port 2(bridge_slave_1) entered blocking state [ 1864.799075][T16937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1866.069552][ T3914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1867.404064][ T3914] veth0_vlan: entered promiscuous mode [ 1867.435277][ T3914] veth1_vlan: entered promiscuous mode [ 1867.479502][ T4240] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11661'. [ 1867.523172][ T3914] veth0_macvtap: entered promiscuous mode [ 1867.554977][ T3914] veth1_macvtap: entered promiscuous mode [ 1867.596950][ T3914] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1867.681907][ T3914] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1867.753518][ T2348] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1867.773382][ T2348] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1867.773745][ T2348] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1867.774329][ T2348] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1868.440508][T20438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1868.440534][T20438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1868.576316][T20438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1868.576340][T20438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1868.899265][ T4272] binder: 4270:4272 unknown command 1074815766 [ 1868.899283][ T4272] binder: 4270:4272 ioctl c0306201 200000004a40 returned -22 [ 1869.661288][ T4299] netlink: 60 bytes leftover after parsing attributes in process `syz.6.11647'. [ 1870.611633][ T4336] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1872.830056][ T37] audit: type=1326 audit(1772418080.305:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4407 comm="syz.0.11725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1872.830122][ T37] audit: type=1326 audit(1772418080.305:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4407 comm="syz.0.11725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1872.830173][ T37] audit: type=1326 audit(1772418080.314:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4407 comm="syz.0.11725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1872.830224][ T37] audit: type=1326 audit(1772418080.314:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4407 comm="syz.0.11725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1872.830274][ T37] audit: type=1326 audit(1772418080.314:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4407 comm="syz.0.11725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1872.830321][ T37] audit: type=1326 audit(1772418080.314:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4407 comm="syz.0.11725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1872.830369][ T37] audit: type=1326 audit(1772418080.314:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4407 comm="syz.0.11725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1872.830416][ T37] audit: type=1326 audit(1772418080.314:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4407 comm="syz.0.11725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f60610fc799 code=0x7ffc0000 [ 1873.175740][ T4422] netlink: 8 bytes leftover after parsing attributes in process `syz.8.11730'. [ 1873.848233][ T3189] usb 9-1: new full-speed USB device number 16 using dummy_hcd [ 1874.022997][ T3189] usb 9-1: unable to get BOS descriptor or descriptor too short [ 1874.031168][ T3189] usb 9-1: not running at top speed; connect to a high speed hub [ 1874.050232][ T3189] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1874.050295][ T3189] usb 9-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1874.050322][ T3189] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1874.050346][ T3189] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1874.050370][ T3189] usb 9-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 1874.077115][ T3189] usb 9-1: New USB device found, idVendor=045e, idProduct=043f, bcdDevice=fc.90 [ 1874.077147][ T3189] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1874.077166][ T3189] usb 9-1: Product: syz [ 1874.077181][ T3189] usb 9-1: Manufacturer: syz [ 1874.077195][ T3189] usb 9-1: SerialNumber: syz [ 1874.155191][ T3189] ipaq 9-1:1.0: PocketPC PDA converter detected [ 1874.414168][ T3189] usb 9-1: PocketPC PDA converter now attached to ttyUSB0 [ 1874.582398][T31911] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1874.626448][T31911] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1874.635492][T31911] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1874.664720][T31911] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1874.665769][ T3201] usb 9-1: USB disconnect, device number 16 [ 1874.676530][T31911] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1874.744780][ T3201] ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0 [ 1874.745801][ T3201] ipaq 9-1:1.0: device disconnected [ 1874.751051][ T4464] lo speed is unknown, defaulting to 1000 [ 1875.202588][ T4491] cgroup: release_agent respecified [ 1875.414604][ T4464] chnl_net:caif_netlink_parms(): no params data found [ 1876.662199][ T4464] bridge0: port 1(bridge_slave_0) entered blocking state [ 1876.687142][ T4464] bridge0: port 1(bridge_slave_0) entered disabled state [ 1876.687840][ T4464] bridge_slave_0: entered allmulticast mode [ 1876.719915][ T4464] bridge_slave_0: entered promiscuous mode [ 1876.731346][ T4464] bridge0: port 2(bridge_slave_1) entered blocking state [ 1876.731591][ T4464] bridge0: port 2(bridge_slave_1) entered disabled state [ 1876.770968][ T4464] bridge_slave_1: entered allmulticast mode [ 1876.796401][ T4464] bridge_slave_1: entered promiscuous mode [ 1876.878782][T27914] Bluetooth: hci6: command tx timeout [ 1876.942340][ T4524] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 1877.009377][ T4464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1877.025765][ T4464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1877.097812][ T4464] team0: Port device team_slave_0 added [ 1877.102518][ T4464] team0: Port device team_slave_1 added [ 1877.178361][ T4464] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1877.178380][ T4464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1877.178410][ T4464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1877.222665][ T4531] netlink: 32 bytes leftover after parsing attributes in process `syz.6.11765'. [ 1877.222729][ T4531] netlink: 32 bytes leftover after parsing attributes in process `syz.6.11765'. [ 1877.246679][ T4464] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1877.246699][ T4464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1877.246917][ T4464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1877.372435][ T4531] netlink: 32 bytes leftover after parsing attributes in process `syz.6.11765'. [ 1877.372503][ T4531] netlink: 32 bytes leftover after parsing attributes in process `syz.6.11765'. [ 1877.618884][ T4464] hsr_slave_0: entered promiscuous mode [ 1877.628256][ T4464] hsr_slave_1: entered promiscuous mode [ 1877.629421][ T4464] debugfs: 'hsr0' already exists in 'hsr' [ 1877.629449][ T4464] Cannot create hsr debugfs directory [ 1877.687139][ T4531] netlink: 32 bytes leftover after parsing attributes in process `syz.6.11765'. [ 1877.687213][ T4531] netlink: 32 bytes leftover after parsing attributes in process `syz.6.11765'. [ 1879.095237][T27914] Bluetooth: hci6: command tx timeout [ 1879.105877][ T4587] bridge0: port 1(bridge_slave_0) entered disabled state [ 1879.106574][ T4587] bridge0: port 1(bridge_slave_0) entered blocking state [ 1879.106742][ T4587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1881.361320][T27914] Bluetooth: hci6: command tx timeout [ 1883.484461][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1883.484546][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1883.542208][T27914] Bluetooth: hci6: command tx timeout [ 1887.785528][ T4464] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1887.882902][ T4464] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1887.930911][ T4464] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1888.019797][ T4464] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1888.364552][ T4760] netlink: 'syz.8.11843': attribute type 2 has an invalid length. [ 1888.660792][ T4464] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1888.761339][ T4464] 8021q: adding VLAN 0 to HW filter on device team0 [ 1888.838972][ T2358] bridge0: port 1(bridge_slave_0) entered blocking state [ 1888.845488][ T2358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1888.848225][ T2358] bridge0: port 2(bridge_slave_1) entered blocking state [ 1888.848359][ T2358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1889.801133][ T4464] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1890.112272][ T4464] veth0_vlan: entered promiscuous mode [ 1890.134576][ T4464] veth1_vlan: entered promiscuous mode [ 1890.338711][ T4464] veth0_macvtap: entered promiscuous mode [ 1890.395412][ T4464] veth1_macvtap: entered promiscuous mode [ 1890.572311][ T4464] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1890.661303][ T4464] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1890.708163][T20438] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1890.712197][T20438] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1890.716448][T20438] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1890.749364][T20438] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1891.430305][ T2372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1891.430329][ T2372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1891.560135][ T2372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1891.560161][ T2372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1892.909631][ T4932] bond3: entered promiscuous mode [ 1896.809869][ T4967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11921'. [ 1897.153094][ T858] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 1897.311498][ T858] usb 9-1: Using ep0 maxpacket: 32 [ 1897.322792][ T858] usb 9-1: config 0 has an invalid interface number: 119 but max is 0 [ 1897.322825][ T858] usb 9-1: config 0 has no interface number 0 [ 1897.322873][ T858] usb 9-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1897.322898][ T858] usb 9-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 1897.322927][ T858] usb 9-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 27 [ 1897.322954][ T858] usb 9-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1897.325896][ T858] usb 9-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 1897.325939][ T858] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1897.325962][ T858] usb 9-1: Product: syz [ 1897.325978][ T858] usb 9-1: Manufacturer: syz [ 1897.325994][ T858] usb 9-1: SerialNumber: syz [ 1897.440162][ T858] usb 9-1: config 0 descriptor?? [ 1897.443920][ T4969] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 1897.472133][ T858] input: bcm5974 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.119/input/input60 [ 1897.475338][ T5150] usb 9-1: BOGUS urb xfer, pipe 1 != type 3 [ 1897.576271][ T4982] overlayfs: missing 'lowerdir' [ 1897.606720][ C0] bcm5974 9-1:0.119: trackpad urb failed: -1 [ 1897.865250][ C1] bcm5974 9-1:0.119: trackpad urb failed: -1 [ 1897.956235][ T3189] usb 9-1: USB disconnect, device number 17 [ 1898.072200][ T4992] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11929'. [ 1899.281119][ T5029] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 1900.051573][ T5063] netlink: 512 bytes leftover after parsing attributes in process `syz.1.11957'. [ 1900.755015][ T5088] binfmt_misc: register: failed to install interpreter file ./file0 [ 1901.761685][ T5137] netlink: 'syz.0.11985': attribute type 11 has an invalid length. [ 1901.761712][ T5137] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11985'. [ 1901.768662][ T5139] libceph: resolve 'c' (ret=-3): failed [ 1901.878319][ T5144] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11987'. [ 1901.878352][ T5144] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11987'. [ 1901.878371][ T5144] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11987'. [ 1901.895874][ T5144] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11987'. [ 1901.895983][ T5144] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11987'. [ 1901.896003][ T5144] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11987'. [ 1902.371202][ T37] audit: type=1326 audit(1772418107.955:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5173 comm="syz.8.11995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6f978c799 code=0x7ffc0000 [ 1902.400523][ T37] audit: type=1326 audit(1772418107.983:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5173 comm="syz.8.11995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6f978c799 code=0x7ffc0000 [ 1902.411009][ T858] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 1902.439838][ T37] audit: type=1326 audit(1772418108.011:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5173 comm="syz.8.11995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa6f978c799 code=0x7ffc0000 [ 1902.439901][ T37] audit: type=1326 audit(1772418108.011:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5173 comm="syz.8.11995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6f978c799 code=0x7ffc0000 [ 1902.439950][ T37] audit: type=1326 audit(1772418108.011:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5173 comm="syz.8.11995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6f978c799 code=0x7ffc0000 [ 1902.571586][ T858] usb 2-1: Using ep0 maxpacket: 32 [ 1902.574808][ T858] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1902.576430][ T858] usb 2-1: config 128 has an invalid interface number: 127 but max is 3 [ 1902.576460][ T858] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 1902.576481][ T858] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 1902.576504][ T858] usb 2-1: config 128 has no interface number 0 [ 1902.576553][ T858] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 1902.576582][ T858] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1902.576607][ T858] usb 2-1: config 128 interface 127 has no altsetting 0 [ 1902.580814][ T858] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 1902.580844][ T858] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1902.580867][ T858] usb 2-1: Product: syz [ 1902.580883][ T858] usb 2-1: Manufacturer: syz [ 1902.580898][ T858] usb 2-1: SerialNumber: syz [ 1903.202520][ T858] usb 2-1: USB disconnect, device number 46 [ 1903.340799][ T5169] udevd[5169]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1904.319016][ T5259] __nla_validate_parse: 34 callbacks suppressed [ 1904.319040][ T5259] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12030'. [ 1904.374090][ T5261] netlink: 'syz.8.12029': attribute type 2 has an invalid length. [ 1904.374115][ T5261] netlink: 36 bytes leftover after parsing attributes in process `syz.8.12029'. [ 1905.292282][ T5303] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0 [ 1905.511574][ T3189] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 1905.671595][ T3189] usb 9-1: Using ep0 maxpacket: 8 [ 1905.675862][ T3189] usb 9-1: config 6 has an invalid interface number: 2 but max is 0 [ 1905.675901][ T3189] usb 9-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 1905.675944][ T3189] usb 9-1: config 6 has no interface number 0 [ 1905.675991][ T3189] usb 9-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1905.676030][ T3189] usb 9-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1905.679248][ T3189] usb 9-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 1905.679279][ T3189] usb 9-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3 [ 1905.679302][ T3189] usb 9-1: Product: syz [ 1905.679317][ T3189] usb 9-1: Manufacturer: syz [ 1905.679333][ T3189] usb 9-1: SerialNumber: syz [ 1905.772198][ T3189] hso 9-1:6.2: Failed to find INT IN ep [ 1905.979828][ T3522] usb 9-1: USB disconnect, device number 18 [ 1907.580349][T27914] Bluetooth: hci1: command 0x0406 tx timeout [ 1949.154849][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1949.154974][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1989.690183][T31911] Bluetooth: hci4: command 0x0406 tx timeout [ 2006.113320][T31911] Bluetooth: hci6: command 0x0406 tx timeout [ 2014.831107][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 2014.831222][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2018.244051][ T38] INFO: task syz.4.11586:3999 blocked for more than 143 seconds. [ 2018.244082][ T38] Tainted: G L syzkaller #0 [ 2018.244096][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2018.244106][ T38] task:syz.4.11586 state:D stack:27048 pid:3999 tgid:3998 ppid:5805 task_flags:0x400040 flags:0x00080002 [ 2018.244171][ T38] Call Trace: [ 2018.244180][ T38] [ 2018.244197][ T38] __schedule+0x1553/0x5240 [ 2018.244255][ T38] ? trace_irq_disable+0x3b/0x150 [ 2018.244288][ T38] ? __pfx___schedule+0x10/0x10 [ 2018.244334][ T38] rt_mutex_schedule+0x76/0xf0 [ 2018.244362][ T38] rt_mutex_slowlock_block+0x508/0x680 [ 2018.244401][ T38] ? rt_mutex_slowlock_block+0x2e9/0x680 [ 2018.244427][ T38] rt_mutex_slowlock+0x2dc/0x7b0 [ 2018.244454][ T38] ? rt_mutex_slowlock+0x1fd/0x7b0 [ 2018.244480][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 2018.244523][ T38] ? nfsd_nl_threads_get_doit+0x1c0/0x790 [ 2018.244553][ T38] ? nfsd_nl_threads_get_doit+0x1c0/0x790 [ 2018.244572][ T38] mutex_lock_nested+0x168/0x1d0 [ 2018.244602][ T38] nfsd_nl_threads_get_doit+0x1c0/0x790 [ 2018.244638][ T38] ? __pfx_nfsd_nl_threads_get_doit+0x10/0x10 [ 2018.244681][ T38] genl_family_rcv_msg_doit+0x22a/0x330 [ 2018.244715][ T38] ? __asan_memcpy+0x40/0x70 [ 2018.244748][ T38] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2018.244798][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 2018.244829][ T38] genl_rcv_msg+0x61c/0x7a0 [ 2018.244867][ T38] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2018.244908][ T38] ? __pfx_nfsd_nl_threads_get_doit+0x10/0x10 [ 2018.244939][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 2018.244968][ T38] netlink_rcv_skb+0x232/0x4b0 [ 2018.244994][ T38] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2018.245026][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2018.245069][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 2018.245094][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 2018.245125][ T38] genl_rcv+0x28/0x40 [ 2018.245154][ T38] netlink_unicast+0x831/0x9f0 [ 2018.245198][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 2018.245237][ T38] ? netlink_sendmsg+0x650/0xb40 [ 2018.245261][ T38] ? skb_put+0x11b/0x210 [ 2018.245295][ T38] netlink_sendmsg+0x813/0xb40 [ 2018.245333][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2018.245370][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2018.245408][ T38] ____sys_sendmsg+0xa4e/0xac0 [ 2018.245438][ T38] ? futex_unqueue+0x211/0x240 [ 2018.245483][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2018.245527][ T38] ? import_iovec+0x73/0xa0 [ 2018.245562][ T38] ___sys_sendmsg+0x2a5/0x360 [ 2018.245601][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 2018.245642][ T38] ? futex_wait+0x29a/0x380 [ 2018.245691][ T38] ? __fget_files+0x2a/0x420 [ 2018.245713][ T38] ? __fget_files+0x3a6/0x420 [ 2018.245746][ T38] __x64_sys_sendmsg+0x1c3/0x2a0 [ 2018.245782][ T38] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2018.245825][ T38] ? rcu_is_watching+0x15/0xb0 [ 2018.245867][ T38] do_syscall_64+0x14d/0xf80 [ 2018.245906][ T38] ? trace_irq_disable+0x3b/0x150 [ 2018.245931][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2018.245955][ T38] ? clear_bhb_loop+0x40/0x90 [ 2018.245984][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2018.246008][ T38] RIP: 0033:0x7fe02437c799 [ 2018.246030][ T38] RSP: 002b:00007fe0225d6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2018.246055][ T38] RAX: ffffffffffffffda RBX: 00007fe0245f5fa0 RCX: 00007fe02437c799 [ 2018.246072][ T38] RDX: 0000000000000000 RSI: 00002000000032c0 RDI: 0000000000000003 [ 2018.246088][ T38] RBP: 00007fe024412bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2018.246103][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2018.246118][ T38] R13: 00007fe0245f6038 R14: 00007fe0245f5fa0 R15: 00007ffed4f92c98 [ 2018.246158][ T38] [ 2018.246178][ T38] [ 2018.246178][ T38] Showing all locks held in the system: [ 2018.246191][ T38] 1 lock held by khungtaskd/38: [ 2018.246204][ T38] #0: ffffffff8ddcd780 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 2018.246312][ T38] 2 locks held by getty/5558: [ 2018.246326][ T38] #0: ffff8880370350a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 2018.246382][ T38] #1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13c0 [ 2018.246694][ T38] 3 locks held by kworker/u8:27/2372: [ 2018.246712][ T38] 2 locks held by syz.7.11340/3317: [ 2018.246725][ T38] #0: ffffffff8f1c8820 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 2018.246784][ T38] #1: ffffffff8e0e7078 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x13e/0x1690 [ 2018.246840][ T38] 2 locks held by syz.4.11586/3999: [ 2018.246853][ T38] #0: ffffffff8f1c8820 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 2018.246918][ T38] #1: ffffffff8e0e7078 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_get_doit+0x1c0/0x790 [ 2018.246978][ T38] [ 2018.246985][ T38] ============================================= [ 2018.246985][ T38] [ 2018.246995][ T38] NMI backtrace for cpu 1 [ 2018.247015][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 2018.247045][ T38] Tainted: [L]=SOFTLOCKUP [ 2018.247054][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2018.247066][ T38] Call Trace: [ 2018.247075][ T38] [ 2018.247085][ T38] dump_stack_lvl+0xe8/0x150 [ 2018.247120][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 2018.247145][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 2018.247179][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 2018.247208][ T38] sys_info+0x135/0x170 [ 2018.247241][ T38] watchdog+0xfd9/0x1030 [ 2018.247274][ T38] ? watchdog+0x21a/0x1030 [ 2018.247309][ T38] kthread+0x388/0x470 [ 2018.247334][ T38] ? __pfx_watchdog+0x10/0x10 [ 2018.247358][ T38] ? __pfx_kthread+0x10/0x10 [ 2018.247384][ T38] ret_from_fork+0x51e/0xb90 [ 2018.247420][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 2018.247450][ T38] ? __switch_to+0xc7d/0x1450 [ 2018.247482][ T38] ? __pfx_kthread+0x10/0x10 [ 2018.247507][ T38] ret_from_fork_asm+0x1a/0x30 [ 2018.247547][ T38] [ 2018.247556][ T38] Sending NMI from CPU 1 to CPUs 0: [ 2018.247586][ C0] NMI backtrace for cpu 0 [ 2018.247606][ C0] CPU: 0 UID: 0 PID: 2372 Comm: kworker/u8:27 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 2018.247631][ C0] Tainted: [L]=SOFTLOCKUP [ 2018.247638][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2018.247657][ C0] Workqueue: bat_events batadv_dat_purge [ 2018.247678][ C0] RIP: 0010:check_preemption_disabled+0x2a/0xe0 [ 2018.247706][ C0] Code: 55 41 57 41 56 53 65 8b 05 47 f3 2b 07 65 8b 0d 3c f3 2b 07 f7 c1 ff ff ff 7f 74 0c 5b 41 5e 41 5f 5d e9 99 a5 03 00 cc 9c 59 c1 00 02 00 00 74 ea 65 4c 8b 3d ee f2 2b 07 41 f6 47 2f 04 74 [ 2018.247721][ C0] RSP: 0018:ffffc9000674fa28 EFLAGS: 00000046 [ 2018.247736][ C0] RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000046 [ 2018.247749][ C0] RDX: 0000000000000000 RSI: ffffffff8b4b2a80 RDI: ffffffff8ba64880 [ 2018.247761][ C0] RBP: 1ffff110051e7544 R08: ffffffff8f6a32b7 R09: 1ffffffff1ed4656 [ 2018.247774][ C0] R10: dffffc0000000000 R11: fffffbfff1ed4657 R12: 0000000000000286 [ 2018.247787][ C0] R13: dffffc0000000000 R14: ffff888028f3aa24 R15: 0000000000000001 [ 2018.247799][ C0] FS: 0000000000000000(0000) GS:ffff888126340000(0000) knlGS:0000000000000000 [ 2018.247815][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2018.247827][ C0] CR2: 000055b5b58b9a38 CR3: 000000000dbba000 CR4: 00000000003526f0 [ 2018.247845][ C0] Call Trace: [ 2018.247852][ C0] [ 2018.247861][ C0] __local_bh_enable_ip+0xe3/0x2b0 [ 2018.247886][ C0] ? __pfx_batadv_dat_to_purge+0x10/0x10 [ 2018.247906][ C0] __batadv_dat_purge+0x344/0x400 [ 2018.247925][ C0] ? __batadv_dat_purge+0xae/0x400 [ 2018.247943][ C0] ? __pfx_batadv_dat_to_purge+0x10/0x10 [ 2018.247965][ C0] batadv_dat_purge+0x20/0x70 [ 2018.247982][ C0] ? process_scheduled_works+0xa25/0x1830 [ 2018.248004][ C0] process_scheduled_works+0xb02/0x1830 [ 2018.248039][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 2018.248065][ C0] ? assign_work+0x3d5/0x5e0 [ 2018.248090][ C0] worker_thread+0xa50/0xfc0 [ 2018.248127][ C0] kthread+0x388/0x470 [ 2018.248145][ C0] ? __pfx_worker_thread+0x10/0x10 [ 2018.248167][ C0] ? __pfx_kthread+0x10/0x10 [ 2018.248186][ C0] ret_from_fork+0x51e/0xb90 [ 2018.248210][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 2018.248233][ C0] ? __switch_to+0xc7d/0x1450 [ 2018.248255][ C0] ? __pfx_kthread+0x10/0x10 [ 2018.248281][ C0] ret_from_fork_asm+0x1a/0x30 [ 2018.248306][ C0] [ 2018.248584][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 2018.248604][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 2018.248632][ T38] Tainted: [L]=SOFTLOCKUP [ 2018.248641][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2018.248652][ T38] Call Trace: [ 2018.248662][ T38] [ 2018.248672][ T38] vpanic+0x56c/0xa60 [ 2018.248710][ T38] ? __pfx_vpanic+0x10/0x10 [ 2018.248754][ T38] panic+0xc5/0xd0 [ 2018.248786][ T38] ? __pfx_panic+0x10/0x10 [ 2018.248816][ T38] ? printk_trigger_flush+0x117/0x180 [ 2018.248850][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 2018.248889][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 2018.248926][ T38] watchdog+0x1023/0x1030 [ 2018.248960][ T38] ? watchdog+0x21a/0x1030 [ 2018.248997][ T38] kthread+0x388/0x470 [ 2018.249021][ T38] ? __pfx_watchdog+0x10/0x10 [ 2018.249046][ T38] ? __pfx_kthread+0x10/0x10 [ 2018.249072][ T38] ret_from_fork+0x51e/0xb90 [ 2018.249107][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 2018.249137][ T38] ? __switch_to+0xc7d/0x1450 [ 2018.249169][ T38] ? __pfx_kthread+0x10/0x10 [ 2018.249195][ T38] ret_from_fork_asm+0x1a/0x30 [ 2018.249235][ T38] [ 2018.249627][ T38] Kernel Offset: disabled