last executing test programs: 5.404250232s ago: executing program 1 (id=2368): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000140)={r3, 0x0, 0x25, 0x0, @val=@netfilter={0x1, 0x0, 0x7}}, 0x20) 4.695443987s ago: executing program 4 (id=2373): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4008050) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4.621516859s ago: executing program 1 (id=2374): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa33"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2, 0x31}, 0x50) 4.570639402s ago: executing program 3 (id=2375): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/18, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000700000008000500", @ANYBLOB], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 4.456717172s ago: executing program 3 (id=2376): timer_create(0x0, 0x0, &(0x7f0000000300)) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt(r0, 0x84, 0x7e, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x88840, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), r4) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001e40)={0x10c, r5, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_PEERS={0xd4, 0x8, 0x0, 0x1, [{0x54, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "935fcc0d76a5bcfce584052ea21b4b2622057154ff788c325f3b596e54307c08"}, @WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x7c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x4c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}]}, {0x4}]}]}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0xc004}, 0x4000040) 4.450909629s ago: executing program 1 (id=2377): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x1, 0x80000000, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_ECN={0x8, 0xa, 0x1}]}}]}, 0x3c}}, 0x20004055) kexec_load(0x3, 0x2, &(0x7f00000005c0)=[{&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82", 0x2c, 0x5, 0xffffffff}, {0x0, 0x0, 0x7, 0x2}], 0x0) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{0x0}, {0x0}], 0x2}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, 0x0}}], 0x1, 0x14018891) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000740)="747516464293f8e8eec3ccb7dd473a382a0d368ad8a1242abe3b11d915f3eb582e10ff9b8afa9a3d6fa9075032a573688f84e342bf19f200379d5291489fa5151a46ed483044e784cb8f430cbcd5a6145d72a2d2b2b6aa78add2ab0812de906e5545585d6aadca938d5a62632604101886bd45bc15550815c5dcec420b547b43f88b56489e54d47307371d68817c7eca00a16bce0ea94917082d62230167", 0x9e}], 0x4}, 0x41) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe186347", 0x16}], 0x2, 0x0, 0x0, 0x10}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 4.435786172s ago: executing program 4 (id=2378): socket$rxrpc(0x21, 0x2, 0xa) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$unix(0x1, 0x1, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000980)=@newtfilter={0x38, 0x2c, 0xd2f, 0x30bd2c, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0xfff5, 0x10}, {}, {0x8, 0xd}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24008084}, 0x20000000) 3.141148965s ago: executing program 3 (id=2381): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c00000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000006100000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0) 2.944387973s ago: executing program 1 (id=2383): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) close(0x4) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r3, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00", @ANYRES32=r4], 0x3c}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="c00000002f6b7c0854fe8a0ed49e28d8f88c11f0c4b0ea495e7e8b0d2a05e4f00ebc8be0aae1120d02e23a4981b8bf92ec30f9343d544c0dc0b68e216496426c8d0089b82a6c3542d1e767490d86a0b20b697f8308a86de9ae804a4ee436c9a91acfd4b617a0be9e6504c7986ad21a9ba2cc94a5f807ba6c621b2b502139fd34ed1e2aeb511ba010fc8fdb961aab77eb8a1c52c76b1d23bcc5", @ANYRES16=r6, @ANYBLOB="04002cbd7000fbdbdf2508000000ac0002809c000500b03b7ab033784e0a2ec38db554ae1b631adb128bc863eec6a292bcde8a7a0c0eaf0dd01800a37eae0b828f05ab90fa8c1241acd58104770ac84648efce8bf50ed5a1acdcc162ea82f901e7937e7311f6447858dd55e2bada1bf2a1248d2a83bf8d950703d33f24a1938de3137bea29d4f37391124f4213a527e97934d2c69454d39723b124b6d7cf845cc115ff629e1300ed42adb2fb81ff04000100080002004d000000"], 0xc0}, 0x1, 0x0, 0x0, 0x20040805}, 0x50) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008090) socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000002dc0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NETID(r5, &(0x7f00000006c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r8, 0x100, 0x70bd2a, 0x25dfdbfd, {{}, {}, {0x8, 0x2, 0x6}}, ["", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4880}, 0x20008000) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2, 0x31}, 0x48) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r5) sendmsg$NL80211_CMD_GET_MPP(r5, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r10, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x3, 0x28}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000000) sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x25dfdbfe, {{@in6=@remote, @in=@local, 0xfffc, 0x0, 0x0, 0x0, 0xa}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x9ff, 0x40800000000000, 0x800000000000000}}}, 0xb8}, 0x1, 0x0, 0x0, 0x20000c90}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'bond0\x00'}) 2.943722471s ago: executing program 4 (id=2384): r0 = socket$inet6(0xa, 0x1, 0x8010800000000084) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000600)=[{&(0x7f00000000c0)='/', 0x1}], 0x1}}, {{&(0x7f0000000400)={0xa, 0x201, 0x0, @private0}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000d00)='[', 0x4d0}], 0x21}}], 0x2, 0x4008040) r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) close(0x3) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x15c, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x800, 0x192, 0x0, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x7}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0xf, 0xedcb, 0x9, 0x100}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) ioctl$XFS_IOC_PATH_TO_FSHANDLE(r4, 0xc0385868, &(0x7f00000005c0)={0xffffffffffffffff, &(0x7f00000004c0)='\x00', 0x20100, &(0x7f0000000500)={@align=0x80, {0x4, 0x81, 0xa285}}, 0x80000001, &(0x7f0000000540)={@_ha_fsid}, &(0x7f0000000580)=0x1f7cbe7e}) unshare(0x26020480) syz_emit_ethernet(0x7e, &(0x7f0000000400)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local, {[@end]}}, @redirect={0x4, 0x2, 0x0, @multicast2, {0x14, 0x4, 0x0, 0x4, 0x0, 0x64, 0x0, 0x1, 0x11, 0x7, @empty, @dev={0xac, 0x14, 0x14, 0x15}, {[@cipso={0x86, 0x6, 0xfffffffffffffffe}, @timestamp_addr={0x44, 0x34, 0x0, 0x1, 0x0, [{@multicast1}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x40000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x800}, {@multicast2}, {@rand_addr=0x80, 0x4}, {@private=0xa010102, 0x1}]}]}}}}}}}, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) bind(r6, &(0x7f0000000000), 0x2) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x8, 0x0}, 0x8) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x11, &(0x7f0000000f40)=ANY=[@ANYBLOB="1800000000000000000000000008000018110000bd6bbccd257c3f02707e810000002ab2fdf3106894c75511114ecc4948cb1eb3fd5b8edbc79e81f21d881f1865c2c34ebefe16050b37bd3ee1fc698028", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018340000010000000000000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000740)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000780)={0x1, 0xb, 0xffff, 0x5}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000007c0)=[r3, r1, r1, r3, r3, r3, r1], &(0x7f0000000800)=[{0x2, 0x1, 0xb, 0xc}, {0x0, 0x4, 0x9, 0x9}, {0x5, 0x3, 0x8, 0xc}, {0x2, 0x2, 0xb, 0xc}], 0x10, 0x68}, 0x94) r9 = ioctl$TUNGETDEVNETNS(r5, 0x54e3, 0x0) sendmsg$GTP_CMD_ECHOREQ(r5, &(0x7f0000000dc0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000d80)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="0f9794736a0f12e0a1c2e1e2e360ce9d80c45b3f8303424b8dfa", @ANYRES16=0x0, @ANYRES32=r9, @ANYBLOB='\b\x00\a\x00', @ANYRES32=r5, @ANYBLOB="0600060004000000"], 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x1f, 0x6, &(0x7f0000000180)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x80000001}, @alu={0x4, 0x1, 0x9, 0x6, 0x7, 0x30, 0x1}, @exit, @map_idx={0x18, 0x5, 0x5, 0x0, 0x8}], &(0x7f00000001c0)='GPL\x00', 0xdde, 0xce, &(0x7f00000003c0)=""/206, 0x41100, 0x78, '\x00', 0x0, @fallback=0x29, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r7, r8, 0x9, &(0x7f0000000b40)=[r1, r1, r3, r3, r3], &(0x7f0000000b80)=[{0x0, 0x1, 0x1, 0x6}, {0x4, 0x4, 0x10, 0x6}, {0x1, 0x3, 0x5, 0xc}, {0x2, 0x3, 0x5, 0x8}, {0x2, 0x9, 0xb, 0x8}, {0x1, 0x1, 0x4, 0x7}, {0x5, 0x3, 0xb, 0xf}, {0x5, 0x1, 0x7, 0x3}, {0x2, 0x3, 0xb, 0x3}], 0x10, 0xff8a}, 0x94) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x3, 0x4, 0x8}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb0100180000000000000048000000480000000500000000000000000000090300000000000000000000010500000008000000000000000000000300000000020000000200000000000000000000000100000d03000000030000000300000000005f2e"], 0x0, 0x65}, 0x28) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002f00000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r11, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=r7, 0x4) 2.646152226s ago: executing program 0 (id=2387): socket$inet_sctp(0x2, 0x1, 0x84) socket(0x10, 0x3, 0x0) syz_open_dev$vbi(&(0x7f0000000300), 0x1, 0x2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$kcm(0x2, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x29, 0x2, 0x0) socket(0x11, 0x3, 0x8) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYRES64=r0], 0x20) 2.261563198s ago: executing program 0 (id=2388): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4008050) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.259823468s ago: executing program 3 (id=2389): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="3800000035000100fcff070004000000020000000800018004"], 0x38}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d00"/71], 0x0, 0x96}, 0x28) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000580)={{0x84, @broadcast, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x7b}, {@private=0xa010102, 0x4e22, 0x2, 0xc8, 0x80012d58, 0x12d5c}}, 0x44) 2.255990504s ago: executing program 4 (id=2390): socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x50) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x7c97c1, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$unix(0x1, 0x2, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) socket$unix(0x1, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000900)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=r1, @ANYBLOB="a4280400000000001400350073797a5f74756e00000000000000000008000a00", @ANYRES32=r3], 0x3c}}, 0x8000) 2.23347058s ago: executing program 1 (id=2391): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fcffffff00000000800000af18010000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a0000008500000006"], &(0x7f0000000740)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 2.206478473s ago: executing program 2 (id=2392): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000009c0)="ad56b6c5820fae9d6dcd3292ea54c7be8bbdadbb1632ea5704cae881ef915d374c90c200", 0x24) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@assoc={0x18, 0x117, 0x4, 0x14}], 0x18, 0x20000040}], 0x1, 0x8040) sendto$inet(r1, &(0x7f0000000c40)="168935fadd8bde2b2f3fbe4e0e1dbe089d8f21a8a28be921448ec64e4fd082b2386a1adcfa7b4de85175536263416a275a8d25d9a6e5300e7743df", 0x3b, 0x20000001, 0x0, 0x0) recvmsg$can_bcm(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000003c0)=""/99, 0x63}, {&(0x7f0000000440)=""/123, 0x7b}], 0x2}, 0x100) 2.110996492s ago: executing program 3 (id=2393): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x1, 0x80000000, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_ECN={0x8, 0xa, 0x1}]}}]}, 0x3c}}, 0x20004055) kexec_load(0x3, 0x2, &(0x7f00000005c0)=[{&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82", 0x2c, 0x5, 0xffffffff}, {0x0, 0x0, 0x7, 0x2}], 0x0) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{0x0}, {0x0}], 0x2}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, 0x0}}], 0x1, 0x14018891) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000740)="747516464293f8e8eec3ccb7dd473a382a0d368ad8a1242abe3b11d915f3eb582e10ff9b8afa9a3d6fa9075032a573688f84e342bf19f200379d5291489fa5151a46ed483044e784cb8f430cbcd5a6145d72a2d2b2b6aa78add2ab0812de906e5545585d6aadca938d5a62632604101886bd45bc15550815c5dcec420b547b43f88b56489e54d47307371d68817c7eca00a16bce0ea94917082d62230167", 0x9e}], 0x4}, 0x41) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe186347", 0x16}], 0x2, 0x0, 0x0, 0x10}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2.046174135s ago: executing program 2 (id=2394): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/18, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000700000008000500", @ANYBLOB], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 2.002333282s ago: executing program 0 (id=2395): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 2.002107885s ago: executing program 1 (id=2396): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r1, 0x0) mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x1000) mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0xfffff000) mmap(&(0x7f000086a000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x2000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) socket$can_raw(0x1d, 0x3, 0x1) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0xffff, 0x0, 0x2}, {0x0, 0x28c, 0x1, 0x0, 0x0, 0x0, 0x2}, {0x7}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x2000000, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x3, 0xb7, 0x0, 0x8000000}}, 0xe8) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) 1.875538032s ago: executing program 0 (id=2397): socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$unix(0x1, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) socket$packet(0x11, 0x3, 0x300) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x3f) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r1, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newtfilter={0x24, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r1, {}, {0xffff, 0x1}, {0xa, 0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x60001d0}, 0xc084) 1.790455169s ago: executing program 2 (id=2398): socket$kcm(0xa, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300), 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfbffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xfff3, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000280)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x255fdc00, {0x0, 0x0, 0x0, r3, {0xffff, 0xfff2}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0xfff2}}]}}]}, 0x40}}, 0x884) 1.653514628s ago: executing program 4 (id=2399): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000500)={@broadcast, @initdev={0xac, 0x1e, 0xff, 0x0}}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff010000000100000056000000250000001900040004000000", 0x28}], 0x1) writev(r2, 0x0, 0x0) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)={@local, @loopback, 0x1}, 0x10) r3 = socket$kcm(0x29, 0x5, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1e, 0x10, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80}, [@cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffff9}, @jmp={0x5, 0x0, 0x7, 0x0, 0x5, 0x4, 0x10}, @generic={0x8, 0x2, 0x2, 0xd4, 0x8000}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}}]}, &(0x7f0000000240)='GPL\x00', 0x9, 0xf, &(0x7f00000002c0)=""/15, 0x41100, 0x20, '\x00', 0x0, @sk_lookup, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0xa, 0x9, 0xfff}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000440)=[{0x5, 0x3, 0x10, 0xb}], 0x10, 0x2}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000840)={r1, r4}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7db", 0xc5}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2090) socket(0x2, 0x80805, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f00000004c0)=0x1, 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) shutdown(r5, 0x0) close(0x3) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) r8 = socket(0x2, 0x80805, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010029bd7000fddbdf25030000000800010000000000280007800c000180080001", @ANYRES32=r8, @ANYBLOB="0c00018008000100", @ANYRES32, @ANYBLOB="0c16124d64b6d600018008002100", @ANYRES32=r8], 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4000890) 1.1133665s ago: executing program 4 (id=2400): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000980)=[{r3, 0x1}], 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94) epoll_wait(r3, &(0x7f00000003c0)=[{}], 0x1, 0xffffffff) 1.083461608s ago: executing program 0 (id=2401): r0 = socket$inet6(0xa, 0x1, 0x8010800000000084) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000600)=[{&(0x7f00000000c0)='/', 0x1}], 0x1}}, {{&(0x7f0000000400)={0xa, 0x201, 0x0, @private0}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000d00)='[', 0x4d0}], 0x21}}], 0x2, 0x4008040) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) close(0x3) r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x15c, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x800, 0x192, 0x0, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x7}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0xf, 0xedcb, 0x9, 0x100}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) ioctl$XFS_IOC_PATH_TO_FSHANDLE(r4, 0xc0385868, &(0x7f00000005c0)={0xffffffffffffffff, &(0x7f00000004c0)='\x00', 0x20100, &(0x7f0000000500)={@align=0x80, {0x4, 0x81, 0xa285}}, 0x80000001, &(0x7f0000000540)={@_ha_fsid}, &(0x7f0000000580)=0x1f7cbe7e}) unshare(0x26020480) syz_emit_ethernet(0x7e, &(0x7f0000000400)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local, {[@end]}}, @redirect={0x4, 0x2, 0x0, @multicast2, {0x14, 0x4, 0x0, 0x4, 0x0, 0x64, 0x0, 0x1, 0x11, 0x7, @empty, @dev={0xac, 0x14, 0x14, 0x15}, {[@cipso={0x86, 0x6, 0xfffffffffffffffe}, @timestamp_addr={0x44, 0x34, 0x0, 0x1, 0x0, [{@multicast1}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x40000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x800}, {@multicast2}, {@rand_addr=0x80, 0x4}, {@private=0xa010102, 0x1}]}]}}}}}}}, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) bind(r6, &(0x7f0000000000), 0x2) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x8, 0x0}, 0x8) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x11, &(0x7f0000000f40)=ANY=[@ANYBLOB="1800000000000000000000000008000018110000bd6bbccd257c3f02707e810000002ab2fdf3106894c75511114ecc4948cb1eb3fd5b8edbc79e81f21d881f1865c2c34ebefe16050b37bd3ee1fc698028", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018340000010000000000000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000740)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000780)={0x1, 0xb, 0xffff, 0x5}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000007c0)=[r3, r1, r1, r3, r3, r3, r1], &(0x7f0000000800)=[{0x2, 0x1, 0xb, 0xc}, {0x0, 0x4, 0x9, 0x9}, {0x5, 0x3, 0x8, 0xc}, {0x2, 0x2, 0xb, 0xc}], 0x10, 0x68}, 0x94) r9 = ioctl$TUNGETDEVNETNS(r5, 0x54e3, 0x0) sendmsg$GTP_CMD_ECHOREQ(r5, &(0x7f0000000dc0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000d80)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="0f9794736a0f12e0a1c2e1e2e360ce9d80c45b3f8303424b8dfa", @ANYRES16=0x0, @ANYRES32=r9, @ANYBLOB='\b\x00\a\x00', @ANYRES32=r5, @ANYBLOB="0600060004000000"], 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x1f, 0x6, &(0x7f0000000180)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x80000001}, @alu={0x4, 0x1, 0x9, 0x6, 0x7, 0x30, 0x1}, @exit, @map_idx={0x18, 0x5, 0x5, 0x0, 0x8}], &(0x7f00000001c0)='GPL\x00', 0xdde, 0xce, &(0x7f00000003c0)=""/206, 0x41100, 0x78, '\x00', 0x0, @fallback=0x29, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r7, r8, 0x9, &(0x7f0000000b40)=[r1, r1, r3, r3, r3], &(0x7f0000000b80)=[{0x0, 0x1, 0x1, 0x6}, {0x4, 0x4, 0x10, 0x6}, {0x1, 0x3, 0x5, 0xc}, {0x2, 0x3, 0x5, 0x8}, {0x2, 0x9, 0xb, 0x8}, {0x1, 0x1, 0x4, 0x7}, {0x5, 0x3, 0xb, 0xf}, {0x5, 0x1, 0x7, 0x3}, {0x2, 0x3, 0xb, 0x3}], 0x10, 0xff8a}, 0x94) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x3, 0x4, 0x8}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb0100180000000000000048000000480000000500000000000000000000090300000000000000000000010500000008000000000000000000000300000000020000000200000000000000000000000100000d03000000030000000300000000005f2e"], 0x0, 0x65}, 0x28) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002f00000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r11, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=r7, 0x4) 804.407126ms ago: executing program 3 (id=2402): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001100010027bd7000fedbdf2500000000", @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x50}, 0x80) 798.469339ms ago: executing program 2 (id=2403): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x40800}, 0x40090) 257.314241ms ago: executing program 2 (id=2404): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x44}}, 0x0) 73.093208ms ago: executing program 0 (id=2405): r0 = socket(0x2a, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010c30000000003000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608000000000000180000000000000000000000000010009500000000000000360a020000000001180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$tun(r1, &(0x7f0000000800)=ANY=[], 0x141) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) 0s ago: executing program 2 (id=2406): socket$can_j1939(0x1d, 0x2, 0x7) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x28, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="12000000010000000400000008"], 0x48) socket$nl_generic(0x10, 0x3, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) socket$kcm(0x10, 0x2, 0x0) socket(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00') recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x98}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x3e8, 0xf, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee68888a887", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) kernel console output (not intermixed with test programs): d56dae2d6f R08: 0000000000000004 R09: 0000000000000000 [ 301.193523][ T7696] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 301.193537][ T7696] R13: 00007fd56dcc6038 R14: 00007fd56dcc5fa0 R15: 00007fff2476f5c8 [ 301.193568][ T7696] [ 301.193596][ T7696] Mem-Info: [ 301.193606][ T7696] active_anon:6271 inactive_anon:0 isolated_anon:0 [ 301.193606][ T7696] active_file:0 inactive_file:61047 isolated_file:0 [ 301.193606][ T7696] unevictable:768 dirty:268 writeback:0 [ 301.193606][ T7696] slab_reclaimable:12199 slab_unreclaimable:96762 [ 301.193606][ T7696] mapped:29868 shmem:1416 pagetables:1158 [ 301.193606][ T7696] sec_pagetables:0 bounce:0 [ 301.193606][ T7696] kernel_misc_reclaimable:0 [ 301.193606][ T7696] free:1291454 free_pcp:30452 free_cma:0 [ 301.193663][ T7696] Node 0 active_anon:25084kB inactive_anon:0kB active_file:0kB inactive_file:243980kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119472kB dirty:1072kB writeback:0kB shmem:4128kB kernel_stack:13000kB pagetables:4480kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 301.193720][ T7696] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 301.193772][ T7696] Node 0 DMA free:15328kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 301.193899][ T7696] lowmem_reserve[]: 0 2494 2495 2495 2495 [ 301.193932][ T7696] Node 0 DMA32 free:1224256kB boost:0kB min:3916kB low:6440kB high:8964kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25084kB inactive_anon:0kB active_file:0kB inactive_file:243980kB unevictable:1536kB writepending:1072kB zspages:0kB present:3129332kB managed:2554320kB mlocked:0kB bounce:0kB free_pcp:121800kB local_pcp:22796kB free_cma:0kB [ 301.193992][ T7696] lowmem_reserve[]: 0 0 1 1 1 [ 301.194024][ T7696] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1152kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 301.194083][ T7696] lowmem_reserve[]: 0 0 0 0 0 [ 301.194115][ T7696] Node 1 Normal free:3926232kB boost:0kB min:6372kB low:10480kB high:14588kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 301.194177][ T7696] lowmem_reserve[]: 0 0 0 0 0 [ 301.194211][ T7696] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15328kB [ 301.194348][ T7696] Node 0 DMA32: 1386*4kB (UME) 1153*8kB (UME) 1149*16kB (UM) 620*32kB (UME) 413*64kB (UME) 194*128kB (UME) 59*256kB (UME) 50*512kB (UM) 22*1024kB (UME) 8*2048kB (ME) 254*4096kB (UM) = 1224256kB [ 301.269222][ T7696] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 301.269327][ T7696] Node 1 Normal: 3*4kB (UM) 8*8kB (UM) 7*16kB (UM) 11*32kB (UM) 11*64kB (UM) 4*128kB (UM) 2*256kB (UM) 2*512kB (M) 1*1024kB (M) 1*2048kB (U) 957*4096kB (M) = 3926236kB [ 301.269508][ T7696] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 301.269525][ T7696] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 301.269541][ T7696] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 301.269558][ T7696] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 301.269573][ T7696] 62685 total pagecache pages [ 301.269580][ T7696] 0 pages in swap cache [ 301.269585][ T7696] Free swap = 124996kB [ 301.269592][ T7696] Total swap = 124996kB [ 301.269601][ T7696] 2097051 pages RAM [ 301.269608][ T7696] 0 pages HighMem/MovableOnly [ 301.269615][ T7696] 426569 pages reserved [ 301.269622][ T7696] 0 pages cma reserved [ 301.287470][ T5748] iowarrior 1-1:64.44: no interrupt-out endpoint found [ 301.372257][ T5748] usb 1-1: USB disconnect, device number 4 [ 301.420681][ T7698] netlink: 'syz.4.440': attribute type 1 has an invalid length. [ 301.420702][ T7698] netlink: 4 bytes leftover after parsing attributes in process `syz.4.440'. [ 301.548497][ T7703] netlink: 'syz.3.439': attribute type 1 has an invalid length. [ 301.549283][ T7703] netlink: 4 bytes leftover after parsing attributes in process `syz.3.439'. [ 304.117222][ T5748] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 304.144893][ T5601] page_pool_release_retry() stalled pool shutdown: id 34, 1 inflight 60 sec [ 304.271849][ T5748] usb 3-1: unable to get BOS descriptor or descriptor too short [ 304.288135][ T5748] usb 3-1: config 64 has an invalid interface number: 44 but max is 0 [ 304.288162][ T5748] usb 3-1: config 64 has no interface number 0 [ 304.288211][ T5748] usb 3-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 304.288240][ T5748] usb 3-1: config 64 interface 44 has no altsetting 0 [ 304.314817][ T5748] usb 3-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 304.314847][ T5748] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.314866][ T5748] usb 3-1: Product: syz [ 304.314880][ T5748] usb 3-1: Manufacturer: syz [ 304.314894][ T5748] usb 3-1: SerialNumber: syz [ 304.684797][ T7736] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.693098][ T7746] loop3: detected capacity change from 0 to 512 [ 304.723546][ T7736] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.783291][ T7746] EXT4-fs: Ignoring removed nomblk_io_submit option [ 304.887020][ T7746] EXT4-fs error (device loop3): ext4_iget_extra_inode:5128: inode #15: comm syz.3.452: corrupted in-inode xattr: invalid ea_ino [ 304.887043][ T7746] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 304.888017][ T7746] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.452: couldn't read orphan inode 15 (err -117) [ 304.888036][ T7746] loop3: lost filesystem error report for type 5 error -117 [ 305.015471][ T7746] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 306.242304][ T7755] EXT4-fs error (device loop3): ext4_find_dest_de:2050: inode #2: block 13: comm syz.3.452: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 306.543215][ T5626] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.568034][ T5748] iowarrior 3-1:64.44: no interrupt-out endpoint found [ 306.776976][ T5748] usb 3-1: USB disconnect, device number 5 [ 308.605526][ T7757] syz.4.456 (7757) used greatest stack depth: 18040 bytes left [ 309.415782][ T5601] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 309.574652][ T5601] usb 5-1: Using ep0 maxpacket: 16 [ 309.576780][ T5601] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 309.576831][ T5601] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 309.576859][ T5601] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 309.576871][ T5601] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 309.576883][ T5601] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 309.578080][ T5601] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 309.578106][ T5601] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 309.578123][ T5601] usb 5-1: Manufacturer: syz [ 309.583690][ T5601] usb 5-1: config 0 descriptor?? [ 309.844233][ T7809] Bluetooth: MGMT ver 1.23 [ 309.865319][ T5748] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 309.907845][ T5601] rc_core: IR keymap rc-hauppauge not found [ 309.907864][ T5601] Registered IR keymap rc-empty [ 309.908022][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 309.926112][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 309.956418][ T5601] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 309.968628][ T5601] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input6 [ 309.986201][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 309.999013][ T7816] netlink: 8 bytes leftover after parsing attributes in process `syz.2.474'. [ 310.006537][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 310.033582][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 310.048835][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 310.050822][ T5748] usb 1-1: unable to get BOS descriptor or descriptor too short [ 310.055923][ T5748] usb 1-1: config 64 has an invalid interface number: 44 but max is 0 [ 310.055948][ T5748] usb 1-1: config 64 has no interface number 0 [ 310.056099][ T5748] usb 1-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 310.056126][ T5748] usb 1-1: config 64 interface 44 has no altsetting 0 [ 310.064970][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 310.086132][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 310.099559][ T5748] usb 1-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 310.099588][ T5748] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.099607][ T5748] usb 1-1: Product: syz [ 310.099722][ T5748] usb 1-1: Manufacturer: syz [ 310.099737][ T5748] usb 1-1: SerialNumber: syz [ 310.108683][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 310.127931][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 310.144683][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 310.168897][ T5601] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 310.413812][ T5601] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 310.413837][ T5601] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 310.501547][ T7804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 310.502045][ T7804] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 310.565736][ T5601] usb 5-1: USB disconnect, device number 3 [ 311.065479][ T5748] iowarrior 1-1:64.44: no interrupt-out endpoint found [ 311.102592][ T5748] usb 1-1: USB disconnect, device number 5 [ 311.239837][ T7830] netlink: 36 bytes leftover after parsing attributes in process `syz.2.478'. [ 313.844754][ T5748] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 314.034647][ T5748] usb 5-1: Using ep0 maxpacket: 16 [ 314.040100][ T5748] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.040160][ T5748] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 314.040186][ T5748] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 314.040207][ T5748] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 314.040229][ T5748] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 314.041563][ T5748] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 314.041590][ T5748] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 314.041609][ T5748] usb 5-1: Manufacturer: syz [ 314.057264][ T5748] usb 5-1: config 0 descriptor?? [ 314.264860][ T5601] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 314.409819][ T5748] rc_core: IR keymap rc-hauppauge not found [ 314.409840][ T5748] Registered IR keymap rc-empty [ 314.409933][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.426846][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.447732][ T5601] usb 1-1: unable to get BOS descriptor or descriptor too short [ 314.450831][ T5601] usb 1-1: config 64 has an invalid interface number: 44 but max is 0 [ 314.450858][ T5601] usb 1-1: config 64 has no interface number 0 [ 314.450902][ T5601] usb 1-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 314.450929][ T5601] usb 1-1: config 64 interface 44 has no altsetting 0 [ 314.481857][ T5748] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 314.495342][ T5748] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input7 [ 314.506822][ T5601] usb 1-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 314.506849][ T5601] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.506868][ T5601] usb 1-1: Product: syz [ 314.506882][ T5601] usb 1-1: Manufacturer: syz [ 314.506895][ T5601] usb 1-1: SerialNumber: syz [ 314.568891][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.590765][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.604905][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.627240][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.644714][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.664687][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.684792][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.722295][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.734779][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.755693][ T5748] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 314.796156][ T7888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.840101][ T7888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.851172][ T5748] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 314.851197][ T5748] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 315.006784][ T7898] tipc: Started in network mode [ 315.006899][ T7898] tipc: Node identity 4, cluster identity 4711 [ 315.006935][ T7898] tipc: Node number set to 4 [ 315.943310][ T5748] usb 5-1: USB disconnect, device number 4 [ 315.993950][ T5601] iowarrior 1-1:64.44: no interrupt-out endpoint found [ 316.229344][ T5601] usb 1-1: USB disconnect, device number 6 [ 317.390226][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.390326][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.618514][ T7901] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 317.618554][ T7901] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 317.618600][ T7901] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 317.666466][ T7901] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 317.803265][ T7913] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.805121][ T7913] bridge0: port 2(bridge_slave_1) entered listening state [ 317.817812][ T7913] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.819828][ T7913] bridge0: port 1(bridge_slave_0) entered listening state [ 318.653238][ T7901] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 319.320162][ T7934] loop0: detected capacity change from 0 to 32768 [ 319.347261][ T7934] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.506 (7934) [ 319.391840][ T7934] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 319.391873][ T7934] BTRFS info (device loop0): using crc32c checksum algorithm [ 319.551049][ T7934] BTRFS info (device loop0): enabling ssd optimizations [ 319.551076][ T7934] BTRFS info (device loop0): turning on flush-on-commit [ 319.551093][ T7934] BTRFS info (device loop0): turning on async discard [ 319.551108][ T7934] BTRFS info (device loop0): enabling free space tree [ 319.551124][ T7934] BTRFS info (device loop0): enabling auto defrag [ 319.551142][ T7934] BTRFS info (device loop0): force zlib compression, level 3 [ 319.551162][ T7934] BTRFS info (device loop0): max_inline set to 4096 [ 319.608674][ T5848] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 319.642870][ T38] audit: type=1800 audit(1780426585.386:25): pid=7934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.506" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 319.768593][ T5848] usb 4-1: unable to get BOS descriptor or descriptor too short [ 319.770994][ T5848] usb 4-1: config 64 has an invalid interface number: 44 but max is 0 [ 319.771019][ T5848] usb 4-1: config 64 has no interface number 0 [ 319.771062][ T5848] usb 4-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 319.771101][ T5848] usb 4-1: config 64 interface 44 has no altsetting 0 [ 319.827196][ T5848] usb 4-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 319.827227][ T5848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.827247][ T5848] usb 4-1: Product: syz [ 319.827261][ T5848] usb 4-1: Manufacturer: syz [ 319.827274][ T5848] usb 4-1: SerialNumber: syz [ 319.910534][ T5625] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 320.103203][ T7936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.135678][ T7936] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.406490][ T7953] loop4: detected capacity change from 0 to 32768 [ 320.408234][ T7953] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.509 (7953) [ 320.417139][ T7953] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 320.417168][ T7953] BTRFS info (device loop4): using crc32c checksum algorithm [ 320.486141][ T69] smbdirect: ib_dev[syz2] removed [ 320.544011][ T7953] BTRFS info (device loop4): enabling ssd optimizations [ 320.544037][ T7953] BTRFS info (device loop4): turning on flush-on-commit [ 320.544054][ T7953] BTRFS info (device loop4): turning on async discard [ 320.544071][ T7953] BTRFS info (device loop4): enabling free space tree [ 320.544086][ T7953] BTRFS info (device loop4): enabling auto defrag [ 320.544103][ T7953] BTRFS info (device loop4): force zlib compression, level 3 [ 320.544114][ T7953] BTRFS info (device loop4): max_inline set to 4096 [ 320.645443][ T38] audit: type=1800 audit(1780426586.376:26): pid=7953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.509" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 320.736557][ T5848] iowarrior 4-1:64.44: no interrupt-out endpoint found [ 320.939479][ T5848] usb 4-1: USB disconnect, device number 2 [ 321.693419][ T7975] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 321.693460][ T7975] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 321.693501][ T7975] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 321.855959][ T7975] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 322.102194][ T5624] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 322.199561][ T7985] veth0: entered promiscuous mode [ 322.200482][ T7984] veth0: left promiscuous mode [ 322.413020][ T7982] trusted_key: syz.2.514 sent an empty control message without MSG_MORE. [ 323.335070][ T68] smbdirect: ib_dev[syz2] removed [ 325.073969][ T5748] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 325.135504][ T8024] netlink: 8 bytes leftover after parsing attributes in process `syz.3.526'. [ 325.136831][ T8024] veth0: entered promiscuous mode [ 325.237352][ T5748] usb 3-1: unable to get BOS descriptor or descriptor too short [ 325.238653][ T5748] usb 3-1: config 64 has an invalid interface number: 44 but max is 0 [ 325.238678][ T5748] usb 3-1: config 64 has no interface number 0 [ 325.238722][ T5748] usb 3-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 325.238750][ T5748] usb 3-1: config 64 interface 44 has no altsetting 0 [ 325.283873][ T5748] usb 3-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 325.283903][ T5748] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.283923][ T5748] usb 3-1: Product: syz [ 325.283937][ T5748] usb 3-1: Manufacturer: syz [ 325.283951][ T5748] usb 3-1: SerialNumber: syz [ 325.313600][ T8027] loop1: detected capacity change from 0 to 32768 [ 325.316882][ T8027] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.527 (8027) [ 325.419893][ T8027] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 325.419926][ T8027] BTRFS info (device loop1): using crc32c checksum algorithm [ 325.605069][ T8027] BTRFS info (device loop1): enabling ssd optimizations [ 325.605093][ T8027] BTRFS info (device loop1): turning on flush-on-commit [ 325.605108][ T8027] BTRFS info (device loop1): turning on async discard [ 325.605122][ T8027] BTRFS info (device loop1): enabling free space tree [ 325.605138][ T8027] BTRFS info (device loop1): enabling auto defrag [ 325.605154][ T8027] BTRFS info (device loop1): force zlib compression, level 3 [ 325.605173][ T8027] BTRFS info (device loop1): max_inline set to 4096 [ 325.629799][ T8043] loop4: detected capacity change from 0 to 512 [ 325.633904][ T8043] EXT4-fs: Ignoring removed nomblk_io_submit option [ 325.691911][ T8020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 325.692593][ T8020] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 325.730725][ T38] audit: type=1800 audit(1780426591.496:27): pid=8027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.527" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 325.730797][ T8043] EXT4-fs error (device loop4): ext4_iget_extra_inode:5128: inode #15: comm syz.4.529: corrupted in-inode xattr: invalid ea_ino [ 325.730826][ T8043] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 325.735565][ T8043] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.529: couldn't read orphan inode 15 (err -117) [ 325.735598][ T8043] loop4: lost filesystem error report for type 5 error -117 [ 325.784928][ T8043] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 326.057905][ T8030] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 326.115706][ T8023] veth0: left promiscuous mode [ 326.302913][ T5616] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 326.408567][ T5748] iowarrior 3-1:64.44: no interrupt-out endpoint found [ 326.487403][ T5748] usb 3-1: USB disconnect, device number 6 [ 327.114845][ T8057] EXT4-fs error (device loop4): ext4_find_dest_de:2050: inode #2: block 13: comm syz.4.529: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 327.667177][ T5748] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 329.304269][ T5748] usb 4-1: Using ep0 maxpacket: 16 [ 329.309467][ T5748] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 329.309522][ T5748] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 329.309550][ T5748] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 329.309572][ T5748] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 329.309595][ T5748] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 329.311354][ T5748] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 329.311380][ T5748] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 329.311400][ T5748] usb 4-1: Manufacturer: syz [ 329.552750][ T5748] usb 4-1: config 0 descriptor?? [ 329.565242][ T8067] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 329.565280][ T8067] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 329.565321][ T8067] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 329.669599][ T8067] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 329.944727][ T5748] rc_core: IR keymap rc-hauppauge not found [ 329.944749][ T5748] Registered IR keymap rc-empty [ 329.944926][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 329.964830][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.037051][ T5748] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 330.043604][ T5748] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input8 [ 330.089975][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.104978][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.126047][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.144787][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.166046][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.184824][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.204762][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.224813][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.244778][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.264690][ T5748] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 330.379532][ T5748] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 330.379559][ T5748] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 330.452596][ T5748] usb 4-1: USB disconnect, device number 3 [ 330.678141][ T1517] smbdirect: ib_dev[syz2] removed [ 331.172618][ T5624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.657604][ T8121] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 332.657628][ T8121] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 332.657650][ T8121] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 332.724076][ T8121] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 333.164804][ T164] smbdirect: ib_dev[syz2] removed [ 333.186219][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 333.187303][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 333.390827][ T5614] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 334.419745][ T8091] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 335.001003][ T8137] loop1: detected capacity change from 0 to 32768 [ 335.007037][ T8137] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.556 (8137) [ 335.031775][ T8137] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 335.031807][ T8137] BTRFS info (device loop1): using crc32c checksum algorithm [ 335.234187][ T8137] BTRFS info (device loop1): enabling ssd optimizations [ 335.234215][ T8137] BTRFS info (device loop1): turning on flush-on-commit [ 335.234230][ T8137] BTRFS info (device loop1): turning on async discard [ 335.234245][ T8137] BTRFS info (device loop1): enabling free space tree [ 335.234261][ T8137] BTRFS info (device loop1): enabling auto defrag [ 335.234279][ T8137] BTRFS info (device loop1): force zlib compression, level 3 [ 335.234298][ T8137] BTRFS info (device loop1): max_inline set to 4096 [ 335.434778][ T38] audit: type=1800 audit(1780426601.186:28): pid=8137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.556" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 335.946663][ T5616] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 336.079942][ T5748] IPVS: starting estimator thread 0... [ 336.218985][ T8178] IPVS: using max 9 ests per chain, 21600 per kthread [ 336.618627][ T8191] netlink: 8 bytes leftover after parsing attributes in process `syz.4.567'. [ 336.621509][ T8191] veth0: entered promiscuous mode [ 337.441437][ T8190] veth0: left promiscuous mode [ 338.627100][ T5614] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 338.808077][ T8169] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 339.158937][ T8216] netlink: 12 bytes leftover after parsing attributes in process `syz.3.577'. [ 339.219146][ T8216] ipvlan2: entered allmulticast mode [ 339.219168][ T8216] syz_tun: entered allmulticast mode [ 339.375565][ T8214] loop0: detected capacity change from 0 to 32768 [ 339.385433][ T8214] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.576 (8214) [ 339.393503][ T8214] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 339.393535][ T8214] BTRFS info (device loop0): using crc32c checksum algorithm [ 339.977960][ T8214] BTRFS info (device loop0): enabling ssd optimizations [ 339.977989][ T8214] BTRFS info (device loop0): turning on flush-on-commit [ 339.978006][ T8214] BTRFS info (device loop0): turning on async discard [ 339.978022][ T8214] BTRFS info (device loop0): enabling free space tree [ 339.978038][ T8214] BTRFS info (device loop0): enabling auto defrag [ 339.978055][ T8214] BTRFS info (device loop0): force zlib compression, level 3 [ 339.978076][ T8214] BTRFS info (device loop0): max_inline set to 4096 [ 340.042571][ T38] audit: type=1800 audit(1780426605.786:29): pid=8214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.576" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 340.588534][ T5625] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 343.477415][ T8282] netlink: 8 bytes leftover after parsing attributes in process `syz.3.591'. [ 343.485425][ T8282] veth0: entered promiscuous mode [ 343.638528][ T8274] veth0: left promiscuous mode [ 343.747304][ T8289] netlink: 12 bytes leftover after parsing attributes in process `syz.2.593'. [ 343.889050][ T8289] ipvlan2: entered allmulticast mode [ 343.889072][ T8289] syz_tun: entered allmulticast mode [ 344.134203][ T8301] loop4: detected capacity change from 0 to 512 [ 344.155372][ T8301] EXT4-fs: Ignoring removed nomblk_io_submit option [ 344.190234][ T8301] EXT4-fs error (device loop4): ext4_iget_extra_inode:5128: inode #15: comm syz.4.597: corrupted in-inode xattr: invalid ea_ino [ 344.190353][ T8301] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 344.190777][ T8301] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.597: couldn't read orphan inode 15 (err -117) [ 344.190808][ T8301] loop4: lost filesystem error report for type 5 error -117 [ 344.266086][ T8301] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 344.759387][ T8310] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 344.847978][ T8317] EXT4-fs error (device loop4): ext4_find_dest_de:2050: inode #2: block 13: comm syz.4.597: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 345.553466][ T5614] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 346.379188][ T5624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 346.576637][ T8333] netlink: 32 bytes leftover after parsing attributes in process `syz.2.607'. [ 348.155734][ T8365] netlink: 36 bytes leftover after parsing attributes in process `syz.1.613'. [ 348.583060][ T8364] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 348.635005][ C1] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.635025][ C1] bridge0: topology change detected, propagating [ 348.638405][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.638425][ C1] bridge0: topology change detected, propagating [ 348.842060][ T8364] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 349.693841][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 349.699444][ C0] IPv6: bridge0: IPv6 duplicate address fe80::a8aa:aaff:feaa:aa1b used by aa:aa:aa:aa:aa:1b detected! [ 350.675428][ T8396] tipc: Started in network mode [ 350.675449][ T8396] tipc: Node identity 4, cluster identity 4711 [ 350.675463][ T8396] tipc: Node number set to 4 [ 352.291194][ T8404] netlink: 36 bytes leftover after parsing attributes in process `syz.1.623'. [ 352.498847][ T8407] loop4: detected capacity change from 0 to 512 [ 352.547419][ T8407] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 352.588125][ T8407] EXT4-fs (loop4): invalid journal inode [ 353.031197][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 354.407418][ T8431] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 354.407457][ T8431] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 354.407543][ T8431] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 354.413942][ T8433] netlink: 12 bytes leftover after parsing attributes in process `syz.3.635'. [ 354.540567][ T8431] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 354.648421][ T5614] block nbd0: Receive control failed (result -1) [ 355.147338][ T8446] Bluetooth: MGMT ver 1.23 [ 356.020127][ T164] smbdirect: ib_dev[syz2] removed [ 356.122970][ T8456] loop0: detected capacity change from 0 to 512 [ 356.134426][ T8456] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 356.177826][ T8456] EXT4-fs (loop0): invalid journal inode [ 357.489678][ T8479] netlink: 12 bytes leftover after parsing attributes in process `syz.0.650'. [ 357.562620][ T8486] binder: 8478:8486 ioctl c0306201 200000000040 returned -22 [ 357.819127][ T8490] netlink: 36 bytes leftover after parsing attributes in process `syz.3.653'. [ 358.779314][ T5614] block nbd1: Receive control failed (result -1) [ 360.426869][ T8513] block nbd0: NBD_DISCONNECT [ 360.436983][ T8515] loop0: detected capacity change from 0 to 512 [ 360.464283][ T8515] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 360.517432][ T8513] block nbd0: Send disconnect failed -32 [ 360.517475][ T8513] block nbd0: shutting down sockets [ 360.561024][ T8515] EXT4-fs (loop0): invalid journal inode [ 361.363087][ T8533] syz.3.664 uses obsolete (PF_INET,SOCK_PACKET) [ 361.459354][ T8535] binder: 8534:8535 ioctl c0306201 200000000040 returned -22 [ 362.805263][ T8548] netlink: 8 bytes leftover after parsing attributes in process `syz.1.670'. [ 362.805298][ T8548] netlink: 8 bytes leftover after parsing attributes in process `syz.1.670'. [ 363.217249][ T8546] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 363.217296][ T8546] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 363.217317][ T8546] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 363.421271][ T8558] syzkaller0: entered promiscuous mode [ 363.421297][ T8558] syzkaller0: entered allmulticast mode [ 363.465157][ T8564] loop1: detected capacity change from 0 to 512 [ 363.517748][ T8564] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 363.518134][ T8564] EXT4-fs (loop1): invalid journal inode [ 364.177753][ T8575] netlink: 12 bytes leftover after parsing attributes in process `syz.3.680'. [ 364.203088][ T8577] netlink: 12 bytes leftover after parsing attributes in process `syz.2.681'. [ 364.312243][ T60] block nbd0: Receive control failed (result -1) [ 365.341973][ T8605] netlink: 20 bytes leftover after parsing attributes in process `syz.1.687'. [ 365.343964][ T8605] netlink: 20 bytes leftover after parsing attributes in process `syz.1.687'. [ 365.429656][ T5614] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 365.519252][ T8609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.689'. [ 365.688077][ T8607] netlink: 36 bytes leftover after parsing attributes in process `syz.0.686'. [ 365.858145][ T8616] loop2: detected capacity change from 0 to 512 [ 365.880267][ T8616] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 365.904186][ T8618] binder: 8617:8618 ioctl c0306201 200000000040 returned -22 [ 365.987442][ T8616] EXT4-fs (loop2): invalid journal inode [ 368.339022][ T8655] binder: 8654:8655 ioctl c0306201 200000000040 returned -22 [ 368.421565][ T8658] loop0: detected capacity change from 0 to 512 [ 368.546070][ T8658] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 368.553626][ T8658] EXT4-fs (loop0): invalid journal inode [ 369.521347][ T8659] netlink: 12 bytes leftover after parsing attributes in process `syz.4.706'. [ 369.893115][ T8664] loop1: detected capacity change from 0 to 32768 [ 369.897584][ T8664] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.708 (8664) [ 369.920508][ T8664] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 369.920619][ T8664] BTRFS info (device loop1): using crc32c checksum algorithm [ 371.242863][ T8664] BTRFS info (device loop1): enabling ssd optimizations [ 371.242917][ T8664] BTRFS info (device loop1): turning on flush-on-commit [ 371.242936][ T8664] BTRFS info (device loop1): turning on async discard [ 371.242952][ T8664] BTRFS info (device loop1): enabling free space tree [ 371.242994][ T8664] BTRFS info (device loop1): enabling auto defrag [ 371.243082][ T8664] BTRFS info (device loop1): force zlib compression, level 3 [ 371.243104][ T8664] BTRFS info (device loop1): max_inline set to 4096 [ 371.386867][ T38] audit: type=1800 audit(1780426637.126:30): pid=8664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.708" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 371.450099][ T5614] block nbd2: Receive control failed (result -1) [ 371.847762][ T5616] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 372.187006][ T8700] netlink: 12 bytes leftover after parsing attributes in process `syz.0.715'. [ 372.693325][ T8713] loop0: detected capacity change from 0 to 512 [ 372.713312][ T8713] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 372.743205][ T8713] EXT4-fs (loop0): invalid journal inode [ 374.363157][ T8718] netlink: 12 bytes leftover after parsing attributes in process `syz.4.721'. [ 374.646025][ T8727] netlink: 20 bytes leftover after parsing attributes in process `syz.0.722'. [ 374.647348][ T8727] netlink: 20 bytes leftover after parsing attributes in process `syz.0.722'. [ 375.371619][ T5614] block nbd3: Receive control failed (result -1) [ 375.551265][ T8733] nbd: nbd3 already in use [ 375.557522][ T8733] block nbd0: NBD_DISCONNECT [ 375.558242][ T8733] block nbd0: shutting down sockets [ 376.004900][ T8741] loop4: detected capacity change from 0 to 32768 [ 376.019108][ T8741] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.726 (8741) [ 376.044796][ T8741] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 376.044838][ T8741] BTRFS info (device loop4): using crc32c checksum algorithm [ 376.241430][ T8741] BTRFS info (device loop4): enabling ssd optimizations [ 376.241458][ T8741] BTRFS info (device loop4): turning on flush-on-commit [ 376.241475][ T8741] BTRFS info (device loop4): turning on async discard [ 376.241490][ T8741] BTRFS info (device loop4): enabling free space tree [ 376.241506][ T8741] BTRFS info (device loop4): enabling auto defrag [ 376.241523][ T8741] BTRFS info (device loop4): force zlib compression, level 3 [ 376.241542][ T8741] BTRFS info (device loop4): max_inline set to 4096 [ 376.318124][ T38] audit: type=1800 audit(1780426642.066:31): pid=8741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.726" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 376.522735][ T8751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.727'. [ 376.790163][ T5624] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 377.012262][ T8766] loop3: detected capacity change from 0 to 512 [ 377.068291][ T8766] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 377.074390][ T8766] EXT4-fs (loop3): invalid journal inode [ 378.367206][ T5614] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 378.630356][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.630440][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.989438][ T8782] nbd: nbd1 already in use [ 380.617947][ T8807] netlink: 36 bytes leftover after parsing attributes in process `syz.4.742'. [ 381.327406][ T8807] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.334656][ T8807] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.007088][ T8829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.749'. [ 383.122175][ T60] block nbd0: Receive control failed (result -1) [ 383.139087][ T8835] netlink: 12 bytes leftover after parsing attributes in process `syz.3.751'. [ 383.214897][ T8835] ipvlan2: entered allmulticast mode [ 384.497903][ T8845] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 384.497940][ T8845] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 384.497983][ T8845] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 384.521754][ T8845] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 385.221557][ T8851] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 385.239570][ T1517] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 385.239628][ T1517] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 385.239663][ T1517] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 385.239696][ T1517] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 385.483548][ T8860] netlink: 12 bytes leftover after parsing attributes in process `syz.3.760'. [ 385.582412][ T8859] siw: device registration error -23 [ 385.634850][ T43] smbdirect: ib_dev[syz2] removed [ 385.706393][ T8865] netlink: 12 bytes leftover after parsing attributes in process `syz.3.761'. [ 385.877163][ T8865] ipvlan2: entered allmulticast mode [ 387.432712][ T8888] netlink: 12 bytes leftover after parsing attributes in process `syz.0.768'. [ 389.159494][ T8910] netlink: 36 bytes leftover after parsing attributes in process `syz.1.775'. [ 394.210560][ T8946] loop1: detected capacity change from 0 to 512 [ 394.211637][ T8946] EXT4-fs: Ignoring removed nomblk_io_submit option [ 394.314192][ T8946] EXT4-fs error (device loop1): ext4_iget_extra_inode:5128: inode #15: comm syz.1.788: corrupted in-inode xattr: invalid ea_ino [ 394.314226][ T8946] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 394.314615][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 394.314632][ C0] EXT4-fs (loop1): initial error at time 1780426660: ext4_iget_extra_inode:5128: inode 15 [ 394.314659][ C0] EXT4-fs (loop1): last error at time 1780426660: ext4_iget_extra_inode:5128: inode 15 [ 394.509935][ T8946] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.788: couldn't read orphan inode 15 (err -117) [ 394.509970][ T8946] loop1: lost filesystem error report for type 5 error -117 [ 395.426294][ T8946] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 396.597542][ T8969] EXT4-fs error (device loop1): ext4_find_dest_de:2050: inode #2: block 13: comm syz.1.788: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 396.783195][ T5616] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.882433][ T9017] loop0: detected capacity change from 0 to 512 [ 399.883829][ T9017] EXT4-fs: Ignoring removed nomblk_io_submit option [ 399.943620][ T9017] EXT4-fs error (device loop0): ext4_iget_extra_inode:5128: inode #15: comm syz.0.809: corrupted in-inode xattr: invalid ea_ino [ 399.943654][ T9017] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 399.944605][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 399.944623][ C0] EXT4-fs (loop0): initial error at time 1780426665: ext4_iget_extra_inode:5128: inode 15 [ 399.944649][ C0] EXT4-fs (loop0): last error at time 1780426665: ext4_iget_extra_inode:5128: inode 15 [ 399.962788][ T9017] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.809: couldn't read orphan inode 15 (err -117) [ 399.962823][ T9017] loop0: lost filesystem error report for type 5 error -117 [ 400.010882][ T9017] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 401.098936][ T9023] EXT4-fs error (device loop0): ext4_find_dest_de:2050: inode #2: block 13: comm syz.0.809: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 401.258149][ T9028] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 401.258189][ T9028] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 401.258231][ T9028] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 401.315825][ T9028] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 401.397111][ T5625] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.847029][ T43] smbdirect: ib_dev[syz2] removed [ 402.903832][ T9049] nbd: nbd2 already in use [ 402.904265][ T9049] block nbd0: NBD_DISCONNECT [ 402.904309][ T9049] block nbd0: Send disconnect failed -22 [ 402.904330][ T9049] block nbd0: shutting down sockets [ 403.003448][ T9055] netlink: 16 bytes leftover after parsing attributes in process `syz.4.821'. [ 403.003474][ T9055] netlink: 16 bytes leftover after parsing attributes in process `syz.4.821'. [ 403.594435][ T60] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 404.223974][ T9064] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 404.223998][ T9064] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 404.224020][ T9064] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 404.390878][ T9064] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 404.710829][ T9083] loop0: detected capacity change from 0 to 512 [ 404.714118][ T9083] EXT4-fs: Ignoring removed nomblk_io_submit option [ 404.781016][ T9083] EXT4-fs error (device loop0): ext4_iget_extra_inode:5128: inode #15: comm syz.0.829: corrupted in-inode xattr: invalid ea_ino [ 404.781052][ T9083] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 404.781462][ T9083] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.829: couldn't read orphan inode 15 (err -117) [ 404.781491][ T9083] loop0: lost filesystem error report for type 5 error -117 [ 404.834707][ T9083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 405.098188][ T6195] smbdirect: ib_dev[syz2] removed [ 406.050619][ T9089] EXT4-fs error (device loop0): ext4_find_dest_de:2050: inode #2: block 13: comm syz.0.829: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 406.340591][ T5625] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 406.544644][ T60] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 408.787124][ T9126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.843'. [ 408.842872][ T9126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.843'. [ 409.005951][ T9134] netlink: 12 bytes leftover after parsing attributes in process `syz.1.846'. [ 409.172886][ T9144] netlink: 12 bytes leftover after parsing attributes in process `syz.3.847'. [ 409.318663][ T9148] lo speed is unknown, defaulting to 1000 [ 409.319181][ T9148] lo speed is unknown, defaulting to 1000 [ 409.321409][ T9148] lo speed is unknown, defaulting to 1000 [ 409.323507][ T9148] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 409.323543][ T9148] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 409.323584][ T9148] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 409.458370][ T9148] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 409.520173][ T9148] lo speed is unknown, defaulting to 1000 [ 409.535396][ T9148] lo speed is unknown, defaulting to 1000 [ 409.539509][ T9148] lo speed is unknown, defaulting to 1000 [ 409.547044][ T9148] lo speed is unknown, defaulting to 1000 [ 409.550294][ T9148] lo speed is unknown, defaulting to 1000 [ 410.075747][ T9157] loop1: detected capacity change from 0 to 512 [ 410.093331][ T9157] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 410.120257][ T9157] EXT4-fs (loop1): invalid journal inode [ 411.817722][ T9175] netlink: 12 bytes leftover after parsing attributes in process `syz.4.859'. [ 412.916408][ T9175] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 412.994865][ T9181] bond1: entered promiscuous mode [ 412.994893][ T9181] bond1: entered allmulticast mode [ 413.560368][ T9206] netlink: 36 bytes leftover after parsing attributes in process `syz.3.865'. [ 416.250012][ T9217] netlink: 36 bytes leftover after parsing attributes in process `syz.3.869'. [ 417.005211][ T9221] loop0: detected capacity change from 0 to 512 [ 417.029992][ T9221] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 417.032289][ T9221] EXT4-fs (loop0): invalid journal inode [ 420.885018][ T9239] netlink: 36 bytes leftover after parsing attributes in process `syz.0.876'. [ 421.833787][ T9243] block nbd0: NBD_DISCONNECT [ 422.555356][ T9243] block nbd0: Send disconnect failed -512 [ 422.626278][ T9243] block nbd0: Disconnected due to user request. [ 422.626302][ T9243] block nbd0: shutting down sockets [ 423.512714][ T9269] siw: device registration error -23 [ 424.746599][ T9288] netlink: 12 bytes leftover after parsing attributes in process `syz.1.893'. [ 424.880621][ T9302] netlink: 'syz.4.894': attribute type 1 has an invalid length. [ 424.880641][ T9302] netlink: 'syz.4.894': attribute type 2 has an invalid length. [ 427.113215][ T9333] netlink: 24 bytes leftover after parsing attributes in process `syz.4.907'. [ 427.390931][ T9336] netlink: 'syz.2.908': attribute type 1 has an invalid length. [ 427.390953][ T9336] netlink: 'syz.2.908': attribute type 2 has an invalid length. [ 430.577052][ T9378] netlink: 'syz.1.922': attribute type 1 has an invalid length. [ 430.577065][ T9378] netlink: 'syz.1.922': attribute type 2 has an invalid length. [ 433.311624][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xc880 [ 433.311713][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 433.318525][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x5008 [ 433.318606][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 433.323720][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xd0a0 [ 433.323794][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 433.329620][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x4800 [ 433.333212][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x3000 [ 433.333287][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 433.337929][ T9403] kvm: kvm [9401]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xa8a0 [ 434.718973][ T9426] netlink: 12 bytes leftover after parsing attributes in process `syz.3.937'. [ 434.766548][ T5614] block nbd0: Receive control failed (result -1) [ 436.509224][ T9454] netlink: 12 bytes leftover after parsing attributes in process `syz.0.947'. [ 437.965927][ T9465] netlink: 36 bytes leftover after parsing attributes in process `syz.3.946'. [ 440.082849][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.082950][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.351558][ T9500] netlink: 12 bytes leftover after parsing attributes in process `syz.2.960'. [ 440.534034][ T9514] netlink: 4 bytes leftover after parsing attributes in process `syz.1.963'. [ 442.191912][ T9523] loop1: detected capacity change from 0 to 32768 [ 442.237540][ T9523] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.969 (9523) [ 442.352417][ T9523] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 442.352452][ T9523] BTRFS info (device loop1): using crc32c checksum algorithm [ 442.584866][ T9567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.981'. [ 442.740942][ T9523] BTRFS info (device loop1): enabling ssd optimizations [ 442.740969][ T9523] BTRFS info (device loop1): turning on flush-on-commit [ 442.740986][ T9523] BTRFS info (device loop1): turning on async discard [ 442.741002][ T9523] BTRFS info (device loop1): enabling free space tree [ 442.741018][ T9523] BTRFS info (device loop1): enabling auto defrag [ 442.741034][ T9523] BTRFS info (device loop1): force zlib compression, level 3 [ 442.741055][ T9523] BTRFS info (device loop1): max_inline set to 4096 [ 442.891920][ T38] audit: type=1800 audit(1780426708.606:32): pid=9523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.969" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 443.060452][ T9585] netlink: 4 bytes leftover after parsing attributes in process `syz.2.985'. [ 443.117317][ T9588] netlink: 4 bytes leftover after parsing attributes in process `syz.2.985'. [ 443.138542][ T5616] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 444.688306][ T9622] netlink: 12 bytes leftover after parsing attributes in process `syz.3.999'. [ 445.496921][ T9624] bond2: entered promiscuous mode [ 445.496940][ T9624] bond2: entered allmulticast mode [ 445.633618][ T9612] loop0: detected capacity change from 0 to 32768 [ 445.724151][ T9612] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.996 (9612) [ 445.795934][ T9631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1002'. [ 445.868006][ T9631] macvtap1: entered promiscuous mode [ 445.868030][ T9631] bond0: entered promiscuous mode [ 445.868044][ T9631] bond_slave_0: entered promiscuous mode [ 445.868287][ T9631] bond_slave_1: entered promiscuous mode [ 445.869049][ T9631] macvtap1: entered allmulticast mode [ 445.869065][ T9631] bond0: entered allmulticast mode [ 445.869077][ T9631] bond_slave_0: entered allmulticast mode [ 445.869099][ T9631] bond_slave_1: entered allmulticast mode [ 445.870457][ T9629] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1002'. [ 445.876964][ T9631] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 445.914813][ T9634] netlink: 'syz.3.1001': attribute type 1 has an invalid length. [ 445.938247][ T9612] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 445.938279][ T9612] BTRFS info (device loop0): using crc32c checksum algorithm [ 446.039931][ T9650] netlink: 'syz.2.1003': attribute type 4 has an invalid length. [ 446.059500][ T9629] bond0: left allmulticast mode [ 446.059521][ T9629] bond_slave_0: left allmulticast mode [ 446.059544][ T9629] bond_slave_1: left allmulticast mode [ 446.059751][ T9629] bond0: left promiscuous mode [ 446.101820][ T9629] macvtap1: left promiscuous mode [ 446.101848][ T9629] macvtap1: left allmulticast mode [ 446.118297][ T9612] BTRFS info (device loop0): enabling ssd optimizations [ 446.118320][ T9612] BTRFS info (device loop0): turning on flush-on-commit [ 446.118335][ T9612] BTRFS info (device loop0): turning on async discard [ 446.118349][ T9612] BTRFS info (device loop0): enabling free space tree [ 446.118364][ T9612] BTRFS info (device loop0): enabling auto defrag [ 446.118380][ T9612] BTRFS info (device loop0): force zlib compression, level 3 [ 446.118399][ T9612] BTRFS info (device loop0): max_inline set to 4096 [ 446.118622][ T823] bond_slave_0: left promiscuous mode [ 446.118678][ T823] bond_slave_1: left promiscuous mode [ 446.215819][ T38] audit: type=1800 audit(1780426711.966:33): pid=9612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.996" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 446.533067][ T9634] 8021q: adding VLAN 0 to HW filter on device bond3 [ 446.728015][ T5625] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 446.848153][ T9663] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1007'. [ 448.565386][ T9700] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1017'. [ 448.889711][ T9702] nbd: nbd3 already in use [ 448.891468][ T9702] block nbd0: NBD_DISCONNECT [ 448.891509][ T9702] block nbd0: Send disconnect failed -32 [ 448.891529][ T9702] block nbd0: shutting down sockets [ 449.039530][ T9698] loop4: detected capacity change from 0 to 32768 [ 449.057075][ T9698] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1016 (9698) [ 449.156729][ T9698] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 449.156760][ T9698] BTRFS info (device loop4): using crc32c checksum algorithm [ 449.462041][ T9735] Illegal XDP return value 4291364848 on prog (id 122) dev syz_tun, expect packet loss! [ 449.547545][ T9698] BTRFS info (device loop4): enabling ssd optimizations [ 449.547575][ T9698] BTRFS info (device loop4): turning on flush-on-commit [ 449.547593][ T9698] BTRFS info (device loop4): turning on async discard [ 449.547610][ T9698] BTRFS info (device loop4): enabling free space tree [ 449.547626][ T9698] BTRFS info (device loop4): enabling auto defrag [ 449.547651][ T9698] BTRFS info (device loop4): force zlib compression, level 3 [ 449.547670][ T9698] BTRFS info (device loop4): max_inline set to 4096 [ 449.851685][ T38] audit: type=1800 audit(1780426715.596:34): pid=9698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1016" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 450.193774][ T5624] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 450.744948][ T9756] netlink: 'syz.3.1033': attribute type 1 has an invalid length. [ 451.554743][ T9756] 8021q: adding VLAN 0 to HW filter on device bond4 [ 451.847095][ T9756] macvlan2: entered promiscuous mode [ 451.847120][ T9756] macvlan2: entered allmulticast mode [ 451.849397][ T9756] bond4: entered allmulticast mode [ 451.849579][ T9756] bond4: entered promiscuous mode [ 451.919487][ T9766] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1034'. [ 451.970685][ T9767] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1034'. [ 451.995024][ T9756] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 452.078867][ T9756] team0: Port device macvlan2 added [ 452.911568][ T9772] loop3: detected capacity change from 0 to 32768 [ 452.988329][ T9772] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1036 (9772) [ 453.015636][ T9772] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 453.015671][ T9772] BTRFS info (device loop3): using crc32c checksum algorithm [ 453.331806][ T9772] BTRFS info (device loop3): enabling ssd optimizations [ 453.331833][ T9772] BTRFS info (device loop3): turning on flush-on-commit [ 453.331851][ T9772] BTRFS info (device loop3): turning on async discard [ 453.331867][ T9772] BTRFS info (device loop3): enabling free space tree [ 453.331882][ T9772] BTRFS info (device loop3): enabling auto defrag [ 453.331899][ T9772] BTRFS info (device loop3): force zlib compression, level 3 [ 453.331918][ T9772] BTRFS info (device loop3): max_inline set to 4096 [ 453.413676][ T38] audit: type=1800 audit(1780426719.166:35): pid=9772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1036" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 453.986218][ T5626] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 454.003080][ T9813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1044'. [ 454.088151][ T9813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1044'. [ 454.096064][ T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 454.099387][ T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 454.099434][ T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 454.099469][ T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 454.188618][ T69] nci: nci_rx_work: unknown MT 0x7 [ 454.413271][ T9819] netlink: 'syz.1.1047': attribute type 1 has an invalid length. [ 455.356072][ T9819] 8021q: adding VLAN 0 to HW filter on device bond2 [ 455.498069][ T9821] macvlan2: entered promiscuous mode [ 455.498094][ T9821] macvlan2: entered allmulticast mode [ 455.498519][ T9821] bond2: entered allmulticast mode [ 455.498703][ T9821] bond2: entered promiscuous mode [ 455.595735][ T9821] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 455.620473][ T9821] team0: Port device macvlan2 added [ 455.969192][ T9838] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1051'. [ 456.024905][ T9839] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1051'. [ 456.028405][ T9838] macvtap2: entered promiscuous mode [ 456.028436][ T9838] team0: entered promiscuous mode [ 456.028450][ T9838] team_slave_0: entered promiscuous mode [ 456.028710][ T9838] team_slave_1: entered promiscuous mode [ 456.046242][ T9838] macvtap2: entered allmulticast mode [ 456.046261][ T9838] team0: entered allmulticast mode [ 456.046275][ T9838] team_slave_0: entered allmulticast mode [ 456.046299][ T9838] team_slave_1: entered allmulticast mode [ 456.127193][ T9838] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 456.832099][ T9807] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 457.123559][ T9857] netlink: 'syz.2.1056': attribute type 1 has an invalid length. [ 457.398292][ T9873] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1061'. [ 457.444172][ T9857] 8021q: adding VLAN 0 to HW filter on device bond1 [ 457.461963][ T9864] macvlan2: entered promiscuous mode [ 457.461988][ T9864] macvlan2: entered allmulticast mode [ 457.462419][ T9864] bond1: entered allmulticast mode [ 457.462604][ T9864] bond1: entered promiscuous mode [ 457.490395][ T9864] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 457.493933][ T9864] team0: Port device macvlan2 added [ 459.196774][ T9913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1075'. [ 459.811230][ T9934] netlink: 'syz.2.1081': attribute type 1 has an invalid length. [ 459.811253][ T9934] netlink: 'syz.2.1081': attribute type 2 has an invalid length. [ 460.686652][ T5601] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 460.716609][ T9945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1085'. [ 460.771912][ T9946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1085'. [ 460.791386][ T9945] macvtap1: entered promiscuous mode [ 460.791408][ T9945] erspan0: entered promiscuous mode [ 460.792225][ T9945] macvtap1: entered allmulticast mode [ 460.792242][ T9945] erspan0: entered allmulticast mode [ 460.845963][ T5601] usb 1-1: Using ep0 maxpacket: 16 [ 460.851288][ T5601] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 460.851415][ T5601] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 460.853155][ T5601] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 460.853182][ T5601] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 460.853202][ T5601] usb 1-1: Manufacturer: syz [ 460.888459][ T5601] usb 1-1: config 0 descriptor?? [ 461.568461][ T9965] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1092'. [ 461.652212][ T9970] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1092'. [ 461.775690][ T9965] macvtap1: entered promiscuous mode [ 461.775713][ T9965] team0: entered promiscuous mode [ 461.775727][ T9965] team_slave_0: entered promiscuous mode [ 461.775950][ T9965] team_slave_1: entered promiscuous mode [ 461.776636][ T9965] macvtap1: entered allmulticast mode [ 461.776651][ T9965] team0: entered allmulticast mode [ 461.776664][ T9965] team_slave_0: entered allmulticast mode [ 461.776685][ T9965] team_slave_1: entered allmulticast mode [ 461.827265][ T9965] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 462.376824][ T9983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1097'. [ 462.526769][ T9991] bond2: entered promiscuous mode [ 462.526795][ T9991] bond2: entered allmulticast mode [ 463.278840][ T5601] usb 1-1: USB disconnect, device number 7 [ 463.890554][T10019] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1108'. [ 464.043022][T10021] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 464.089612][T10021] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 464.396955][T10023] bond6: entered promiscuous mode [ 464.396981][T10023] bond6: entered allmulticast mode [ 464.553204][T10030] syzkaller0: entered promiscuous mode [ 464.553228][T10030] syzkaller0: entered allmulticast mode [ 465.467706][T10047] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1115'. [ 465.483982][ T5748] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 465.675072][ T5748] usb 2-1: Using ep0 maxpacket: 16 [ 465.677319][ T5748] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 465.677401][ T5748] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 465.678687][ T5748] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 465.678714][ T5748] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 465.678734][ T5748] usb 2-1: Manufacturer: syz [ 465.737633][ T5748] usb 2-1: config 0 descriptor?? [ 466.193592][T10048] bond2: entered promiscuous mode [ 466.193622][T10048] bond2: entered allmulticast mode [ 467.025404][ T43] nci: nci_rx_work: unknown MT 0x7 [ 467.860585][ T5748] usb 2-1: USB disconnect, device number 4 [ 469.156652][T10141] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1137'. [ 469.883941][T10077] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 470.331523][T10158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1143'. [ 470.524812][ T5748] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 470.712775][ T5748] usb 5-1: Using ep0 maxpacket: 16 [ 470.727893][ T5748] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 470.727937][ T5748] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 470.731979][ T5748] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 470.732006][ T5748] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 470.732025][ T5748] usb 5-1: Manufacturer: syz [ 470.826252][T10174] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1147'. [ 470.842990][ T5748] usb 5-1: config 0 descriptor?? [ 472.626097][T10200] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1158'. [ 472.673335][T10200] bond7: entered promiscuous mode [ 472.673360][T10200] bond7: entered allmulticast mode [ 473.162072][T10220] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1163'. [ 473.321708][ T5848] usb 5-1: USB disconnect, device number 5 [ 473.608257][T10229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1165'. [ 473.657810][T10230] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1166'. [ 476.682975][T10282] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1183'. [ 476.683020][T10282] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1183'. [ 476.812359][T10284] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1184'. [ 476.842592][ T43] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.842881][ T43] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.842925][ T43] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.842971][ T43] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 477.204461][T10296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1188'. [ 477.204788][T10296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1188'. [ 477.391565][T10296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1188'. [ 477.391588][T10296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1188'. [ 477.858132][T10315] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1195'. [ 478.069567][T10319] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1196'. [ 478.406729][T10327] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1199'. [ 482.159617][T10372] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1214'. [ 482.254272][T10373] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1215'. [ 482.413144][T10370] veth0: entered promiscuous mode [ 483.360704][T10402] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1227'. [ 483.746288][T10412] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1232'. [ 483.811423][T10418] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1233'. [ 483.811455][T10418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1233'. [ 483.936746][T10418] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1233'. [ 483.936768][T10418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1233'. [ 484.113131][T10423] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1235'. [ 485.018699][T10446] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1243'. [ 485.026298][T10438] IPVS: Error connecting to the multicast addr [ 485.258703][ T1487] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.258996][ T1487] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.259070][ T1487] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.259110][ T1487] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 485.612068][ T6195] nci: nci_rsp_packet: unknown rsp opcode 0x3f [ 486.017194][T10454] syz.1.1245 (10454) used greatest stack depth: 17784 bytes left [ 488.496370][T10459] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 488.811351][T10514] __nla_validate_parse: 5 callbacks suppressed [ 488.811396][T10514] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1263'. [ 488.854114][T10492] macvtap2: left promiscuous mode [ 488.854137][T10492] team0: left promiscuous mode [ 488.868825][T10492] macvlan2: left promiscuous mode [ 488.868839][T10492] bond2: left promiscuous mode [ 489.026248][ T32] lo speed is unknown, defaulting to 1000 [ 489.342799][T10522] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1267'. [ 489.391976][T10522] vlan2: entered promiscuous mode [ 489.391996][T10522] syz_tun: entered promiscuous mode [ 489.499539][T10529] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1269'. [ 489.552938][T10531] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1269'. [ 490.653881][T10538] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1272'. [ 490.683558][T10529] macvtap2: entered promiscuous mode [ 490.694460][T10529] macvtap2: entered allmulticast mode [ 490.731774][T10529] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 490.998203][T10546] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1274'. [ 491.161516][T10548] bridge0: port 2(bridge_slave_1) entered blocking state [ 491.161727][T10548] bridge0: port 2(bridge_slave_1) entered listening state [ 491.162066][T10548] bridge0: port 1(bridge_slave_0) entered blocking state [ 491.162237][T10548] bridge0: port 1(bridge_slave_0) entered listening state [ 491.249400][T10536] syz.2.1272 (10536) used greatest stack depth: 16488 bytes left [ 491.911853][T10587] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1285'. [ 491.973108][T10591] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1285'. [ 491.983968][T10584] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 492.093642][T10587] macvtap2: entered promiscuous mode [ 492.093663][T10587] team0: entered promiscuous mode [ 492.093677][T10587] team_slave_0: entered promiscuous mode [ 492.093910][T10587] team_slave_1: entered promiscuous mode [ 492.174336][T10587] macvtap2: entered allmulticast mode [ 492.174349][T10587] team0: entered allmulticast mode [ 492.174357][T10587] team_slave_0: entered allmulticast mode [ 492.174370][T10587] team_slave_1: entered allmulticast mode [ 492.176475][T10587] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 492.496050][T10609] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1292'. [ 497.063788][T10652] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1309'. [ 497.523473][T10672] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1298'. [ 497.620495][T10670] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1315'. [ 497.926887][T10688] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1322'. [ 498.323907][T10709] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1330'. [ 498.458011][T10712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1331'. [ 498.716183][T10727] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1336'. [ 498.879259][T10727] ipvlan2: entered allmulticast mode [ 499.061631][T10734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1340'. [ 501.414430][T10750] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1345'. [ 501.510126][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.510228][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.952978][T10778] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1355'. [ 502.182495][T10786] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1358'. [ 502.627851][T10802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1363'. [ 502.990044][T10815] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1369'. [ 503.011363][T10812] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1368'. [ 503.032380][T10815] macvtap3: entered promiscuous mode [ 503.035781][T10815] macvtap3: entered allmulticast mode [ 503.036867][T10815] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 503.065566][T10816] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1368'. [ 503.076442][T10812] macvtap1: entered promiscuous mode [ 503.076460][T10812] team0: entered promiscuous mode [ 503.076474][T10812] team_slave_0: entered promiscuous mode [ 503.076686][T10812] team_slave_1: entered promiscuous mode [ 503.077043][T10812] macvtap1: entered allmulticast mode [ 503.077057][T10812] team0: entered allmulticast mode [ 503.077069][T10812] team_slave_0: entered allmulticast mode [ 503.120859][T10812] team_slave_1: entered allmulticast mode [ 503.124355][T10812] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 503.239770][T10819] veth0: entered promiscuous mode [ 503.250262][T10818] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1370'. [ 503.499782][T10830] netlink: 'syz.3.1373': attribute type 4 has an invalid length. [ 503.787489][T10842] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1377'. [ 503.796745][T10828] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1373'. [ 503.796796][T10828] block nbd0: not configured, cannot reconfigure [ 504.139100][T10847] bond3: entered promiscuous mode [ 504.139116][T10847] bond3: entered allmulticast mode [ 504.263127][T10858] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1382'. [ 504.304116][T10858] macvtap2: entered promiscuous mode [ 504.308960][T10858] macvtap2: entered allmulticast mode [ 504.344283][T10858] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 504.734381][T10873] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1386'. [ 506.660035][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 506.669770][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 507.424362][T10897] macvtap3: entered promiscuous mode [ 507.424384][T10897] team0: entered promiscuous mode [ 507.426521][T10897] macvlan2: entered promiscuous mode [ 507.426539][T10897] bond2: entered promiscuous mode [ 507.463187][T10897] macvtap3: entered allmulticast mode [ 507.479287][T10897] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 508.808029][T10921] __nla_validate_parse: 1 callbacks suppressed [ 508.808049][T10921] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1404'. [ 508.859761][T10926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1404'. [ 508.863913][T10921] macvtap3: entered promiscuous mode [ 508.864212][T10921] macvtap3: entered allmulticast mode [ 508.886586][T10921] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 510.323265][T10956] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1413'. [ 512.784090][T10983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1422'. [ 512.784125][T10983] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1422'. [ 512.887505][T10987] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1424'. [ 513.074273][T10991] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1426'. [ 513.442274][T11007] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1427'. [ 513.546819][T10991] bond4: entered promiscuous mode [ 513.547371][T10991] bond4: entered allmulticast mode [ 513.584374][T10991] 8021q: adding VLAN 0 to HW filter on device bond4 [ 514.742081][T11026] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1434'. [ 516.179362][T11047] netlink: 'syz.3.1441': attribute type 1 has an invalid length. [ 516.221846][T11047] 8021q: adding VLAN 0 to HW filter on device bond8 [ 516.267544][T11047] macvlan3: entered promiscuous mode [ 516.267560][T11047] macvlan3: entered allmulticast mode [ 516.268031][T11047] bond8: entered allmulticast mode [ 516.268307][T11047] bond8: entered promiscuous mode [ 516.270022][T11047] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 516.272740][T11047] team0: Port device macvlan3 added [ 517.419594][T11010] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 519.291528][T11095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1458'. [ 520.514258][T11117] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1465'. [ 521.670210][T11132] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1471'. [ 522.025303][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 522.025325][ C0] bridge0: topology change detected, propagating [ 522.025638][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 522.025652][ C0] bridge0: topology change detected, propagating [ 522.070514][T11142] nbd: nbd1 already in use [ 523.100405][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 523.101064][ C0] IPv6: bridge0: IPv6 duplicate address fe80::a8aa:aaff:feaa:aa1b used by aa:aa:aa:aa:aa:1b detected! [ 524.010993][T11162] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1484'. [ 524.310635][T11170] nbd: nbd2 already in use [ 525.471718][T11185] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1492'. [ 525.498440][T11185] macvtap4: entered promiscuous mode [ 525.520870][T11185] macvtap4: entered allmulticast mode [ 525.522873][T11186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1492'. [ 525.540166][T11185] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 525.755232][T11192] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1496'. [ 525.911955][T11203] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 527.483460][T11227] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1505'. [ 528.366841][T11217] bond5: entered promiscuous mode [ 528.372123][T11217] bond5: entered allmulticast mode [ 528.373667][T11217] 8021q: adding VLAN 0 to HW filter on device bond5 [ 528.503806][T11227] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 528.508752][T11230] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 528.541512][T11234] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1506'. [ 528.606499][T11234] ipvlan2: entered allmulticast mode [ 528.606521][T11234] syz_tun: entered allmulticast mode [ 528.668670][T11239] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1507'. [ 531.087442][T11269] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1520'. [ 531.137091][T11271] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1521'. [ 532.293396][T11275] bond4: entered promiscuous mode [ 532.293422][T11275] bond4: entered allmulticast mode [ 532.955810][T11312] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1530'. [ 534.120265][T11326] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1540'. [ 534.120300][T11326] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1540'. [ 534.139257][ T1511] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 534.150037][ T1517] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 534.150082][ T1517] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 534.150115][ T1517] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 535.771097][T11359] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1546'. [ 536.759747][T11368] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 536.761762][T11368] batadv_slave_1: entered promiscuous mode [ 536.992881][T11374] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1553'. [ 536.992914][T11374] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1553'. [ 538.455479][T11398] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1560'. [ 539.574887][T11404] bond3: entered promiscuous mode [ 539.574905][T11404] bond3: entered allmulticast mode [ 539.778228][T11422] bond5: entered promiscuous mode [ 539.778245][T11422] bond5: entered allmulticast mode [ 540.192739][T11435] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1574'. [ 540.195878][T11435] bridge0: port 2(bridge_slave_1) entered disabled state [ 540.201216][T11435] bridge0: port 1(bridge_slave_0) entered disabled state [ 541.181200][T11441] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 541.181637][T11441] batadv_slave_1: entered promiscuous mode [ 541.616012][T11458] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1583'. [ 541.675672][T11461] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1584'. [ 542.089249][T11473] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1587'. [ 543.999253][T11494] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1598'. [ 544.551282][T11509] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1601'. [ 544.722118][T11508] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1602'. [ 545.749440][T11514] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1605'. [ 545.887706][T11514] macvtap1: entered promiscuous mode [ 545.887728][T11514] team0: entered promiscuous mode [ 545.887741][T11514] team_slave_0: entered promiscuous mode [ 545.887969][T11514] team_slave_1: entered promiscuous mode [ 545.888705][T11514] macvtap1: entered allmulticast mode [ 545.888721][T11514] team0: entered allmulticast mode [ 545.888734][T11514] team_slave_0: entered allmulticast mode [ 545.888756][T11514] team_slave_1: entered allmulticast mode [ 545.899106][T11514] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 546.113661][T11529] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1610'. [ 546.182270][T11531] batadv_slave_1: entered promiscuous mode [ 546.383112][T11540] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1617'. [ 546.679803][T11548] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1616'. [ 547.347628][T11552] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1619'. [ 550.745990][T11586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1631'. [ 550.805261][T11591] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1631'. [ 550.885612][T11596] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1635'. [ 550.910691][T11586] macvtap4: entered promiscuous mode [ 550.910928][T11586] macvtap4: entered allmulticast mode [ 550.914175][T11586] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 551.157480][T11597] bond6: entered promiscuous mode [ 551.157514][T11597] bond6: entered allmulticast mode [ 552.433026][T11625] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1647'. [ 552.785857][T11625] bond6: entered promiscuous mode [ 552.785884][T11625] bond6: entered allmulticast mode [ 553.969194][T11675] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1668'. [ 554.325768][T11686] 8021q: adding VLAN 0 to HW filter on device bond4 [ 554.460512][T11688] macvlan3: entered promiscuous mode [ 554.460536][T11688] macvlan3: entered allmulticast mode [ 554.461136][T11688] bond4: entered allmulticast mode [ 554.461322][T11688] bond4: entered promiscuous mode [ 554.470415][T11688] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 554.491969][T11688] team0: Port device macvlan3 added [ 554.556921][T11691] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1673'. [ 554.590847][T11691] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1673'. [ 556.536255][T11726] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1688'. [ 556.569777][T11726] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1688'. [ 556.750322][T11734] 8021q: adding VLAN 0 to HW filter on device bond7 [ 556.773861][T11737] macvlan2: entered promiscuous mode [ 556.773995][T11737] macvlan2: entered allmulticast mode [ 556.774462][T11737] bond7: entered allmulticast mode [ 556.792963][T11737] bond7: entered promiscuous mode [ 556.806975][T11737] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 556.845127][T11737] team0: Port device macvlan2 added [ 557.244841][ T32] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 557.409245][ T32] usb 1-1: unable to get BOS descriptor or descriptor too short [ 557.410379][ T32] usb 1-1: config 64 has an invalid interface number: 44 but max is 0 [ 557.410405][ T32] usb 1-1: config 64 has no interface number 0 [ 557.410454][ T32] usb 1-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 557.410482][ T32] usb 1-1: config 64 interface 44 has no altsetting 0 [ 557.413012][ T32] usb 1-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 557.413040][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.413060][ T32] usb 1-1: Product: syz [ 557.413072][ T32] usb 1-1: Manufacturer: syz [ 557.413079][ T32] usb 1-1: SerialNumber: syz [ 558.694919][T11743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 558.695519][T11743] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 559.068920][ T32] iowarrior 1-1:64.44: no interrupt-out endpoint found [ 559.117505][T11770] netlink: 'syz.4.1699': attribute type 1 has an invalid length. [ 559.152374][ T32] usb 1-1: USB disconnect, device number 8 [ 559.170599][T11773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1700'. [ 559.250089][T11776] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1700'. [ 559.408690][T11770] 8021q: adding VLAN 0 to HW filter on device bond7 [ 559.460824][T11774] macvlan2: entered promiscuous mode [ 559.460849][T11774] macvlan2: entered allmulticast mode [ 559.461402][T11774] bond7: entered allmulticast mode [ 559.465757][T11774] bond7: entered promiscuous mode [ 559.468153][T11774] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 559.474400][T11774] team0: Port device macvlan2 added [ 559.770942][T11785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1704'. [ 559.819724][T11785] macvtap4: entered promiscuous mode [ 559.820268][T11785] macvtap4: entered allmulticast mode [ 559.840584][T11793] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1704'. [ 559.879390][T11785] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 561.340462][T11814] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1710'. [ 561.437261][T11819] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1712'. [ 561.654624][ T32] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 561.951782][ T32] usb 4-1: unable to get BOS descriptor or descriptor too short [ 561.953339][ T32] usb 4-1: config 64 has an invalid interface number: 44 but max is 0 [ 561.953365][ T32] usb 4-1: config 64 has no interface number 0 [ 561.953407][ T32] usb 4-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 561.953433][ T32] usb 4-1: config 64 interface 44 has no altsetting 0 [ 561.968320][ T32] usb 4-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 561.968350][ T32] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.968370][ T32] usb 4-1: Product: syz [ 561.968384][ T32] usb 4-1: Manufacturer: syz [ 561.968398][ T32] usb 4-1: SerialNumber: syz [ 562.183258][T11828] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1715'. [ 562.915692][T11816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 562.916322][T11816] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 562.990773][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.990929][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.124104][T11835] netlink: 'syz.2.1716': attribute type 4 has an invalid length. [ 563.170688][T11835] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1716'. [ 563.170721][T11835] block nbd0: not configured, cannot reconfigure [ 563.370496][ T32] iowarrior 4-1:64.44: no interrupt-out endpoint found [ 563.450317][T11846] batadv_slave_1: left promiscuous mode [ 563.471720][ T32] usb 4-1: USB disconnect, device number 4 [ 563.830660][T11846] macvtap3: left promiscuous mode [ 563.856368][T11846] macvtap4: left promiscuous mode [ 563.856394][T11846] team0: left promiscuous mode [ 563.902543][T11846] macvlan2: left promiscuous mode [ 563.902592][T11846] bond2: left promiscuous mode [ 565.603039][T11881] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1728'. [ 566.654743][T11900] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1734'. [ 566.670028][T11901] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1738'. [ 567.624703][ T5732] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 568.566971][ T5732] usb 3-1: unable to get BOS descriptor or descriptor too short [ 568.568481][ T5732] usb 3-1: config 64 has an invalid interface number: 44 but max is 0 [ 568.568507][ T5732] usb 3-1: config 64 has no interface number 0 [ 568.568550][ T5732] usb 3-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 568.568578][ T5732] usb 3-1: config 64 interface 44 has no altsetting 0 [ 568.571325][ T5732] usb 3-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 568.571352][ T5732] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.571372][ T5732] usb 3-1: Product: syz [ 568.571388][ T5732] usb 3-1: Manufacturer: syz [ 568.571402][ T5732] usb 3-1: SerialNumber: syz [ 568.860624][T11896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 568.861159][T11896] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 568.991054][T11917] netlink: 'syz.0.1741': attribute type 4 has an invalid length. [ 568.999696][T11916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1743'. [ 569.067453][T11922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1743'. [ 569.164164][T11917] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1741'. [ 569.164198][T11917] block nbd0: not configured, cannot reconfigure [ 569.215940][T11916] macvtap5: entered promiscuous mode [ 569.215961][T11916] team0: entered promiscuous mode [ 569.216370][T11916] macvlan2: entered promiscuous mode [ 569.217902][T11916] bond2: entered promiscuous mode [ 569.219259][T11916] macvtap5: entered allmulticast mode [ 569.246923][T11916] 8021q: adding VLAN 0 to HW filter on device macvtap5 [ 569.263868][ T5732] iowarrior 3-1:64.44: no interrupt-out endpoint found [ 569.286641][ T5732] usb 3-1: USB disconnect, device number 7 [ 569.619117][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1748'. [ 570.440893][ T5614] block nbd0: Receive control failed (result -1) [ 570.688861][T11940] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1750'. [ 570.731932][T11940] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1750'. [ 570.772704][T11943] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1751'. [ 573.594653][ T32] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 573.672549][T11985] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1764'. [ 573.757693][ T32] usb 1-1: unable to get BOS descriptor or descriptor too short [ 573.766963][ T32] usb 1-1: config 64 has an invalid interface number: 44 but max is 0 [ 573.766991][ T32] usb 1-1: config 64 has no interface number 0 [ 573.767037][ T32] usb 1-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 573.767064][ T32] usb 1-1: config 64 interface 44 has no altsetting 0 [ 573.802446][ T32] usb 1-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 573.802478][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.802499][ T32] usb 1-1: Product: syz [ 573.802513][ T32] usb 1-1: Manufacturer: syz [ 573.802527][ T32] usb 1-1: SerialNumber: syz [ 573.943846][T11992] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1764'. [ 574.051806][T11989] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1765'. [ 574.779096][ T5614] block nbd4: Receive control failed (result -1) [ 574.988129][T11979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 574.996492][T11979] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 575.157309][T12006] batadv_slave_1: entered promiscuous mode [ 575.356390][ T32] iowarrior 1-1:64.44: no interrupt-out endpoint found [ 575.362087][ T32] usb 1-1: USB disconnect, device number 9 [ 575.886752][T12024] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1777'. [ 575.938831][T12026] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1777'. [ 578.311000][T12067] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1789'. [ 578.352078][T12067] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1789'. [ 578.384745][ T5732] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 578.541251][ T5732] usb 3-1: unable to get BOS descriptor or descriptor too short [ 578.564721][ T5732] usb 3-1: config 64 has an invalid interface number: 44 but max is 0 [ 578.564753][ T5732] usb 3-1: config 64 has no interface number 0 [ 578.564797][ T5732] usb 3-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 578.564825][ T5732] usb 3-1: config 64 interface 44 has no altsetting 0 [ 578.583688][ T5732] usb 3-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 578.583719][ T5732] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.583739][ T5732] usb 3-1: Product: syz [ 578.583753][ T5732] usb 3-1: Manufacturer: syz [ 578.583767][ T5732] usb 3-1: SerialNumber: syz [ 579.814301][T12055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 579.818298][T12055] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 580.329860][ T5732] iowarrior 3-1:64.44: no interrupt-out endpoint found [ 580.348122][ T5732] usb 3-1: USB disconnect, device number 8 [ 582.667389][T12128] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1807'. [ 583.894075][T12144] netlink: 'syz.3.1815': attribute type 3 has an invalid length. [ 583.894097][T12144] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1815'. [ 584.144753][ T5732] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 584.300701][ T5732] usb 1-1: unable to get BOS descriptor or descriptor too short [ 584.305282][ T5732] usb 1-1: config 64 has an invalid interface number: 44 but max is 0 [ 584.305308][ T5732] usb 1-1: config 64 has no interface number 0 [ 584.305351][ T5732] usb 1-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 584.305379][ T5732] usb 1-1: config 64 interface 44 has no altsetting 0 [ 584.314264][ T5732] usb 1-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 584.314293][ T5732] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.314313][ T5732] usb 1-1: Product: syz [ 584.314326][ T5732] usb 1-1: Manufacturer: syz [ 584.314340][ T5732] usb 1-1: SerialNumber: syz [ 584.640395][T12134] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 584.642506][T12134] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 584.944073][T12173] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1825'. [ 585.032050][ T5732] iowarrior 1-1:64.44: no interrupt-out endpoint found [ 585.050412][ T5732] usb 1-1: USB disconnect, device number 10 [ 585.068758][T12179] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1825'. [ 585.231183][T12179] bond5: entered promiscuous mode [ 585.231208][T12179] bond5: entered allmulticast mode [ 585.376908][T12185] ip6_vti0: left promiscuous mode [ 586.269488][T12185] macvtap1: left promiscuous mode [ 586.269511][T12185] erspan0: left promiscuous mode [ 586.315926][T12185] bond2: left promiscuous mode [ 586.318819][T12185] macvtap2: left promiscuous mode [ 586.374268][T12185] macvtap3: left promiscuous mode [ 586.406001][T12185] bond3: left promiscuous mode [ 586.406466][T12185] macvtap4: left promiscuous mode [ 586.406482][T12185] team0: left promiscuous mode [ 586.406496][T12185] team_slave_0: left promiscuous mode [ 586.406696][T12185] team_slave_1: left promiscuous mode [ 586.406949][T12185] macvlan2: left promiscuous mode [ 586.406961][T12185] bond1: left promiscuous mode [ 586.485436][T12185] macvlan3: left promiscuous mode [ 586.485456][T12185] bond4: left promiscuous mode [ 586.520382][T12185] bond5: left promiscuous mode [ 588.552873][ T823] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 588.711680][ T823] usb 1-1: unable to get BOS descriptor or descriptor too short [ 588.713382][ T823] usb 1-1: config 64 has an invalid interface number: 44 but max is 0 [ 588.713407][ T823] usb 1-1: config 64 has no interface number 0 [ 588.713450][ T823] usb 1-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 588.713478][ T823] usb 1-1: config 64 interface 44 has no altsetting 0 [ 588.742771][ T823] usb 1-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 588.742801][ T823] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.742820][ T823] usb 1-1: Product: syz [ 588.742834][ T823] usb 1-1: Manufacturer: syz [ 588.742847][ T823] usb 1-1: SerialNumber: syz [ 588.995509][T12221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 589.010823][T12221] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 590.030321][T12229] kthread_run failed with err -4 [ 590.405076][ T823] iowarrior 1-1:64.44: no interrupt-out endpoint found [ 590.433471][ T823] usb 1-1: USB disconnect, device number 11 [ 592.648960][T12266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1853'. [ 594.260904][T12291] netlink: 'syz.0.1862': attribute type 4 has an invalid length. [ 594.336826][ T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 594.380559][T12291] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1862'. [ 594.409198][T12296] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1864'. [ 594.487708][ T10] usb 3-1: unable to get BOS descriptor or descriptor too short [ 594.496549][ T10] usb 3-1: config 64 has an invalid interface number: 44 but max is 0 [ 594.496575][ T10] usb 3-1: config 64 has no interface number 0 [ 594.496617][ T10] usb 3-1: config 64 interface 44 altsetting 7 endpoint 0x83 has an invalid bInterval 57, changing to 9 [ 594.496644][ T10] usb 3-1: config 64 interface 44 has no altsetting 0 [ 594.540303][ T10] usb 3-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d9.d2 [ 594.540331][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.540350][ T10] usb 3-1: Product: syz [ 594.540362][ T10] usb 3-1: Manufacturer: syz [ 594.540376][ T10] usb 3-1: SerialNumber: syz [ 594.556440][T12294] syzkaller0: entered promiscuous mode [ 594.556468][T12294] syzkaller0: entered allmulticast mode [ 594.707233][T12294] tipc: Enabled bearer , priority 0 [ 594.757690][T12293] tipc: Resetting bearer [ 594.759432][T12283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 594.760991][T12283] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 594.919978][T12293] tipc: Disabling bearer [ 595.045545][ T10] iowarrior 3-1:64.44: no interrupt-out endpoint found [ 595.062819][ T10] usb 3-1: USB disconnect, device number 9 [ 595.764240][ T823] IPVS: starting estimator thread 0... [ 595.874817][T12339] IPVS: using max 10 ests per chain, 24000 per kthread [ 596.235952][T12348] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1877'. [ 596.275018][T12351] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1879'. [ 596.276061][T12352] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1878'. [ 596.387440][T12359] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1879'. [ 596.450242][T12348] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1877'. [ 596.800017][T12367] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1883'. [ 596.851760][T12367] macvtap6: entered promiscuous mode [ 596.854171][T12367] macvtap6: entered allmulticast mode [ 596.876126][T12367] 8021q: adding VLAN 0 to HW filter on device macvtap6 [ 596.947883][T12372] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1885'. [ 597.012004][T12372] bond7: entered promiscuous mode [ 597.012031][T12372] bond7: entered allmulticast mode [ 598.618432][T12417] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1897'. [ 598.725291][T12419] bond8: entered promiscuous mode [ 598.733914][T12419] bond8: entered allmulticast mode [ 599.297341][T12428] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1900'. [ 600.604714][T12438] netlink: 'syz.4.1904': attribute type 4 has an invalid length. [ 600.633754][T12438] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1904'. [ 601.266025][T12452] batadv_slave_1: left promiscuous mode [ 601.518120][T12452] bond1: left promiscuous mode [ 601.518359][T12452] macvtap1: left promiscuous mode [ 601.580967][T12452] bond2: left promiscuous mode [ 601.595579][T12452] macvtap2: left promiscuous mode [ 601.809419][T12452] macvtap3: left promiscuous mode [ 601.850913][T12455] netlink: 'syz.2.1908': attribute type 1 has an invalid length. [ 601.850933][T12455] netlink: 'syz.2.1908': attribute type 2 has an invalid length. [ 601.883639][T12452] bond4: left promiscuous mode [ 601.884160][T12452] bond5: left promiscuous mode [ 601.884348][T12452] bond6: left promiscuous mode [ 601.965642][T12452] macvtap4: left promiscuous mode [ 601.965662][T12452] team0: left promiscuous mode [ 601.966164][T12452] macvlan2: left promiscuous mode [ 601.966180][T12452] bond7: left promiscuous mode [ 602.037177][T12452] bond8: left promiscuous mode [ 605.718035][T12486] sctp: [Deprecated]: syz.4.1916 (pid 12486) Use of int in max_burst socket option deprecated. [ 605.718035][T12486] Use struct sctp_assoc_value instead [ 606.045166][T12492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1919'. [ 606.056811][T12492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1919'. [ 609.763782][T12528] vlan2: entered promiscuous mode [ 609.902316][T12536] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1929'. [ 611.529341][T12551] syzkaller0: entered promiscuous mode [ 611.529366][T12551] syzkaller0: entered allmulticast mode [ 614.817090][T12593] netlink: 'syz.1.1947': attribute type 1 has an invalid length. [ 614.817110][T12593] netlink: 'syz.1.1947': attribute type 2 has an invalid length. [ 618.821771][T12651] warning: `syz.1.1964' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 622.615306][T12704] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1500) ! [ 622.687547][T12713] syzkaller0: entered promiscuous mode [ 622.687572][T12713] syzkaller0: entered allmulticast mode [ 623.949255][T12756] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1997'. [ 624.051107][T12756] bond8: entered promiscuous mode [ 624.052256][T12756] bond8: entered allmulticast mode [ 624.963313][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.963410][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.562908][T12789] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2006'. [ 625.645861][T12789] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2006'. [ 625.896825][T12799] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2010'. [ 625.986601][T12799] bond5: entered promiscuous mode [ 625.986627][T12799] bond5: entered allmulticast mode [ 627.081046][T12812] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2014'. [ 627.261871][T12815] syzkaller0: entered promiscuous mode [ 627.261897][T12815] syzkaller0: entered allmulticast mode [ 627.660401][T12838] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2023'. [ 628.181473][T12843] bond9: entered promiscuous mode [ 628.181497][T12843] bond9: entered allmulticast mode [ 628.181992][T12846] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2024'. [ 628.182005][T12846] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2024'. [ 629.473468][T12860] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2027'. [ 630.328535][T12891] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2035'. [ 630.328561][T12891] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2035'. [ 630.492598][T12896] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2036'. [ 630.579471][T12896] bond6: entered promiscuous mode [ 630.584580][T12896] bond6: entered allmulticast mode [ 630.637184][T12903] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2037'. [ 632.769629][T12947] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2043'. [ 633.153893][T12968] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2047'. [ 634.847046][T12987] Bluetooth: MGMT ver 1.23 [ 635.120370][T12995] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2056'. [ 635.415771][T12998] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2057'. [ 639.982930][T13055] bond7: left promiscuous mode [ 639.983066][T13055] bond8: left promiscuous mode [ 640.243437][T13058] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2072'. [ 641.215974][T13070] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2076'. [ 644.151687][T13113] tipc: Started in network mode [ 644.151712][T13113] tipc: Node identity 528b8d614f1c, cluster identity 4711 [ 644.151827][T13113] tipc: Enabled bearer , priority 0 [ 644.152826][T13113] syzkaller0: entered promiscuous mode [ 644.152840][T13113] syzkaller0: entered allmulticast mode [ 644.168801][T13113] tipc: Resetting bearer [ 644.225024][T13112] tipc: Resetting bearer [ 644.356139][T13112] tipc: Disabling bearer [ 644.897605][T13120] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2088'. [ 645.120518][T13125] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2090'. [ 645.779613][T13139] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2095'. [ 646.647463][T13153] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2100'. [ 646.858414][T13162] batadv_slave_1: entered promiscuous mode [ 646.920069][T13163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2104'. [ 647.221559][T13169] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2106'. [ 647.609461][T13189] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2113'. [ 648.545255][T13212] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2119'. [ 648.815982][T13217] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2121'. [ 648.980601][T13224] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2124'. [ 649.089671][T13228] netlink: 'syz.3.2127': attribute type 1 has an invalid length. [ 649.206706][T13228] bond10: entered promiscuous mode [ 649.212275][T13228] 8021q: adding VLAN 0 to HW filter on device bond10 [ 649.392365][T13233] bond10: (slave bridge9): making interface the new active one [ 649.392383][T13233] bridge9: entered promiscuous mode [ 649.505933][T13233] bond10: (slave bridge9): Enslaving as an active interface with an up link [ 650.647204][T13257] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2135'. [ 651.385037][T13268] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2140'. [ 651.421914][T13270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2141'. [ 651.421936][T13270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2141'. [ 651.565569][T13270] veth1: entered promiscuous mode [ 653.568908][T13314] tipc: Enabled bearer , priority 0 [ 653.571816][T13314] syzkaller0: entered promiscuous mode [ 653.571834][T13314] syzkaller0: entered allmulticast mode [ 653.628411][T13313] tipc: Resetting bearer [ 654.808661][T13313] tipc: Disabling bearer [ 655.888496][T13352] netlink: 'syz.3.2169': attribute type 1 has an invalid length. [ 656.091025][T13352] bond11: entered promiscuous mode [ 656.092059][T13352] 8021q: adding VLAN 0 to HW filter on device bond11 [ 656.351576][T13354] bond11: (slave bridge10): making interface the new active one [ 656.351605][T13354] bridge10: entered promiscuous mode [ 656.412796][T13354] bond11: (slave bridge10): Enslaving as an active interface with an up link [ 657.359797][T13385] batadv_slave_1: left promiscuous mode [ 657.422605][T13387] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2179'. [ 657.517098][T13385] macvtap1: left promiscuous mode [ 657.529641][T13385] bond3: left promiscuous mode [ 657.529895][T13385] macvtap2: left promiscuous mode [ 657.529912][T13385] team0: left promiscuous mode [ 657.529923][T13385] team_slave_0: left promiscuous mode [ 657.530099][T13385] team_slave_1: left promiscuous mode [ 657.531518][T13385] bond4: left promiscuous mode [ 657.532278][T13385] bond5: left promiscuous mode [ 657.532950][T13385] bond6: left promiscuous mode [ 657.533742][T13385] macvlan2: left promiscuous mode [ 657.533759][T13385] bond7: left promiscuous mode [ 657.594862][T13385] bond9: left promiscuous mode [ 657.595023][T13385] veth1: left promiscuous mode [ 658.295854][T13400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2184'. [ 658.295879][T13400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2184'. [ 658.296966][T13400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2184'. [ 658.296987][T13400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2184'. [ 659.109997][T13407] bond9: entered promiscuous mode [ 659.110022][T13407] bond9: entered allmulticast mode [ 659.330707][T13417] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2190'. [ 659.425278][T13423] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2192'. [ 659.535925][T13425] netlink: 'syz.4.2193': attribute type 1 has an invalid length. [ 659.535945][T13425] netlink: 'syz.4.2193': attribute type 2 has an invalid length. [ 661.399810][T13453] bond10: entered promiscuous mode [ 661.399837][T13453] bond10: entered allmulticast mode [ 661.558698][T13468] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2203'. [ 661.832244][T13478] netlink: 'syz.0.2204': attribute type 1 has an invalid length. [ 661.943552][T13478] 8021q: adding VLAN 0 to HW filter on device bond11 [ 662.652687][T13498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2207'. [ 662.704355][T13501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2207'. [ 663.368771][T13519] bond9: entered promiscuous mode [ 663.368796][T13519] bond9: entered allmulticast mode [ 664.800470][T13541] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2222'. [ 664.932528][T13546] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2223'. [ 666.869732][T13583] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2234'. [ 666.880214][T13582] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2235'. [ 667.703699][T13597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2239'. [ 667.792434][T13597] macvtap5: entered promiscuous mode [ 667.792449][T13597] team0: entered promiscuous mode [ 667.792457][T13597] team_slave_0: entered promiscuous mode [ 667.792604][T13597] team_slave_1: entered promiscuous mode [ 667.792798][T13597] macvlan2: entered promiscuous mode [ 667.792807][T13597] bond1: entered promiscuous mode [ 667.898644][T13597] macvlan3: entered promiscuous mode [ 667.898658][T13597] bond4: entered promiscuous mode [ 667.899434][T13597] macvtap5: entered allmulticast mode [ 667.900091][T13597] 8021q: adding VLAN 0 to HW filter on device macvtap5 [ 669.969396][T13623] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2246'. [ 670.075819][T13631] block nbd0: NBD_DISCONNECT [ 670.075868][T13631] block nbd0: Send disconnect failed -104 [ 670.075888][T13631] block nbd0: shutting down sockets [ 670.504110][T13636] syzkaller0: entered promiscuous mode [ 670.504135][T13636] syzkaller0: entered allmulticast mode [ 670.739970][T13640] tipc: Enabled bearer , priority 0 [ 671.291671][T13635] tipc: Resetting bearer [ 671.657498][T13635] tipc: Disabling bearer [ 671.843060][T13650] netlink: 'syz.4.2255': attribute type 1 has an invalid length. [ 672.251241][T13665] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2260'. [ 672.395881][T13668] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2261'. [ 672.471598][T13673] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2258'. [ 672.600622][T13668] bond12: entered promiscuous mode [ 672.600649][T13668] bond12: entered allmulticast mode [ 673.107210][T13691] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2269'. [ 673.240074][T13685] syzkaller0: entered promiscuous mode [ 673.240099][T13685] syzkaller0: entered allmulticast mode [ 673.413210][T13685] tipc: Enabled bearer , priority 0 [ 674.105749][T13698] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2271'. [ 674.227252][T13684] tipc: Resetting bearer [ 674.467459][T13684] tipc: Disabling bearer [ 674.672852][T13711] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2276'. [ 675.229584][T13731] tipc: Enabled bearer , priority 0 [ 675.249980][T13733] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2282'. [ 675.648093][T13730] tipc: Disabling bearer [ 676.799509][T13743] netlink: 'syz.0.2286': attribute type 1 has an invalid length. [ 676.901296][T13743] 8021q: adding VLAN 0 to HW filter on device bond13 [ 677.542620][T13761] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2292'. [ 678.214932][T13765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2293'. [ 678.420864][T13772] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2296'. [ 679.013718][ T1517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.013739][ T1517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.376184][T13805] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2301'. [ 680.091908][T13812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2307'. [ 680.170562][T13816] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2309'. [ 680.988019][T13839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2315'. [ 681.071588][T13839] macvtap3: entered promiscuous mode [ 681.071608][T13839] team0: entered promiscuous mode [ 681.071621][T13839] team_slave_0: entered promiscuous mode [ 681.075082][T13839] team_slave_1: entered promiscuous mode [ 681.075295][T13839] macvlan2: entered promiscuous mode [ 681.075310][T13839] bond7: entered promiscuous mode [ 681.080895][T13839] macvtap3: entered allmulticast mode [ 681.084018][T13839] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 681.301399][T13847] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2319'. [ 681.313949][T13849] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2320'. [ 681.985987][ T1511] wlan1: Trigger new scan to find an IBSS to join [ 684.019092][T13877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2330'. [ 684.269386][T13877] macvtap4: entered promiscuous mode [ 684.275783][T13877] macvtap4: entered allmulticast mode [ 684.277097][T13877] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 684.588939][T13890] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2334'. [ 684.668392][T13892] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2336'. [ 685.391366][T13901] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2338'. [ 686.227640][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.227749][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.573112][T13911] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2345'. [ 686.593718][T13907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2344'. [ 686.626606][T13911] macvtap5: entered promiscuous mode [ 686.626619][T13911] team0: entered promiscuous mode [ 686.626851][T13911] macvlan2: entered promiscuous mode [ 686.626864][T13911] bond7: entered promiscuous mode [ 686.627686][T13911] macvtap5: entered allmulticast mode [ 686.629318][T13911] 8021q: adding VLAN 0 to HW filter on device macvtap5 [ 686.682455][T13914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2344'. [ 686.713974][T13907] macvtap6: entered promiscuous mode [ 686.714230][T13907] macvtap6: entered allmulticast mode [ 686.718395][T13907] 8021q: adding VLAN 0 to HW filter on device macvtap6 [ 686.947111][ T164] wlan1: Trigger new scan to find an IBSS to join [ 687.144738][T13914] macvtap6: left promiscuous mode [ 687.144768][T13914] macvtap6: left allmulticast mode [ 687.336470][T13923] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2349'. [ 687.499675][T13928] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2350'. [ 687.750141][T13934] netlink: 'syz.4.2352': attribute type 1 has an invalid length. [ 687.750164][T13934] netlink: 'syz.4.2352': attribute type 2 has an invalid length. [ 689.545228][T12942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 689.840122][T13947] netlink: 'syz.4.2355': attribute type 1 has an invalid length. [ 689.841670][T13948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2356'. [ 689.926661][T13947] 8021q: adding VLAN 0 to HW filter on device bond10 [ 690.003028][T13948] macvtap7: entered promiscuous mode [ 690.006484][T13948] macvtap7: entered allmulticast mode [ 690.007784][T13948] 8021q: adding VLAN 0 to HW filter on device macvtap7 [ 690.311856][T13963] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2359'. [ 690.435360][T13967] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2361'. [ 691.951179][T13992] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2369'. [ 692.011872][T13992] macvtap2: entered promiscuous mode [ 692.012101][T13992] macvtap2: entered allmulticast mode [ 692.076811][T13992] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 692.564844][T14003] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2373'. [ 692.603115][T14005] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2375'. [ 694.103086][T14026] netlink: 'syz.3.2381': attribute type 1 has an invalid length. [ 694.414450][T14036] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2383'. [ 694.982669][T14047] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2388'. [ 695.011083][T14046] netlink: 'syz.4.2390': attribute type 1 has an invalid length. [ 695.107696][T14055] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2394'. [ 695.238091][T14046] 8021q: adding VLAN 0 to HW filter on device bond11 [ 695.488066][T14068] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2397'. [ 695.756180][T14068] macvtap5: entered promiscuous mode [ 695.758817][T14068] macvtap5: entered allmulticast mode [ 695.784238][T14068] 8021q: adding VLAN 0 to HW filter on device macvtap5 [ 695.804378][T14084] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2399'. [ 695.804411][T14084] block nbd0: not configured, cannot reconfigure [ 696.487468][T14104] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 697.269470][T14101] ================================================================== [ 697.269553][T14101] BUG: KASAN: slab-use-after-free in clear_tfile_check_list+0x114/0x380 [ 697.269652][T14101] Read of size 8 at addr ffff888037ac5a88 by task syz.4.2400/14101 [ 697.269671][T14101] [ 697.269694][T[ 697.269694][T14101] CPU: 0 UID: 0 PID: 14101 Comm: syz.4.2400 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 697.269725][T14101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 697.269742][T14101] Call Trace: [ 697.269782][T14101] [ 697.269852][T14101] dump_stack_lvl+0xe8/0x150 [ 697.269927][T14101] print_address_description+0x55/0x1e0 [ 697.269955][T14101] ? clear_tfile_check_list+0x114/0x380 [ 697.270001][T14101] print_report+0x58/0x70 [ 697.270026][T14101] kasan_report+0x117/0x150 [ 697.270067][T14101] ? clear_tfile_check_list+0x114/0x380 [ 697.270091][T14101] clear_tfile_check_list+0x114/0x380 [ 697.270111][T14101] ? clear_tfile_check_list+0x22/0x380 [ 697.270132][T14101] do_epoll_ctl_file+0x8fd/0xed0 [ 697.270163][T14101] ? do_epoll_ctl_file+0xac3/0xed0 [ 697.270211][T14101] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 697.270242][T14101] ? __fget_files+0x3a6/0x420 [ 697.270269][T14101] ? __fget_files+0x2a/0x420 [ 697.270299][T14101] __se_sys_epoll_ctl+0x14e/0x210 [ 697.270331][T14101] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 697.270374][T14101] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.270397][T14101] do_syscall_64+0x174/0x580 [ 697.270417][T14101] ? trace_irq_disable+0x3b/0x140 [ 697.270444][T14101] ? clear_bhb_loop+0x40/0x90 [ 697.270467][T14101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.270488][T14101] RIP: 0033:0x7fad6014ce59 [ 697.270542][T14101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 697.270567][T14101] RSP: 002b:00007fad5df39028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 697.270620][T14101] RAX: ffffffffffffffda RBX: 00007fad603c6270 RCX: 00007fad6014ce59 [ 697.270636][T14101] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006 [ 697.270649][T14101] RBP: 00007fad601e2d6f R08: 0000000000000000 R09: 0000000000000000 [ 697.270662][T14101] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 697.270676][T14101] R13: 00007fad603c6308 R14: 00007fad603c6270 R15: 00007fff8c8b9cb8 [ 697.270699][T14101] [ 697.270708][T14101] [ 697.270712][T14101] Allocated by task 14097: [ 697.270754][T14101] kasan_save_track+0x3e/0x80 [ 697.270782][T14101] __kasan_slab_alloc+0x6c/0x80 [ 697.270807][T14101] kmem_cache_alloc_noprof+0x33b/0x680 [ 697.270831][T14101] ep_insert+0x512/0x1820 [ 697.270856][T14101] do_epoll_ctl_file+0x8bb/0xed0 [ 697.270882][T14101] __se_sys_epoll_ctl+0x14e/0x210 [ 697.270908][T14101] do_syscall_64+0x174/0x580 [ 697.270925][T14101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.270943][T14101] [ 697.270948][T14101] Freed by task 14092: [ 697.270956][T14101] kasan_save_track+0x3e/0x80 [ 697.270977][T14101] kasan_save_free_info+0x46/0x50 [ 697.270994][T14101] __kasan_slab_free+0x5c/0x80 [ 697.271017][T14101] kmem_cache_free+0x187/0x6c0 [ 697.271040][T14101] eventpoll_release_file+0xc2/0x240 [ 697.271065][T14101] __fput+0x83c/0xa70 [ 697.271085][T14101] task_work_run+0x1d9/0x270 [ 697.271109][T14101] get_signal+0x11eb/0x1330 [ 697.271138][T14101] arch_do_signal_or_restart+0xbc/0x840 [ 697.271157][T14101] exit_to_user_mode_loop+0xa9/0x680 [ 697.271180][T14101] do_syscall_64+0x353/0x580 [ 697.271208][T14101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.271225][T14101] [ 697.271230][T14101] The buggy address belongs to the object at ffff888037ac5a80 [ 697.271230][T14101] which belongs to the cache ep_head of size 16 [ 697.271246][T14101] The buggy address is located 8 bytes inside of [ 697.271246][T14101] freed 16-byte region [ffff888037ac5a80, ffff888037ac5a90) [ 697.271267][T14101] [ 697.271271][T14101] The buggy address belongs to the physical page: [ 697.271327][T14101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888037ac59c0 pfn:0x37ac5 [ 697.271348][T14101] memcg:ffff888037c93001 [ 697.271357][T14101] flags: 0x80000000000200(workingset|node=0|zone=1) [ 697.271374][T14101] page_type: f5(slab) [ 697.271393][T14101] raw: 0080000000000200 ffff888020ad3c80 ffff88801abca088 ffffea0000f58fd0 [ 697.271411][T14101] raw: ffff888037ac59c0 000000080080001e 00000000f5000000 ffff888037c93001 [ 697.271422][T14101] page dumped because: kasan: bad access detected [ 697.271437][T14101] page_owner tracks the page as allocated [ 697.271444][T14101] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4978, tgid 4978 (udevd), ts 26843975614, free_ts 0 [ 697.271479][T14101] post_alloc_hook+0x1f9/0x250 [ 697.271503][T14101] get_page_from_freelist+0x265c/0x26e0 [ 697.271531][T14101] __alloc_frozen_pages_noprof+0x18d/0x380 [ 697.271558][T14101] allocate_slab+0x74/0x5e0 [ 697.271575][T14101] refill_objects+0x33c/0x3d0 [ 697.271591][T14101] __pcs_replace_empty_main+0x373/0x720 [ 697.271611][T14101] kmem_cache_alloc_noprof+0x433/0x680 [ 697.271634][T14101] ep_insert+0x512/0x1820 [ 697.271660][T14101] do_epoll_ctl_file+0x8bb/0xed0 [ 697.271684][T14101] __se_sys_epoll_ctl+0x14e/0x210 [ 697.271710][T14101] do_syscall_64+0x174/0x580 [ 697.271727][T14101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.271745][T14101] page_owner free stack trace missing [ 697.271752][T14101] [ 697.271757][T14101] Memory state around the buggy address: [ 697.271812][T14101] ffff888037ac5980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 697.271827][T14101] ffff888037ac5a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 697.271842][T14101] >ffff888037ac5a80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 697.271852][T14101] ^ [ 697.271863][T14101] ffff888037ac5b00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 697.271877][T14101] ffff888037ac5b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 697.271888][T14101] ================================================================== [ 697.303833][T14101] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 697.303858][T14101] CPU: 0 UID: 0 PID: 14101 Comm: syz.4.2400 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 697.303878][T14101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 697.303890][T14101] Call Trace: [ 697.303898][T14101] [ 697.303906][T14101] vpanic+0x56c/0xa60 [ 697.303940][T14101] ? __pfx_vpanic+0x10/0x10 [ 697.303969][T14101] ? __pfx___schedule+0x10/0x10 [ 697.304002][T14101] panic+0xc5/0xd0 [ 697.304028][T14101] ? __pfx_panic+0x10/0x10 [ 697.304057][T14101] ? preempt_schedule_thunk+0x16/0x40 [ 697.304083][T14101] ? clear_tfile_check_list+0x114/0x380 [ 697.304103][T14101] check_panic_on_warn+0x89/0xb0 [ 697.304131][T14101] ? clear_tfile_check_list+0x114/0x380 [ 697.304151][T14101] end_report+0x73/0x170 [ 697.304218][T14101] ? clear_tfile_check_list+0x114/0x380 [ 697.304238][T14101] kasan_report+0x128/0x150 [ 697.304273][T14101] ? clear_tfile_check_list+0x114/0x380 [ 697.304298][T14101] clear_tfile_check_list+0x114/0x380 [ 697.304318][T14101] ? clear_tfile_check_list+0x22/0x380 [ 697.304354][T14101] do_epoll_ctl_file+0x8fd/0xed0 [ 697.304386][T14101] ? do_epoll_ctl_file+0xac3/0xed0 [ 697.304418][T14101] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 697.304449][T14101] ? __fget_files+0x3a6/0x420 [ 697.304476][T14101] ? __fget_files+0x2a/0x420 [ 697.304523][T14101] __se_sys_epoll_ctl+0x14e/0x210 [ 697.304554][T14101] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 697.304590][T14101] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.304612][T14101] do_syscall_64+0x174/0x580 [ 697.304632][T14101] ? trace_irq_disable+0x3b/0x140 [ 697.304657][T14101] ? clear_bhb_loop+0x40/0x90 [ 697.304680][T14101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.304699][T14101] RIP: 0033:0x7fad6014ce59 [ 697.304718][T14101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 697.304737][T14101] RSP: 002b:00007fad5df39028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 697.304759][T14101] RAX: ffffffffffffffda RBX: 00007fad603c6270 RCX: 00007fad6014ce59 [ 697.304775][T14101] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006 [ 697.304788][T14101] RBP: 00007fad601e2d6f R08: 0000000000000000 R09: 0000000000000000 [ 697.304802][T14101] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 697.304817][T14101] R13: 00007fad603c6308 R14: 00007fad603c6270 R15: 00007fff8c8b9cb8 [ 697.304842][T14101] [ 697.304997][T14101] Kernel Offset: disabled