last executing test programs: 23.043356097s ago: executing program 0 (id=2555): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f0000000140)={0xd, @raw_data="6724b022bfb99ee6c6d20d4230647b72ac2607ff1544ac258044719ebb8c104c228e28e11f149bb60b2f8b50959451e63faff65bbe24f687a24acbc17cf9457afc2112b40ec009143ce69f66617fe32a8c6dd648ddfb59f4c5b3421325ba66db59a3d5e2f1a2f8aa71a9b6f789ac29aa659b1570553d05368f389def4e2a2dbc20cb3181bd63c0cc99f3ad74ea4ea21417934c78d28c37ade6748eb29bb5aa5eb54b198357e39fbe50787b756fa436d170ec2e568d6a9d0092f4620d69d6992f599062831e59c83c"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) 16.724320615s ago: executing program 0 (id=2573): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'team_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_route_sched_retired(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=@delchain={0x24}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r5 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x5c, r5, 0x1, 0x0, 0x0, {0x1, 0x6c00000000000000}, [{{0x8, 0x1, r4}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x9}, {0x4}}, {0x8, 0x6, r1}}}]}}]}, 0x5c}, 0x1, 0xf000}, 0x0) 16.510004233s ago: executing program 0 (id=2574): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="58000000020601020000000000000000000000000c00078008001240000621000500010006000000050005000a00000005000400000000000900020073797a310000000014000300686173683a69702c706f7274"], 0x58}}, 0x0) 16.231005494s ago: executing program 0 (id=2575): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x26, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast1}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x6, [{@dev}, {@multicast2}, {@dev}, {}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000180)={0x0, &(0x7f00000000c0)="2d063eab7f6f"}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 15.666296986s ago: executing program 0 (id=2577): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001f00)=ANY=[@ANYBLOB="200000005e00250e0000000000000000"], 0x20}], 0x1}, 0x0) 13.471920322s ago: executing program 0 (id=2582): setrlimit(0x1, &(0x7f00000000c0)={0x4, 0xffffffffffffffff}) socket(0x10, 0x2, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) pselect6(0x40, &(0x7f0000000140), 0x0, &(0x7f00000001c0)={0x1f}, 0x0, 0x0) ioctl$EVIOCGRAB(r3, 0x40044591, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}], 0x3) ioctl$KVM_RUN(r4, 0xae80, 0x0) write$evdev(r0, &(0x7f0000000000), 0x100000008) 8.439555369s ago: executing program 3 (id=2597): sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r1, 0x101, 0x4, &(0x7f0000000140), &(0x7f0000000180)=0x4) 7.699780109s ago: executing program 3 (id=2600): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$I2C(&(0x7f0000000140), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x40}, 0x19) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) quotactl_fd$Q_QUOTAON(0xffffffffffffffff, 0xffffffff80000200, 0x0, &(0x7f0000000000)='./file0\x00') syz_emit_vhci(0x0, 0x17) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x6c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x40, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x30, 0xb, 0x0, 0x1, [{0x3, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_QUOTA_CONSUMED={0xc}, @NFTA_QUOTA_BYTES={0xc}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf0}}, 0x0) 5.464838956s ago: executing program 1 (id=2609): r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1) eventfd2(0x7fffffff, 0x801) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x6, 0x2, 0x4}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x4, 0xfffffffffffffffe, &(0x7f0000000140)=0x19) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xe4010000, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000017000b63d25a80648c2594f941a3c92b", 0x14}], 0x1}, 0x0) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f0000000600)=[{0x0, 0x8611, 0xb9, &(0x7f0000000180)="9954865b603926677628d3e37266cd00414a897615d9e1ec6ed9760b59148534c555561f4e8df498a0745149182f05fc2dd4896c98bb0d6a45b68933d51b255144334472e123b160ae4f52fd2e15a53148c53b0cdd4651545c178cbefecf15f3dd97e88717152d6fbadc00abe2184f1f3f75d442fce5d0771dad3c1ffbc2f8b15ab2e93d79a96dcfe6921c5beed888d5a4abbd179b5a98c93d163698d09dfd244a2c54f5d2e0b761401e358501f3ad099d719f67be2fd51642"}], 0x1}) 5.34379883s ago: executing program 1 (id=2610): sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r1, 0x101, 0x4, &(0x7f0000000140), &(0x7f0000000180)=0x4) 4.659694667s ago: executing program 1 (id=2612): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'team_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=@delchain={0x24}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r5 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x5c, r5, 0x1, 0x0, 0x0, {0x1, 0x6c00000000000000}, [{{0x8, 0x1, r4}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x9}, {0x4}}, {0x8, 0x6, r1}}}]}}]}, 0x5c}, 0x1, 0xf000}, 0x0) 4.523658433s ago: executing program 2 (id=2614): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001f00)=ANY=[@ANYBLOB="200000005e00250e00000000000000000c000080eec47c8e"], 0x20}], 0x1}, 0x0) 4.407856878s ago: executing program 1 (id=2615): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x26, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast1}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x6, [{@dev}, {@multicast2}, {@dev}, {}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000180)={0x0, &(0x7f00000000c0)="2d063eab7f6f"}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 4.33217701s ago: executing program 2 (id=2616): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x0, 0x800}, 0x20) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$sock_buf(r6, 0x1, 0x3e, &(0x7f0000000000)=""/51, &(0x7f00000000c0)=0x33) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'veth1\x00', 0x0}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x25}, {0x54}, {0x6}]}) r9 = creat(&(0x7f0000001180)='./file0\x00', 0x0) pwritev(r9, &(0x7f0000000200), 0x0, 0x0, 0x3) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f00000031c0)={'ip6tnl0\x00', &(0x7f0000005200)={'ip6tnl0\x00', r8, 0x2f, 0x4, 0xa1, 0xffffffff, 0x1, @empty, @loopback, 0x8000, 0x1, 0x7, 0x6}}) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000004500)={'vxcan0\x00'}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000004e00)={'syztnl1\x00', &(0x7f00000003c0)={'syztnl0\x00', r8, 0x7800, 0x8, 0x7, 0x0, {{0x41, 0x4, 0x0, 0x7, 0x104, 0x67, 0x0, 0x6, 0x4, 0x0, @loopback, @multicast1, {[@lsrr={0x83, 0x1f, 0x68, [@broadcast, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x44}, @local]}, @cipso={0x86, 0x25, 0x3, [{0x7, 0x12, "712d920900000000000000313df8eb67"}, {0x5, 0xd, "26b1482b68fa2f894ae3b6"}]}, @end, @timestamp_prespec={0x44, 0x4, 0x2c, 0x3, 0x1}, @lsrr={0x83, 0x23, 0x2b, [@remote, @multicast2, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @loopback, @multicast1, @multicast1]}, @timestamp_addr={0x44, 0x44, 0x9c, 0x1, 0x5, [{@local, 0xff}, {@rand_addr=0x64010102, 0x2}, {@broadcast, 0x3}, {@local, 0x67be}, {@dev={0xac, 0x14, 0x14, 0x18}, 0x9}, {@private=0xa010101, 0x200}, {@broadcast, 0x8}, {@remote, 0xd}]}, @timestamp={0x44, 0x4, 0x45, 0x0, 0x8}, @cipso={0x86, 0x3c, 0x1, [{0x7, 0xf, "7f395b69daf4d005309e000000"}, {0x5, 0xb, "4050a4bae538da316f"}, {0x5, 0xa, "93df58afbe004713"}, {0x3, 0x8, "e9762e6a172f"}, {0x2, 0x8, "30b2f0a34a2b"}, {0x6, 0x2}]}]}}}}}) 4.207754935s ago: executing program 4 (id=2617): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@updpolicy={0xb8, 0x15, 0x4101, 0x0, 0x0, {{@in=@multicast1=0xe0000002}}}, 0xb8}}, 0x0) 3.962242514s ago: executing program 4 (id=2618): socket$can_bcm(0x1d, 0x2, 0x2) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r4, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0x10) getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x8, 0x0, &(0x7f0000000040)) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000cc0)=[{0x0}], 0x1}}], 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, 0x0) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) 3.083220039s ago: executing program 2 (id=2620): r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1) eventfd2(0x7fffffff, 0x801) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x6, 0x2, 0x4}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x4, 0xfffffffffffffffe, &(0x7f0000000140)=0x19) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xe4010000, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000017000b63d25a80648c2594f941a3c92b", 0x14}], 0x1}, 0x0) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f0000000600)=[{0x0, 0x8611, 0xb9, &(0x7f0000000180)="9954865b603926677628d3e37266cd00414a897615d9e1ec6ed9760b59148534c555561f4e8df498a0745149182f05fc2dd4896c98bb0d6a45b68933d51b255144334472e123b160ae4f52fd2e15a53148c53b0cdd4651545c178cbefecf15f3dd97e88717152d6fbadc00abe2184f1f3f75d442fce5d0771dad3c1ffbc2f8b15ab2e93d79a96dcfe6921c5beed888d5a4abbd179b5a98c93d163698d09dfd244a2c54f5d2e0b761401e358501f3ad099d719f67be2fd51642"}], 0x1}) 2.345298649s ago: executing program 1 (id=2621): openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket(0x10, 0x3, 0x0) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = fcntl$dupfd(r0, 0x406, r2) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDSIGACCEPT(r3, 0x400455c8, 0x4) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x33) 2.217656193s ago: executing program 4 (id=2622): sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r0, 0x101, 0x4, &(0x7f0000000140), &(0x7f0000000180)=0x4) 2.194566654s ago: executing program 2 (id=2623): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept$alg(r0, 0x0, 0x0) 2.103796998s ago: executing program 3 (id=2624): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000880)=ANY=[@ANYBLOB='\v\f'], 0x118) 1.860215117s ago: executing program 4 (id=2625): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'team_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=@delchain={0x24}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r5 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x5c, r5, 0x1, 0x0, 0x0, {0x1, 0x6c00000000000000}, [{{0x8, 0x1, r4}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x9}, {0x4}}, {0x8, 0x6, r1}}}]}}]}, 0x5c}, 0x1, 0xf000}, 0x0) 1.662375465s ago: executing program 3 (id=2626): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001f00)=ANY=[@ANYBLOB="200000005e00250e00000000000000000c000080eec47c8e670527ab"], 0x20}], 0x1}, 0x0) 1.149694075s ago: executing program 4 (id=2627): socket$nl_generic(0x10, 0x3, 0x10) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001040), 0x2, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000180)={0x12, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, r1}}, 0x18) 1.100721957s ago: executing program 3 (id=2628): sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x0, &(0x7f0000000200)=0x7) ptrace$ARCH_SHSTK_DISABLE(0x1e, r2, 0x1, 0x5002) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="940000000206050000000000000000000000000005000400000000000900020073797a30000000001400078008000c400000004c0500140004000000050005000a00000005000100060000000c000300686173683a6970002400078008001340fffffffd08000640000000060800064000000007080012"], 0x94}}, 0x0) 1.01970924s ago: executing program 2 (id=2629): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x0, 0x800}, 0x20) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$sock_buf(r6, 0x1, 0x3e, &(0x7f0000000000)=""/51, &(0x7f00000000c0)=0x33) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'veth1\x00', 0x0}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x25}, {0x54}, {0x6}]}) r9 = creat(&(0x7f0000001180)='./file0\x00', 0x0) pwritev(r9, &(0x7f0000000200), 0x0, 0x0, 0x3) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f00000031c0)={'ip6tnl0\x00', &(0x7f0000005200)={'ip6tnl0\x00', r8, 0x2f, 0x4, 0xa1, 0xffffffff, 0x1, @empty, @loopback, 0x8000, 0x1, 0x7, 0x6}}) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000004500)={'vxcan0\x00'}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000004e00)={'syztnl1\x00', &(0x7f00000003c0)={'syztnl0\x00', r8, 0x7800, 0x8, 0x7, 0x0, {{0x41, 0x4, 0x0, 0x7, 0x104, 0x67, 0x0, 0x6, 0x4, 0x0, @loopback, @multicast1, {[@lsrr={0x83, 0x1f, 0x68, [@broadcast, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x44}, @local]}, @cipso={0x86, 0x25, 0x3, [{0x7, 0x12, "712d920900000000000000313df8eb67"}, {0x5, 0xd, "26b1482b68fa2f894ae3b6"}]}, @end, @timestamp_prespec={0x44, 0x4, 0x2c, 0x3, 0x1}, @lsrr={0x83, 0x23, 0x2b, [@remote, @multicast2, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @loopback, @multicast1, @multicast1]}, @timestamp_addr={0x44, 0x44, 0x9c, 0x1, 0x5, [{@local, 0xff}, {@rand_addr=0x64010102, 0x2}, {@broadcast, 0x3}, {@local, 0x67be}, {@dev={0xac, 0x14, 0x14, 0x18}, 0x9}, {@private=0xa010101, 0x200}, {@broadcast, 0x8}, {@remote, 0xd}]}, @timestamp={0x44, 0x4, 0x45, 0x0, 0x8}, @cipso={0x86, 0x3c, 0x1, [{0x7, 0xf, "7f395b69daf4d005309e000000"}, {0x5, 0xb, "4050a4bae538da316f"}, {0x5, 0xa, "93df58afbe004713"}, {0x3, 0x8, "e9762e6a172f"}, {0x2, 0x8, "30b2f0a34a2b"}, {0x6, 0x2}]}]}}}}}) 760.23202ms ago: executing program 4 (id=2630): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x22042, 0x0) write$cgroup_int(r0, &(0x7f00000000c0)=0x7, 0x12) 98.077486ms ago: executing program 3 (id=2631): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x26, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast1}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x6, [{@dev}, {@multicast2}, {@dev}, {}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000180)={0x0, &(0x7f00000000c0)="2d063eab7f6f"}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 40.154499ms ago: executing program 2 (id=2632): r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1) eventfd2(0x7fffffff, 0x801) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x6, 0x2, 0x4}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x4, 0xfffffffffffffffe, &(0x7f0000000140)=0x19) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xe4010000, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000017000b63d25a80648c2594f941a3c92b", 0x14}], 0x1}, 0x0) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f0000000600)=[{0x0, 0x8611, 0xb9, &(0x7f0000000180)="9954865b603926677628d3e37266cd00414a897615d9e1ec6ed9760b59148534c555561f4e8df498a0745149182f05fc2dd4896c98bb0d6a45b68933d51b255144334472e123b160ae4f52fd2e15a53148c53b0cdd4651545c178cbefecf15f3dd97e88717152d6fbadc00abe2184f1f3f75d442fce5d0771dad3c1ffbc2f8b15ab2e93d79a96dcfe6921c5beed888d5a4abbd179b5a98c93d163698d09dfd244a2c54f5d2e0b761401e358501f3ad099d719f67be2fd51642"}], 0x1}) 0s ago: executing program 1 (id=2633): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x4, 0x0, 0x1f, 0xd, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350def07c4911f92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef86958a283762386ecf369274e43003a0fdff59ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f0131399207a173b15c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6cd33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642c47bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"}) kernel console output (not intermixed with test programs): v: batadv0: Removing interface: batadv_slave_0 [ 456.296775][ T3678] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 456.328113][ T3678] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 456.368975][ T3678] device bridge_slave_1 left promiscuous mode [ 456.404829][ T3678] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.435400][ T3678] device bridge_slave_0 left promiscuous mode [ 456.442395][ T3678] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.552851][ T3560] Bluetooth: hci2: command tx timeout [ 456.954330][ T3678] device veth1_macvtap left promiscuous mode [ 457.191882][ T3678] device veth0_macvtap left promiscuous mode [ 457.200077][ T3678] device veth0_vlan left promiscuous mode [ 457.935050][ T3678] bond1 (unregistering): Released all slaves [ 458.630780][ T3560] Bluetooth: hci2: command tx timeout [ 459.241200][ T26] audit: type=1326 audit(1719910080.180:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8896 comm="syz.2.1485" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 460.185829][ T3678] team0 (unregistering): Port device team_slave_1 removed [ 460.316907][ T3678] team0 (unregistering): Port device team_slave_0 removed [ 460.419870][ T3678] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 460.536523][ T3678] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 460.711182][ T3560] Bluetooth: hci2: command tx timeout [ 460.851209][ T8911] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 461.416076][ T3678] bond0 (unregistering): Released all slaves [ 461.801910][ T8783] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.871706][ T8783] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.995862][ T8783] device bridge_slave_1 entered promiscuous mode [ 462.065845][ T8783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.133770][ T8783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.585700][ T8783] team0: Port device team_slave_0 added [ 462.655197][ T8783] team0: Port device team_slave_1 added [ 462.840949][ T8783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 462.847964][ T8783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.160635][ T26] audit: type=1326 audit(1719910084.040:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8932 comm="syz.2.1495" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 463.764071][ T8783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.779275][ T8783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.788509][ T8783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.817021][ T8783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 463.965448][ T8783] device hsr_slave_0 entered promiscuous mode [ 463.995935][ T8783] device hsr_slave_1 entered promiscuous mode [ 464.040750][ T8783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 464.060615][ T8783] Cannot create hsr debugfs directory [ 464.728077][ T8955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 464.870792][ T3560] Bluetooth: hci0: command tx timeout [ 467.940777][ T26] audit: type=1326 audit(1719910088.680:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.3.1507" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff79a375b99 code=0x0 [ 468.853757][ T3631] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 469.970580][ T3631] usb 4-1: Using ep0 maxpacket: 32 [ 470.287888][ T8783] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 470.572758][ T8783] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 470.655208][ T8783] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 470.716787][ T9020] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 470.765569][ T8783] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 470.772534][ T3631] usb 4-1: no configurations [ 470.777172][ T3631] usb 4-1: can't read configurations, error -22 [ 470.930586][ T3631] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 471.246513][ T26] audit: type=1326 audit(1719910092.300:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9038 comm="syz.4.1517" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe3bc175b99 code=0x0 [ 471.280349][ T8783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 471.613071][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 471.659120][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 471.794325][ T8783] 8021q: adding VLAN 0 to HW filter on device team0 [ 471.972909][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 472.002330][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 472.073320][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.080475][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 472.316287][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 472.325801][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 472.335444][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.342660][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 472.382660][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 473.101392][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 473.122210][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 473.144065][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 473.192978][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 473.226097][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 473.265933][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 473.296728][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 473.349818][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 473.397495][ T8783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 473.486258][ T8783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 473.508994][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 473.556842][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 473.580008][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 474.149424][ T9100] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 474.156089][ T9100] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 474.219092][ T9100] vhci_hcd vhci_hcd.0: Device attached [ 474.323686][ T9095] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 474.402150][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 474.410278][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 474.437776][ T8783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 474.520736][ T8216] usb 16-1: SetAddress Request (10) to port 0 [ 474.524833][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 474.527385][ T8216] usb 16-1: new SuperSpeed USB device number 10 using vhci_hcd [ 474.554235][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 474.608260][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 474.625876][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 474.656998][ T8783] device veth0_vlan entered promiscuous mode [ 474.677197][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 474.685431][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 474.706510][ T8783] device veth1_vlan entered promiscuous mode [ 474.715457][ T9108] vhci_hcd: connection reset by peer [ 474.724117][ T3678] vhci_hcd: stop threads [ 474.728414][ T3678] vhci_hcd: release socket [ 474.746856][ T3678] vhci_hcd: disconnect device [ 474.801724][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 474.816269][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 474.849972][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 474.886176][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 474.928480][ T8783] device veth0_macvtap entered promiscuous mode [ 474.968209][ T8783] device veth1_macvtap entered promiscuous mode [ 475.047602][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 475.151862][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.193849][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 475.204479][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.215168][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 475.227052][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.237413][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 475.858307][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.926299][ T8783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 476.085821][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 476.131739][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 476.207781][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 476.261141][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 476.272356][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 476.297495][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.321287][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 476.331961][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.348574][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 476.365372][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.379040][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 476.410427][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.451496][ T8783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 476.489685][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 476.511335][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 476.580720][ T8783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.752516][ T8783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.787775][ T8783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.650219][ T8783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.171231][ T102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 479.179562][ T102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 479.767834][ T8216] usb 16-1: device descriptor read/8, error -110 [ 479.955678][ T3900] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 480.130915][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 480.241336][ T3900] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 480.387961][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 480.463771][ T9177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 480.490636][ T9195] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 480.497215][ T9195] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 480.541731][ T8216] usb usb16-port1: attempt power cycle [ 480.588594][ T9195] vhci_hcd vhci_hcd.0: Device attached [ 480.806108][ T9204] vhci_hcd: connection closed [ 480.807143][ T3678] vhci_hcd: stop threads [ 480.825551][ T3678] vhci_hcd: release socket [ 480.859087][ T3678] vhci_hcd: disconnect device [ 480.890706][ T8212] usb 14-1: enqueue for inactive port 0 [ 481.231774][ T8216] usb usb16-port1: unable to enumerate USB device [ 481.506883][ T8212] usb usb14-port1: attempt power cycle [ 482.801561][ T8212] usb usb14-port1: unable to enumerate USB device [ 483.080838][ T936] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 483.101598][ T9262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 483.340258][ T3897] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.696805][ T3897] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.781702][ T9290] netlink: 'syz.4.1567': attribute type 10 has an invalid length. [ 483.853584][ T9290] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 483.940982][ T936] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 483.949657][ T936] usb 3-1: config 1 has an invalid descriptor of length 110, skipping remainder of the config [ 483.996818][ T936] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 484.040586][ T936] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 101, changing to 10 [ 484.058925][ T3897] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.151741][ T936] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 10100, setting to 1024 [ 484.271165][ T9305] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1570'. [ 484.299725][ T3897] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.311466][ T936] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 484.337695][ T936] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 484.392164][ T936] usb 3-1: Product: syz [ 484.418161][ T936] usb 3-1: Manufacturer: syz [ 484.480885][ T9267] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 484.501562][ T936] cdc_wdm 3-1:1.0: skipping garbage [ 484.507464][ T936] cdc_wdm 3-1:1.0: skipping garbage [ 484.548308][ T936] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 484.574387][ T936] cdc_wdm 3-1:1.0: Unknown control protocol [ 484.646356][ T3565] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 484.658265][ T3565] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 484.671009][ T3565] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 484.682747][ T3565] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 484.694249][ T3565] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 484.702229][ T3565] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 484.717205][ T936] usb 3-1: USB disconnect, device number 21 [ 485.446484][ T9322] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 485.453040][ T9322] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 485.517607][ T9322] vhci_hcd vhci_hcd.0: Device attached [ 485.820627][ T7] usb 16-1: SetAddress Request (14) to port 0 [ 485.834048][ T7] usb 16-1: new SuperSpeed USB device number 14 using vhci_hcd [ 485.923509][ T9308] chnl_net:caif_netlink_parms(): no params data found [ 485.968739][ T9326] vhci_hcd: connection reset by peer [ 485.975395][ T3678] vhci_hcd: stop threads [ 485.979681][ T3678] vhci_hcd: release socket [ 485.998874][ T3678] vhci_hcd: disconnect device [ 486.486844][ T9343] netlink: 'syz.2.1575': attribute type 10 has an invalid length. [ 486.507204][ T9343] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1575'. [ 486.520951][ T9343] device bond0 entered promiscuous mode [ 486.526593][ T9343] device bond_slave_0 entered promiscuous mode [ 486.578961][ T9343] device bond_slave_1 entered promiscuous mode [ 486.618702][ T9343] bridge0: port 3(bond0) entered blocking state [ 486.649547][ T9343] bridge0: port 3(bond0) entered disabled state [ 486.673005][ T9343] bridge0: port 3(bond0) entered blocking state [ 486.679468][ T9343] bridge0: port 3(bond0) entered forwarding state [ 486.791016][ T3560] Bluetooth: hci2: command tx timeout [ 486.841422][ T9308] bridge0: port 1(bridge_slave_0) entered blocking state [ 486.848584][ T9308] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.906948][ T9308] device bridge_slave_0 entered promiscuous mode [ 487.023336][ T9308] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.048627][ T9308] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.071168][ T9308] device bridge_slave_1 entered promiscuous mode [ 487.275291][ T9308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 487.290235][ T9308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 487.658993][ T9349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.815127][ T3897] device hsr_slave_0 left promiscuous mode [ 487.860382][ T3897] device hsr_slave_1 left promiscuous mode [ 487.890884][ T3897] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 487.922119][ T3897] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 487.948419][ T3897] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 487.975921][ T3897] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 487.998411][ T3897] device bridge_slave_1 left promiscuous mode [ 488.016954][ T3897] bridge0: port 2(bridge_slave_1) entered disabled state [ 488.053247][ T3897] device bridge_slave_0 left promiscuous mode [ 488.067777][ T3897] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.201892][ T3897] device veth1_macvtap left promiscuous mode [ 488.209374][ T3897] device veth0_macvtap left promiscuous mode [ 488.224715][ T3897] device veth1_vlan left promiscuous mode [ 488.284128][ T3897] device veth0_vlan left promiscuous mode [ 488.548355][ T9389] overlayfs: missing 'lowerdir' [ 488.900856][ T3560] Bluetooth: hci2: command tx timeout [ 489.619226][ T9404] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1587'. [ 489.857801][ T9408] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 489.864371][ T9408] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 489.893663][ T9408] vhci_hcd vhci_hcd.0: Device attached [ 490.200604][ T8216] usb 14-1: SetAddress Request (22) to port 0 [ 490.209313][ T8216] usb 14-1: new SuperSpeed USB device number 22 using vhci_hcd [ 490.532813][ T9410] vhci_hcd: connection reset by peer [ 490.540323][ T4026] vhci_hcd: stop threads [ 490.559560][ T4026] vhci_hcd: release socket [ 490.571837][ T4026] vhci_hcd: disconnect device [ 490.950708][ T7] usb 16-1: device descriptor read/8, error -110 [ 490.952509][ T3565] Bluetooth: hci2: command tx timeout [ 491.033128][ T3897] team0 (unregistering): Port device team_slave_1 removed [ 491.128987][ T3897] team0 (unregistering): Port device team_slave_0 removed [ 491.252135][ T3897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 491.312258][ T3897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 491.371600][ T7] usb usb16-port1: attempt power cycle [ 491.943149][ T3897] bond0 (unregistering): Released all slaves [ 492.031460][ T7] usb usb16-port1: unable to enumerate USB device [ 492.044934][ T9308] team0: Port device team_slave_0 added [ 492.116187][ T9308] team0: Port device team_slave_1 added [ 492.286051][ T9308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 492.307832][ T9308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 492.388687][ T9308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 492.451952][ T9308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 492.490220][ T9308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 492.637226][ T9308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 492.792696][ T9308] device hsr_slave_0 entered promiscuous mode [ 492.894939][ T9443] overlayfs: missing 'lowerdir' [ 493.056643][ T9308] device hsr_slave_1 entered promiscuous mode [ 493.080686][ T3565] Bluetooth: hci2: command tx timeout [ 493.119664][ T9426] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 493.256501][ T9308] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 493.460701][ T9308] Cannot create hsr debugfs directory [ 494.868847][ T9308] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 494.879135][ T9308] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 494.900429][ T9308] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 494.925390][ T9308] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 495.198716][ T9481] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1602'. [ 495.269202][ T9308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 495.280797][ T8216] usb 14-1: device descriptor read/8, error -110 [ 495.357815][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 495.381809][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 495.433583][ T9308] 8021q: adding VLAN 0 to HW filter on device team0 [ 495.491780][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 495.514062][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 495.576700][ T936] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.583883][ T936] bridge0: port 1(bridge_slave_0) entered forwarding state [ 495.675708][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 495.693029][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 495.711406][ T8216] usb usb14-port1: attempt power cycle [ 495.738394][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 495.808228][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.815623][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 495.906471][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 495.945581][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 496.025265][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 496.047612][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 496.070907][ T3565] Bluetooth: hci2: command tx timeout [ 496.077123][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 496.102329][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 496.120799][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 496.137181][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 496.159618][ T9308] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 496.187722][ T9308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 496.208579][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 496.235409][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 496.338142][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 496.371574][ T8216] usb usb14-port1: unable to enumerate USB device [ 497.221205][ T9515] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1609'. [ 498.263045][ T8216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 498.276639][ T8216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 498.494208][ T9308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 498.929671][ T9521] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 499.183214][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 499.211014][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 499.337744][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 499.381450][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 499.420249][ T9308] device veth0_vlan entered promiscuous mode [ 499.458632][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 499.471446][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 499.523189][ T9308] device veth1_vlan entered promiscuous mode [ 499.629066][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 499.652939][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 499.681617][ T9308] device veth0_macvtap entered promiscuous mode [ 499.722603][ T9308] device veth1_macvtap entered promiscuous mode [ 499.806481][ T9308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.861408][ T9308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.873280][ T9553] overlayfs: failed to clone upperpath [ 499.891689][ T9308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.909994][ T9308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.930247][ T9308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.956719][ T9308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.987396][ T9308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.004523][ T9308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.035587][ T9308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 500.073594][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 500.088454][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 500.152576][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 500.187318][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 500.212387][ T9308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.257175][ T9308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.302915][ T9308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.340792][ T9308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.378029][ T9308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.396611][ T26] audit: type=1400 audit(1719910121.450:96): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=02 pid=9564 comm="syz.0.1619" [ 500.445812][ T9308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.490333][ T26] audit: type=1800 audit(1719910121.540:97): pid=9568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1620" name="memory.events" dev="sda1" ino=1985 res=0 errno=0 [ 500.521314][ T9308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.555411][ T9308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.563020][ T26] audit: type=1804 audit(1719910121.600:98): pid=9568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1620" name="/root/syzkaller.h9jcsK/195/memory.events" dev="sda1" ino=1985 res=1 errno=0 [ 500.600008][ T9308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 500.636752][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 500.656923][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 500.691461][ T9308] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.709633][ T9308] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.770291][ T9308] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.813476][ T9308] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.103945][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.166400][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.235500][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 501.258889][ T3897] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.286000][ T3897] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.366022][ T8211] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 501.437856][ T1252] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.444365][ T1252] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.188500][ T9585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 502.853961][ T9623] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns [ 503.995200][ T9640] overlayfs: conflicting lowerdir path [ 505.514757][ T9652] netlink: 'syz.3.1645': attribute type 3 has an invalid length. [ 506.206447][ T9672] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns [ 506.239211][ T9672] kvm: pic: non byte write [ 506.505783][ T9655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 508.714978][ T26] audit: type=1800 audit(1719910129.770:99): pid=9732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1665" name="bus" dev="sda1" ino=1995 res=0 errno=0 [ 509.142226][ T9733] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 512.606754][ T26] audit: type=1326 audit(1719910133.660:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9790 comm="syz.2.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x7ffc0000 [ 512.658060][ T26] audit: type=1326 audit(1719910133.660:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9790 comm="syz.2.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7fcfba175b99 code=0x7ffc0000 [ 512.739898][ T9795] nfs: Unknown parameter 'ñ&\^' [ 512.792817][ T26] audit: type=1326 audit(1719910133.660:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9790 comm="syz.2.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x7ffc0000 [ 513.480572][ T26] audit: type=1326 audit(1719910133.660:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9790 comm="syz.2.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x7ffc0000 [ 513.621915][ T9784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 514.872363][ T9818] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns [ 516.289137][ T9835] netlink: 'syz.3.1695': attribute type 1 has an invalid length. [ 517.317987][ T9837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 517.992558][ T9861] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns [ 520.444414][ T9909] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns [ 521.161293][ T9905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 523.743187][ T9951] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns [ 524.601830][ T9971] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1734'. [ 524.798968][ T9963] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 525.184151][ T9981] netlink: 'syz.1.1737': attribute type 29 has an invalid length. [ 525.301962][ T9981] netlink: 'syz.1.1737': attribute type 29 has an invalid length. [ 525.385580][ T9982] netlink: 'syz.1.1737': attribute type 29 has an invalid length. [ 526.110166][T10001] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1745'. [ 526.259553][ T3560] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 526.269715][ T3560] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 526.279944][ T3560] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 526.304638][ T3564] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 526.315332][ T3564] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 526.324108][ T3564] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 526.360589][ T8206] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 526.594874][T10006] chnl_net:caif_netlink_parms(): no params data found [ 526.731690][T10006] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.738916][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.747385][T10006] device bridge_slave_0 entered promiscuous mode [ 526.756303][T10006] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.763637][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.763860][ T8206] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 526.772221][T10006] device bridge_slave_1 entered promiscuous mode [ 526.803522][ T8206] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 526.823260][ T8206] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 526.836732][T10006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 526.856828][ T8206] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.863883][T10006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 526.906544][ T8206] usb 3-1: config 0 descriptor?? [ 526.951708][T10000] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 526.973153][ T8206] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 527.008273][T10016] netlink: 'syz.3.1748': attribute type 11 has an invalid length. [ 527.025888][T10006] team0: Port device team_slave_0 added [ 527.050941][T10006] team0: Port device team_slave_1 added [ 527.138786][T10006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 527.197739][T10006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 527.223670][ C1] vkms_vblank_simulate: vblank timer overrun [ 527.241597][T10006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 527.262523][T10006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 527.269654][T10006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 527.332565][T10006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.696262][ T3564] Bluetooth: hci4: command tx timeout [ 528.818651][T10006] device hsr_slave_0 entered promiscuous mode [ 528.859109][T10006] device hsr_slave_1 entered promiscuous mode [ 528.896005][T10006] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 529.015295][T10006] Cannot create hsr debugfs directory [ 529.076265][ T26] audit: type=1326 audit(1719910150.130:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10036 comm="syz.3.1754" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff79a375b99 code=0x0 [ 529.304633][T10042] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1755'. [ 529.467544][T10006] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.757811][T10047] netlink: 'syz.0.1756': attribute type 24 has an invalid length. [ 530.228419][T10006] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.380838][ T936] usb 3-1: USB disconnect, device number 22 [ 530.643395][T10006] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.720647][ T3565] Bluetooth: hci4: command tx timeout [ 530.966380][T10006] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.810356][T10006] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 531.849390][T10006] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 531.876674][T10006] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 531.907788][T10006] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 532.107254][T10006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 532.195523][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 532.209117][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 532.223945][T10006] 8021q: adding VLAN 0 to HW filter on device team0 [ 532.245201][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 532.291601][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 532.300253][ T8213] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.307447][ T8213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 532.345577][ T8212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 532.363561][ T8212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 532.378735][ T8212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 532.387332][T10074] loop2: detected capacity change from 0 to 4096 [ 532.408851][T10074] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 532.409436][ T8212] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.425159][ T8212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 532.490975][ T8212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 532.492316][T10074] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 532.512774][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 532.553030][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 532.592031][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 532.620243][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 532.682943][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 532.709273][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 532.736919][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 532.766467][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 532.797492][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 532.800876][ T3565] Bluetooth: hci4: command tx timeout [ 532.846045][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 532.912168][T10006] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 534.197892][T10006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 534.215674][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 534.224313][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 534.964502][ T3565] Bluetooth: hci4: command tx timeout [ 535.910954][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 535.930313][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 535.990268][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 536.003253][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 536.029251][T10006] device veth0_vlan entered promiscuous mode [ 536.044982][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 536.057784][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 536.083856][T10006] device veth1_vlan entered promiscuous mode [ 536.163055][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 536.177581][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 536.186937][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 536.196727][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 536.208876][T10006] device veth0_macvtap entered promiscuous mode [ 536.225230][T10006] device veth1_macvtap entered promiscuous mode [ 536.336451][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 536.370424][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 536.381033][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 536.392704][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 536.402612][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 536.413109][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 536.429057][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.052162][ T3564] Bluetooth: hci4: command tx timeout [ 537.080599][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.383451][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.434931][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.526469][T10006] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 537.581994][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 537.597913][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 537.657268][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 537.718485][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 537.818650][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 537.870524][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.897339][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 537.948910][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.978988][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.009150][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.040125][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.069851][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.109916][T10006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.140835][T10006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.167055][T10006] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 538.198944][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 538.229016][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 538.259842][T10006] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.280927][T10006] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.304892][T10006] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.328557][T10006] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.548723][ T4026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 538.571190][ T4026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.621990][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 538.660900][ T9946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 538.684734][ T9946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.722616][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 539.007350][T10172] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns [ 541.804863][T10216] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns [ 543.173718][T10237] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 543.190591][T10237] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 543.499841][T10255] kvm: pic: non byte write [ 543.588426][T10257] loop2: detected capacity change from 0 to 4096 [ 543.625821][T10257] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 543.705809][T10257] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 546.713861][T10309] kvm: pic: non byte write [ 546.920630][ T8211] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 546.928350][ T8212] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 547.170865][ T8211] usb 3-1: Using ep0 maxpacket: 32 [ 547.180885][ T8212] usb 4-1: Using ep0 maxpacket: 8 [ 547.300843][ T8212] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 547.313164][ T8211] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 547.347011][ T8212] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 547.360619][ T8211] usb 3-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 547.400576][ T8211] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.412703][ T8212] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 547.509525][ T8211] usb 3-1: config 0 descriptor?? [ 547.517428][ T8212] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 547.540871][ T26] audit: type=1326 audit(1719910168.590:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10315 comm="syz.0.1834" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d32d75b99 code=0x0 [ 547.700906][ T8211] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 547.764014][ T8212] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 548.011881][ T8212] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.660763][ T8212] usb 4-1: GET_CAPABILITIES returned 0 [ 548.666308][ T8212] usbtmc 4-1:16.0: can't read capabilities [ 549.314318][ T8212] usb 4-1: USB disconnect, device number 26 [ 550.847984][T10359] delete_channel: no stack [ 551.413542][ T26] audit: type=1326 audit(1719910172.470:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.2.1847" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 552.069966][T10379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 552.219351][T10379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 553.349134][T10396] kvm: pic: non byte write [ 555.393248][ T26] audit: type=1326 audit(1719910176.450:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10415 comm="syz.1.1862" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x0 [ 556.570829][ T8212] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 556.890673][ T8212] usb 2-1: Using ep0 maxpacket: 8 [ 557.501489][ T8212] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 557.620664][ T8212] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 557.846244][ T8212] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 557.857455][ T8212] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 557.871365][ T8212] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 557.880451][ T8212] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.790830][ T8212] usb 2-1: GET_CAPABILITIES returned 0 [ 558.796395][ T8212] usbtmc 2-1:16.0: can't read capabilities [ 559.646778][ T3597] usb 2-1: USB disconnect, device number 34 [ 559.838819][T10470] loop2: detected capacity change from 0 to 4096 [ 559.870337][T10470] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 560.204681][T10470] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 560.382606][ T26] audit: type=1326 audit(1719910181.440:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10475 comm="syz.3.1880" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff79a375b99 code=0x0 [ 560.715580][T10489] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1885'. [ 560.911588][T10494] kvm: pic: non byte write [ 562.166265][T10514] loop4: detected capacity change from 0 to 4096 [ 562.185326][T10514] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 562.304561][T10514] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 562.413935][T10520] tmpfs: Unknown parameter 'usrquota' [ 562.445538][T10522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 562.487011][T10522] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 562.719012][T10505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 562.872887][ T1252] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.879811][ T1252] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.350979][ T3564] Bluetooth: hci4: command 0x0401 tx timeout [ 564.977389][T10553] loop2: detected capacity change from 0 to 4096 [ 565.043297][T10553] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 565.116801][T10553] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 565.783480][T10566] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 567.270816][ T3565] Bluetooth: hci4: command 0x0401 tx timeout [ 567.608525][T10623] netlink: 'syz.2.1931': attribute type 29 has an invalid length. [ 567.937872][T10623] netlink: 'syz.2.1931': attribute type 29 has an invalid length. [ 568.163038][T10630] netlink: 'syz.2.1931': attribute type 29 has an invalid length. [ 568.229688][T10631] netlink: 'syz.2.1931': attribute type 29 has an invalid length. [ 568.532515][T10624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 570.410888][ T3565] Bluetooth: hci4: command 0x0401 tx timeout [ 571.793229][T10680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 573.191048][ T3564] Bluetooth: hci4: command 0x0401 tx timeout [ 574.767686][T10737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 575.863249][T10776] sctp: [Deprecated]: syz.1.1981 (pid 10776) Use of int in max_burst socket option. [ 575.863249][T10776] Use struct sctp_assoc_value instead [ 575.892578][T10780] 9pnet_fd: Insufficient options for proto=fd [ 576.287309][ T3564] Bluetooth: hci4: command 0x0401 tx timeout [ 577.734774][T10818] 9pnet_fd: Insufficient options for proto=fd [ 577.998694][T10797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 579.522952][ T3565] Bluetooth: hci4: command 0x0401 tx timeout [ 580.320425][T10856] 9pnet_fd: Insufficient options for proto=fd [ 580.327847][T10855] device veth1_macvtap left promiscuous mode [ 580.370893][T10855] device macsec0 entered promiscuous mode [ 581.937174][T10878] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 582.632376][T10905] 9pnet_fd: Insufficient options for proto=fd [ 584.088661][ T3565] Bluetooth: hci4: command 0x0401 tx timeout [ 584.351781][T10938] 9pnet_fd: Insufficient options for proto=fd [ 585.663258][T10956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 586.068407][ T3657] kernel write not supported for file /snd/seq (pid: 3657 comm: kworker/1:9) [ 587.071707][ T3565] Bluetooth: hci4: command 0x0401 tx timeout [ 587.111554][ T8212] kernel write not supported for file /snd/seq (pid: 8212 comm: kworker/1:11) [ 589.474272][T11034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 590.950914][ T3564] Bluetooth: hci4: command 0x0401 tx timeout [ 591.482887][ T26] audit: type=1326 audit(1719910212.540:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11070 comm="syz.2.2079" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 593.857579][ T14] kernel write not supported for file /snd/seq (pid: 14 comm: kworker/0:1) [ 595.373286][ T936] kernel write not supported for file /snd/seq (pid: 936 comm: kworker/0:2) [ 595.739539][ T26] audit: type=1326 audit(1719910216.790:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11115 comm="syz.2.2094" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 597.119382][ T936] kernel write not supported for file /snd/seq (pid: 936 comm: kworker/0:2) [ 597.169066][T11153] netlink: 'syz.0.2106': attribute type 10 has an invalid length. [ 597.206543][T11153] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 598.472571][ T26] audit: type=1326 audit(1719910219.530:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11170 comm="syz.4.2112" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3ec175b99 code=0x0 [ 600.251021][T11199] 9pnet_fd: Insufficient options for proto=fd [ 601.895505][ T26] audit: type=1326 audit(1719910222.950:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11219 comm="syz.4.2128" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3ec175b99 code=0x0 [ 603.504219][T11246] 9pnet_fd: Insufficient options for proto=fd [ 604.848648][ T26] audit: type=1326 audit(1719910225.900:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.1.2142" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x0 [ 605.753879][T11289] 9pnet_fd: Insufficient options for proto=fd [ 607.988666][ T26] audit: type=1326 audit(1719910228.800:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11316 comm="syz.1.2157" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x0 [ 611.030714][ T3565] Bluetooth: hci2: command 0x0406 tx timeout [ 611.550704][ T26] audit: type=1326 audit(1719910232.580:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11373 comm="syz.1.2174" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x0 [ 615.625200][ T26] audit: type=1326 audit(1719910236.270:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11420 comm="syz.2.2187" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 616.634609][T11455] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2197'. [ 618.171301][ T26] audit: type=1326 audit(1719910239.200:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.1.2202" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x0 [ 619.150405][ T3565] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 619.640865][ T3565] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 619.652692][ T3565] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 619.664080][ T3565] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 619.672108][ T3565] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 619.681102][ T3565] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 620.284269][T11477] chnl_net:caif_netlink_parms(): no params data found [ 620.518076][T11477] bridge0: port 1(bridge_slave_0) entered blocking state [ 620.541964][T11477] bridge0: port 1(bridge_slave_0) entered disabled state [ 620.558922][T11477] device bridge_slave_0 entered promiscuous mode [ 620.577714][T11477] bridge0: port 2(bridge_slave_1) entered blocking state [ 620.598379][T11477] bridge0: port 2(bridge_slave_1) entered disabled state [ 620.620386][T11477] device bridge_slave_1 entered promiscuous mode [ 620.665086][T11477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 620.678398][T11477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 620.742407][T11477] team0: Port device team_slave_0 added [ 620.753538][T11477] team0: Port device team_slave_1 added [ 620.817153][T11477] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 620.829036][T11477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.862848][T11477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 620.876242][T11477] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 620.883788][T11477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.911102][T11477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 621.075529][T11477] device hsr_slave_0 entered promiscuous mode [ 621.082939][T11477] device hsr_slave_1 entered promiscuous mode [ 621.090113][T11477] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 621.098486][T11477] Cannot create hsr debugfs directory [ 621.170675][ T26] audit: type=1326 audit(1719910242.220:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11515 comm="syz.0.2214" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d32d75b99 code=0x0 [ 621.840975][ T3565] Bluetooth: hci6: command tx timeout [ 621.968971][T11477] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.464938][T11477] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.507429][T11528] netlink: 'syz.2.2216': attribute type 1 has an invalid length. [ 622.515415][T11528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2216'. [ 622.543376][T11477] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.700649][T11477] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.960984][ T3565] Bluetooth: hci6: command tx timeout [ 624.122923][T11477] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 624.182490][T11477] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 624.224061][T11477] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 624.261662][T11477] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 624.312212][ T1252] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.319471][ T1252] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.592865][ T26] audit: type=1326 audit(1719910245.650:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11550 comm="syz.0.2224" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d32d75b99 code=0x0 [ 625.330885][T11477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 625.381763][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 625.391319][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 625.437048][T11477] 8021q: adding VLAN 0 to HW filter on device team0 [ 625.477771][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 625.616922][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 625.640275][ T3657] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.647552][ T3657] bridge0: port 1(bridge_slave_0) entered forwarding state [ 625.727981][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 625.760571][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 625.933292][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 626.048269][ T27] bridge0: port 2(bridge_slave_1) entered blocking state [ 626.055570][ T27] bridge0: port 2(bridge_slave_1) entered forwarding state [ 626.064315][ T3564] Bluetooth: hci6: command tx timeout [ 626.297625][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 626.321844][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 626.363788][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 626.401352][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 626.496220][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 626.508540][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 626.529247][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 626.580025][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 626.599069][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 626.626854][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 626.654932][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 626.687746][T11477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 627.570973][ T26] audit: type=1326 audit(1719910248.540:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.2.2234" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 628.041142][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 628.048890][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 628.082539][T11477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 628.089418][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880607d0800: rx timeout, send abort [ 628.150962][ T3565] Bluetooth: hci6: command tx timeout [ 628.209657][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 628.229459][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 628.271931][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 628.291746][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 628.313360][T11477] device veth0_vlan entered promiscuous mode [ 628.331604][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 628.339629][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 628.363137][T11477] device veth1_vlan entered promiscuous mode [ 628.436919][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 628.456591][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 628.478184][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 628.495816][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 628.531802][T11477] device veth0_macvtap entered promiscuous mode [ 628.558409][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 628.582822][T11477] device veth1_macvtap entered promiscuous mode [ 628.591059][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880607d0800: abort rx timeout. Force session deactivation [ 628.630160][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.642124][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.663011][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.674275][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.686113][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.697193][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.833946][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.844751][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.854731][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.868068][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.878248][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.889216][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 629.589824][T11477] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 629.661151][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 629.690719][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 629.824081][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 629.894105][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 629.928404][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 629.969611][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.000296][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 630.051473][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.079662][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 630.100806][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.188316][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 630.232273][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.277743][T11477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 630.327787][T11477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.670883][ T26] audit: type=1326 audit(1719910251.470:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11627 comm="syz.2.2245" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 630.825009][T11477] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 630.977095][T11477] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.046761][T11477] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.090582][T11477] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.140792][T11477] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.152898][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 631.189243][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 631.647762][ T3678] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 631.713476][ T3678] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 631.742544][ T3564] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 631.763100][ T3564] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 631.777270][ T3564] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 631.808329][ T3564] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 631.827560][ T3564] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 631.839573][ T3564] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 632.255392][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 632.381154][ T3897] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 632.400037][ T3897] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 632.410280][ T26] audit: type=1804 audit(1719910253.460:122): pid=11642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2247" name="/root/syzkaller.wDnykW/131/bus/file0" dev="overlay" ino=2012 res=1 errno=0 [ 632.444968][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 632.996757][T11636] chnl_net:caif_netlink_parms(): no params data found [ 633.271522][T11636] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.286296][T11636] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.308514][T11636] device bridge_slave_0 entered promiscuous mode [ 633.318990][T11636] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.330389][T11636] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.339567][T11636] device bridge_slave_1 entered promiscuous mode [ 633.411845][T11636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 633.435783][T11636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 633.646964][T11636] team0: Port device team_slave_0 added [ 633.793903][T11636] team0: Port device team_slave_1 added [ 633.850992][ T26] audit: type=1326 audit(1719910254.860:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.2.2254" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 633.912445][ T3565] Bluetooth: hci7: command tx timeout [ 634.360631][T11636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 634.388083][T11636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 634.511490][T11636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 634.524607][T11636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 634.537576][T11636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 634.567881][T11636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 634.594847][T11673] netlink: 'syz.1.2257': attribute type 3 has an invalid length. [ 634.704309][T11636] device hsr_slave_0 entered promiscuous mode [ 634.723198][T11636] device hsr_slave_1 entered promiscuous mode [ 634.744373][T11636] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 634.759255][T11636] Cannot create hsr debugfs directory [ 635.040646][ T3898] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 635.060056][T11636] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.202543][T11636] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.367782][T11636] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.594245][T11636] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.920913][ T3898] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 635.950815][ T3898] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 635.960307][T11636] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 635.994098][ T3898] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 635.998122][T11636] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 636.014317][T11636] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 636.019690][ T3565] Bluetooth: hci7: command tx timeout [ 636.032487][T11636] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 636.039224][ T3898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.052645][ T3898] usb 2-1: config 0 descriptor?? [ 636.071138][T11680] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 636.092837][ T3898] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 636.335794][T11636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 636.354822][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 636.363937][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 636.377083][T11636] 8021q: adding VLAN 0 to HW filter on device team0 [ 636.394174][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 636.404799][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 636.414511][ T3898] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.421731][ T3898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 636.443536][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 636.452762][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 636.462596][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 636.473038][ T3629] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.480392][ T3629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 636.488861][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 636.499601][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 636.523174][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 636.536084][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 636.545831][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 636.556377][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 636.573525][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 636.582355][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 636.591995][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 636.602312][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 636.612122][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 636.623273][T11636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 636.900006][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 636.919351][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 636.938951][T11636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 636.947907][T11699] netlink: 'syz.2.2265': attribute type 3 has an invalid length. [ 637.431721][ T26] audit: type=1326 audit(1719910258.480:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.2.2267" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 638.047643][ T8212] usb 2-1: USB disconnect, device number 35 [ 638.103360][ T3565] Bluetooth: hci7: command tx timeout [ 638.295609][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 638.310702][T11713] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 638.331650][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 638.392256][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 638.406915][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 638.429528][T11636] device veth0_vlan entered promiscuous mode [ 638.437659][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 638.456891][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 638.474178][T11636] device veth1_vlan entered promiscuous mode [ 638.540169][ T8212] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 638.557497][ T8212] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 638.576359][ T8212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 638.596798][ T8212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 638.614899][T11636] device veth0_macvtap entered promiscuous mode [ 638.636285][T11636] device veth1_macvtap entered promiscuous mode [ 638.679582][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.699628][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.710711][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.731841][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.754853][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.789006][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.831118][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.853297][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.876595][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.900011][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.923748][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.964468][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.987115][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 639.014876][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 639.055039][T11636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 639.075358][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 639.084597][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 639.102144][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 639.119832][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 639.140230][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 639.175937][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 639.206234][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 639.240476][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 639.260508][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 639.294152][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 639.306292][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 639.320382][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 639.330507][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 639.341220][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 639.351204][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 639.368916][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 639.397484][T11636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 639.434456][T11636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 639.459958][T11636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 639.488304][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 639.502373][ T3629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 639.522982][T11636] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.540892][T11636] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.559762][T11636] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.579166][T11636] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.764840][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 639.793826][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 639.837760][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 639.855021][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 639.873581][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 639.901636][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 639.990879][ T3565] Bluetooth: hci4: command 0x0401 tx timeout [ 640.152549][ T3565] Bluetooth: hci7: command tx timeout [ 640.284411][T11742] netlink: 'syz.4.2275': attribute type 3 has an invalid length. [ 641.628996][ T26] audit: type=1326 audit(1719910262.350:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11752 comm="syz.2.2280" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 642.229682][T11774] overlayfs: failed to resolve '/./file0': -2 [ 642.788960][T11761] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 644.006782][ T26] audit: type=1326 audit(1719910265.060:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.2293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x0 [ 644.390553][ T3565] Bluetooth: hci4: command 0x0401 tx timeout [ 644.555307][T11805] overlayfs: failed to resolve '/./file0': -2 [ 644.814086][T11809] netlink: 'syz.3.2298': attribute type 3 has an invalid length. [ 645.054418][ T3564] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 645.065060][ T3564] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 645.074946][ T3564] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 645.085718][ T3564] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 645.105101][ T3564] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 645.115167][ T3564] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 645.525877][T11815] chnl_net:caif_netlink_parms(): no params data found [ 645.792457][T11815] bridge0: port 1(bridge_slave_0) entered blocking state [ 645.799700][T11815] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.841170][T11815] device bridge_slave_0 entered promiscuous mode [ 645.867750][T11831] 9pnet_fd: Insufficient options for proto=fd [ 645.868879][T11815] bridge0: port 2(bridge_slave_1) entered blocking state [ 645.904685][T11815] bridge0: port 2(bridge_slave_1) entered disabled state [ 645.933403][T11815] device bridge_slave_1 entered promiscuous mode [ 646.043895][T11815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.078337][T11815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 646.186081][T11815] team0: Port device team_slave_0 added [ 646.229947][T11815] team0: Port device team_slave_1 added [ 646.302252][T11815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 646.319464][T11815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 646.387200][T11815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 646.421272][T11815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 646.428278][T11815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 646.521953][T11825] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 646.540949][T11815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 646.745876][T11815] device hsr_slave_0 entered promiscuous mode [ 646.758434][T11815] device hsr_slave_1 entered promiscuous mode [ 646.771646][T11815] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 646.779973][T11815] Cannot create hsr debugfs directory [ 647.191132][ T3565] Bluetooth: hci8: command tx timeout [ 647.760890][ T26] audit: type=1326 audit(1719910268.780:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11847 comm="syz.1.2307" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x0 [ 648.054078][ T3560] Bluetooth: hci4: command 0x0401 tx timeout [ 648.154011][T11815] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.312156][T11815] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.529938][T11864] 9pnet_fd: Insufficient options for proto=fd [ 648.605188][T11815] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.802183][T11815] bond0: (slave netdevsim0): Releasing backup interface [ 648.841326][T11815] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.268935][T11815] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 649.277038][ T3560] Bluetooth: hci8: command tx timeout [ 649.294080][T11815] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 649.321991][T11815] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 649.343411][T11885] usb usb9: usbfs: process 11885 (syz.3.2317) did not claim interface 0 before use [ 649.368420][T11815] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 649.396965][T11885] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 649.583996][T11815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 649.629811][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 649.661574][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 649.674698][T11815] 8021q: adding VLAN 0 to HW filter on device team0 [ 649.688907][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 649.712494][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 649.731389][ T27] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.738548][ T27] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.758479][T11873] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 649.782358][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 649.792493][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 649.819413][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 649.839346][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.846598][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 649.871328][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 649.891240][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 649.940123][ T8211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 649.968775][ T8211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 649.990130][ T8211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 650.020785][ T8211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 650.040126][ T8211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 650.061084][ T8211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 650.069781][ T8211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 650.099167][ T8211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 650.114179][T11815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 650.143623][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 651.115990][ T26] audit: type=1326 audit(1719910272.160:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11896 comm="syz.4.2320" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdabf375b99 code=0x0 [ 651.407127][ T3565] Bluetooth: hci4: command 0x0401 tx timeout [ 651.415970][ T3560] Bluetooth: hci8: command tx timeout [ 651.560402][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 651.568334][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 651.592149][T11910] 9pnet_fd: Insufficient options for proto=fd [ 651.614108][T11815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 651.712993][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 651.752977][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 651.846320][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 651.863371][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 651.883114][T11815] device veth0_vlan entered promiscuous mode [ 651.899869][T11540] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 651.913732][T11540] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 651.939781][T11815] device veth1_vlan entered promiscuous mode [ 652.915468][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 653.005252][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 653.139967][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807859a000: rx timeout, send abort [ 653.282046][T11540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 653.301271][T11540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 653.354984][T11815] device veth0_macvtap entered promiscuous mode [ 653.391194][T11815] device veth1_macvtap entered promiscuous mode [ 653.430689][T11906] Bluetooth: hci8: command tx timeout [ 653.433150][ T3564] Bluetooth: hci4: command 0x0401 tx timeout [ 653.496107][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.531876][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.552752][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.563381][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.573306][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.583885][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.594155][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.606726][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.616747][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.627576][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.637665][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.648710][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807859a000: abort rx timeout. Force session deactivation [ 653.697734][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.743946][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.769811][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.780290][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.792458][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.820040][T11815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 653.845930][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 653.855685][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 653.865016][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 653.875256][T11932] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 653.887331][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 653.899768][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 653.928164][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.938296][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 653.949592][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.959606][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 653.970163][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.980053][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 653.992003][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.002179][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.014002][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.023988][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.034539][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.044435][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.054998][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.064882][T11815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.085744][T11815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.103734][T11815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 654.121148][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 654.131107][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 654.154967][T11815] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.176713][T11815] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.186909][T11815] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.197066][T11815] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.740663][T11754] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 655.749097][T11754] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 655.871327][T11540] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 656.089945][ T3564] Bluetooth: hci4: command tx timeout [ 656.409917][ T26] audit: type=1326 audit(1719910277.260:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11954 comm="syz.2.2333" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 657.054386][T11754] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 657.078964][T11966] 9pnet_fd: Insufficient options for proto=fd [ 657.087630][T11754] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 657.146380][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 658.594315][T11969] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 658.600890][T11969] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 658.620870][T11969] vhci_hcd vhci_hcd.0: Device attached [ 658.891874][T11972] vhci_hcd: connection closed [ 658.892223][ T3678] vhci_hcd: stop threads [ 658.930596][ T3898] usb 16-1: SetAddress Request (18) to port 0 [ 658.937498][ T3898] usb 16-1: new SuperSpeed USB device number 18 using vhci_hcd [ 659.049284][ T3678] vhci_hcd: release socket [ 659.054200][ T3678] vhci_hcd: disconnect device [ 660.034006][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e56b800: rx timeout, send abort [ 660.542299][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e56b800: abort rx timeout. Force session deactivation [ 662.309505][ T26] audit: type=1326 audit(1719910283.360:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12010 comm="syz.1.2345" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x0 [ 662.344187][T12026] 9pnet_fd: Insufficient options for proto=fd [ 664.070640][ T3898] usb 16-1: device descriptor read/8, error -110 [ 664.371896][T12050] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 664.378498][T12050] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 664.389125][T12050] vhci_hcd vhci_hcd.0: Device attached [ 664.709764][ T3898] usb usb16-port1: attempt power cycle [ 665.460989][T12051] vhci_hcd: connection closed [ 665.461442][ T11] vhci_hcd: stop threads [ 665.520784][ T3629] usb 18-1: SetAddress Request (14) to port 0 [ 665.527062][ T3629] usb 18-1: new SuperSpeed USB device number 14 using vhci_hcd [ 665.537060][ T11] vhci_hcd: release socket [ 665.590672][ T11] vhci_hcd: disconnect device [ 665.630615][ T3629] usb 18-1: enqueue for inactive port 0 [ 665.761506][ C1] vcan0: j1939_tp_rxtimer: 0xffff88801269e400: rx timeout, send abort [ 665.972025][ T3898] usb usb16-port1: unable to enumerate USB device [ 666.051838][ T3629] usb usb18-port1: attempt power cycle [ 666.268192][T12073] 9pnet_fd: Insufficient options for proto=fd [ 666.269777][ C1] vcan0: j1939_tp_rxtimer: 0xffff88801269e400: abort rx timeout. Force session deactivation [ 666.850246][ T26] audit: type=1326 audit(1719910287.900:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12076 comm="syz.0.2366" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f314a375b99 code=0x0 [ 666.884971][ T3629] usb usb18-port1: unable to enumerate USB device [ 668.482060][T12094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 669.332597][ T26] audit: type=1326 audit(1719910289.920:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12120 comm="syz.0.2380" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f314a375b99 code=0x0 [ 669.910713][ T3564] Bluetooth: hci4: command tx timeout [ 670.739011][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d52ac00: rx timeout, send abort [ 671.277560][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d52ac00: abort rx timeout. Force session deactivation [ 671.288998][ T26] audit: type=1326 audit(1719910292.330:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12147 comm="syz.3.2387" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x0 [ 671.457400][ T26] audit: type=1326 audit(1719910292.490:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12147 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 671.510093][ T26] audit: type=1326 audit(1719910292.490:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12147 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 672.607423][ T26] audit: type=1326 audit(1719910292.490:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12147 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 672.936408][ T26] audit: type=1326 audit(1719910292.490:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12147 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 672.967147][ T26] audit: type=1326 audit(1719910292.490:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12147 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 673.019646][ T26] audit: type=1326 audit(1719910292.490:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12147 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 673.367906][ T26] audit: type=1326 audit(1719910292.490:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12147 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 673.532426][ T26] audit: type=1326 audit(1719910292.490:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12147 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 673.770078][T12164] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 674.544506][ T26] kauditd_printk_skb: 13 callbacks suppressed [ 674.544606][ T26] audit: type=1326 audit(1719910295.600:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.2.2408" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 675.690649][ T3564] Bluetooth: hci4: command tx timeout [ 676.398056][T12237] tipc: Can't bind to reserved service type 0 [ 677.110549][ T26] audit: type=1326 audit(1719910298.140:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12257 comm="syz.4.2422" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdabf375b99 code=0x0 [ 677.290324][T12242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 677.934094][T12271] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2428'. [ 678.710914][T11906] Bluetooth: hci4: command tx timeout [ 679.830836][ T26] audit: type=1326 audit(1719910300.810:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 679.907931][ T26] audit: type=1326 audit(1719910300.810:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 680.761648][ T26] audit: type=1326 audit(1719910300.810:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 680.897971][ T26] audit: type=1326 audit(1719910300.810:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 681.308747][ T26] audit: type=1326 audit(1719910300.810:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 681.441370][ T26] audit: type=1326 audit(1719910300.810:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 681.464740][ T26] audit: type=1326 audit(1719910300.810:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 681.488636][ T26] audit: type=1326 audit(1719910300.810:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 681.511183][ T26] audit: type=1326 audit(1719910300.810:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 681.550524][ T26] audit: type=1326 audit(1719910300.810:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.3.2436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 682.189526][T12313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 683.910757][T11906] Bluetooth: hci4: command tx timeout [ 684.057006][T12366] input: syz1 as /devices/virtual/input/input12 [ 685.396827][ T26] kauditd_printk_skb: 34 callbacks suppressed [ 685.396845][ T26] audit: type=1326 audit(1719910306.450:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12368 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x7ffc0000 [ 685.545687][ T26] audit: type=1326 audit(1719910306.490:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12368 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x7ffc0000 [ 686.477971][ T1252] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.488806][ T1252] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.552589][ T26] audit: type=1326 audit(1719910307.530:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12368 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f6bac175b99 code=0x7ffc0000 [ 686.768082][ T26] audit: type=1326 audit(1719910307.530:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12368 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x7ffc0000 [ 686.861655][ T26] audit: type=1326 audit(1719910307.530:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12368 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bac175b99 code=0x7ffc0000 [ 687.429312][T12401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 688.624534][ T26] audit: type=1326 audit(1719910309.680:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.3.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 688.693825][ T26] audit: type=1326 audit(1719910309.680:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.3.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 688.793955][ T26] audit: type=1326 audit(1719910309.700:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.3.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 688.850334][ T26] audit: type=1326 audit(1719910309.700:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.3.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 688.925935][ T26] audit: type=1326 audit(1719910309.700:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.3.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x7ffc0000 [ 688.954108][T11906] Bluetooth: hci4: command tx timeout [ 690.293604][ T936] kernel write not supported for file /input/event0 (pid: 936 comm: kworker/0:2) [ 690.315385][T12486] overlayfs: overlapping lowerdir path [ 692.652159][T12533] overlayfs: overlapping lowerdir path [ 693.195318][T12540] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 693.693058][ T3560] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 693.704563][ T3560] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 693.721845][ T3560] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 693.742204][ T3560] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 693.749848][ T3560] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 693.757832][ T3560] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 693.834743][T12557] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 693.878358][T10404] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.043709][T10404] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.180316][T10404] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.322956][T10404] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.426969][T12553] chnl_net:caif_netlink_parms(): no params data found [ 694.716269][T12553] bridge0: port 1(bridge_slave_0) entered blocking state [ 694.737199][T12553] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.746106][T12553] device bridge_slave_0 entered promiscuous mode [ 694.800728][T12553] bridge0: port 2(bridge_slave_1) entered blocking state [ 694.830643][T12553] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.850754][T12553] device bridge_slave_1 entered promiscuous mode [ 695.102698][T12553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.153245][T12553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 695.271081][ T3560] Bluetooth: hci9: command 0x1003 tx timeout [ 695.280669][T11906] Bluetooth: hci9: Opcode 0x1003 failed: -110 [ 695.302964][T12583] netlink: 'syz.2.2523': attribute type 3 has an invalid length. [ 695.421700][T12553] team0: Port device team_slave_0 added [ 695.430396][T12553] team0: Port device team_slave_1 added [ 695.463314][T12553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 695.495711][T12553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 695.683672][T12553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 695.880056][ T3560] Bluetooth: hci2: command tx timeout [ 695.984780][T12553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 696.046446][T12553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 696.282986][T12553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 696.546738][T12553] device hsr_slave_0 entered promiscuous mode [ 696.564309][T12553] device hsr_slave_1 entered promiscuous mode [ 696.594514][T12553] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 696.619439][T12553] Cannot create hsr debugfs directory [ 697.121912][ T3631] libceph: connect (1)[c::]:6789 error -101 [ 697.132762][ T3631] libceph: mon0 (1)[c::]:6789 connect error [ 697.332972][T12622] ceph: No mds server is up or the cluster is laggy [ 697.402739][T12630] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 697.430763][T12629] netlink: 'syz.0.2534': attribute type 3 has an invalid length. [ 697.911179][T11906] Bluetooth: hci2: command tx timeout [ 699.050791][T10404] device hsr_slave_0 left promiscuous mode [ 699.101462][T10404] device hsr_slave_1 left promiscuous mode [ 699.122755][T10404] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 699.161014][T10404] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 699.199726][T10404] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 699.234233][T10404] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 699.247197][T10404] device bridge_slave_1 left promiscuous mode [ 699.256334][T10404] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.272867][T10404] device bridge_slave_0 left promiscuous mode [ 699.279232][T10404] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.364534][T10404] device veth1_macvtap left promiscuous mode [ 699.376212][T10404] device veth0_macvtap left promiscuous mode [ 699.391654][T10404] device veth1_vlan left promiscuous mode [ 699.402181][T10404] device veth0_vlan left promiscuous mode [ 699.440731][ T3560] Bluetooth: hci9: Opcode 0x1003 failed: -110 [ 699.440934][ T3564] Bluetooth: hci9: command 0x1003 tx timeout [ 699.994725][ T3560] Bluetooth: hci2: command tx timeout [ 700.881351][T10404] team0 (unregistering): Port device team_slave_1 removed [ 700.958705][T10404] team0 (unregistering): Port device team_slave_0 removed [ 701.025342][T10404] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 701.079090][T10404] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 701.614147][T10404] bond0 (unregistering): Released all slaves [ 701.754205][T12672] netlink: 'syz.3.2546': attribute type 3 has an invalid length. [ 702.114731][ T3560] Bluetooth: hci2: command tx timeout [ 702.324716][T12711] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 702.366964][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 702.367034][ T26] audit: type=1326 audit(1719910323.320:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12707 comm="syz.2.2556" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 703.165481][T12717] Failed to get privilege flags for destination (handle=0x2:0x0) [ 703.456747][T12553] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 703.517253][T12553] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 703.586676][T12553] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 703.624281][T12553] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 704.391052][ T3560] Bluetooth: hci9: command 0x1003 tx timeout [ 704.400013][ T3564] Bluetooth: hci9: Opcode 0x1003 failed: -110 [ 704.779984][T12553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 704.896211][T12744] netlink: 'syz.2.2563': attribute type 3 has an invalid length. [ 704.956165][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 704.985214][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 705.044922][T12553] 8021q: adding VLAN 0 to HW filter on device team0 [ 705.081994][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 705.111532][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 705.120217][ T27] bridge0: port 1(bridge_slave_0) entered blocking state [ 705.127427][ T27] bridge0: port 1(bridge_slave_0) entered forwarding state [ 705.201451][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 705.231759][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 705.271353][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 705.280065][ T27] bridge0: port 2(bridge_slave_1) entered blocking state [ 705.287298][ T27] bridge0: port 2(bridge_slave_1) entered forwarding state [ 705.376991][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 705.451321][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 705.472924][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 705.504600][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 705.548612][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 705.597183][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 705.669585][T12553] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 705.715572][T12553] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 705.761453][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 705.775288][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 705.798443][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 705.813056][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 705.834243][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 705.882822][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 706.335202][ T26] audit: type=1326 audit(1719910327.390:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.2.2567" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 708.247167][T12798] netlink: 'syz.0.2573': attribute type 3 has an invalid length. [ 708.378050][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 708.400120][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 708.439543][T12553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 708.542176][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 708.563104][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 708.644481][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 708.668150][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 708.715079][T12553] device veth0_vlan entered promiscuous mode [ 708.741764][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 708.750064][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 708.785027][T12553] device veth1_vlan entered promiscuous mode [ 708.886546][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 708.903693][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 708.935766][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 708.974007][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 709.014054][T12553] device veth0_macvtap entered promiscuous mode [ 709.125538][T12553] device veth1_macvtap entered promiscuous mode [ 709.221833][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 709.293481][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.334961][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 709.366345][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.422086][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 709.460488][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.492697][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 709.544302][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.573295][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 709.589126][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.599355][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 709.609898][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.621005][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 709.631596][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.680788][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 709.838806][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.092059][T12553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 710.250728][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.300521][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.398938][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.409514][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.419486][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.430113][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.441269][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.451874][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.461765][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.472717][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.500449][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.540458][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.550326][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.596154][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.608893][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.620517][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.662044][ T26] audit: type=1326 audit(1719910331.700:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12819 comm="syz.4.2579" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdabf375b99 code=0x0 [ 710.723544][T12553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 710.821878][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 710.874480][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 710.979196][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 711.076587][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 711.133169][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 711.165288][ T8206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 711.308614][T12553] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.343788][T12553] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.391422][T12553] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.435859][T12553] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.374460][T12231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 712.453720][T12231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.510335][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 712.559652][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 712.579600][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.625746][ T936] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 712.703887][T12846] netlink: 'syz.2.2583': attribute type 3 has an invalid length. [ 714.690212][ T26] audit: type=1326 audit(1719910335.660:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12871 comm="syz.3.2590" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6d3a175b99 code=0x0 [ 716.605252][T12897] netlink: 'syz.1.2596': attribute type 3 has an invalid length. [ 717.578553][T12912] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 718.271374][ T26] audit: type=1326 audit(1719910339.290:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12917 comm="syz.1.2604" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f851ef75b99 code=0x0 [ 719.045550][T12931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2600'. [ 719.632939][ T3564] Bluetooth: hci9: Opcode 0x1003 failed: -110 [ 719.632990][ T3560] Bluetooth: hci9: command 0x1003 tx timeout [ 720.278517][T12949] netlink: 'syz.1.2612': attribute type 3 has an invalid length. [ 721.021271][ T26] audit: type=1326 audit(1719910342.000:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12958 comm="syz.2.2616" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 722.527212][T12975] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 723.583789][T12985] netlink: 'syz.4.2625': attribute type 3 has an invalid length. [ 723.620790][T12987] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2626'. [ 724.274020][T12993] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2628'. [ 724.431219][ T26] audit: type=1326 audit(1719910345.380:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12990 comm="syz.2.2629" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfba175b99 code=0x0 [ 724.690551][ T3560] Bluetooth: hci9: command 0x1003 tx timeout [ 724.713219][T11906] Bluetooth: hci9: Opcode 0x1003 failed: -110 [ 724.872922][T13001] kernel profiling enabled (shift: 7) [ 724.920445][ C1] ================================================================== [ 724.928573][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 724.935821][ C1] Read of size 8 at addr ffffc900042bf680 by task syz-executor/12968 [ 724.943921][ C1] [ 724.946258][ C1] CPU: 1 PID: 12968 Comm: syz-executor Not tainted 6.1.96-syzkaller #0 [ 724.954520][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 724.964697][ C1] Call Trace: [ 724.968003][ C1] [ 724.970871][ C1] dump_stack_lvl+0x1e3/0x2cb [ 724.975596][ C1] ? nf_tcp_handle_invalid+0x642/0x642 [ 724.981090][ C1] ? panic+0x764/0x764 [ 724.985173][ C1] ? _printk+0xd1/0x111 [ 724.989344][ C1] print_report+0x15f/0x4f0 [ 724.993867][ C1] ? __virt_addr_valid+0xb9/0x520 [ 724.998899][ C1] ? profile_pc+0xa4/0xe0 [ 725.003233][ C1] kasan_report+0x136/0x160 [ 725.007750][ C1] ? profile_pc+0xa4/0xe0 [ 725.012092][ C1] ? _raw_spin_unlock_irqrestore+0xd4/0x130 [ 725.017996][ C1] profile_pc+0xa4/0xe0 [ 725.022158][ C1] profile_tick+0xee/0x170 [ 725.026579][ C1] tick_sched_timer+0x390/0x550 [ 725.031430][ C1] ? tick_setup_sched_timer+0x2f0/0x2f0 [ 725.036974][ C1] __hrtimer_run_queues+0x5a7/0xe50 [ 725.042185][ C1] ? hrtimer_interrupt+0x980/0x980 [ 725.047557][ C1] ? ktime_get_update_offsets_now+0x407/0x420 [ 725.053636][ C1] hrtimer_interrupt+0x392/0x980 [ 725.058585][ C1] __sysvec_apic_timer_interrupt+0x156/0x580 [ 725.064571][ C1] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 725.070210][ C1] [ 725.073137][ C1] [ 725.076063][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 725.082056][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 [ 725.088565][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 c2 b8 4c f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 67 06 c9 f6 65 8b 05 08 13 6d 75 85 c0 74 3f 48 c7 04 24 0e 36 [ 725.108170][ C1] RSP: 0018:ffffc900042bf680 EFLAGS: 00000206 [ 725.114238][ C1] RAX: eb953af98435db00 RBX: 1ffff92000857ed4 RCX: ffffffff816ad45a [ 725.122207][ C1] RDX: dffffc0000000000 RSI: ffffffff8aec0240 RDI: 0000000000000001 [ 725.130348][ C1] RBP: ffffc900042bf710 R08: dffffc0000000000 R09: fffffbfff2093845 [ 725.138322][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 725.146291][ C1] R13: 1ffff92000857ed0 R14: ffffc900042bf6a0 R15: 0000000000000246 [ 725.154354][ C1] ? mark_lock+0x9a/0x340 [ 725.158697][ C1] ? _raw_spin_unlock+0x40/0x40 [ 725.163551][ C1] ? __mod_zone_page_state+0xd6/0x140 [ 725.168933][ C1] __rmqueue_pcplist+0x2023/0x2310 [ 725.174079][ C1] ? zone_watermark_fast+0x240/0x240 [ 725.179370][ C1] get_page_from_freelist+0x86c/0x3320 [ 725.184929][ C1] ? __alloc_pages+0x16a/0x770 [ 725.189693][ C1] ? __might_sleep+0xb0/0xb0 [ 725.194289][ C1] ? __next_zones_zonelist+0x9e/0x130 [ 725.199671][ C1] ? __alloc_pages+0x770/0x770 [ 725.204449][ C1] ? prepare_alloc_pages+0x35b/0x5b0 [ 725.209735][ C1] __alloc_pages+0x28d/0x770 [ 725.214323][ C1] ? zone_statistics+0x160/0x160 [ 725.219273][ C1] ? alloc_pages+0x50c/0x770 [ 725.223874][ C1] __vmalloc_node_range+0x92b/0x1490 [ 725.229178][ C1] ? free_vm_area+0x50/0x50 [ 725.233688][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 725.239673][ C1] vmalloc_user+0x70/0x80 [ 725.244009][ C1] ? kcov_ioctl+0x55/0x630 [ 725.248425][ C1] kcov_ioctl+0x55/0x630 [ 725.252673][ C1] ? bpf_lsm_file_ioctl+0x5/0x10 [ 725.257610][ C1] ? security_file_ioctl+0x7d/0xa0 [ 725.262744][ C1] ? kcov_remote_reset+0xc0/0xc0 [ 725.267690][ C1] __se_sys_ioctl+0xf1/0x160 [ 725.272379][ C1] do_syscall_64+0x3b/0xb0 [ 725.276890][ C1] ? clear_bhb_loop+0x45/0xa0 [ 725.281579][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 725.287486][ C1] RIP: 0033:0x7fc9bfb7579b [ 725.291908][ C1] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 725.311515][ C1] RSP: 002b:00007ffdcfdec600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 725.320067][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc9bfb7579b [ 725.328141][ C1] RDX: 0000000000040000 RSI: ffffffff80086301 RDI: 00000000000000d7 [ 725.336146][ C1] RBP: 00007fc9bfd03f60 R08: 00000000000000da R09: 0000000000000000 [ 725.344155][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c [ 725.352142][ C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009 [ 725.360146][ C1] [ 725.363183][ C1] [ 725.365501][ C1] The buggy address belongs to stack of task syz-executor/12968 [ 725.373121][ C1] and is located at offset 0 in frame: [ 725.378653][ C1] _raw_spin_unlock_irqrestore+0x0/0x130 [ 725.384295][ C1] [ 725.386615][ C1] This frame has 1 object: [ 725.391020][ C1] [32, 40) 'flags.i.i.i.i' [ 725.391031][ C1] [ 725.397829][ C1] The buggy address belongs to the virtual mapping at [ 725.397829][ C1] [ffffc900042b8000, ffffc900042c1000) created by: [ 725.397829][ C1] copy_process+0x637/0x4060 [ 725.415453][ C1] [ 725.417774][ C1] The buggy address belongs to the physical page: [ 725.424188][ C1] page:ffffea00010a4640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42919 [ 725.434336][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 725.441452][ C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 725.450035][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 725.458609][ C1] page dumped because: kasan: bad access detected [ 725.465024][ C1] page_owner tracks the page as allocated [ 725.470730][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 12775, tgid 12775 (syz.2.2570), ts 707626356932, free_ts 705550479105 [ 725.489230][ C1] post_alloc_hook+0x18d/0x1b0 [ 725.493997][ C1] get_page_from_freelist+0x31a1/0x3320 [ 725.499546][ C1] __alloc_pages+0x28d/0x770 [ 725.504143][ C1] __vmalloc_node_range+0x92b/0x1490 [ 725.509470][ C1] dup_task_struct+0x3e5/0x6d0 [ 725.514246][ C1] copy_process+0x637/0x4060 [ 725.518843][ C1] kernel_clone+0x222/0x920 [ 725.523360][ C1] __se_sys_clone3+0x373/0x410 [ 725.528148][ C1] do_syscall_64+0x3b/0xb0 [ 725.532589][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 725.538579][ C1] page last free stack trace: [ 725.543246][ C1] free_unref_page_prepare+0xf63/0x1120 [ 725.548810][ C1] free_unref_page+0x33/0x3e0 [ 725.553496][ C1] tdp_mmu_free_sp_rcu_callback+0x42/0x80 [ 725.559224][ C1] rcu_core+0xad5/0x1810 [ 725.563504][ C1] handle_softirqs+0x2ee/0xa40 [ 725.568536][ C1] __irq_exit_rcu+0x157/0x240 [ 725.573312][ C1] irq_exit_rcu+0x5/0x20 [ 725.577557][ C1] sysvec_apic_timer_interrupt+0x91/0xb0 [ 725.583280][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 725.589357][ C1] [ 725.591811][ C1] Memory state around the buggy address: [ 725.597435][ C1] ffffc900042bf580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 725.605672][ C1] ffffc900042bf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 725.613736][ C1] >ffffc900042bf680: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00 [ 725.621879][ C1] ^ [ 725.625940][ C1] ffffc900042bf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 725.634185][ C1] ffffc900042bf780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 725.642256][ C1] ================================================================== [ 725.650418][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 725.657617][ C1] CPU: 1 PID: 12968 Comm: syz-executor Not tainted 6.1.96-syzkaller #0 [ 725.665879][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 725.676111][ C1] Call Trace: [ 725.679390][ C1] [ 725.682241][ C1] dump_stack_lvl+0x1e3/0x2cb [ 725.686930][ C1] ? nf_tcp_handle_invalid+0x642/0x642 [ 725.692400][ C1] ? panic+0x764/0x764 [ 725.696465][ C1] ? rcu_is_watching+0x11/0xb0 [ 725.701251][ C1] ? lock_release+0xd6/0xa20 [ 725.705972][ C1] ? vscnprintf+0x59/0x80 [ 725.710325][ C1] panic+0x318/0x764 [ 725.714407][ C1] ? __wake_up_klogd+0xcc/0x100 [ 725.719259][ C1] ? check_panic_on_warn+0x1d/0xa0 [ 725.724379][ C1] ? memcpy_page_flushcache+0xfc/0xfc [ 725.729778][ C1] ? do_raw_spin_unlock+0x137/0x8a0 [ 725.734983][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 725.740881][ C1] ? _raw_spin_unlock+0x40/0x40 [ 725.745785][ C1] check_panic_on_warn+0x7e/0xa0 [ 725.750726][ C1] ? profile_pc+0xa4/0xe0 [ 725.755145][ C1] end_report+0x66/0x110 [ 725.759387][ C1] kasan_report+0x143/0x160 [ 725.763887][ C1] ? profile_pc+0xa4/0xe0 [ 725.768224][ C1] ? _raw_spin_unlock_irqrestore+0xd4/0x130 [ 725.774210][ C1] profile_pc+0xa4/0xe0 [ 725.778371][ C1] profile_tick+0xee/0x170 [ 725.782824][ C1] tick_sched_timer+0x390/0x550 [ 725.787675][ C1] ? tick_setup_sched_timer+0x2f0/0x2f0 [ 725.793263][ C1] __hrtimer_run_queues+0x5a7/0xe50 [ 725.798473][ C1] ? hrtimer_interrupt+0x980/0x980 [ 725.803587][ C1] ? ktime_get_update_offsets_now+0x407/0x420 [ 725.809687][ C1] hrtimer_interrupt+0x392/0x980 [ 725.814657][ C1] __sysvec_apic_timer_interrupt+0x156/0x580 [ 725.820659][ C1] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 725.826304][ C1] [ 725.829233][ C1] [ 725.832251][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 725.838277][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 [ 725.844810][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 c2 b8 4c f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 67 06 c9 f6 65 8b 05 08 13 6d 75 85 c0 74 3f 48 c7 04 24 0e 36 [ 725.864421][ C1] RSP: 0018:ffffc900042bf680 EFLAGS: 00000206 [ 725.870581][ C1] RAX: eb953af98435db00 RBX: 1ffff92000857ed4 RCX: ffffffff816ad45a [ 725.878556][ C1] RDX: dffffc0000000000 RSI: ffffffff8aec0240 RDI: 0000000000000001 [ 725.886528][ C1] RBP: ffffc900042bf710 R08: dffffc0000000000 R09: fffffbfff2093845 [ 725.894522][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 725.902495][ C1] R13: 1ffff92000857ed0 R14: ffffc900042bf6a0 R15: 0000000000000246 [ 725.910470][ C1] ? mark_lock+0x9a/0x340 [ 725.914814][ C1] ? _raw_spin_unlock+0x40/0x40 [ 725.919708][ C1] ? __mod_zone_page_state+0xd6/0x140 [ 725.925094][ C1] __rmqueue_pcplist+0x2023/0x2310 [ 725.930221][ C1] ? zone_watermark_fast+0x240/0x240 [ 725.935522][ C1] get_page_from_freelist+0x86c/0x3320 [ 725.940990][ C1] ? __alloc_pages+0x16a/0x770 [ 725.945751][ C1] ? __might_sleep+0xb0/0xb0 [ 725.950342][ C1] ? __next_zones_zonelist+0x9e/0x130 [ 725.955744][ C1] ? __alloc_pages+0x770/0x770 [ 725.960514][ C1] ? prepare_alloc_pages+0x35b/0x5b0 [ 725.965817][ C1] __alloc_pages+0x28d/0x770 [ 725.970413][ C1] ? zone_statistics+0x160/0x160 [ 725.975353][ C1] ? alloc_pages+0x50c/0x770 [ 725.979953][ C1] __vmalloc_node_range+0x92b/0x1490 [ 725.985258][ C1] ? free_vm_area+0x50/0x50 [ 725.989768][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 725.995766][ C1] vmalloc_user+0x70/0x80 [ 726.000103][ C1] ? kcov_ioctl+0x55/0x630 [ 726.004522][ C1] kcov_ioctl+0x55/0x630 [ 726.008875][ C1] ? bpf_lsm_file_ioctl+0x5/0x10 [ 726.013812][ C1] ? security_file_ioctl+0x7d/0xa0 [ 726.018922][ C1] ? kcov_remote_reset+0xc0/0xc0 [ 726.023880][ C1] __se_sys_ioctl+0xf1/0x160 [ 726.028486][ C1] do_syscall_64+0x3b/0xb0 [ 726.032913][ C1] ? clear_bhb_loop+0x45/0xa0 [ 726.037602][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 726.043503][ C1] RIP: 0033:0x7fc9bfb7579b [ 726.047916][ C1] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 726.067532][ C1] RSP: 002b:00007ffdcfdec600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 726.075972][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc9bfb7579b [ 726.083949][ C1] RDX: 0000000000040000 RSI: ffffffff80086301 RDI: 00000000000000d7 [ 726.091923][ C1] RBP: 00007fc9bfd03f60 R08: 00000000000000da R09: 0000000000000000 [ 726.099986][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c [ 726.107963][ C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009 [ 726.115945][ C1] [ 726.119261][ C1] Kernel Offset: disabled [ 726.123586][ C1] Rebooting in 86400 seconds..