last executing test programs: 2m43.036589734s ago: executing program 0 (id=1410): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000400)={r1, 0x0, 0x0}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x29, 0x3, "7339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700"/37}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0x8, 0x1, 'LED\x00'}]}}}, {0x10, 0x1, 0x0, 0x1, @inner={{0xa}, @void}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1, 0x8}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {}, {0x10, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_EMATCHES={0x20, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xff}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{0xe6a7}, "fe"}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20048084}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x1) setsockopt$sock_int(r6, 0x1, 0x21, &(0x7f0000000740)=0x8, 0x4) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x5, 0x2, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000001000000850000008600000018", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r10, 0x1, 0x32, &(0x7f00000000c0)=r12, 0x4) sendmsg$unix(r11, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x4, 0x0, 0x3, 0x9, 0xbffc}, 0x20) socket$nl_route(0x10, 0x3, 0x0) r13 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00'}) syz_emit_ethernet(0x6e, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaa8aaaaaaa00000000000086dd6100272400383afffc000000000000000000000008000000ff0200000000000000000000000000010200907800000500663a794500023a00000000000000000000e94d2caf7b2ceca94530062af16400d4995aa1740ac7a8937d000000000000ff010000000000000000"], 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) 2m40.260109931s ago: executing program 0 (id=1421): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000640), 0x3fffffffffffce3, 0x0, 0x0) sendmsg(r0, &(0x7f0000003000)={&(0x7f0000000280)=@l2tp6={0xa, 0x0, 0x100, @remote, 0x1, 0x4}, 0x80, &(0x7f0000001e40)=[{&(0x7f0000000600)="9c73efacb5a0259873a3ccea0b9de419833ceee2e7ac984fe2067a55e979b69ffeb5f521ed6dde3f7f801fc509b301b61cff08fb6976aaa89a0c08249d61c8a485e16f921ff9", 0x46}], 0x1, &(0x7f0000001ec0)=[{0x10, 0x0, 0x4}], 0x10}, 0x20004000) recvmsg(r0, &(0x7f0000003180)={0x0, 0x0, 0x0}, 0x12041) 2m38.807610555s ago: executing program 0 (id=1424): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000540)={0x0, &(0x7f0000001140)=""/4096, 0x0, &(0x7f00000001c0), 0x5, r0}, 0x38) 2m38.71613841s ago: executing program 0 (id=1426): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) unshare(0x400) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="d66c"], 0x4) 2m37.674359646s ago: executing program 0 (id=1427): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x4}, 0x4) sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$tun(0xffffffffffffffff, &(0x7f0000000000)={@val={0x0, 0x886c}, @void, @eth={@random="000000f400", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @val={@void, {0x8100, 0x0, 0x1, 0x2}}, {@llc_tr={0x11, {@llc={0xaa, 0xe, "d8"}}}}}}, 0x19) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'veth1_to_bridge\x00'}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000400000000000000000500150002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000e40)=ANY=[], 0x0, 0x52, 0x0, 0x1}, 0x28) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) gettid() sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={0x0, 0x44}}, 0x10004000) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054) 2m35.879419977s ago: executing program 0 (id=1436): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000280), 0x800084, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@bridge_getlink={0x20, 0x12, 0xc21, 0x70bd28, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x6c480, 0x20000}}, 0x20}, 0x1, 0x0, 0x0, 0x841}, 0x0) 2m20.714105926s ago: executing program 32 (id=1436): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000280), 0x800084, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@bridge_getlink={0x20, 0x12, 0xc21, 0x70bd28, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x6c480, 0x20000}}, 0x20}, 0x1, 0x0, 0x0, 0x841}, 0x0) 4.272391573s ago: executing program 3 (id=2340): connect$netrom(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x34}, 0x94) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) listen(0xffffffffffffffff, 0x4) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x1, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xfb0a}, @TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0x7ff}]}}]}, 0x44}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4.17464758s ago: executing program 4 (id=2341): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x8, 0xc, 0x3, 0x1}, 0x50) unshare(0x22020600) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x23}, 0x38) 4.129298177s ago: executing program 3 (id=2343): r0 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{}, [@printk={@lli, {}, {0x7, 0x1, 0x4}, {}, {}, {}, {0x85, 0x0, 0x0, 0x99}}]}, &(0x7f0000000000)='syzkaller\x00', 0xa, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90) 4.039169863s ago: executing program 3 (id=2344): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x4}, 0x4) sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$tun(0xffffffffffffffff, &(0x7f0000000000)={@val={0x0, 0x886c}, @void, @eth={@random="000000f400", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @val={@void, {0x8100, 0x0, 0x1, 0x2}}, {@llc_tr={0x11, {@llc={0xaa, 0xe, "d8"}}}}}}, 0x19) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'veth1_to_bridge\x00'}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000400000000000000000500150002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000e40)=ANY=[], 0x0, 0x52, 0x0, 0x1}, 0x28) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) gettid() sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYBLOB="1f0028bd7000ffdbdf250800000018000280100003800c000180080001000700000004000100180002000000000000007a5f74756e000000000000000000"], 0x44}}, 0x10004000) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054) 3.929298311s ago: executing program 4 (id=2346): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r2, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) sendto$packet(r0, 0x0, 0x0, 0x94, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x6, 0x6, @broadcast}, 0x14) 3.832868187s ago: executing program 4 (id=2347): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) accept4$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000001c0)=0x1c, 0x80800) 3.271664851s ago: executing program 5 (id=2352): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x9a}]}, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x1}, 0x94) 3.027316413s ago: executing program 5 (id=2355): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000002000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b0af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2.792213792s ago: executing program 5 (id=2358): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x2}) r1 = socket$kcm(0x11, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x5}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x800}, @TCA_TBF_PARMS={0x28, 0x1, {{0x81, 0x0, 0xee8, 0x1c, 0x800, 0x8}, {0x7, 0x2, 0x7, 0x1003, 0x5, 0x20000007}, 0x6db6312a, 0x7, 0x1257}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0) 2.788383442s ago: executing program 4 (id=2359): socket$netlink(0x10, 0x3, 0x0) shutdown(0xffffffffffffffff, 0x1) setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) socket(0x2, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x4800}, 0x11) sendto$inet(r2, &(0x7f0000000080)="8b64", 0x2, 0x41, 0x0, 0x0) 2.617808141s ago: executing program 1 (id=2361): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x2, 0x9, 0x8000001}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x78, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x48, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x34, 0x9, 0x0, 0x1, [@m_csum={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0xc804}, 0x2) close(r1) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="af75355d1696"}) r4 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x4) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f00000001c0)=@xdp={0x2c, 0x0, r6, 0x1c}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000002c0)="27030200dc0f24000e00003c000c00000000ff840000000200000003125ce882cbf490d908f1523f000000032d9c2740e260a09c6911cda856d5ea9a141b", 0x3e}], 0x1}, 0x8bb3a301eb085f) 2.335018289s ago: executing program 2 (id=2362): ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0xc0189436, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d00)={&(0x7f0000000b40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x74, 0x74, 0x4, [@restrict={0x3, 0x0, 0x0, 0xb, 0x2}, @fwd={0xe}, @volatile={0xe, 0x0, 0x0, 0x9, 0x1}, @const={0x7, 0x0, 0x0, 0xa, 0x3}, @func={0x9, 0x0, 0x0, 0xc, 0x2}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x31, 0x0, 0x4c, 0x6}, @enum64={0x9, 0x1, 0x0, 0x13, 0x0, 0x0, [{0x9, 0x464, 0xffffffff}]}, @decl_tag={0x1, 0x0, 0x0, 0x11, 0x2}]}, {0x0, [0x61, 0x30]}}, &(0x7f0000000c40)=""/180, 0x90, 0xb4, 0x1, 0x9}, 0x28) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000d40)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xfffff7dd}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x1}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000001b00)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x50) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000940)={@fallback, 0xffffffffffffffff, 0xb, 0x18, 0xffffffffffffffff, @void, @value=r6}, 0x20) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r7, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r2, 0x1, 0x70bd2c, 0x1000000, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x37}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002d40)=ANY=[@ANYBLOB], 0x0}, 0x94) 2.282736747s ago: executing program 1 (id=2363): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=@newlink={0x5c, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x50a32, 0x823}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @remote}, @IFLA_GRE_REMOTE={0x14, 0x7, @local}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000080}, 0xc010) 2.015471392s ago: executing program 1 (id=2364): sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1ff73331", @ANYRES16, @ANYBLOB="010000000000fcdbdf251200000018000180"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 2.014759902s ago: executing program 2 (id=2365): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@ipv6_newrule={0x1c, 0x20, 0x2d2c6d60ea1da725, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x0, 0xcd, 0xff, 0x0, 0x0, 0x1, 0x12}}, 0x1c}}, 0x0) 1.901360241s ago: executing program 5 (id=2366): socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syz_tun\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfef3, &(0x7f0000000200)=ANY=[], 0x0) 1.835085532s ago: executing program 2 (id=2367): socket$netlink(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x800000, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller0\x00', @broadcast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200504, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffc, {0x0, 0x0, 0x0, r6, {0x0, 0xd}, {0x2, 0xb}, {0x9, 0xfff3}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x89, 0xca7, 0x3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0e9}, 0x4000010) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.777624142s ago: executing program 4 (id=2368): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000001000010700000000200000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r1) recvmmsg(r1, &(0x7f0000004240)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0x3ff}, {{0x0, 0x0, 0x0}, 0xa2e}, {{0x0, 0x0, 0x0}, 0x8}], 0x4, 0x20, 0x0) sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001e0001000000", @ANYRES32=0x0, @ANYBLOB="000008163f"], 0x24}, 0x1, 0x0, 0x0, 0x240040c0}, 0x20000080) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@getqdisc={0x44, 0x26, 0x10, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x2, 0xd}, {0xfff2, 0xfff3}, {0xf, 0xc}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x810}, 0x20044851) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ioctl$TIOCNOTTY(r6, 0x5422) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e"], 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0) preadv(r6, &(0x7f00000015c0)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f00000002c0)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r7, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 1.714902932s ago: executing program 1 (id=2369): syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x3e, &(0x7f00000004c0)={@remote, @random="1704cf1a08de", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x30}}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x101, @empty=0xac1414aa}}}}}}, 0x0) 1.621168978s ago: executing program 5 (id=2370): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x14, 0x2, 0x6, 0x301}, 0x14}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e02000000000000000000000000000005"], 0x0, 0x37}, 0x28) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x2}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83", 0x70}, {&(0x7f0000000780)="92bdcafd7ac9e21583ea71b9eb5feeb69b7eeb919260393d59069611e6d460fd38481da64e5ad543477ed7b768b1a06c0a5d60edf6c5610c123e3572a7c3bd74b7bd876c6f1c54709ef06cb9187fa5ddecc04cdc8fd3e74782c0aa0579531662e6d5fcdddc53becdd0b8a59c3a97fe428e75e7", 0x73}, {&(0x7f0000000580)}], 0x3, &(0x7f0000000b40)=[@timestamping={{0x14, 0x1, 0x25, 0x2d}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0xc}}], 0x60}}, {{0x0, 0x0, &(0x7f0000001400), 0x0, &(0x7f00000014c0)}}], 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.42791759s ago: executing program 3 (id=2371): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r2, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) sendto$packet(r0, &(0x7f0000000480), 0x0, 0x94, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x6, 0x6, @broadcast}, 0x14) 489.366288ms ago: executing program 1 (id=2372): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'erspan0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="4400000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="0315000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00'], 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) 444.584246ms ago: executing program 2 (id=2373): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4000080) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 379.442747ms ago: executing program 4 (id=2374): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20000400) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) r1 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r1, &(0x7f0000000480)={&(0x7f0000000040)={0x2, 0x4e22, @remote}, 0x10, 0x0}, 0x4004) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="ac0100001700010000000000000000007f0000010000000000000000000000000000000000000000fe8000000000000000000000000000bbac1414bb000000000000000000000000ffffffff0000000000000000000000004e210000000000000000006400000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000000000000000000000000000000000000100000000000000000a00802000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000200000000f9ffffff00000000000000000000000084000500ffffffff000000000000000000000000000004d33c0000000a0000000000000000000000000030c6f58b000000000001053500000200ac0003000000010000000900000000000000000000000000000000000001000004d56c0000000a000000ac1476bb0000000000000000000000000535"], 0x1ac}}, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) sendmmsg$unix(r3, &(0x7f00000003c0)=[{{&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000180)="c526da4246c86a9037cc4854e99241ddd8631ac3f33e2ba87643cc943ce4596bd61fc4864ff6fb36a11d01b7316c6d3e052d1137b48f14a24f118c60850257b665eb0308ce7c5b31613db69f3cc94f1d", 0x50}, {&(0x7f0000000200)="0cc1014204a2fc64b58b262bc23f3ecf686b307621eb516f09286f49093b567eb1192ee95605f21eb9c91b9c187c23f093a49df46f5e7d546636a55226b034cb192f1328fefad50548317266ee053199b4eb7b5d2e3d20bd90bf3c3a8b61cf890921e4a76f63fd1de596a6271279371b4edc82b8a52ed69792a789419dfb42eaec8dd4c8cc85ec439617ab0f18123807c17a2e49a336b7917d", 0x99}, {&(0x7f00000002c0)="63bfb1ff82f2276e20fe2bbdc31786cc69d0ec14b425f406aa0e6177c3f10f80f1a3aa8a93571dd4aae582ec50a8ffcdcb36c5e608d22953ffe80ed62a2ba0787e63b006e32e3d55e3065c18fd2b34634aa7", 0x52}, {&(0x7f0000000340)="f502", 0x2}], 0x4, 0x0, 0x0, 0x800}}], 0x1, 0x24044000) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r5 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r5, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x7ffffffe}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) close(r4) socket$inet6_mptcp(0xa, 0x1, 0x106) recvmmsg(r4, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) 277.390754ms ago: executing program 3 (id=2375): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) write$tun(r0, &(0x7f0000000040)={@val, @void, @eth={@remote, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x34}}, {0x0, 0x86dd, 0x2c, 0x0, @opaque="0da8abb2fef984df98b1d3ef2b9eb3fef5bf35059f256586de6738a5fafece0652ef21bd"}}}}}}, 0x52) 263.475346ms ago: executing program 1 (id=2376): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x2}) r1 = socket$kcm(0x11, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x5}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x800}, @TCA_TBF_PARMS={0x28, 0x1, {{0x81, 0x0, 0xee8, 0x1c, 0x800, 0x8}, {0x7, 0x2, 0x7, 0x1003, 0x5, 0x20000007}, 0x6db6312a, 0x7, 0x1257}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0) 257.749597ms ago: executing program 2 (id=2377): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 184.692289ms ago: executing program 5 (id=2378): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x13, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x130}, 0x94) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b", 0x83}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}, {&(0x7f0000000800)}, {&(0x7f0000000900)}, {&(0x7f00000000c0)}], 0x5}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000bc0)="61275006ed747229311198ab94c7e6699587b0d033c2f17d1ccbd45cba520b6888fbad95d4d6ae3cc7172b392f90693e992e52408ba7f1874d1767303d6acb170f216f71908f53a3be1833a25eb1fb2ba3913dcc1de30c5c7e914b13514dea44fb2b964aaa280d5a85512fede48830ca6ea5cd18ff95c871d91454240f370e0c8e2629e58605c4b29017a160709ec76547c92a21d0ec5589e228922b105d0b8b29256620c44d2118334025dedd46db5194f22b349264de22068d3d4db627db4fa827907e5bc02b69c36e94f8149f12116f75bd48aa86d41dfdf52e74b442782f530da1263fd0f699776e9459", 0xec}], 0x1, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x78}}], 0x2, 0x20000044) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 57.94831ms ago: executing program 2 (id=2379): socket$netlink(0x10, 0x3, 0x0) shutdown(0xffffffffffffffff, 0x1) setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) socket(0x2, 0x3, 0x0) close(0xffffffffffffffff) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r2 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x4800}, 0x11) sendto$inet(r1, &(0x7f0000000080)="8b64", 0x2, 0x41, 0x0, 0x0) 0s ago: executing program 3 (id=2380): socket$kcm(0x2d, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180500000800850e0000000000000000850000007b00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="882f1242a03c3f98722780b605a7", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) kernel console output (not intermixed with test programs): d=4662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.112" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 95.505613][ T4662] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 95.545489][ T4662] syz.4.112 (4662) used greatest stack depth: 20120 bytes left [ 95.723557][ T4680] netlink: 'syz.4.116': attribute type 1 has an invalid length. [ 95.782380][ T4680] 8021q: adding VLAN 0 to HW filter on device bond2 [ 95.835368][ T4680] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 95.851154][ T4682] tipc: Started in network mode [ 95.856342][ T4682] tipc: Node identity fee05e23a562, cluster identity 4711 [ 95.868663][ T3754] hid (null): global environment stack underflow [ 95.874702][ T4682] tipc: Enabled bearer , priority 0 [ 95.889646][ T4443] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 95.934256][ T3754] hid-generic 0005:10CF:0004.0001: global environment stack underflow [ 96.005993][ T3754] hid-generic 0005:10CF:0004.0001: item 0 0 1 11 parsing failed [ 96.027275][ T3754] hid-generic: probe of 0005:10CF:0004.0001 failed with error -22 [ 96.057223][ T4685] device syzkaller0 entered promiscuous mode [ 96.065093][ T4685] tipc: Resetting bearer [ 96.078857][ T4698] device syzkaller0 entered promiscuous mode [ 96.085890][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 96.104065][ T4681] tipc: Resetting bearer [ 98.483597][ T4681] tipc: Disabling bearer [ 98.492701][ T4705] netlink: 'syz.0.123': attribute type 1 has an invalid length. [ 98.506250][ T4711] device macvlan2 entered promiscuous mode [ 98.645006][ T41] tipc: Node number set to 1535270435 [ 98.755396][ T4731] device syzkaller0 entered promiscuous mode [ 99.000383][ T4736] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 99.779342][ T4743] device syzkaller0 entered promiscuous mode [ 99.988819][ T4739] syz.2.126 (4739) used greatest stack depth: 16368 bytes left [ 100.118761][ T4754] device syzkaller0 entered promiscuous mode [ 100.736447][ T4771] netlink: 'syz.1.139': attribute type 1 has an invalid length. [ 100.826704][ T4774] device macvlan2 entered promiscuous mode [ 101.176968][ T4786] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 101.299754][ T4793] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 101.929082][ T4810] device syzkaller0 entered promiscuous mode [ 101.992176][ T4810] Zero length message leads to an empty skb [ 102.013310][ T4810] tipc: Enabled bearer , priority 0 [ 102.056538][ T4809] tipc: Resetting bearer [ 102.124887][ T4809] tipc: Disabling bearer [ 102.536872][ T4822] netlink: 'syz.0.154': attribute type 1 has an invalid length. [ 102.654616][ T4822] 8021q: adding VLAN 0 to HW filter on device bond1 [ 102.707165][ T4827] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 102.754276][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 103.907522][ T4861] device syzkaller0 entered promiscuous mode [ 105.231024][ T4884] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 108.147286][ T4919] fuse: Bad value for 'fd' [ 108.371292][ T4925] netlink: 'syz.4.187': attribute type 1 has an invalid length. [ 108.507650][ T4925] 8021q: adding VLAN 0 to HW filter on device bond3 [ 109.338791][ T4950] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 109.776323][ T4953] 8021q: adding VLAN 0 to HW filter on device bond1 [ 111.103698][ T4970] fuse: Bad value for 'fd' [ 111.536193][ T4980] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 111.599585][ T4980] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.608879][ T4980] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.862784][ T4992] netlink: 4 bytes leftover after parsing attributes in process `syz.0.202'. [ 112.070800][ T4997] vcan0: tx address claim with different name [ 112.166193][ T5000] netlink: 104 bytes leftover after parsing attributes in process `syz.4.205'. [ 112.198320][ T5000] syz.4.205 uses obsolete (PF_INET,SOCK_PACKET) [ 112.548113][ T4985] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 112.587698][ T5000] netlink: 'syz.4.205': attribute type 1 has an invalid length. [ 112.608168][ T5000] netlink: 4 bytes leftover after parsing attributes in process `syz.4.205'. [ 112.813069][ T5004] fuse: Unknown parameter 'user_i00000000000000000000' [ 112.843198][ T5005] device syzkaller0 entered promiscuous mode [ 113.964989][ T5015] devpts: called with bogus options [ 114.357590][ T5033] device syzkaller0 entered promiscuous mode [ 114.436895][ T5038] device syzkaller1 entered promiscuous mode [ 114.489337][ T5040] netlink: 'syz.3.218': attribute type 10 has an invalid length. [ 114.609774][ T5040] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 114.682507][ T5044] device syzkaller0 entered promiscuous mode [ 114.916800][ T5053] TC_ACT_REPEAT abuse ? [ 115.384411][ T5066] fuse: Unknown parameter 'user_i00000000000000000000' [ 118.419101][ T5144] netlink: 'syz.1.252': attribute type 30 has an invalid length. [ 118.432610][ T5144] netlink: 12 bytes leftover after parsing attributes in process `syz.1.252'. [ 119.115494][ T5165] device syzkaller0 entered promiscuous mode [ 119.171827][ T5165] netlink: 60 bytes leftover after parsing attributes in process `syz.0.259'. [ 121.009684][ T5191] netlink: 'syz.1.264': attribute type 3 has an invalid length. [ 121.120691][ T4282] Bluetooth: hci4: link tx timeout [ 121.126198][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 121.221916][ T4282] Bluetooth: hci4: link tx timeout [ 121.227092][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 121.247943][ T4282] Bluetooth: hci4: link tx timeout [ 121.253164][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 121.288786][ T5198] device syzkaller0 entered promiscuous mode [ 121.310282][ T5200] fuse: Bad value for 'user_id' [ 121.351360][ T4282] Bluetooth: hci4: link tx timeout [ 121.357855][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 121.709053][ T4282] Bluetooth: hci4: link tx timeout [ 121.714686][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 122.405531][ T4282] Bluetooth: hci4: link tx timeout [ 122.411558][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 123.228239][ T4282] Bluetooth: hci4: command 0x0406 tx timeout [ 123.237654][ T5227] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 123.461297][ T4282] Bluetooth: hci4: link tx timeout [ 123.468362][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 123.742155][ T5249] fuse: Unknown parameter 'user_id00000000000000000000' [ 123.751945][ T5245] device syzkaller0 entered promiscuous mode [ 124.008669][ T5258] IPVS: sh: FWM 3 0x00000003 - no destination available [ 124.023973][ T5251] device syzkaller0 entered promiscuous mode [ 124.102062][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 126.277566][ T4282] Bluetooth: hci4: link tx timeout [ 126.283348][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 126.747205][ T5282] fuse: Unknown parameter '0x0000000000000004' [ 127.975700][ T5292] fuse: Bad value for 'fd' [ 129.148867][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056c8d800: rx timeout, send abort [ 129.158660][ C1] vcan0: j1939_tp_rxtimer: 0xffff888059140800: rx timeout, send abort [ 129.261779][ T5279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.291'. [ 129.275890][ T5288] netlink: 4 bytes leftover after parsing attributes in process `syz.1.294'. [ 129.288504][ T4282] Bluetooth: hci4: link tx timeout [ 129.293736][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 129.356323][ T4282] Bluetooth: hci4: link tx timeout [ 129.361848][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 129.391627][ T5296] device syzkaller0 entered promiscuous mode [ 130.446524][ T4282] Bluetooth: hci4: link tx timeout [ 130.452556][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 130.460964][ T4282] Bluetooth: hci4: link tx timeout [ 130.466295][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 130.635959][ T5328] fuse: Unknown parameter '0x0000000000000004' [ 131.728040][ T4282] Bluetooth: hci4: link tx timeout [ 131.733838][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 132.579679][ T5350] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.287217][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.293612][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.320502][ T5353] netlink: 8 bytes leftover after parsing attributes in process `syz.2.310'. [ 133.338318][ T5353] netlink: 'syz.2.310': attribute type 5 has an invalid length. [ 133.366183][ T5353] netlink: 28 bytes leftover after parsing attributes in process `syz.2.310'. [ 133.416575][ T5353] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 133.446274][ T5353] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 133.488110][ T5353] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 133.516161][ T5353] device geneve2 entered promiscuous mode [ 133.557023][ T5364] device syzkaller0 entered promiscuous mode [ 133.708204][ T5350] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.731117][ T5350] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 133.754208][ T4282] Bluetooth: hci4: link tx timeout [ 133.759597][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 134.012866][ T5350] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.155372][ T5350] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 134.878565][ T5350] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.901345][ T5350] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 134.944399][ T5393] device syzkaller0 entered promiscuous mode [ 135.233493][ T5350] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0 [ 135.277543][ T5350] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 135.347401][ T5350] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0 [ 135.387965][ T5350] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 135.446624][ T5350] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0 [ 135.738202][ T5350] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 136.127020][ T5350] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0 [ 136.155834][ T5350] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 137.641438][ T5453] device syzkaller0 entered promiscuous mode [ 137.912881][ T5460] device syzkaller0 entered promiscuous mode [ 138.357742][ T4282] Bluetooth: hci4: link tx timeout [ 138.363396][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 138.371854][ T4282] Bluetooth: hci4: link tx timeout [ 138.377491][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 138.804463][ T5483] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 138.902422][ T5483] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 140.048249][ T5495] netlink: 8 bytes leftover after parsing attributes in process `syz.0.341'. [ 140.816696][ T5505] IPVS: sh: FWM 3 0x00000003 - no destination available [ 140.838258][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 140.968880][ T5510] netlink: 'syz.3.344': attribute type 3 has an invalid length. [ 141.502346][ T5528] tipc: Enabling of bearer rejected, failed to enable media [ 143.725504][ T4282] Bluetooth: hci4: link tx timeout [ 143.731489][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 145.119174][ T5559] IPVS: sh: FWM 3 0x00000003 - no destination available [ 145.126543][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 145.245697][ T5568] netlink: 'syz.2.360': attribute type 3 has an invalid length. [ 146.045654][ T5600] device syzkaller0 entered promiscuous mode [ 146.204543][ T5600] tipc: Enabled bearer , priority 0 [ 146.747864][ T5599] tipc: Resetting bearer [ 146.953864][ T5599] tipc: Disabling bearer [ 149.138135][ T5638] netlink: 28 bytes leftover after parsing attributes in process `syz.1.376'. [ 149.319014][ T4282] Bluetooth: hci4: link tx timeout [ 149.324194][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 149.574040][ T5661] Bluetooth: MGMT ver 1.22 [ 149.938143][ T5671] netlink: 36 bytes leftover after parsing attributes in process `syz.1.384'. [ 150.028558][ T5671] netlink: 48 bytes leftover after parsing attributes in process `syz.1.384'. [ 150.201487][ T5682] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 150.424364][ T5688] device syzkaller0 entered promiscuous mode [ 151.376325][ T5696] device syzkaller0 entered promiscuous mode [ 151.418967][ T5701] device syzkaller0 entered promiscuous mode [ 151.497863][ T4313] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 151.607489][ T48] Bluetooth: hci0: command 0x0c1a tx timeout [ 151.607555][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 151.734836][ T4313] usb 4-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 151.758560][ T4313] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 151.784345][ T4313] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 151.825733][ T4313] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.874888][ T4313] usb 4-1: Product: syz [ 151.895211][ T4313] usb 4-1: Manufacturer: syz [ 151.905330][ T4313] usb 4-1: SerialNumber: syz [ 151.939707][ T5694] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 151.948025][ T5718] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 151.986249][ T5719] IPVS: sh: FWM 3 0x00000003 - no destination available [ 152.001259][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 152.167712][ T5726] 8021q: adding VLAN 0 to HW filter on device bond1 [ 152.375282][ T5733] device syzkaller0 entered promiscuous mode [ 152.390078][ T5731] netlink: 32 bytes leftover after parsing attributes in process `syz.4.405'. [ 152.837660][ T5736] loop3: detected capacity change from 0 to 8192 [ 153.201593][ T26] audit: type=1800 audit(1776200252.435:3): pid=5736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.391" name="file1" dev="loop3" ino=1048595 res=0 errno=0 [ 153.407352][ C0] sched: RT throttling activated [ 154.708864][ T4282] Bluetooth: hci4: link tx timeout [ 154.715743][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 154.882762][ T5731] netlink: 32 bytes leftover after parsing attributes in process `syz.4.405'. [ 154.965704][ T5742] fuse: Invalid rootmode [ 155.188789][ T5745] netlink: 12 bytes leftover after parsing attributes in process `syz.0.412'. [ 155.218298][ T5748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.411'. [ 155.931484][ T5760] bond1: option mode: unable to set because the bond device is up [ 156.001728][ T4313] usb 4-1: selecting invalid altsetting 1 [ 156.010560][ T4313] cdc_ncm 4-1:1.0: bind() failure [ 156.025734][ T4313] hub 4-1:1.1: Invalid hub with more than one config or interface [ 156.034157][ T4313] hub: probe of 4-1:1.1 failed with error -22 [ 156.082626][ T4313] usb 4-1: USB disconnect, device number 2 [ 156.273311][ T5770] device syzkaller0 entered promiscuous mode [ 156.482840][ T5784] device syzkaller0 entered promiscuous mode [ 157.339778][ T5803] bond1: option mode: unable to set because the bond device has slaves [ 157.437452][ T4315] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 157.592371][ T5810] netlink: 32 bytes leftover after parsing attributes in process `syz.0.434'. [ 157.614691][ T5810] netlink: 32 bytes leftover after parsing attributes in process `syz.0.434'. [ 157.647577][ T4315] usb 2-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 157.670198][ T4315] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 157.702821][ T4315] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 157.712725][ T4315] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.722183][ T4315] usb 2-1: Product: syz [ 157.726497][ T4315] usb 2-1: Manufacturer: syz [ 157.731966][ T4315] usb 2-1: SerialNumber: syz [ 157.742133][ T5799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 158.730810][ T5814] loop1: detected capacity change from 0 to 8192 [ 158.979326][ T26] audit: type=1800 audit(1776200258.225:4): pid=5814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.431" name="file1" dev="loop1" ino=1048596 res=0 errno=0 [ 159.226830][ T5771] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 160.798429][ T4315] usb 2-1: selecting invalid altsetting 1 [ 160.818706][ T4315] cdc_ncm 2-1:1.0: bind() failure [ 160.861591][ T4315] hub 2-1:1.1: Invalid hub with more than one config or interface [ 160.950480][ T4315] hub: probe of 2-1:1.1 failed with error -22 [ 161.028765][ T4315] usb 2-1: USB disconnect, device number 2 [ 162.876503][ T5875] IPVS: sync thread started: state = MASTER, mcast_ifn = netdevsim0, syncid = 2, id = 0 [ 162.928142][ T5878] device syzkaller0 entered promiscuous mode [ 166.801673][ T5947] IPVS: sh: FWM 3 0x00000003 - no destination available [ 166.821213][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 166.834214][ T5947] IPVS: sh: FWM 3 0x00000003 - no destination available [ 166.841865][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 166.900855][ T5952] netlink: 'syz.1.470': attribute type 3 has an invalid length. [ 167.000905][ T5955] fuse: Unknown parameter 'use00000000000000000000' [ 167.439807][ T5965] device syzkaller0 entered promiscuous mode [ 169.303741][ T5971] netlink: 12 bytes leftover after parsing attributes in process `syz.0.477'. [ 169.586855][ T6000] fuse: Unknown parameter 'use00000000000000000000' [ 170.773784][ T6024] device syzkaller0 entered promiscuous mode [ 172.118388][ T6046] IPVS: sh: FWM 3 0x00000003 - no destination available [ 172.127677][ T6037] device syzkaller0 entered promiscuous mode [ 172.169209][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 175.500727][ T6051] netlink: 8 bytes leftover after parsing attributes in process `syz.0.501'. [ 175.535044][ T6055] device netdevsim0 entered promiscuous mode [ 175.549454][ T6055] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 175.710657][ T6081] netlink: 12 bytes leftover after parsing attributes in process `syz.0.506'. [ 175.776308][ T6083] device syzkaller0 entered promiscuous mode [ 176.586255][ T6093] bond1: option mode: unable to set because the bond device is up [ 176.756829][ T6101] IPVS: sh: FWM 3 0x00000003 - no destination available [ 176.770714][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 176.798046][ T6093] device bond_slave_0 entered promiscuous mode [ 176.805490][ T6093] device bond_slave_1 entered promiscuous mode [ 176.823889][ T6093] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 176.841647][ T6093] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 176.909131][ T6104] device syzkaller0 entered promiscuous mode [ 176.978390][ T4608] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 177.054396][ T6114] device syzkaller0 entered promiscuous mode [ 177.138726][ T6119] netlink: 24 bytes leftover after parsing attributes in process `syz.1.517'. [ 177.173291][ T6119] netlink: 24 bytes leftover after parsing attributes in process `syz.1.517'. [ 177.964143][ T6128] netlink: 272 bytes leftover after parsing attributes in process `syz.4.521'. [ 178.253124][ T6135] device syzkaller0 entered promiscuous mode [ 178.617572][ T129] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 178.800455][ T129] usb 5-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 178.811252][ T129] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 178.827097][ T129] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 178.837084][ T129] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.847095][ T129] usb 5-1: Product: syz [ 178.851701][ T129] usb 5-1: Manufacturer: syz [ 178.856432][ T129] usb 5-1: SerialNumber: syz [ 178.864714][ T6137] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 179.066004][ T6095] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 179.782219][ T6145] loop4: detected capacity change from 0 to 8192 [ 179.887554][ T26] audit: type=1800 audit(1776200279.115:5): pid=6145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.525" name="file1" dev="loop4" ino=1048597 res=0 errno=0 [ 180.818301][ T6147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.526'. [ 181.928296][ T129] usb 5-1: selecting invalid altsetting 1 [ 181.961123][ T129] cdc_ncm 5-1:1.0: bind() failure [ 181.975940][ T6149] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 182.040114][ T129] hub 5-1:1.1: Invalid hub with more than one config or interface [ 182.086171][ T129] hub: probe of 5-1:1.1 failed with error -22 [ 182.088456][ T6157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.531'. [ 182.144846][ T129] usb 5-1: USB disconnect, device number 2 [ 182.520836][ T6172] device syzkaller0 entered promiscuous mode [ 182.530744][ T6175] netlink: 'syz.4.536': attribute type 3 has an invalid length. [ 182.533066][ T6172] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 183.023960][ T6190] IPVS: sh: FWM 3 0x00000003 - no destination available [ 183.046085][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 183.253717][ T6196] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 183.555362][ T6204] fuse: Unknown parameter 'user_i00000000000000000000' [ 183.640797][ T129] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 183.842986][ T6211] device syzkaller0 entered promiscuous mode [ 183.877685][ T129] usb 2-1: Using ep0 maxpacket: 32 [ 183.921602][ T129] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 183.933506][ T129] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 183.943021][ T129] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.956179][ T129] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 183.969057][ T129] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 183.983235][ T129] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 183.999658][ T129] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 184.014437][ T129] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.030540][ T129] usb 2-1: config 0 descriptor?? [ 184.690156][ T6227] device syzkaller0 entered promiscuous mode [ 184.717966][ T6230] IPVS: sh: FWM 3 0x00000003 - no destination available [ 184.725343][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 185.139657][ T6241] fuse: Unknown parameter 'user_i00000000000000000000' [ 185.253287][ T6246] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 185.381595][ T6251] fuse: Unknown parameter 'grou00000000000000000000' [ 185.491609][ T6253] device syzkaller0 entered promiscuous mode [ 186.061862][ T6267] device syzkaller0 entered promiscuous mode [ 186.200233][ T129] usb 2-1: USB disconnect, device number 3 [ 186.226474][ T6272] device syzkaller0 entered promiscuous mode [ 186.282566][ T6273] netlink: 60 bytes leftover after parsing attributes in process `syz.3.567'. [ 186.343970][ T6278] IPVS: sh: FWM 3 0x00000003 - no destination available [ 186.389994][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 186.399655][ T6282] IPVS: sh: FWM 3 0x00000003 - no destination available [ 186.406873][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 187.415481][ T6289] device syzkaller0 entered promiscuous mode [ 187.430766][ T6291] fuse: Unknown parameter 'group_i00000000000000000000' [ 187.494606][ T6294] device syzkaller0 entered promiscuous mode [ 187.652686][ T4282] Bluetooth: hci4: link tx timeout [ 187.658602][ T4282] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 187.667224][ T4282] Bluetooth: hci4: link tx timeout [ 187.672544][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 188.307448][ T129] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 188.487461][ T129] usb 4-1: Using ep0 maxpacket: 32 [ 188.503118][ T129] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 188.522926][ T129] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 188.534439][ T129] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 188.550534][ T129] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 188.562297][ T129] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 188.574889][ T129] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 188.585151][ T129] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 188.606651][ T129] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 188.620425][ T129] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.632929][ T129] usb 4-1: config 0 descriptor?? [ 188.934860][ T6262] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 189.098637][ T6319] IPVS: sh: FWM 3 0x00000003 - no destination available [ 189.123591][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 189.131977][ T6319] IPVS: sh: FWM 3 0x00000003 - no destination available [ 189.278654][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 189.694059][ T4282] Bluetooth: hci4: command 0x0406 tx timeout [ 190.273909][ T6331] device syzkaller0 entered promiscuous mode [ 190.295452][ T6331] netlink: 60 bytes leftover after parsing attributes in process `syz.1.584'. [ 190.326670][ T6336] fuse: Unknown parameter 'group_i00000000000000000000' [ 190.529021][ T6340] device syzkaller0 entered promiscuous mode [ 190.619834][ T6340] tipc: Enabled bearer , priority 0 [ 190.663622][ T6340] tipc: Resetting bearer [ 190.695272][ T6339] tipc: Resetting bearer [ 190.762354][ T6339] tipc: Disabling bearer [ 190.790423][ T6344] device syzkaller0 entered promiscuous mode [ 190.940252][ T41] usb 4-1: USB disconnect, device number 3 [ 191.186660][ T6355] tipc: Enabled bearer , priority 0 [ 191.210476][ T6354] tipc: Disabling bearer [ 191.367531][ T4282] Bluetooth: hci1: command 0x0406 tx timeout [ 191.377606][ T48] Bluetooth: hci3: command 0x0406 tx timeout [ 191.378999][ T4279] Bluetooth: hci0: command 0x0406 tx timeout [ 191.383944][ T4282] Bluetooth: hci2: command 0x0406 tx timeout [ 191.528235][ T6362] device syzkaller0 entered promiscuous mode [ 191.911410][ T6370] device syzkaller0 entered promiscuous mode [ 192.587243][ T6376] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 192.643642][ T6379] device syzkaller0 entered promiscuous mode [ 192.780535][ T6380] tipc: Started in network mode [ 192.786388][ T6380] tipc: Node identity fe9cb355f83b, cluster identity 4711 [ 192.821704][ T6380] tipc: Enabled bearer , priority 0 [ 192.848489][ T6379] tipc: Resetting bearer [ 192.870793][ T6378] tipc: Resetting bearer [ 192.915708][ T6378] tipc: Disabling bearer [ 193.307490][ T4313] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 193.415383][ T6401] device syzkaller0 entered promiscuous mode [ 193.513384][ T4313] usb 1-1: Using ep0 maxpacket: 32 [ 193.529446][ T4313] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 193.577423][ T4313] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 193.586187][ T4313] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.661525][ T4313] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 193.701606][ T4313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 193.727727][ T4313] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 193.767401][ T4313] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 193.807437][ T4313] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 193.823443][ T4313] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.867063][ T4313] usb 1-1: config 0 descriptor?? [ 194.413347][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.419849][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.599326][ T6430] netlink: 60 bytes leftover after parsing attributes in process `syz.2.613'. [ 195.040099][ T6445] netlink: 'syz.2.616': attribute type 3 has an invalid length. [ 195.818212][ T6456] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 195.954304][ T3754] usb 1-1: USB disconnect, device number 2 [ 195.994509][ T6455] device syzkaller0 entered promiscuous mode [ 196.129577][ T6466] device syzkaller0 entered promiscuous mode [ 198.072822][ T6508] device syzkaller0 entered promiscuous mode [ 198.425018][ T6517] netlink: 60 bytes leftover after parsing attributes in process `syz.2.634'. [ 198.461853][ T6521] tipc: Started in network mode [ 198.466993][ T6521] tipc: Node identity d62be8c89e8, cluster identity 4711 [ 198.488839][ T6521] tipc: Enabled bearer , priority 0 [ 198.510688][ T6520] tipc: Disabling bearer [ 198.655200][ T6527] device syzkaller0 entered promiscuous mode [ 198.836452][ T129] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 198.893965][ T6538] device syzkaller0 entered promiscuous mode [ 199.049721][ T129] usb 2-1: Using ep0 maxpacket: 32 [ 199.077766][ T129] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 199.300135][ T129] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 199.486069][ T129] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 199.605114][ T129] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 199.660252][ T129] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 199.707521][ T129] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 199.737597][ T129] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 199.772960][ T129] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 199.799982][ T129] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.839488][ T129] usb 2-1: config 0 descriptor?? [ 200.057733][ T6555] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 201.327937][ T6573] device syzkaller0 entered promiscuous mode [ 201.445476][ T6575] 8021q: adding VLAN 0 to HW filter on device bond2 [ 201.757528][ T127] usb 2-1: USB disconnect, device number 4 [ 201.876542][ T6586] device syzkaller0 entered promiscuous mode [ 201.955702][ T6588] netlink: 60 bytes leftover after parsing attributes in process `syz.3.650'. [ 203.187640][ T6606] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 203.395993][ T6603] device syzkaller0 entered promiscuous mode [ 203.430056][ T6608] IPVS: sh: FWM 3 0x00000003 - no destination available [ 203.613219][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 203.670528][ T6608] IPVS: sh: FWM 3 0x00000003 - no destination available [ 203.824448][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 203.866445][ T6603] tipc: Enabled bearer , priority 0 [ 203.964818][ T6603] tipc: Resetting bearer [ 204.001399][ T6602] tipc: Resetting bearer [ 204.054111][ T6602] tipc: Disabling bearer [ 204.507754][ T41] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 204.868975][ T41] usb 2-1: Using ep0 maxpacket: 32 [ 204.877668][ T41] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 204.892928][ T41] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 204.903881][ T41] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 205.032307][ T41] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 205.136087][ T41] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 205.238256][ T41] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 205.397006][ T41] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 205.637506][ T41] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 205.646805][ T41] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.684462][ T41] usb 2-1: config 0 descriptor?? [ 205.846013][ T6642] netlink: 60 bytes leftover after parsing attributes in process `syz.3.666'. [ 206.172370][ T6656] fuse: Unknown parameter '0x0000000000000004' [ 206.904901][ T6681] netlink: 60 bytes leftover after parsing attributes in process `syz.4.680'. [ 207.661258][ T6687] fuse: Unknown parameter '0x0000000000000004' [ 207.719061][ T4312] usb 2-1: USB disconnect, device number 5 [ 208.314731][ T6711] IPVS: sh: FWM 3 0x00000003 - no destination available [ 208.427893][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 208.473059][ T6714] IPVS: sh: FWM 3 0x00000003 - no destination available [ 208.485803][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 209.188844][ T6718] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 209.384246][ T6722] device syzkaller0 entered promiscuous mode [ 209.460267][ T6726] fuse: Unknown parameter '0x0000000000000004' [ 210.055295][ T6742] netlink: 'syz.1.704': attribute type 3 has an invalid length. [ 212.547616][ T6752] netlink: 24 bytes leftover after parsing attributes in process `syz.3.706'. [ 212.566048][ T6756] netlink: 24 bytes leftover after parsing attributes in process `syz.3.706'. [ 212.604491][ T6760] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 212.633945][ T6760] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 212.671796][ T6760] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 212.746682][ T6788] fuse: Unknown parameter '0x0000000000000004' [ 213.095960][ T6801] netlink: 60 bytes leftover after parsing attributes in process `syz.4.713'. [ 213.505255][ T6817] netlink: 'syz.0.719': attribute type 3 has an invalid length. [ 214.914207][ T6839] fuse: Unknown parameter '0x0000000000000004' [ 216.218473][ T6864] netlink: 'syz.1.732': attribute type 3 has an invalid length. [ 216.245520][ T6867] netlink: 60 bytes leftover after parsing attributes in process `syz.4.733'. [ 216.489153][ T6880] device syzkaller0 entered promiscuous mode [ 216.544739][ T6882] IPVS: sh: FWM 3 0x00000003 - no destination available [ 216.563904][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 217.086598][ T6910] netlink: 'syz.2.750': attribute type 1 has an invalid length. [ 217.153016][ T6910] 8021q: adding VLAN 0 to HW filter on device bond2 [ 217.209343][ T6914] bond2: (slave geneve3): making interface the new active one [ 217.226865][ T6914] bond2: (slave geneve3): Enslaving as an active interface with an up link [ 217.245034][ T5815] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 217.276584][ T6915] device syzkaller0 entered promiscuous mode [ 217.366196][ T6919] tipc: Enabling of bearer rejected, failed to enable media [ 217.485917][ T6927] device syzkaller0 entered promiscuous mode [ 217.600926][ T6930] device syzkaller0 entered promiscuous mode [ 219.111710][ T6971] IPVS: sh: FWM 3 0x00000003 - no destination available [ 219.123516][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 219.172603][ T6973] device syzkaller0 entered promiscuous mode [ 219.311733][ T6977] device syzkaller0 entered promiscuous mode [ 220.038692][ T7005] IPVS: sh: FWM 3 0x00000003 - no destination available [ 220.065324][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 220.887266][ T7025] devpts: called with bogus options [ 221.517127][ T7036] netlink: 'syz.0.792': attribute type 1 has an invalid length. [ 221.623360][ T7036] 8021q: adding VLAN 0 to HW filter on device bond3 [ 221.634142][ T7042] netlink: 'syz.1.795': attribute type 29 has an invalid length. [ 221.656534][ T7042] netlink: 'syz.1.795': attribute type 29 has an invalid length. [ 221.704176][ T7042] netlink: 'syz.1.795': attribute type 29 has an invalid length. [ 221.765709][ T7047] netlink: 'syz.1.795': attribute type 29 has an invalid length. [ 221.768165][ T7049] IPVS: sh: FWM 3 0x00000003 - no destination available [ 221.781708][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 222.088405][ T7055] tipc: Enabled bearer , priority 0 [ 222.154368][ T7061] IPVS: sh: FWM 3 0x00000003 - no destination available [ 222.161958][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 222.743097][ T7055] device syzkaller0 entered promiscuous mode [ 222.749892][ T7055] tipc: Resetting bearer [ 222.903326][ T5335] tipc: Resetting bearer [ 222.963176][ T7052] tipc: Resetting bearer [ 223.047413][ T4315] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 223.407545][ T4315] usb 5-1: Using ep0 maxpacket: 32 [ 223.416192][ T4315] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 223.443730][ T4315] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 223.476584][ T4315] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 223.494035][ T4315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 223.505244][ T4315] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 223.523977][ T4315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 223.590206][ T4315] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 223.601263][ T4315] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 223.615352][ T4315] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 223.626685][ T4315] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.637866][ T4315] usb 5-1: config 0 descriptor?? [ 223.884309][ T4315] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 224.064177][ T7] usb 5-1: USB disconnect, device number 3 [ 224.122157][ T7] usblp0: removed [ 226.202008][ T7052] tipc: Disabling bearer [ 226.212763][ T4314] tipc: Node number set to 111653717 [ 226.224352][ T7076] netlink: 'syz.3.809': attribute type 1 has an invalid length. [ 227.828136][ T7128] netlink: 24 bytes leftover after parsing attributes in process `syz.1.821'. [ 228.032829][ T7131] netlink: 'syz.0.826': attribute type 1 has an invalid length. [ 228.047426][ T7] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 228.065234][ T7131] 8021q: adding VLAN 0 to HW filter on device bond4 [ 228.075928][ T7125] device syzkaller0 entered promiscuous mode [ 228.367398][ T7] usb 5-1: Using ep0 maxpacket: 32 [ 228.429799][ T7] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 228.447542][ T7] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 228.468053][ T7] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 228.477202][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 228.531535][ T7] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 228.556230][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 228.583449][ T7] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 228.606229][ T7] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 228.627494][ T7] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 228.638079][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.656359][ T7] usb 5-1: config 0 descriptor?? [ 228.869175][ T7] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 228.898492][ T7150] device syzkaller0 entered promiscuous mode [ 229.071716][ T7] usb 5-1: USB disconnect, device number 4 [ 229.105019][ T7] usblp0: removed [ 230.158276][ T7165] netlink: 'syz.0.837': attribute type 1 has an invalid length. [ 230.200091][ T7165] 8021q: adding VLAN 0 to HW filter on device bond5 [ 233.772845][ T6823] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 233.957495][ T6823] usb 2-1: Using ep0 maxpacket: 32 [ 233.970893][ T6823] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 234.244366][ T6823] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 234.547463][ T6823] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 234.572804][ T6823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 234.604332][ T6823] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 234.624128][ T6823] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 234.648127][ T6823] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 234.658835][ T6823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.689041][ T6823] usb 2-1: config 0 descriptor?? [ 234.726825][ T7243] IPVS: sh: FWM 3 0x00000003 - no destination available [ 234.782405][ T7244] netlink: 24 bytes leftover after parsing attributes in process `syz.2.852'. [ 234.783374][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 234.899144][ T6823] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 234.931469][ T7247] device syzkaller1 entered promiscuous mode [ 235.027781][ T7253] netlink: 132 bytes leftover after parsing attributes in process `syz.4.855'. [ 235.426113][ T7262] device syzkaller0 entered promiscuous mode [ 235.444620][ T7262] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 235.722963][ T7270] device syzkaller0 entered promiscuous mode [ 236.996810][ T7] usb 2-1: USB disconnect, device number 6 [ 237.009401][ T7] usblp0: removed [ 237.139045][ T7290] raw_sendmsg: syz.4.868 forgot to set AF_INET. Fix it! [ 237.456746][ T7300] netlink: 'syz.0.871': attribute type 2 has an invalid length. [ 237.492058][ T7300] netlink: 'syz.0.871': attribute type 8 has an invalid length. [ 237.502907][ T7300] netlink: 132 bytes leftover after parsing attributes in process `syz.0.871'. [ 237.635528][ T7303] device syzkaller0 entered promiscuous mode [ 237.796441][ T7310] netlink: 'syz.1.876': attribute type 2 has an invalid length. [ 237.804575][ T7310] netlink: 'syz.1.876': attribute type 8 has an invalid length. [ 237.813371][ T7310] netlink: 132 bytes leftover after parsing attributes in process `syz.1.876'. [ 238.157989][ T7320] device syzkaller1 entered promiscuous mode [ 238.548038][ T6542] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 238.633374][ T7333] device syzkaller0 entered promiscuous mode [ 238.752542][ T6542] usb 3-1: Using ep0 maxpacket: 32 [ 238.763493][ T6542] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 238.802974][ T6542] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 238.819788][ T6542] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 238.829167][ T6542] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 238.839393][ T6542] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 238.850214][ T6542] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 238.863909][ T6542] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 238.879908][ T6542] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.912230][ T6542] usb 3-1: config 0 descriptor?? [ 239.060000][ T7345] device syzkaller0 entered promiscuous mode [ 239.131172][ T6542] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 239.221736][ T7351] device syzkaller0 entered promiscuous mode [ 239.230757][ T7353] device syzkaller0 entered promiscuous mode [ 239.656262][ T7367] device syzkaller0 entered promiscuous mode [ 239.676468][ T7370] device syzkaller1 entered promiscuous mode [ 240.772753][ T7384] device syzkaller0 entered promiscuous mode [ 241.060123][ T4355] usb 3-1: USB disconnect, device number 2 [ 241.080460][ T4355] usblp0: removed [ 241.231066][ T7393] device syzkaller0 entered promiscuous mode [ 241.320421][ T7400] device syzkaller0 entered promiscuous mode [ 241.380277][ T7406] netlink: 60 bytes leftover after parsing attributes in process `syz.3.908'. [ 241.653709][ T7411] device syzkaller0 entered promiscuous mode [ 241.821402][ T7421] device syzkaller0 entered promiscuous mode [ 244.602013][ T7428] team0: No ports can be present during mode change [ 244.611449][ T7435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.915'. [ 245.747530][ T7465] device syzkaller0 entered promiscuous mode [ 247.925149][ T7481] device syzkaller0 entered promiscuous mode [ 250.693729][ T7523] device syzkaller0 entered promiscuous mode [ 250.843393][ T7531] netlink: 80 bytes leftover after parsing attributes in process `syz.3.939'. [ 250.851802][ T7530] netlink: 64 bytes leftover after parsing attributes in process `syz.1.940'. [ 250.916360][ T7533] device syzkaller1 entered promiscuous mode [ 251.203702][ T4279] Bluetooth: hci4: link tx timeout [ 251.208963][ T4279] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 251.216792][ T4279] Bluetooth: hci4: link tx timeout [ 251.223010][ T4279] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 255.017203][ T7558] device syzkaller0 entered promiscuous mode [ 255.164425][ T7570] netlink: 'syz.2.953': attribute type 1 has an invalid length. [ 255.188274][ T7570] 8021q: adding VLAN 0 to HW filter on device bond3 [ 255.339951][ T7576] device syzkaller0 entered promiscuous mode [ 255.386095][ T7574] 8021q: adding VLAN 0 to HW filter on device bond4 [ 255.853197][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.859674][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.068682][ T7593] netlink: 'syz.3.960': attribute type 3 has an invalid length. [ 258.076527][ T7593] netlink: 16 bytes leftover after parsing attributes in process `syz.3.960'. [ 258.464670][ T7595] device syzkaller0 entered promiscuous mode [ 259.818483][ T7626] fuse: Unknown parameter 'use00000000000000000000' [ 260.885638][ T7634] netlink: 'syz.4.971': attribute type 3 has an invalid length. [ 260.894113][ T7634] netlink: 16 bytes leftover after parsing attributes in process `syz.4.971'. [ 262.227709][ T7630] bridge_slave_0: default FDB implementation only supports local addresses [ 262.499293][ T7639] 8021q: adding VLAN 0 to HW filter on device bond1 [ 262.575302][ T7644] device syzkaller0 entered promiscuous mode [ 262.621429][ T7652] device syzkaller0 entered promiscuous mode [ 262.653750][ T7653] device syzkaller0 entered promiscuous mode [ 266.906284][ T7671] fuse: Unknown parameter 'user_i00000000000000000000' [ 268.059015][ T7679] netlink: 'syz.4.983': attribute type 3 has an invalid length. [ 268.066901][ T7679] netlink: 16 bytes leftover after parsing attributes in process `syz.4.983'. [ 269.590259][ T7681] device syzkaller0 entered promiscuous mode [ 271.717497][ T7692] netlink: 'syz.2.989': attribute type 1 has an invalid length. [ 271.767635][ T7693] netlink: 36 bytes leftover after parsing attributes in process `syz.2.989'. [ 274.368336][ T7734] device syzkaller0 entered promiscuous mode [ 280.903383][ T7884] device syzkaller0 entered promiscuous mode [ 281.034684][ T7794] Driver unsupported XDP return value 0 on prog (id 26) dev N/A, expect packet loss! [ 281.080548][ T7794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1010'. [ 281.212900][ T7894] device syzkaller0 entered promiscuous mode [ 282.331035][ T7911] fuse: Bad value for 'fd' [ 284.165710][ T7931] device syzkaller0 entered promiscuous mode [ 284.321123][ T7936] device syzkaller1 entered promiscuous mode [ 284.335886][ T7938] device syzkaller0 entered promiscuous mode [ 285.517506][ T4317] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 285.717457][ T4317] usb 1-1: Using ep0 maxpacket: 32 [ 285.749430][ T4317] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 285.766404][ T4317] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 285.797499][ T4317] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 285.807809][ T4317] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 285.819257][ T4317] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 285.830877][ T4317] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 285.844846][ T4317] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 285.854596][ T4317] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.863237][ T7962] device syzkaller0 entered promiscuous mode [ 285.884485][ T4317] usb 1-1: config 0 descriptor?? [ 285.975520][ T7971] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1044'. [ 286.016519][ T7970] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1045'. [ 286.026141][ T7970] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1045'. [ 286.035510][ T7970] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1045'. [ 286.046137][ T7970] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1045'. [ 286.095036][ T4317] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 286.154777][ T7975] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1046'. [ 286.301472][ T4317] usb 1-1: USB disconnect, device number 3 [ 286.316393][ T4317] usblp0: removed [ 286.352058][ T7980] device syzkaller0 entered promiscuous mode [ 288.291263][ T8006] device syzkaller0 entered promiscuous mode [ 288.386858][ T8015] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1055'. [ 288.470876][ T8010] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.720188][ T8010] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.874694][ T8010] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.918919][ T8026] device syzkaller0 entered promiscuous mode [ 289.035084][ T8010] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.107214][ T8037] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1062'. [ 289.251212][ T8010] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.302810][ T8010] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.324203][ T8010] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.340491][ T8010] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.429685][ T8043] netlink: 'syz.4.1064': attribute type 3 has an invalid length. [ 289.497185][ T8042] device syzkaller0 entered promiscuous mode [ 289.503546][ T8043] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1064'. [ 289.665298][ T8049] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 289.867649][ T4311] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 290.080729][ T4311] usb 2-1: Using ep0 maxpacket: 32 [ 290.091117][ T4311] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 290.137553][ T4311] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 290.185630][ T4311] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 290.243720][ T4311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 290.268103][ T4311] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 290.278635][ T4311] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 290.293324][ T4311] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 290.303300][ T4311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.326798][ T4311] usb 2-1: config 0 descriptor?? [ 290.538002][ T4311] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 290.754390][ T127] usb 2-1: USB disconnect, device number 7 [ 290.777022][ T127] usblp0: removed [ 292.399054][ T8058] device syzkaller0 entered promiscuous mode [ 292.731624][ T8089] device syzkaller0 entered promiscuous mode [ 292.873425][ T8082] device syzkaller0 entered promiscuous mode [ 292.916424][ T8092] tipc: Enabled bearer , priority 0 [ 292.974304][ T8092] device syzkaller0 entered promiscuous mode [ 292.985642][ T8092] tipc: Resetting bearer [ 293.004540][ T8091] tipc: Resetting bearer [ 294.978357][ T8091] tipc: Disabling bearer [ 295.289843][ T8121] netlink: 'syz.2.1081': attribute type 3 has an invalid length. [ 295.317649][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1081'. [ 295.427084][ T8130] fuse: Unknown parameter '0x0000000000000003' [ 295.442298][ T8133] device syzkaller0 entered promiscuous mode [ 295.475554][ T8133] tipc: Enabling of bearer rejected, failed to enable media [ 295.617476][ T6542] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 295.649848][ T8138] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1086'. [ 295.709520][ T8138] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1086'. [ 295.737115][ T8140] device syzkaller0 entered promiscuous mode [ 295.817396][ T6542] usb 4-1: Using ep0 maxpacket: 32 [ 295.835338][ T6542] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 295.853448][ T6542] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 295.879349][ T6542] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 295.893552][ T6542] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 295.905936][ T6542] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 295.924587][ T6542] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 295.947903][ T6542] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 295.957820][ T6542] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.978961][ T6542] usb 4-1: config 0 descriptor?? [ 296.202740][ T6542] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 296.400186][ T6542] usb 4-1: USB disconnect, device number 4 [ 296.421762][ T6542] usblp0: removed [ 296.485151][ T8156] tipc: Enabled bearer , priority 0 [ 296.594449][ T8156] device syzkaller0 entered promiscuous mode [ 296.629082][ T8156] tipc: Resetting bearer [ 296.675133][ T8155] tipc: Resetting bearer [ 297.073707][ T8170] fuse: Unknown parameter '0x0000000000000003' [ 299.245903][ T8155] tipc: Disabling bearer [ 299.277986][ T4317] tipc: Node number set to 1219225800 [ 299.285852][ T8181] device syzkaller0 entered promiscuous mode [ 300.782664][ T8228] device syzkaller1 entered promiscuous mode [ 301.256759][ T8241] fuse: Unknown parameter '0x0000000000000003' [ 301.279043][ T8247] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1108'. [ 301.326030][ T8247] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1108'. [ 301.427373][ T4311] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 301.532197][ T8254] device syzkaller0 entered promiscuous mode [ 301.571574][ T8255] tipc: Enabled bearer , priority 0 [ 301.637508][ T4311] usb 1-1: Using ep0 maxpacket: 32 [ 301.644316][ T4311] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 301.671251][ T4311] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 301.698016][ T4311] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 301.717483][ T4311] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 301.727784][ T4311] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 301.753570][ T4311] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 301.774838][ T4311] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 301.785064][ T4311] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.839610][ T4311] usb 1-1: config 0 descriptor?? [ 301.910689][ T8255] device syzkaller0 entered promiscuous mode [ 301.953275][ T8255] tipc: Resetting bearer [ 302.052209][ T4311] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 302.203545][ T7862] tipc: Resetting bearer [ 302.213387][ T8253] tipc: Resetting bearer [ 302.255470][ T127] usb 1-1: USB disconnect, device number 4 [ 302.275992][ T127] usblp0: removed [ 305.656569][ T8253] tipc: Disabling bearer [ 306.020898][ T8365] device syzkaller0 entered promiscuous mode [ 306.196973][ T8375] netlink: 'syz.3.1134': attribute type 1 has an invalid length. [ 306.364060][ T8375] 8021q: adding VLAN 0 to HW filter on device bond2 [ 306.407956][ T8379] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1134'. [ 306.443814][ T8381] bond2: (slave geneve2): making interface the new active one [ 306.492142][ T8381] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 306.539928][ T5815] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 306.550611][ T8393] tipc: Enabled bearer , priority 0 [ 306.642527][ T4315] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 306.678335][ T8386] device syzkaller0 entered promiscuous mode [ 306.694073][ T8386] tipc: Resetting bearer [ 306.837609][ T4315] usb 1-1: Using ep0 maxpacket: 32 [ 306.845339][ T4315] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 306.861802][ T4600] tipc: Resetting bearer [ 306.871659][ T4315] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 306.886894][ T4315] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 306.898787][ T4315] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 306.912309][ T4315] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 306.922794][ T4315] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 306.936624][ T4315] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 306.946228][ T4315] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.967837][ T8385] tipc: Resetting bearer [ 306.995186][ T4315] usb 1-1: config 0 descriptor?? [ 307.297586][ T4315] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 307.503053][ T4317] usb 1-1: USB disconnect, device number 5 [ 307.526383][ T4317] usblp0: removed [ 307.640343][ T8436] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1140'. [ 307.668209][ T8436] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1140'. [ 308.587902][ T127] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 308.807939][ T127] usb 1-1: not running at top speed; connect to a high speed hub [ 308.830350][ T127] usb 1-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 308.848780][ T127] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 308.871495][ T127] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 308.890098][ T127] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.898595][ T127] usb 1-1: Product: syz [ 308.902800][ T127] usb 1-1: Manufacturer: syz [ 308.908462][ T127] usb 1-1: SerialNumber: syz [ 308.924820][ T8456] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 309.804353][ T8471] loop0: detected capacity change from 0 to 8192 [ 310.147806][ T26] audit: type=1800 audit(1776200409.145:6): pid=8471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1145" name="file1" dev="loop0" ino=1048598 res=0 errno=0 [ 312.599061][ T8385] tipc: Disabling bearer [ 312.779688][ T8468] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1150'. [ 312.964674][ T8473] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1153'. [ 312.974434][ T8473] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1153'. [ 312.986582][ T127] usb 1-1: selecting invalid altsetting 1 [ 313.014780][ T127] cdc_ncm 1-1:1.0: bind() failure [ 313.065973][ T8473] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1153'. [ 313.075705][ T127] hub 1-1:1.1: Invalid hub with more than one config or interface [ 313.099194][ T8473] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1153'. [ 313.141590][ T127] hub: probe of 1-1:1.1 failed with error -22 [ 313.180839][ T127] usb 1-1: USB disconnect, device number 6 [ 313.487052][ T8497] device syzkaller0 entered promiscuous mode [ 314.064120][ T8515] device syzkaller0 entered promiscuous mode [ 315.491011][ T8534] device syzkaller0 entered promiscuous mode [ 315.985195][ T4279] Bluetooth: hci4: link tx timeout [ 315.990515][ T4279] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 315.998670][ T4279] Bluetooth: hci4: link tx timeout [ 316.003961][ T4279] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 316.527104][ T8549] device syzkaller0 entered promiscuous mode [ 317.303823][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.310297][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.700124][ T8568] device syzkaller0 entered promiscuous mode [ 317.944259][ T8516] Set syz1 is full, maxelem 65536 reached [ 318.107863][ T8580] device syzkaller0 entered promiscuous mode [ 318.382550][ T8591] device syzkaller0 entered promiscuous mode [ 319.263568][ T8628] device syzkaller0 entered promiscuous mode [ 319.504405][ T8644] device syzkaller0 entered promiscuous mode [ 320.195017][ T8651] device syzkaller0 entered promiscuous mode [ 320.197769][ T4355] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 320.404737][ T4355] usb 2-1: not running at top speed; connect to a high speed hub [ 320.429904][ T4355] usb 2-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 320.501120][ T4355] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 320.555837][ T4355] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 320.590688][ T8683] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1211'. [ 320.592179][ T4355] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.610498][ T8683] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1211'. [ 320.631159][ T8683] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1211'. [ 320.642857][ T4355] usb 2-1: Product: syz [ 320.644518][ T8683] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1211'. [ 320.647426][ T4355] usb 2-1: Manufacturer: syz [ 320.658339][ T8685] netlink: 'syz.2.1212': attribute type 1 has an invalid length. [ 320.687983][ T8685] 8021q: adding VLAN 0 to HW filter on device bond5 [ 320.696039][ T4355] usb 2-1: SerialNumber: syz [ 320.705785][ T8689] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1213'. [ 320.747785][ T8659] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 320.818795][ T8690] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1212'. [ 321.126943][ T8698] device syzkaller0 entered promiscuous mode [ 321.146261][ T8696] device dummy0 entered promiscuous mode [ 321.663896][ T8704] loop1: detected capacity change from 0 to 8192 [ 322.138427][ T26] audit: type=1800 audit(1776200421.385:7): pid=8704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1206" name="file1" dev="loop1" ino=1048599 res=0 errno=0 [ 322.942333][ T8695] device dummy0 left promiscuous mode [ 324.356050][ T8717] netlink: 'syz.3.1219': attribute type 3 has an invalid length. [ 324.358016][ T4355] usb 2-1: selecting invalid altsetting 1 [ 324.388189][ T4355] cdc_ncm 2-1:1.0: bind() failure [ 324.411694][ T8717] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1219'. [ 324.422987][ T4355] hub 2-1:1.1: Invalid hub with more than one config or interface [ 324.443094][ T4355] hub: probe of 2-1:1.1 failed with error -22 [ 324.481307][ T4355] usb 2-1: USB disconnect, device number 8 [ 324.930949][ T8733] device syzkaller0 entered promiscuous mode [ 325.224364][ T8739] netlink: 'syz.3.1225': attribute type 1 has an invalid length. [ 325.246989][ T8739] 8021q: adding VLAN 0 to HW filter on device bond3 [ 325.274870][ T8741] netlink: 'syz.4.1226': attribute type 1 has an invalid length. [ 325.341966][ T8741] 8021q: adding VLAN 0 to HW filter on device bond4 [ 325.392052][ T8742] bond3: (slave veth0_to_bond): making interface the new active one [ 325.406579][ T8742] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 325.425577][ T8743] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1226'. [ 325.496820][ T8738] device bond3 entered promiscuous mode [ 325.502758][ T8738] device veth0_to_bond entered promiscuous mode [ 325.564064][ T8739] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1225'. [ 325.608371][ T8739] device bond3 left promiscuous mode [ 325.613771][ T8739] device veth0_to_bond left promiscuous mode [ 325.631477][ T8739] 8021q: adding VLAN 0 to HW filter on device bond3 [ 325.689102][ T8760] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1230'. [ 325.740440][ T8760] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 325.823393][ T8764] 8021q: adding VLAN 0 to HW filter on device bond6 [ 325.897829][ T8770] device syzkaller0 entered promiscuous mode [ 325.919265][ T8755] device syzkaller0 entered promiscuous mode [ 326.588482][ T8801] device syzkaller0 entered promiscuous mode [ 327.149857][ T8814] device syzkaller0 entered promiscuous mode [ 327.407850][ T8823] device syzkaller0 entered promiscuous mode [ 327.687650][ T8833] device syzkaller0 entered promiscuous mode [ 328.445331][ T8863] 8021q: adding VLAN 0 to HW filter on device bond5 [ 328.491911][ T8873] device syzkaller0 entered promiscuous mode [ 328.761886][ T8880] device syzkaller0 entered promiscuous mode [ 329.708864][ T8878] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1265'. [ 329.751485][ T8916] device syzkaller0 entered promiscuous mode [ 331.318648][ T8936] 8021q: adding VLAN 0 to HW filter on device bond4 [ 331.472151][ T8948] device syzkaller0 entered promiscuous mode [ 332.730615][ T8999] device syzkaller0 entered promiscuous mode [ 332.922246][ T9002] device syzkaller0 entered promiscuous mode [ 332.968866][ T9010] 8021q: adding VLAN 0 to HW filter on device bond7 [ 333.013682][ T9003] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 333.042130][ T9009] device syzkaller1 entered promiscuous mode [ 333.062308][ T9015] device syzkaller0 entered promiscuous mode [ 333.416146][ T9030] netlink: 'syz.2.1301': attribute type 1 has an invalid length. [ 333.544559][ T9030] 8021q: adding VLAN 0 to HW filter on device bond6 [ 333.559811][ T9034] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1302'. [ 333.820368][ T9051] netlink: 87 bytes leftover after parsing attributes in process `syz.4.1304'. [ 334.195264][ T9059] device syzkaller0 entered promiscuous mode [ 334.709425][ T9088] device syzkaller0 entered promiscuous mode [ 335.062604][ T9097] netlink: 'syz.3.1316': attribute type 1 has an invalid length. [ 335.222149][ T9097] 8021q: adding VLAN 0 to HW filter on device bond5 [ 335.395593][ T9121] device syzkaller0 entered promiscuous mode [ 335.426218][ T9118] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1320'. [ 337.621779][ T9176] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1334'. [ 337.674158][ T9179] device syzkaller0 entered promiscuous mode [ 338.132397][ T9113] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 338.368514][ T9188] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1338'. [ 339.520049][ T9224] device syzkaller0 entered promiscuous mode [ 340.913774][ T9253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1351'. [ 341.121101][ T9261] device syzkaller0 entered promiscuous mode [ 341.138617][ T9264] device syzkaller1 entered promiscuous mode [ 343.039983][ T9306] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1365'. [ 343.829200][ T9343] netlink: 'syz.3.1375': attribute type 1 has an invalid length. [ 343.949959][ T9343] 8021q: adding VLAN 0 to HW filter on device bond6 [ 344.006407][ T9346] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1375'. [ 344.327120][ T9355] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1379'. [ 344.370606][ T9358] device syzkaller0 entered promiscuous mode [ 345.254931][ T9404] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1390'. [ 345.721007][ T9419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1394'. [ 346.083361][ T9432] device syzkaller0 entered promiscuous mode [ 346.297097][ T9446] device syzkaller0 entered promiscuous mode [ 346.798754][ T9463] device syzkaller0 entered promiscuous mode [ 346.954224][ T9470] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 349.458690][ T9476] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1409'. [ 349.474248][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1411'. [ 349.686515][ T9516] tipc: Enabled bearer , priority 0 [ 349.811657][ T9516] device syzkaller0 entered promiscuous mode [ 349.823051][ T9516] tipc: Resetting bearer [ 349.855482][ T9515] tipc: Resetting bearer [ 352.123418][ T9547] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 353.526973][ T9515] tipc: Disabling bearer [ 353.535036][ T9533] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1422'. [ 353.545239][ T9533] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1422'. [ 353.555672][ T9533] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1422'. [ 353.564927][ T9533] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1422'. [ 353.611201][ T9569] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1427'. [ 353.705916][ T9570] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1427'. [ 353.728062][ T9571] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 353.744467][ T9573] device syzkaller0 entered promiscuous mode [ 353.763779][ T9571] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 353.817714][ T9571] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 354.136963][ T9588] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1435'. [ 354.308589][ T9597] tipc: Enabling of bearer rejected, failed to enable media [ 354.755445][ T9616] device syzkaller0 entered promiscuous mode [ 354.874350][ T9618] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1442'. [ 354.895911][ T9618] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1442'. [ 354.929309][ T9618] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1442'. [ 355.007617][ T9618] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1442'. [ 355.122424][ T9626] device syzkaller0 entered promiscuous mode [ 355.312175][ T9628] device syzkaller0 entered promiscuous mode [ 355.496474][ T9632] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1447'. [ 355.569167][ T9632] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1447'. [ 357.542169][ T9661] tipc: Enabling of bearer rejected, failed to enable media [ 357.744134][ T9668] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1456'. [ 357.766299][ T9668] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1456'. [ 357.786101][ T9668] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1456'. [ 357.809826][ T9668] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1456'. [ 358.210323][ T9677] device syzkaller0 entered promiscuous mode [ 359.868992][ T9706] tipc: Enabling of bearer rejected, failed to enable media [ 359.912881][ T9693] __nla_validate_parse: 1 callbacks suppressed [ 359.912897][ T9693] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1466'. [ 359.976803][ T9711] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1469'. [ 361.423123][ T9751] device syzkaller0 entered promiscuous mode [ 361.575949][ T9756] netlink: 'syz.1.1482': attribute type 2 has an invalid length. [ 361.594282][ T9756] netlink: 'syz.1.1482': attribute type 3 has an invalid length. [ 361.892933][ T9770] device syzkaller0 entered promiscuous mode [ 361.913741][ T9770] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 362.353998][ T9785] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1490'. [ 362.632607][ T9796] device syzkaller0 entered promiscuous mode [ 362.953419][ T9804] device syzkaller0 entered promiscuous mode [ 362.961880][ T9804] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 362.971757][ T9805] device syzkaller0 entered promiscuous mode [ 363.651715][ T9827] device syzkaller0 entered promiscuous mode [ 363.843321][ T9831] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1508'. [ 363.857209][ T9829] device syzkaller0 entered promiscuous mode [ 364.150027][ T9841] device syzkaller0 entered promiscuous mode [ 364.176919][ T9841] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 364.186408][ T9839] device syzkaller0 entered promiscuous mode [ 364.859554][ T9870] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1521'. [ 365.222274][ T9877] device syzkaller0 entered promiscuous mode [ 365.470642][ T9884] device syzkaller0 entered promiscuous mode [ 365.498067][ T9884] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 365.876678][ T9897] netlink: 'syz.4.1533': attribute type 1 has an invalid length. [ 365.918067][ T9897] 8021q: adding VLAN 0 to HW filter on device bond6 [ 365.929586][ T9904] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1533'. [ 365.976950][ T9900] netlink: 'syz.3.1535': attribute type 1 has an invalid length. [ 365.997055][ T9908] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1536'. [ 366.031879][ T9900] 8021q: adding VLAN 0 to HW filter on device bond7 [ 366.049846][ T9906] bond3: (slave veth0_to_bond): Releasing active interface [ 366.141268][ T9906] bond7: (slave veth0_to_bond): making interface the new active one [ 366.184149][ T9906] bond7: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 366.225925][ T7851] IPv6: ADDRCONF(NETDEV_CHANGE): bond7: link becomes ready [ 366.261022][ T9900] device bond7 entered promiscuous mode [ 366.277093][ T9900] device veth0_to_bond entered promiscuous mode [ 366.315111][ T9914] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1535'. [ 366.332448][ T9913] netlink: 'syz.4.1537': attribute type 25 has an invalid length. [ 366.342466][ T9913] netlink: 'syz.4.1537': attribute type 28 has an invalid length. [ 366.610000][ T9922] device syzkaller0 entered promiscuous mode [ 366.883521][ T9925] device syzkaller0 entered promiscuous mode [ 367.091784][ T9933] device syzkaller0 entered promiscuous mode [ 367.118276][ T9933] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 367.460275][ T9947] netlink: 'syz.1.1549': attribute type 1 has an invalid length. [ 367.669882][ T9947] 8021q: adding VLAN 0 to HW filter on device bond2 [ 367.736080][ T9949] bond2: (slave veth0_to_bond): making interface the new active one [ 367.762401][ T9949] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 367.836447][ T9952] device bond2 entered promiscuous mode [ 367.855975][ T9952] device veth0_to_bond entered promiscuous mode [ 367.924265][ T9957] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1549'. [ 369.042770][ T9976] netlink: 'syz.2.1554': attribute type 1 has an invalid length. [ 369.105418][ T9976] 8021q: adding VLAN 0 to HW filter on device bond7 [ 369.114946][ T9978] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1554'. [ 369.220809][ T9979] device syzkaller0 entered promiscuous mode [ 369.887223][ T4282] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 369.898208][ T4282] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 369.906905][ T4282] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 369.909645][T10000] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1562'. [ 369.925099][ T4277] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 369.933663][ T4277] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 369.941347][ T4277] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 369.958235][T10000] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1562'. [ 369.995939][T10000] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1562'. [ 370.006435][T10000] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1562'. [ 370.330506][T10004] netlink: 87 bytes leftover after parsing attributes in process `syz.4.1563'. [ 370.461987][T10007] device syzkaller0 entered promiscuous mode [ 370.532282][T10014] netlink: 'syz.2.1565': attribute type 1 has an invalid length. [ 370.594317][T10014] 8021q: adding VLAN 0 to HW filter on device bond8 [ 370.689542][T10017] bond8: (slave veth0_to_bond): making interface the new active one [ 370.701935][T10017] bond8: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 370.742503][T10021] device bond8 entered promiscuous mode [ 370.756986][T10021] device veth0_to_bond entered promiscuous mode [ 370.783798][ T9997] chnl_net:caif_netlink_parms(): no params data found [ 370.875892][T10024] device syzkaller0 entered promiscuous mode [ 370.932737][ T5335] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.950438][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805657ac00: rx timeout, send abort [ 370.959116][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805657ac00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 371.050508][T10033] netlink: 'syz.2.1568': attribute type 1 has an invalid length. [ 371.107047][T10033] 8021q: adding VLAN 0 to HW filter on device bond9 [ 371.114925][T10035] __nla_validate_parse: 1 callbacks suppressed [ 371.114940][T10035] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1568'. [ 371.163864][ T5335] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.328894][ T5335] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.407888][ T5335] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.493531][ T9997] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.510256][ T9997] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.528794][ T9997] device bridge_slave_0 entered promiscuous mode [ 371.550665][ T9997] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.584373][ T9997] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.603499][ T9997] device bridge_slave_1 entered promiscuous mode [ 371.649289][T10056] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1573'. [ 371.655762][T10063] af_packet: tpacket_rcv: packet too big, clamped from 196 to 4294967272. macoff=96 [ 371.665839][T10056] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1573'. [ 371.683135][T10056] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1573'. [ 371.694174][T10056] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1573'. [ 371.726095][ T9997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 371.735826][T10045] device syzkaller0 entered promiscuous mode [ 371.779200][ T9997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 371.956358][ T9997] team0: Port device team_slave_0 added [ 372.007590][ T4279] Bluetooth: hci5: command 0x0409 tx timeout [ 372.058075][ T9997] team0: Port device team_slave_1 added [ 372.064092][T10072] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1576'. [ 372.101922][T10074] netlink: 'syz.1.1578': attribute type 1 has an invalid length. [ 372.130453][T10074] 8021q: adding VLAN 0 to HW filter on device bond3 [ 372.146598][T10072] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1576'. [ 372.164788][T10074] bond2: (slave veth0_to_bond): Releasing active interface [ 372.172842][T10074] device veth0_to_bond left promiscuous mode [ 372.190428][T10074] bond3: (slave veth0_to_bond): making interface the new active one [ 372.201754][T10074] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 372.263000][ T7869] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 372.296449][ T9997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 372.327981][ T9997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 372.428300][ T9997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 372.452077][T10076] device bond3 entered promiscuous mode [ 372.489051][T10076] device veth0_to_bond entered promiscuous mode [ 372.527151][ T9997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 372.539235][ T9997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 372.566170][ T9997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 372.617107][ T5335] tipc: Left network mode [ 372.650338][ T9997] device hsr_slave_0 entered promiscuous mode [ 372.677996][ T9997] device hsr_slave_1 entered promiscuous mode [ 372.699197][ T9997] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 372.724106][ T9997] Cannot create hsr debugfs directory [ 373.079332][T10095] netlink: 'syz.1.1582': attribute type 1 has an invalid length. [ 373.212762][T10095] 8021q: adding VLAN 0 to HW filter on device bond4 [ 373.274913][T10099] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1582'. [ 373.331887][T10101] bond4: (slave geneve2): making interface the new active one [ 373.348879][T10101] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 373.414282][ T4441] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready [ 373.559789][T10109] device syzkaller0 entered promiscuous mode [ 373.876953][T10122] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1586'. [ 373.886758][T10122] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1586'. [ 374.032094][ T5335] device gretap1 left promiscuous mode [ 374.049012][ T5335] bridge0: port 3(gretap1) entered disabled state [ 374.097540][ T4279] Bluetooth: hci5: command 0x041b tx timeout [ 374.130370][T10129] device syzkaller0 entered promiscuous mode [ 374.318090][ T5335] IPVS: stopping master sync thread 5875 ... [ 374.662282][T10145] device syzkaller0 entered promiscuous mode [ 374.746927][ T5335] device hsr_slave_0 left promiscuous mode [ 374.754611][ T5335] device hsr_slave_1 left promiscuous mode [ 374.774836][ T5335] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 374.787647][ T5335] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 374.803212][ T5335] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 374.828740][ T5335] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 374.853310][ T5335] device bridge_slave_1 left promiscuous mode [ 374.867828][ T5335] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.883438][ T5335] device bridge_slave_0 left promiscuous mode [ 374.897461][ T5335] bridge0: port 1(bridge_slave_0) entered disabled state [ 375.011476][ T5335] device veth1_macvtap left promiscuous mode [ 375.021449][ T5335] device veth0_macvtap left promiscuous mode [ 375.034467][ T5335] device veth1_vlan left promiscuous mode [ 375.040753][ T5335] device veth0_vlan left promiscuous mode [ 375.421365][T10081] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 375.714033][ T5335] bond7 (unregistering): Released all slaves [ 376.098210][ T5335] bond6 (unregistering): Released all slaves [ 376.177671][ T4279] Bluetooth: hci5: command 0x040f tx timeout [ 376.386947][ T5335] bond5 (unregistering): Released all slaves [ 376.559725][ T5335] bond4 (unregistering): Released all slaves [ 376.732824][ T5335] bond3 (unregistering): Released all slaves [ 376.954031][ T5335] bond2 (unregistering): Released all slaves [ 377.101954][ T5335] bond1 (unregistering): (slave geneve2): Releasing backup interface [ 377.253804][ T5335] bond1 (unregistering): Released all slaves [ 377.754563][ T5335] team0 (unregistering): Port device team_slave_1 removed [ 377.838059][ T5335] team0 (unregistering): Port device team_slave_0 removed [ 377.895482][ T5335] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 378.084024][ T5335] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 378.174633][T10213] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 378.247692][ T4279] Bluetooth: hci5: command 0x0419 tx timeout [ 378.536894][ T5335] bond0 (unregistering): Released all slaves [ 378.612814][ T9997] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 378.645079][T10176] __nla_validate_parse: 3 callbacks suppressed [ 378.645098][T10176] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1597'. [ 378.662967][ T9997] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 378.738253][ T4314] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 378.741637][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.752838][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.774024][ T9997] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 378.924481][T10222] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1609'. [ 378.954209][ T4314] usb 4-1: not running at top speed; connect to a high speed hub [ 378.968346][ T4314] usb 4-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 378.991781][ T4314] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 379.004803][ T9997] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 379.091060][ T4314] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 379.108082][ T4314] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.128675][ T4314] usb 4-1: Product: syz [ 379.132998][ T4314] usb 4-1: Manufacturer: syz [ 379.154953][ T4314] usb 4-1: SerialNumber: syz [ 379.188050][T10217] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 379.322735][ T9997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 379.387646][ T7869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 379.396428][ T7869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 379.412808][ T9997] 8021q: adding VLAN 0 to HW filter on device team0 [ 379.484344][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 379.519654][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 379.601212][ T4468] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.608537][ T4468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 379.618792][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 379.649402][T10234] device syzkaller0 entered promiscuous mode [ 380.066968][T10249] loop3: detected capacity change from 0 to 8192 [ 380.130320][ T26] audit: type=1800 audit(1776200479.375:8): pid=10249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1608" name="file1" dev="loop3" ino=1048600 res=0 errno=0 [ 380.897973][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 380.936878][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 380.993985][ T4468] bridge0: port 2(bridge_slave_1) entered blocking state [ 381.001824][ T4468] bridge0: port 2(bridge_slave_1) entered forwarding state [ 381.145419][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 381.267131][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 381.395328][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 381.566775][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 382.044432][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 382.052963][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 382.062270][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 382.135360][ T4314] usb 4-1: selecting invalid altsetting 1 [ 382.143308][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 382.152081][ T4314] cdc_ncm 4-1:1.0: bind() failure [ 382.161854][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 382.170594][ T4314] hub 4-1:1.1: Invalid hub with more than one config or interface [ 382.178884][ T4314] hub: probe of 4-1:1.1 failed with error -22 [ 382.213057][ T9997] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 382.224252][ T4314] usb 4-1: USB disconnect, device number 5 [ 382.269026][ T9997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 382.302857][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 382.323692][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 382.714780][T10274] device syzkaller0 entered promiscuous mode [ 383.104156][T10285] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1622'. [ 383.265932][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 383.311806][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 384.178704][ T9997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 384.645794][T10303] device syzkaller0 entered promiscuous mode [ 387.717166][T10309] device syzkaller0 entered promiscuous mode [ 389.985899][T10341] device syzkaller0 entered promiscuous mode [ 390.035852][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 390.053309][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 392.162564][T10364] netlink: 87 bytes leftover after parsing attributes in process `syz.3.1638'. [ 392.173639][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 392.214998][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 392.230000][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 392.242929][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 392.261352][ T9997] device veth0_vlan entered promiscuous mode [ 392.419415][T10371] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1641'. [ 392.553923][T10369] netlink: 'syz.1.1640': attribute type 1 has an invalid length. [ 392.676052][T10369] 8021q: adding VLAN 0 to HW filter on device bond5 [ 392.717079][T10374] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1640'. [ 392.742321][ T9997] device veth1_vlan entered promiscuous mode [ 392.931657][ T6848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 392.974880][ T6848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 393.013954][ T9997] device veth0_macvtap entered promiscuous mode [ 393.091607][ T9997] device veth1_macvtap entered promiscuous mode [ 393.145427][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.257536][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.334856][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.345627][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.356013][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.366601][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.382336][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.393894][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.417617][ T9997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 393.425989][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 393.440498][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 393.488342][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 393.600617][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 394.249402][T10390] device syzkaller0 entered promiscuous mode [ 394.285397][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.312928][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.355820][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.384684][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.414148][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.455565][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.486183][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.517552][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.529380][ T9997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 394.537108][T10410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1644'. [ 396.810852][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 396.820153][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 396.844769][ T9997] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.853747][ T9997] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.869556][ T9997] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.882002][ T9997] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.108333][T10443] netlink: 'syz.2.1649': attribute type 1 has an invalid length. [ 397.149453][T10443] 8021q: adding VLAN 0 to HW filter on device bond10 [ 397.189820][T10443] device bond10 entered promiscuous mode [ 397.247879][ T7512] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.255734][ T7512] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.262902][T10443] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1649'. [ 397.296804][T10443] device bond10 left promiscuous mode [ 397.313218][T10443] 8021q: adding VLAN 0 to HW filter on device bond10 [ 397.345006][ T7851] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 397.388957][T10455] netlink: 'syz.1.1653': attribute type 1 has an invalid length. [ 397.460827][T10455] 8021q: adding VLAN 0 to HW filter on device bond6 [ 397.486329][ T7512] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.498561][T10456] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1653'. [ 397.508035][ T7512] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.546349][ T7512] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 397.691164][T10466] device syzkaller0 entered promiscuous mode [ 398.145909][T10479] device syzkaller0 entered promiscuous mode [ 398.185849][T10490] device syzkaller0 entered promiscuous mode [ 398.227047][T10496] netlink: 'syz.3.1661': attribute type 1 has an invalid length. [ 398.281968][T10496] 8021q: adding VLAN 0 to HW filter on device bond8 [ 398.532250][T10497] bond8: (slave veth3): Enslaving as an active interface with a down link [ 400.760904][T10501] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 400.768979][T10501] bond8: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 400.814514][T10507] netlink: 'syz.5.1664': attribute type 1 has an invalid length. [ 400.833875][T10510] device ip6gre0 entered promiscuous mode [ 400.923948][T10512] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1664'. [ 400.957842][T10512] device ip6gre0 left promiscuous mode [ 401.004372][T10521] netlink: 'syz.4.1668': attribute type 1 has an invalid length. [ 401.068010][T10521] 8021q: adding VLAN 0 to HW filter on device bond7 [ 401.078601][T10522] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1668'. [ 401.395678][T10536] bond8: (slave veth0_to_bond): Releasing active interface [ 401.426524][T10536] device veth0_to_bond left promiscuous mode [ 401.453910][T10547] device syzkaller0 entered promiscuous mode [ 401.732473][T10552] device syzkaller0 entered promiscuous mode [ 402.782436][T10556] device syzkaller0 entered promiscuous mode [ 403.573604][T10595] netlink: 'syz.1.1685': attribute type 4 has an invalid length. [ 408.563577][T10610] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1688'. [ 408.586106][T10610] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1688'. [ 408.596448][T10610] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1688'. [ 408.612663][T10610] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1688'. [ 409.093321][T10641] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1699'. [ 409.156916][T10641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1699'. [ 409.280405][T10648] device syzkaller0 entered promiscuous mode [ 409.341049][T10659] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1703'. [ 409.357956][T10659] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1703'. [ 409.371237][T10659] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1703'. [ 409.424432][T10659] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1703'. [ 412.536041][T10715] device syzkaller0 entered promiscuous mode [ 412.966770][T10738] device syzkaller0 entered promiscuous mode [ 413.059849][T10740] device syzkaller0 entered promiscuous mode [ 413.179842][T10752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 413.929453][T10749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 417.761521][T10750] device geneve1 entered promiscuous mode [ 417.822270][T10772] device syzkaller0 entered promiscuous mode [ 418.083609][T10792] device syzkaller0 entered promiscuous mode [ 419.160197][T10843] device syzkaller0 entered promiscuous mode [ 419.170411][T10846] __nla_validate_parse: 2 callbacks suppressed [ 419.170429][T10846] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1749'. [ 419.321662][T10850] netlink: 'syz.5.1750': attribute type 1 has an invalid length. [ 419.390571][T10850] 8021q: adding VLAN 0 to HW filter on device bond1 [ 419.477973][T10852] netlink: 'syz.1.1751': attribute type 2 has an invalid length. [ 419.531903][T10852] netlink: 'syz.1.1751': attribute type 1 has an invalid length. [ 420.438879][T10892] device syzkaller0 entered promiscuous mode [ 420.456643][T10896] netlink: 'syz.5.1765': attribute type 1 has an invalid length. [ 420.533421][T10896] 8021q: adding VLAN 0 to HW filter on device bond2 [ 420.836010][T10908] device erspan0 entered promiscuous mode [ 420.849097][T10908] device macsec1 entered promiscuous mode [ 420.896461][T10908] device erspan0 left promiscuous mode [ 421.205293][T10928] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1770'. [ 421.248806][T10928] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1770'. [ 421.314329][T10928] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1770'. [ 421.370428][T10928] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1770'. [ 421.457926][T10919] device syzkaller0 entered promiscuous mode [ 421.525674][T10946] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1774'. [ 421.764995][T10949] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1775'. [ 421.783599][T10949] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1775'. [ 421.843192][T10949] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1775'. [ 421.955128][T10949] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1775'. [ 422.749628][T10977] netlink: 'syz.1.1781': attribute type 2 has an invalid length. [ 422.869189][T10981] bond3: (slave veth0_to_bond): Releasing active interface [ 422.876686][T10981] device veth0_to_bond left promiscuous mode [ 422.991397][T10988] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 423.259449][T10997] netlink: 'syz.1.1788': attribute type 2 has an invalid length. [ 423.766760][T11015] device syzkaller0 entered promiscuous mode [ 424.089472][T11019] netlink: 'syz.1.1795': attribute type 1 has an invalid length. [ 424.115571][T11019] 8021q: adding VLAN 0 to HW filter on device bond7 [ 424.215384][T11021] device syzkaller0 entered promiscuous mode [ 424.837530][T10955] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 427.786407][T11036] __nla_validate_parse: 3 callbacks suppressed [ 427.786418][T11036] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1797'. [ 427.919745][T11054] tipc: Enabling of bearer rejected, failed to enable media [ 428.348044][T11081] device syzkaller0 entered promiscuous mode [ 428.656441][T11097] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1809'. [ 429.045308][T11115] device syzkaller0 entered promiscuous mode [ 431.250411][T11086] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 431.735918][T11130] device syzkaller0 entered promiscuous mode [ 432.925159][T11178] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1828'. [ 434.355711][T11152] netlink: 'syz.1.1822': attribute type 2 has an invalid length. [ 434.364971][T11161] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1826'. [ 434.380298][T11164] device syzkaller0 entered promiscuous mode [ 434.389849][T11186] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1829'. [ 434.659960][T11196] device syzkaller0 entered promiscuous mode [ 435.998498][T11182] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 437.864253][T11225] device syzkaller0 entered promiscuous mode [ 438.068205][T11260] netlink: 'syz.1.1843': attribute type 2 has an invalid length. [ 438.476649][T11269] device syzkaller0 entered promiscuous mode [ 440.171943][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.181791][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.396702][T11363] device syzkaller0 entered promiscuous mode [ 445.503736][T11367] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1874'. [ 445.696207][T11424] device syzkaller0 entered promiscuous mode [ 446.265144][T11447] tipc: Started in network mode [ 446.275965][T11447] tipc: Node identity 4a4bdec957e, cluster identity 4711 [ 446.286433][T11447] tipc: Enabled bearer , priority 0 [ 446.296042][T11447] device syzkaller0 entered promiscuous mode [ 446.416873][T11447] tipc: Resetting bearer [ 446.433320][T11454] netlink: 87 bytes leftover after parsing attributes in process `syz.2.1893'. [ 446.464651][T11446] tipc: Resetting bearer [ 446.573970][T11446] tipc: Disabling bearer [ 446.762742][T11462] device syzkaller0 entered promiscuous mode [ 450.011604][T11516] netlink: 87 bytes leftover after parsing attributes in process `syz.3.1907'. [ 450.147331][T11526] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1910'. [ 450.180298][T11517] Cannot find set identified by id 0 to match [ 450.588687][T11499] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 450.874094][T11559] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1918'. [ 454.274048][T11621] netlink: 87 bytes leftover after parsing attributes in process `syz.2.1922'. [ 454.345637][T11623] device erspan0 entered promiscuous mode [ 454.357557][T11623] device macsec1 entered promiscuous mode [ 454.402120][T11623] device erspan0 left promiscuous mode [ 454.869412][T11650] device erspan0 entered promiscuous mode [ 454.910686][T11650] device macsec1 entered promiscuous mode [ 454.952990][T11650] device erspan0 left promiscuous mode [ 455.547082][T11676] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 456.612982][T11711] device erspan0 entered promiscuous mode [ 456.619692][T11711] device macsec1 entered promiscuous mode [ 456.629958][T11711] device erspan0 left promiscuous mode [ 456.825787][T11716] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1943'. [ 457.103540][T11728] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 457.498794][T11743] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 457.683002][T11642] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 458.062219][T11765] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1956'. [ 458.134635][T11765] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 458.143720][T11765] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 458.152326][T11765] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 458.160773][T11765] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 458.222994][T11765] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1956'. [ 459.566876][T11785] device syzkaller0 entered promiscuous mode [ 459.753860][T11795] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1965'. [ 459.779228][T11795] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1965'. [ 459.876875][T11795] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1965'. [ 460.228503][T11814] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1971'. [ 462.217038][T11862] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1981'. [ 462.388774][T11862] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1981'. [ 462.464090][T11862] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1981'. [ 462.477064][T11862] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1981'. [ 462.492953][T11872] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1985'. [ 463.568878][T11885] device syzkaller0 entered promiscuous mode [ 464.801644][T11935] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1999'. [ 466.260854][T11958] device syzkaller0 entered promiscuous mode [ 467.577402][ T127] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 467.771758][ T127] usb 6-1: unable to get BOS descriptor or descriptor too short [ 467.817954][ T127] usb 6-1: not running at top speed; connect to a high speed hub [ 467.877939][ T127] usb 6-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 467.923798][ T127] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 467.989375][ T127] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 468.040296][ T127] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.083327][ T127] usb 6-1: Product: syz [ 468.109480][ T127] usb 6-1: Manufacturer: syz [ 468.162724][ T127] usb 6-1: SerialNumber: syz [ 469.283695][T11973] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 469.742317][T12012] tipc: Enabled bearer , priority 0 [ 469.855246][T12012] tipc: Resetting bearer [ 470.189174][T12016] loop5: detected capacity change from 0 to 8192 [ 470.246014][ T26] audit: type=1800 audit(1776200569.495:9): pid=12016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2010" name="file1" dev="loop5" ino=1048604 res=0 errno=0 [ 472.468752][ T127] usb 6-1: selecting invalid altsetting 1 [ 472.479076][ T127] cdc_ncm 6-1:1.0: bind() failure [ 472.498020][ T127] hub 6-1:1.1: Invalid hub with more than one config or interface [ 472.506440][ T127] hub: probe of 6-1:1.1 failed with error -22 [ 472.554449][ T127] usb 6-1: USB disconnect, device number 2 [ 472.614649][T12035] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2023'. [ 472.647383][T12035] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2023'. [ 472.682228][T12035] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2023'. [ 472.713012][T12035] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2023'. [ 472.745032][T12040] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (5) [ 474.158962][T12053] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 474.978805][T12089] tipc: Enabling of bearer rejected, already enabled [ 474.983393][T12088] Cannot find set identified by id 0 to match [ 474.999642][T12089] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 475.395432][T12105] device syzkaller0 entered promiscuous mode [ 476.084655][T12137] tipc: Enabled bearer , priority 0 [ 476.110124][T12137] device syzkaller0 entered promiscuous mode [ 476.225682][T12137] tipc: Resetting bearer [ 476.256089][T12136] tipc: Resetting bearer [ 476.299156][T12136] tipc: Disabling bearer [ 476.676963][T12150] device erspan0 entered promiscuous mode [ 476.707410][T12150] device macsec1 entered promiscuous mode [ 476.751606][T12150] device erspan0 left promiscuous mode [ 476.963212][T12156] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2056'. [ 477.192982][T12168] device syzkaller0 entered promiscuous mode [ 477.220996][T12172] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2059'. [ 478.372426][T12206] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2069'. [ 478.668419][T12217] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 478.990239][T12231] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2075'. [ 479.192135][T12237] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2078'. [ 479.252561][T12239] device erspan0 entered promiscuous mode [ 479.307389][T12239] device macsec1 entered promiscuous mode [ 479.339511][T12239] device erspan0 left promiscuous mode [ 479.776957][T12258] team0: No ports can be present during mode change [ 480.062143][T12272] tipc: Enabling of bearer rejected, already enabled [ 480.161895][T12272] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 480.545560][T12287] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2091'. [ 480.861940][T12298] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 480.983753][T12302] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2096'. [ 481.309854][T12314] tipc: Enabled bearer , priority 0 [ 481.378439][T12314] device syzkaller0 entered promiscuous mode [ 481.467104][T12317] device erspan0 entered promiscuous mode [ 481.486845][T12317] device macsec1 entered promiscuous mode [ 481.502094][T12317] device erspan0 left promiscuous mode [ 481.584004][T12314] tipc: Resetting bearer [ 481.638606][T12313] tipc: Resetting bearer [ 481.725610][T12313] tipc: Disabling bearer [ 483.747517][T12409] device erspan0 entered promiscuous mode [ 483.772377][T12409] device macsec1 entered promiscuous mode [ 483.834686][T12409] device erspan0 left promiscuous mode [ 484.848668][T12447] tipc: Enabled bearer , priority 0 [ 484.893977][T12447] device syzkaller0 entered promiscuous mode [ 485.015503][T12447] tipc: Resetting bearer [ 485.046799][T12453] tipc: Enabled bearer , priority 0 [ 485.082100][T12446] tipc: Resetting bearer [ 485.140391][T12446] tipc: Disabling bearer [ 485.170752][T12453] device syzkaller0 entered promiscuous mode [ 485.198927][T12453] tipc: Resetting bearer [ 485.225199][T12452] tipc: Resetting bearer [ 485.289363][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056c31800: rx timeout, send abort [ 485.297926][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888056c31800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 485.329855][T12452] tipc: Disabling bearer [ 485.868841][T12479] device syzkaller0 entered promiscuous mode [ 486.293346][T12494] netlink: 'syz.2.2146': attribute type 4 has an invalid length. [ 486.386239][T12500] netlink: 'syz.2.2146': attribute type 4 has an invalid length. [ 486.474205][T12494] netlink: 'syz.2.2146': attribute type 4 has an invalid length. [ 486.563655][T12504] device syzkaller0 entered promiscuous mode [ 486.957847][T12523] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2149'. [ 486.982653][T12522] netlink: 87 bytes leftover after parsing attributes in process `syz.5.2151'. [ 487.430403][T12535] device syzkaller0 entered promiscuous mode [ 487.923682][T12553] tipc: Enabled bearer , priority 0 [ 487.951709][T12553] device syzkaller0 entered promiscuous mode [ 487.974761][T12555] device syzkaller0 entered promiscuous mode [ 488.005400][T12553] tipc: Resetting bearer [ 488.110819][T12552] tipc: Resetting bearer [ 488.148696][T12552] tipc: Disabling bearer [ 488.180100][T12558] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2162'. [ 488.473142][T12571] netlink: 'syz.2.2168': attribute type 4 has an invalid length. [ 488.543642][T12573] device syzkaller0 entered promiscuous mode [ 488.656521][T12578] netlink: 87 bytes leftover after parsing attributes in process `syz.3.2171'. [ 488.740220][T12580] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2170'. [ 489.090706][T12600] device syzkaller0 entered promiscuous mode [ 489.265324][T12604] device syzkaller0 entered promiscuous mode [ 489.566803][T12611] netlink: 'syz.1.2182': attribute type 4 has an invalid length. [ 489.712115][T12615] device syzkaller0 entered promiscuous mode [ 489.747028][T12616] device syzkaller0 entered promiscuous mode [ 489.963916][T12624] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2187'. [ 490.116708][T12633] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 490.281978][T12644] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2192'. [ 490.436084][T12649] tipc: Enabled bearer , priority 0 [ 490.444191][T12649] device syzkaller0 entered promiscuous mode [ 490.461223][T12649] tipc: Resetting bearer [ 490.468968][T12648] tipc: Resetting bearer [ 490.493609][T12648] tipc: Disabling bearer [ 490.645187][T12651] netlink: 'syz.2.2197': attribute type 11 has an invalid length. [ 490.785197][T12653] netlink: 'syz.2.2198': attribute type 4 has an invalid length. [ 490.816484][T12653] netlink: 'syz.2.2198': attribute type 4 has an invalid length. [ 491.006792][T12659] device syzkaller0 entered promiscuous mode [ 491.051690][T12661] device syzkaller0 entered promiscuous mode [ 491.143253][T12666] netlink: 87 bytes leftover after parsing attributes in process `syz.4.2203'. [ 491.448109][T12673] device syzkaller0 entered promiscuous mode [ 492.835308][T12691] netlink: 'syz.4.2212': attribute type 4 has an invalid length. [ 492.903017][T12698] netlink: 'syz.4.2212': attribute type 4 has an invalid length. [ 493.069245][T12703] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2213'. [ 493.365523][T12716] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2219'. [ 493.597616][T12722] device syzkaller0 entered promiscuous mode [ 493.616592][T12724] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2223'. [ 493.911441][T12733] netlink: 'syz.1.2226': attribute type 4 has an invalid length. [ 493.947073][T12733] netlink: 'syz.1.2226': attribute type 4 has an invalid length. [ 493.976223][T12736] bond7: (slave veth0_to_bond): Releasing active interface [ 493.998990][T12736] device veth0_to_bond left promiscuous mode [ 494.021960][T12736] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2227'. [ 494.202572][T12743] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2230'. [ 494.230506][T12743] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2230'. [ 494.643506][T12760] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.651052][T12760] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.716776][T12762] device syzkaller0 entered promiscuous mode [ 494.855044][T12769] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2236'. [ 494.956130][T12776] device syzkaller0 entered promiscuous mode [ 495.145428][T12781] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2241'. [ 495.588194][T12790] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2244'. [ 495.896106][T12800] device syzkaller0 entered promiscuous mode [ 496.027851][T12806] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2252'. [ 496.042123][T12805] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 497.463249][T12852] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.472125][T12852] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.481071][T12852] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 497.490550][T12852] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 498.529030][T12885] __nla_validate_parse: 8 callbacks suppressed [ 498.529049][T12885] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2276'. [ 498.619437][T12886] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2275'. [ 498.850089][T12896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2279'. [ 498.870130][T12896] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2279'. [ 498.895539][T12896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2279'. [ 498.915140][T12896] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2279'. [ 498.925658][T12898] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2280'. [ 499.748765][T12920] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2285'. [ 499.874573][T12924] device syzkaller0 entered promiscuous mode [ 499.947078][T12920] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2285'. [ 500.317023][T12937] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2292'. [ 501.369575][T12944] device syzkaller0 entered promiscuous mode [ 501.610030][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.616476][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.565876][T12973] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 503.064445][T12986] device syzkaller0 entered promiscuous mode [ 503.608952][T13009] __nla_validate_parse: 5 callbacks suppressed [ 503.608984][T13009] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2312'. [ 503.657329][T13006] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2313'. [ 503.667759][T13009] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2312'. [ 503.734323][T13011] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2313'. [ 504.022148][T13022] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 504.120144][T13024] device syzkaller0 entered promiscuous mode [ 504.517126][T13034] device syzkaller0 entered promiscuous mode [ 504.847835][T13046] device syzkaller0 entered promiscuous mode [ 505.006747][T13051] device syzkaller0 entered promiscuous mode [ 505.312101][T13058] device syzkaller0 entered promiscuous mode [ 505.569516][T13066] device erspan0 entered promiscuous mode [ 505.585547][T13066] device macsec1 entered promiscuous mode [ 505.598259][T13066] device erspan0 left promiscuous mode [ 505.634037][T13071] netlink: 272 bytes leftover after parsing attributes in process `syz.4.2338'. [ 506.037999][T13091] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2346'. [ 506.142987][T13093] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2344'. [ 506.324902][T13093] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2344'. [ 506.389471][T13097] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 506.832041][T13110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2353'. [ 506.890153][T13110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2353'. [ 508.244408][T13153] tipc: Enabled bearer , priority 0 [ 508.282194][T13153] device syzkaller0 entered promiscuous mode [ 508.324422][T13153] tipc: Resetting bearer [ 508.385120][T13152] tipc: Resetting bearer [ 508.494590][T13152] tipc: Disabling bearer [ 509.462184][T13169] __nla_validate_parse: 2 callbacks suppressed [ 509.462201][T13169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2371'. [ 509.540487][T13171] device erspan0 entered promiscuous mode [ 509.546485][T13171] device macsec1 entered promiscuous mode [ 509.600748][T13173] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2373'. [ 509.913273][T13181] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 509.964571][T13181] ================================================================== [ 509.972771][T13181] BUG: KASAN: slab-out-of-bounds in ieee80211_monitor_select_queue+0x23a/0x240 [ 509.982104][T13181] Read of size 2 at addr ffff88801db3c5fb by task syz.1.2376/13181 [ 509.990020][T13181] [ 509.992385][T13181] CPU: 1 PID: 13181 Comm: syz.1.2376 Not tainted syzkaller #0 [ 510.000175][T13181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 510.010533][T13181] Call Trace: [ 510.013859][T13181] [ 510.016899][T13181] dump_stack_lvl+0x188/0x24e [ 510.021671][T13181] ? __lock_acquire+0x7d10/0x7d10 [ 510.026741][T13181] ? show_regs_print_info+0x12/0x12 [ 510.032093][T13181] ? load_image+0x400/0x400 [ 510.036716][T13181] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 510.042299][T13181] ? __virt_addr_valid+0x188/0x540 [ 510.047470][T13181] ? __virt_addr_valid+0x465/0x540 [ 510.052815][T13181] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 510.059352][T13181] print_report+0xa8/0x210 [ 510.063816][T13181] kasan_report+0x10b/0x140 [ 510.068589][T13181] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 510.075047][T13181] ieee80211_monitor_select_queue+0x23a/0x240 [ 510.081527][T13181] ? ieee80211_activate_links_work+0x60/0x60 [ 510.087563][T13181] netdev_core_pick_tx+0x118/0x340 [ 510.092821][T13181] __dev_queue_xmit+0xb19/0x37c0 [ 510.098056][T13181] ? __dev_queue_xmit+0x26b/0x37c0 [ 510.103234][T13181] ? netdev_core_pick_tx+0x340/0x340 [ 510.108644][T13181] ? virtio_net_hdr_to_skb+0xac2/0x1290 [ 510.114582][T13181] ? packet_extra_vlan_len_allowed+0x200/0x200 [ 510.120860][T13181] ? skb_copy_datagram_from_iter+0x5e0/0x690 [ 510.127145][T13181] packet_sendmsg+0x3bc3/0x4e60 [ 510.132047][T13181] ? __schedule+0x119d/0x40e0 [ 510.137025][T13181] ? __might_sleep+0xd0/0xd0 [ 510.141744][T13181] ? verify_lock_unused+0x140/0x140 [ 510.146989][T13181] ? aa_sk_perm+0x81f/0x950 [ 510.151808][T13181] ? packet_getsockopt+0x9a0/0x9a0 [ 510.157067][T13181] ? aa_sock_msg_perm+0x94/0x150 [ 510.162265][T13181] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 510.167951][T13181] ? security_socket_sendmsg+0x7c/0xa0 [ 510.173995][T13181] ? packet_getsockopt+0x9a0/0x9a0 [ 510.179154][T13181] ____sys_sendmsg+0x5be/0x970 [ 510.184066][T13181] ? __sys_sendmsg_sock+0x30/0x30 [ 510.189250][T13181] ? __import_iovec+0x315/0x500 [ 510.195555][T13181] ? import_iovec+0x6f/0xa0 [ 510.200526][T13181] ___sys_sendmsg+0x2a2/0x360 [ 510.205642][T13181] ? try_to_wake_up+0x6ae/0x1080 [ 510.210790][T13181] ? __sys_sendmsg+0x290/0x290 [ 510.215625][T13181] __se_sys_sendmsg+0x1bb/0x2a0 [ 510.220527][T13181] ? __x64_sys_sendmsg+0x80/0x80 [ 510.225523][T13181] ? lockdep_hardirqs_on+0x94/0x140 [ 510.230765][T13181] do_syscall_64+0x4c/0xa0 [ 510.235315][T13181] ? clear_bhb_loop+0x60/0xb0 [ 510.240617][T13181] ? clear_bhb_loop+0x60/0xb0 [ 510.246081][T13181] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 510.252194][T13181] RIP: 0033:0x7f9dd979c819 [ 510.256661][T13181] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 510.277846][T13181] RSP: 002b:00007f9dda6cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 510.286936][T13181] RAX: ffffffffffffffda RBX: 00007f9dd9a15fa0 RCX: 00007f9dd979c819 [ 510.295117][T13181] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 510.303201][T13181] RBP: 00007f9dd9832c91 R08: 0000000000000000 R09: 0000000000000000 [ 510.311284][T13181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 510.320007][T13181] R13: 00007f9dd9a16038 R14: 00007f9dd9a15fa0 R15: 00007ffec43574b8 [ 510.328390][T13181] [ 510.331603][T13181] [ 510.334022][T13181] Allocated by task 1: [ 510.338151][T13181] kasan_set_track+0x4b/0x70 [ 510.342874][T13181] __kasan_kmalloc+0x8e/0xa0 [ 510.347592][T13181] device_add+0xba/0xfb0 [ 510.351944][T13181] tty_register_device_attr+0x431/0x980 [ 510.357615][T13181] tty_register_driver+0x59c/0xb20 [ 510.363560][T13181] legacy_pty_init+0x3a6/0x5fd [ 510.368457][T13181] pty_init+0xa/0x12 [ 510.372440][T13181] do_one_initcall+0x26a/0x840 [ 510.377952][T13181] do_initcall_level+0x137/0x1e4 [ 510.383103][T13181] do_initcalls+0x4b/0x8a [ 510.387556][T13181] kernel_init_freeable+0x415/0x5be [ 510.392876][T13181] kernel_init+0x19/0x1b0 [ 510.397321][T13181] ret_from_fork+0x1f/0x30 [ 510.401854][T13181] [ 510.404295][T13181] The buggy address belongs to the object at ffff88801db3c400 [ 510.404295][T13181] which belongs to the cache kmalloc-512 of size 512 [ 510.418471][T13181] The buggy address is located 507 bytes inside of [ 510.418471][T13181] 512-byte region [ffff88801db3c400, ffff88801db3c600) [ 510.431861][T13181] [ 510.434198][T13181] The buggy address belongs to the physical page: [ 510.440722][T13181] page:ffffea000076cf00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1db3c [ 510.450978][T13181] head:ffffea000076cf00 order:2 compound_mapcount:0 compound_pincount:0 [ 510.459376][T13181] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 510.467532][T13181] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888017441c80 [ 510.476155][T13181] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 510.484936][T13181] page dumped because: kasan: bad access detected [ 510.491608][T13181] page_owner tracks the page as allocated [ 510.497592][T13181] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6831768193, free_ts 0 [ 510.517250][T13181] post_alloc_hook+0x173/0x1a0 [ 510.522050][T13181] get_page_from_freelist+0x1a1e/0x1ab0 [ 510.527804][T13181] __alloc_pages+0x1ec/0x4f0 [ 510.532513][T13181] alloc_page_interleave+0x24/0x1e0 [ 510.537828][T13181] alloc_slab_page+0x5d/0x160 [ 510.542590][T13181] new_slab+0x87/0x2c0 [ 510.546716][T13181] ___slab_alloc+0xbc6/0x1240 [ 510.551449][T13181] __kmem_cache_alloc_node+0x1a0/0x260 [ 510.556936][T13181] kmalloc_trace+0x26/0xe0 [ 510.561565][T13181] device_add+0xba/0xfb0 [ 510.565853][T13181] tty_register_device_attr+0x431/0x980 [ 510.571445][T13181] tty_register_driver+0x59c/0xb20 [ 510.576588][T13181] legacy_pty_init+0x3a6/0x5fd [ 510.581403][T13181] pty_init+0xa/0x12 [ 510.585321][T13181] do_one_initcall+0x26a/0x840 [ 510.590161][T13181] do_initcall_level+0x137/0x1e4 [ 510.595478][T13181] page_owner free stack trace missing [ 510.600942][T13181] [ 510.603271][T13181] Memory state around the buggy address: [ 510.608910][T13181] ffff88801db3c480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 510.617098][T13181] ffff88801db3c500: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 510.625188][T13181] >ffff88801db3c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 510.633353][T13181] ^ [ 510.641366][T13181] ffff88801db3c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 510.649483][T13181] ffff88801db3c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 510.657910][T13181] ================================================================== [ 510.666422][T13181] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 510.673631][T13181] CPU: 1 PID: 13181 Comm: syz.1.2376 Not tainted syzkaller #0 [ 510.681282][T13181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 510.691804][T13181] Call Trace: [ 510.695109][T13181] [ 510.698151][T13181] dump_stack_lvl+0x188/0x24e [ 510.702859][T13181] ? memcpy+0x3c/0x60 [ 510.706877][T13181] ? show_regs_print_info+0x12/0x12 [ 510.712118][T13181] ? load_image+0x400/0x400 [ 510.716658][T13181] panic+0x2e5/0x730 [ 510.720604][T13181] ? asm_common_interrupt+0x22/0x40 [ 510.725843][T13181] ? bpf_jit_dump+0xd0/0xd0 [ 510.730726][T13181] ? _raw_spin_unlock_irqrestore+0xbc/0x120 [ 510.736648][T13181] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 510.742588][T13181] ? _raw_spin_unlock+0x40/0x40 [ 510.747599][T13181] check_panic_on_warn+0x80/0xa0 [ 510.752635][T13181] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 510.758916][T13181] end_report+0x66/0x110 [ 510.763196][T13181] kasan_report+0x118/0x140 [ 510.767837][T13181] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 510.774200][T13181] ieee80211_monitor_select_queue+0x23a/0x240 [ 510.780495][T13181] ? ieee80211_activate_links_work+0x60/0x60 [ 510.786784][T13181] netdev_core_pick_tx+0x118/0x340 [ 510.792020][T13181] __dev_queue_xmit+0xb19/0x37c0 [ 510.797079][T13181] ? __dev_queue_xmit+0x26b/0x37c0 [ 510.802279][T13181] ? netdev_core_pick_tx+0x340/0x340 [ 510.807772][T13181] ? virtio_net_hdr_to_skb+0xac2/0x1290 [ 510.813353][T13181] ? packet_extra_vlan_len_allowed+0x200/0x200 [ 510.819547][T13181] ? skb_copy_datagram_from_iter+0x5e0/0x690 [ 510.825660][T13181] packet_sendmsg+0x3bc3/0x4e60 [ 510.830568][T13181] ? __schedule+0x119d/0x40e0 [ 510.835631][T13181] ? __might_sleep+0xd0/0xd0 [ 510.840249][T13181] ? verify_lock_unused+0x140/0x140 [ 510.845501][T13181] ? aa_sk_perm+0x81f/0x950 [ 510.850050][T13181] ? packet_getsockopt+0x9a0/0x9a0 [ 510.855208][T13181] ? aa_sock_msg_perm+0x94/0x150 [ 510.860193][T13181] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 510.865517][T13181] ? security_socket_sendmsg+0x7c/0xa0 [ 510.871237][T13181] ? packet_getsockopt+0x9a0/0x9a0 [ 510.876481][T13181] ____sys_sendmsg+0x5be/0x970 [ 510.881809][T13181] ? __sys_sendmsg_sock+0x30/0x30 [ 510.886870][T13181] ? __import_iovec+0x315/0x500 [ 510.891842][T13181] ? import_iovec+0x6f/0xa0 [ 510.896419][T13181] ___sys_sendmsg+0x2a2/0x360 [ 510.901139][T13181] ? try_to_wake_up+0x6ae/0x1080 [ 510.906112][T13181] ? __sys_sendmsg+0x290/0x290 [ 510.910933][T13181] __se_sys_sendmsg+0x1bb/0x2a0 [ 510.916093][T13181] ? __x64_sys_sendmsg+0x80/0x80 [ 510.921165][T13181] ? lockdep_hardirqs_on+0x94/0x140 [ 510.926407][T13181] do_syscall_64+0x4c/0xa0 [ 510.930857][T13181] ? clear_bhb_loop+0x60/0xb0 [ 510.935563][T13181] ? clear_bhb_loop+0x60/0xb0 [ 510.940294][T13181] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 510.946321][T13181] RIP: 0033:0x7f9dd979c819 [ 510.950760][T13181] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 510.970655][T13181] RSP: 002b:00007f9dda6cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 510.979373][T13181] RAX: ffffffffffffffda RBX: 00007f9dd9a15fa0 RCX: 00007f9dd979c819 [ 510.987556][T13181] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 510.995643][T13181] RBP: 00007f9dd9832c91 R08: 0000000000000000 R09: 0000000000000000 [ 511.003723][T13181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 511.011717][T13181] R13: 00007f9dd9a16038 R14: 00007f9dd9a15fa0 R15: 00007ffec43574b8 [ 511.019810][T13181] [ 511.023134][T13181] Kernel Offset: disabled [ 511.027473][T13181] Rebooting in 86400 seconds..