last executing test programs: 5m28.20753922s ago: executing program 2 (id=136): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000050) 5m27.871942956s ago: executing program 2 (id=139): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000001c0)={[{@usrquota}, {@grpjquota}, {@lazytime}]}, 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r1 = gettid() timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000000000)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000004c0)=ANY=[@ANYBLOB="000000004c900200070000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff"]) 5m23.565544569s ago: executing program 2 (id=144): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = dup3(r1, r0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) 5m21.161855687s ago: executing program 2 (id=148): timer_create(0x3, 0x0, &(0x7f0000000100)) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f00000009c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@orlov}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100}}, {@data_err_ignore}, {@errors_remount}, {@nodiscard}, {@errors_continue}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=") syz_clone3(&(0x7f0000000680)={0x40004000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) timer_settime(0x0, 0x1, &(0x7f00000001c0)={{}, {0x0, 0x3938700}}, &(0x7f00000000c0)) 5m19.010195044s ago: executing program 2 (id=155): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x608801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() getrlimit(0x2, &(0x7f0000000040)) sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xd, 0x0, 0x0) getpid() r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) 5m17.977759545s ago: executing program 2 (id=158): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={0x0}}, 0x20000050) 5m16.950792655s ago: executing program 32 (id=158): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={0x0}}, 0x20000050) 2.833602531s ago: executing program 4 (id=1706): r0 = socket$netlink(0x10, 0x3, 0x4) capset(&(0x7f0000019340)={0x19980330}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0xe}) writev(r0, 0x0, 0x0) 2.685740839s ago: executing program 4 (id=1708): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x1}, 0x4004000) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01060000000000000000090000002c0004801300010062726f6164636173742d6c696e6b00001400078008"], 0x40}, 0x1, 0x0, 0x0, 0x2004c805}, 0x0) 2.441387s ago: executing program 4 (id=1713): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x8, @mcast1, 0x7}, 0x54) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 2.223004211s ago: executing program 4 (id=1718): syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) pipe2$9p(0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_pwait(r1, &(0x7f00000000c0)=[{}], 0x1, 0xfe, 0x0, 0x0) 1.62512905s ago: executing program 0 (id=1727): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0xa) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)) socket(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socket(0xa, 0x3, 0x103) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES64], 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.529721905s ago: executing program 1 (id=1728): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@empty, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x2, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0xfffffffc, 0x3c}, 0x2, @in=@local, 0x6, 0x4, 0x3, 0x0, 0x401}]}]}, 0xfc}}, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0xab, @empty, 0x1}, 0x1c) 1.493929797s ago: executing program 1 (id=1729): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x7, @loopback, 0x8}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000440)={@in6={{0xa, 0x4e20, 0x7f, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xa}}, 0x200}}, 0x0, 0x0, 0x4c, 0x0, "31147913b33c3a73b15671127ff6f31689cad56b325f545024f1a12f45542d0fffccc86fa580e196d48631b7e928ee1ac1b7c95fea0403b7e2594df579b15de0dec74cafbd20cb332feff5a895e19408"}, 0xd8) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0x20, &(0x7f0000000000)={@in={{0x2, 0x4e24, @rand_addr=0x64010100}}, 0x0, 0x0, 0x3a, 0x0, "a30b3b28af4d2f246a016542daa845f387713f4048ff2ece1e75f1fc0100f41e4de6256109383664417165bba0dd5ace522fa788000000000033035551502f07b4001a00"}, 0xd8) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, r0, 0xe4776000) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000740)={@in6={{0xa, 0x4e21, 0xc, @ipv4={'\x00', '\xff\xff', @local}, 0x400}}, 0x0, 0x0, 0x41, 0x0, "947116a1a606754bab1cb61212bb07a2bd205f00f81bef965a071f0d1aadd97b9640d9a0cd9ea71a5e9aec7f03d4406a7710c42cb5e754b089928abcd7589d209bc45b4064028eb7fafaa8b125736e00"}, 0xd8) 1.484987637s ago: executing program 0 (id=1730): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@dellink={0x34, 0x11, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x9470, 0x9020}, [@IFLA_ALT_IFNAME={0x14, 0x41, 'vlan0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x80) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x3, 0x0, 0x7fff0006}]}) close(0xffffffffffffffff) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYRES16=r1], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="f00200001200000125bd7000fedbdf25fe0000000000000000aa000004d20a00320024000900020000000000000009000000000000000400000000000000000000000000000008001d0006000000e4000600ac1e0101000000000000000000000000ffffffff00"/114, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa000004d233000000e00000010000000000000000000000000800000000000000000000000000000001800000000000000600000000000000f44cffffffffffff7a0000000000000002000000000000000b000000000000000e00000000000000010000000000000004000000000000008100000000000000710d0000f9ffffff0800000025bd7000000000000a000202220000000000000008001800000400005a0003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000078d8910d66741bb78fd57f3f9d881af4eeb800004501010077703531322d67656e65726963000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8070000678ff61bb1ee3412fcd9a5241eff48d8f6d95a6089c568cc2f7d097b6314a89e5a8cf3d8f00dc60261b04f9fb931a2899843c651af40d801e6f93904aa8f5e2e8c3b4a9682dfaafa6caeb00c12a91efb37f1123ad4078b9f0bd304899421c6b69f28819cfbccf92727cec57cc612744ff7a5faeae784eaaaadaadefb3cbd14695322c0ba273a214a2dfda1e95fa1dcbe8b7cb9d937b01d86fc0744b5065b0bf5e7c5b7103aea6598afe0fb714166307b43665616b7281a7acd53"], 0x2f0}, 0x1, 0x0, 0x0, 0x84}, 0x8001) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x3c93, 0x0) recvfrom(r4, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0) 1.389107032s ago: executing program 1 (id=1731): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000006d00673c2abd7000ffdbdf2500000000"], 0x40}, 0x1, 0x0, 0x0, 0x80d0}, 0x20) 1.267633948s ago: executing program 0 (id=1732): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f0000000240)={0xa, 0x4e20, 0x80000, @local}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x7ff}}], 0x18}, 0x40440c0) 1.267248468s ago: executing program 1 (id=1733): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB], 0xa0}, 0x1, 0x0, 0x0, 0x4404c810}, 0x0) 1.201837981s ago: executing program 1 (id=1734): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xe, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) listen(0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0xfffe, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e23, @rand_addr=0x64010102}, 0x107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netlink\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_newrule={0x24, 0x21, 0x801, 0xfffffffc, 0xfffffffc, {0x2, 0x20}, [@FRA_DST={0x8, 0x1, @local}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) preadv(r3, &(0x7f0000000600)=[{&(0x7f0000000280)=""/215, 0xd7}], 0x1, 0x1006c, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0xeaff, &(0x7f0000000200)={&(0x7f0000000040)=@gettaction={0x28, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}]}, 0x28}}, 0x0) 1.139211014s ago: executing program 0 (id=1735): r0 = socket$netlink(0x10, 0x3, 0x8000000004) setreuid(0xee01, 0xee01) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a067f02feff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008004f0fffeffe809005300fff5dd000000100001000a0c10000000000000000000", 0x58}], 0x1) 893.850596ms ago: executing program 0 (id=1737): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@empty, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x2, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0xfffffffc, 0x3c}, 0x2, @in=@local, 0x6, 0x4, 0x3, 0x0, 0x401}]}]}, 0xfc}}, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0xab, @empty, 0x1}, 0x1c) 885.765806ms ago: executing program 3 (id=1738): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0xa) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)) socket(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socket(0xa, 0x3, 0x103) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES64], 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 787.680281ms ago: executing program 0 (id=1739): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]}) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 696.543106ms ago: executing program 3 (id=1740): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1809000000ffffff00000000000000008510000002000000850000000f00000095"], 0x0, 0xfffffdff, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 565.925052ms ago: executing program 3 (id=1741): openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 353.996783ms ago: executing program 3 (id=1742): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000090a010400000000000000000100000208000a400000000008000640ffffff000900010073797a30000000000800"], 0xa0}, 0x1, 0x0, 0x0, 0x4404c810}, 0x0) 317.149805ms ago: executing program 4 (id=1743): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, 0x0, 0x40440c0) 110.840685ms ago: executing program 4 (id=1744): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff) syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000280)=@gcm_128={{0x304}, "ed197fbfb5c342b6", "28852cbbbeba35380ee5190047169f9d", "5f2307e0", "2ce6f8da8e55c427"}, 0x28) 109.858315ms ago: executing program 3 (id=1745): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000100)=0xfefffff9, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) 33.776208ms ago: executing program 1 (id=1746): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010003000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="0c0003000e00"], 0x28}}, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)) socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) syz_open_dev$usbfs(0x0, 0x77, 0x3501) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) 0s ago: executing program 3 (id=1747): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) socket$inet(0x2, 0xa, 0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x3, 0x7, 0x3, 0x8001, 0x8, 0x6, 0x5, 0x8}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.177' (ED25519) to the list of known hosts. [ 73.003921][ T5758] cgroup: Unknown subsys name 'net' [ 73.116599][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.858322][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.041121][ T5777] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.050152][ T5777] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.059275][ T5777] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.060260][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.066881][ T5777] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.076283][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.082186][ T5777] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.090406][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.104861][ T5781] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.113402][ T5777] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.113582][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.130610][ T5777] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.130787][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.149454][ T5781] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.157579][ T5782] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.158437][ T5781] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.169188][ T5782] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.180795][ T5781] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.188169][ T5782] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.196923][ T5781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.209811][ T5782] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.214470][ T5781] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.233069][ T5781] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.240834][ T5781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.738835][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 77.782978][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 77.835597][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 77.956049][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 77.981519][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.989633][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.997015][ T5769] bridge_slave_0: entered allmulticast mode [ 78.004280][ T5769] bridge_slave_0: entered promiscuous mode [ 78.020344][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.027960][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.035608][ T5769] bridge_slave_1: entered allmulticast mode [ 78.043121][ T5769] bridge_slave_1: entered promiscuous mode [ 78.060145][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.067634][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.076192][ T5772] bridge_slave_0: entered allmulticast mode [ 78.083731][ T5772] bridge_slave_0: entered promiscuous mode [ 78.131190][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.139542][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.147546][ T5772] bridge_slave_1: entered allmulticast mode [ 78.155551][ T5772] bridge_slave_1: entered promiscuous mode [ 78.188242][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.211244][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.262375][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.275695][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.285589][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.294470][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.303973][ T5771] bridge_slave_0: entered allmulticast mode [ 78.311763][ T5771] bridge_slave_0: entered promiscuous mode [ 78.321369][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.329286][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.336781][ T5771] bridge_slave_1: entered allmulticast mode [ 78.344520][ T5771] bridge_slave_1: entered promiscuous mode [ 78.398029][ T5769] team0: Port device team_slave_0 added [ 78.426060][ T5772] team0: Port device team_slave_0 added [ 78.436137][ T5772] team0: Port device team_slave_1 added [ 78.452163][ T5769] team0: Port device team_slave_1 added [ 78.463485][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.506400][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.516082][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.525122][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.533086][ T5770] bridge_slave_0: entered allmulticast mode [ 78.540761][ T5770] bridge_slave_0: entered promiscuous mode [ 78.558529][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.565825][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.573562][ T5770] bridge_slave_1: entered allmulticast mode [ 78.580901][ T5770] bridge_slave_1: entered promiscuous mode [ 78.606501][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.614086][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.640734][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.654855][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.662197][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.690072][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.711017][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.718015][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.748305][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.763786][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.772727][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.806255][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.875015][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.889792][ T5771] team0: Port device team_slave_0 added [ 78.898541][ T5771] team0: Port device team_slave_1 added [ 78.924107][ T5772] hsr_slave_0: entered promiscuous mode [ 78.931512][ T5772] hsr_slave_1: entered promiscuous mode [ 78.942232][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.976589][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.983653][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.010184][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.052162][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.061598][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.088208][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.115199][ T5770] team0: Port device team_slave_0 added [ 79.126658][ T5769] hsr_slave_0: entered promiscuous mode [ 79.133761][ T5769] hsr_slave_1: entered promiscuous mode [ 79.140611][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.148437][ T5769] Cannot create hsr debugfs directory [ 79.173067][ T5770] team0: Port device team_slave_1 added [ 79.262961][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.270890][ T51] Bluetooth: hci2: command tx timeout [ 79.270922][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.276720][ T5781] Bluetooth: hci1: command tx timeout [ 79.307335][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.309306][ T51] Bluetooth: hci3: command tx timeout [ 79.321006][ T5782] Bluetooth: hci0: command tx timeout [ 79.329725][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.340472][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.369801][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.447740][ T5771] hsr_slave_0: entered promiscuous mode [ 79.455963][ T5771] hsr_slave_1: entered promiscuous mode [ 79.465845][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.475958][ T5771] Cannot create hsr debugfs directory [ 79.608688][ T5770] hsr_slave_0: entered promiscuous mode [ 79.616359][ T5770] hsr_slave_1: entered promiscuous mode [ 79.625534][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.634275][ T5770] Cannot create hsr debugfs directory [ 79.788207][ T5772] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.818859][ T5772] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.834806][ T5772] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.848487][ T5772] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.999686][ T5769] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.013388][ T5769] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.046798][ T5769] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.057600][ T5769] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.135589][ T5771] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.152630][ T5771] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.164871][ T5771] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.174707][ T5771] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.291288][ T5770] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.310772][ T5770] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.323643][ T5770] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.333936][ T5770] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.423173][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.451363][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.477196][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.524469][ T1070] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.531987][ T1070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.553750][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.572105][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.601214][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.608695][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.647979][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.658875][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.667009][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.694417][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.701607][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.727363][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.753026][ T2922] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.760242][ T2922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.815608][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.831127][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.838441][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.895301][ T1070] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.902556][ T1070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.938926][ T5769] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.986447][ T5771] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 80.998479][ T5771] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 81.023994][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.031361][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.295036][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.349804][ T5782] Bluetooth: hci0: command tx timeout [ 81.356170][ T5781] Bluetooth: hci1: command tx timeout [ 81.361093][ T5782] Bluetooth: hci3: command tx timeout [ 81.362439][ T5781] Bluetooth: hci2: command tx timeout [ 81.479072][ T5772] veth0_vlan: entered promiscuous mode [ 81.520382][ T5772] veth1_vlan: entered promiscuous mode [ 81.577237][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.654678][ T5772] veth0_macvtap: entered promiscuous mode [ 81.666897][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.697673][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.713456][ T5772] veth1_macvtap: entered promiscuous mode [ 81.753813][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.804312][ T5771] veth0_vlan: entered promiscuous mode [ 81.814658][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.836435][ T5769] veth0_vlan: entered promiscuous mode [ 81.854540][ T5772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.867160][ T5772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.879420][ T5772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.890717][ T5772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.932219][ T5771] veth1_vlan: entered promiscuous mode [ 81.974306][ T5769] veth1_vlan: entered promiscuous mode [ 82.018717][ T5770] veth0_vlan: entered promiscuous mode [ 82.101887][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.116237][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.138397][ T5771] veth0_macvtap: entered promiscuous mode [ 82.151409][ T5770] veth1_vlan: entered promiscuous mode [ 82.221508][ T5771] veth1_macvtap: entered promiscuous mode [ 82.276805][ T1306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.294015][ T1306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.308839][ T5769] veth0_macvtap: entered promiscuous mode [ 82.331367][ T5770] veth0_macvtap: entered promiscuous mode [ 82.359053][ T5770] veth1_macvtap: entered promiscuous mode [ 82.376521][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.417243][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.451053][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.472809][ T5769] veth1_macvtap: entered promiscuous mode [ 82.516130][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.549166][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.567797][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.579349][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.591301][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.602964][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.616158][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.642830][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.655709][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.670070][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.682315][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.693872][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.705209][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.719890][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.732941][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.768265][ T5771] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.809444][ T5771] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.849348][ T5771] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.861364][ T5771] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.884525][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.902650][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.913670][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.931900][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.954565][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.387386][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.429790][ T5781] Bluetooth: hci2: command tx timeout [ 83.438526][ T5781] Bluetooth: hci0: command tx timeout [ 83.451724][ T51] Bluetooth: hci3: command tx timeout [ 83.457772][ T51] Bluetooth: hci1: command tx timeout [ 83.489236][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.503787][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.515125][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.525173][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.541230][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.558485][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.632047][ T5769] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.647571][ T5769] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.661384][ T5769] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.699257][ T5769] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.722660][ T5770] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.732484][ T5770] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.741432][ T5770] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.751519][ T5770] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.197497][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.363972][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.861532][ T2907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.890493][ T2907] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.917515][ T5851] syz.2.6[5851]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 84.964995][ T5851] loop2: detected capacity change from 0 to 2048 [ 84.991565][ T1070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.034572][ T1070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.158679][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.175006][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.222153][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.255718][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.420965][ T2922] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.452040][ T2922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.510292][ T5781] Bluetooth: hci0: command tx timeout [ 85.515890][ T51] Bluetooth: hci1: command tx timeout [ 85.521504][ T5782] Bluetooth: hci3: command tx timeout [ 85.527096][ T5782] Bluetooth: hci2: command tx timeout [ 85.858825][ T5863] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 87.264746][ T967] cfg80211: failed to load regulatory.db [ 88.013391][ T5881] loop2: detected capacity change from 0 to 256 [ 88.819132][ C0] sched: RT throttling activated [ 89.142429][ T5881] FAT-fs (loop2): Directory bread(block 64) failed [ 89.192595][ T5881] FAT-fs (loop2): Directory bread(block 65) failed [ 89.219365][ T5881] FAT-fs (loop2): Directory bread(block 66) failed [ 89.248546][ T5881] FAT-fs (loop2): Directory bread(block 67) failed [ 89.284996][ T5881] FAT-fs (loop2): Directory bread(block 68) failed [ 89.324202][ T5881] FAT-fs (loop2): Directory bread(block 69) failed [ 89.379522][ T5881] FAT-fs (loop2): Directory bread(block 70) failed [ 89.386143][ T5881] FAT-fs (loop2): Directory bread(block 71) failed [ 89.398493][ T5881] FAT-fs (loop2): Directory bread(block 72) failed [ 89.419648][ T5881] FAT-fs (loop2): Directory bread(block 73) failed [ 90.505129][ T5812] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 93.687319][ T5812] usb 1-1: Using ep0 maxpacket: 16 [ 93.756314][ T5812] usb 1-1: device descriptor read/all, error -71 [ 95.492106][ T5933] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 97.896935][ T28] audit: type=1326 audit(1774496109.159:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5948 comm="syz.3.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 98.238700][ T5956] process 'syz.0.36' launched './file0' with NULL argv: empty string added [ 98.508695][ T28] audit: type=1326 audit(1774496109.169:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5948 comm="syz.3.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 98.532534][ T28] audit: type=1326 audit(1774496109.169:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5948 comm="syz.3.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 98.579897][ T28] audit: type=1326 audit(1774496109.169:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5948 comm="syz.3.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 98.729393][ T28] audit: type=1326 audit(1774496109.169:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5948 comm="syz.3.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 99.606807][ T5976] overlayfs: failed to clone upperpath [ 99.726002][ T5975] loop3: detected capacity change from 0 to 1024 [ 99.733877][ T5975] EXT4-fs: Ignoring removed bh option [ 99.760770][ T5975] EXT4-fs error (device loop3): ext4_ext_check_inode:530: inode #2: comm syz.3.41: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 250, max 4(4), depth 0(0) [ 99.786729][ T5975] EXT4-fs (loop3): Remounting filesystem read-only [ 99.793659][ T5975] EXT4-fs (loop3): get root inode failed [ 99.799820][ T5975] EXT4-fs (loop3): mount failed [ 100.699203][ T27] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 100.903995][ T27] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 100.934356][ T27] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 100.967991][ T27] usb 1-1: config 220 has no interface number 2 [ 100.974813][ T27] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 101.019318][ T27] usb 1-1: config 220 interface 0 has no altsetting 0 [ 101.026352][ T27] usb 1-1: config 220 interface 76 has no altsetting 0 [ 101.047306][ T27] usb 1-1: config 220 interface 1 has no altsetting 0 [ 101.073349][ T27] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 101.099203][ T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.107367][ T27] usb 1-1: Product: syz [ 101.129264][ T27] usb 1-1: Manufacturer: syz [ 101.136893][ T27] usb 1-1: SerialNumber: syz [ 101.178351][ T5988] binder: 5987:5988 ioctl c0306201 0 returned -14 [ 101.743834][ T28] audit: type=1326 audit(1774496112.899:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 102.077764][ T27] usb 1-1: selecting invalid altsetting 0 [ 102.108131][ T28] audit: type=1326 audit(1774496112.899:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 102.126619][ T27] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 102.152556][ T28] audit: type=1326 audit(1774496112.909:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 102.158193][ T27] usb 1-1: No valid video chain found. [ 102.181647][ T28] audit: type=1326 audit(1774496112.909:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 102.216806][ T28] audit: type=1326 audit(1774496112.909:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 102.236238][ T27] usb 1-1: selecting invalid altsetting 0 [ 102.245208][ T27] usbtest: probe of 1-1:220.1 failed with error -22 [ 102.388035][ T27] usb 1-1: USB disconnect, device number 4 [ 102.507602][ T6006] overlayfs: failed to clone upperpath [ 102.606131][ T6003] loop2: detected capacity change from 0 to 8192 [ 103.769009][ T6017] loop0: detected capacity change from 0 to 1024 [ 103.790667][ T6017] EXT4-fs: Ignoring removed bh option [ 104.163615][ T6031] overlayfs: missing 'lowerdir' [ 104.275277][ T6017] EXT4-fs error (device loop0): ext4_ext_check_inode:530: inode #2: comm syz.0.55: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 250, max 4(4), depth 0(0) [ 104.859290][ T6017] EXT4-fs (loop0): Remounting filesystem read-only [ 104.887732][ T6017] EXT4-fs (loop0): get root inode failed [ 104.960242][ T6017] EXT4-fs (loop0): mount failed [ 105.006584][ T6038] syz.1.64 uses obsolete (PF_INET,SOCK_PACKET) [ 105.819183][ T28] audit: type=1326 audit(1774496116.709:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6035 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 106.350031][ T28] audit: type=1326 audit(1774496116.709:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6035 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 106.442088][ T28] audit: type=1326 audit(1774496116.719:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6035 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 106.498601][ T28] audit: type=1326 audit(1774496116.719:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6035 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 106.561018][ T28] audit: type=1326 audit(1774496116.719:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6035 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 107.354248][ T6049] loop3: detected capacity change from 0 to 256 [ 107.436848][ T6049] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f3f, chksum : 0x66b62981, utbl_chksum : 0xe619d30d) [ 108.576976][ T6061] capability: warning: `syz.0.72' uses deprecated v2 capabilities in a way that may be insecure [ 108.823840][ T6069] loop2: detected capacity change from 0 to 512 [ 108.931300][ T6069] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.987274][ T6069] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 109.148499][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.930211][ T6093] 9pnet_fd: Insufficient options for proto=fd [ 111.477026][ T6077] overlayfs: failed to clone upperpath [ 111.640859][ T6107] loop3: detected capacity change from 0 to 16 [ 111.675983][ T6107] erofs: (device loop3): mounted with root inode @ nid 36. [ 111.834811][ T28] audit: type=1400 audit(1774496123.109:17): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=6108 comm="syz.0.88" [ 111.867115][ T6109] loop0: detected capacity change from 0 to 512 [ 111.909040][ T6109] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.88: inode has both inline data and extents flags [ 111.932955][ T6109] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.88: couldn't read orphan inode 15 (err -117) [ 111.981499][ T6109] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.213609][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.890805][ T6125] loop2: detected capacity change from 0 to 40427 [ 113.912078][ T6125] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 113.925268][ T6125] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 113.939054][ T6125] F2FS-fs (loop2): invalid crc value [ 113.986375][ T6125] F2FS-fs (loop2): Found nat_bits in checkpoint [ 114.245322][ T6125] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 114.279425][ T6125] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 114.380548][ T6138] 9pnet_fd: Insufficient options for proto=fd [ 117.511307][ T6166] loop3: detected capacity change from 0 to 1024 [ 117.578668][ T6166] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.666771][ T6179] 9pnet_fd: Insufficient options for proto=fd [ 118.894712][ T6183] loop2: detected capacity change from 0 to 512 [ 119.167306][ T6183] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.98: inode has both inline data and extents flags [ 119.192012][ T6183] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.98: couldn't read orphan inode 15 (err -117) [ 119.214708][ T6183] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.852930][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.089504][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.204562][ T6198] tipc: Started in network mode [ 121.219382][ T6198] tipc: Node identity 4, cluster identity 4711 [ 121.227076][ T6198] tipc: Node number set to 4 [ 124.394108][ T6231] ======================================================= [ 124.394108][ T6231] WARNING: The mand mount option has been deprecated and [ 124.394108][ T6231] and is ignored by this kernel. Remove the mand [ 124.394108][ T6231] option from the mount to silence this warning. [ 124.394108][ T6231] ======================================================= [ 125.993299][ T6243] loop2: detected capacity change from 0 to 512 [ 127.185547][ T6248] loop3: detected capacity change from 0 to 512 [ 127.506797][ T6248] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.122: inode has both inline data and extents flags [ 127.525455][ T6248] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.122: couldn't read orphan inode 15 (err -117) [ 127.554509][ T6248] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.855277][ T6243] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 127.971389][ T6243] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 128.208219][ T6243] EXT4-fs (loop2): orphan cleanup on readonly fs [ 128.253436][ T6243] Quota error (device loop2): v2_read_file_info: Can't read info structure [ 128.288247][ T6243] EXT4-fs warning (device loop2): ext4_enable_quotas:7184: Failed to enable quota tracking (type=1, err=-5, ino=4). Please run e2fsck to fix. [ 128.349516][ T6243] EXT4-fs (loop2): Cannot turn on quotas: error -5 [ 128.409017][ T6243] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.124: bg 0: block 64: padding at end of block bitmap is not set [ 128.484077][ T6243] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 128.531988][ T6243] EXT4-fs (loop2): 1 truncate cleaned up [ 128.568700][ T6243] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 130.082061][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.101117][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.217687][ T6261] overlayfs: failed to clone upperpath [ 131.570338][ T6283] binder: 6282:6283 ioctl c0306201 0 returned -14 [ 131.689544][ T6284] binder: 6282:6284 ioctl c0306201 0 returned -14 [ 134.295831][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.303339][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.602173][ T6301] loop0: detected capacity change from 0 to 512 [ 134.763912][ T6301] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.138: inode has both inline data and extents flags [ 134.784155][ T6301] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.138: couldn't read orphan inode 15 (err -117) [ 134.814842][ T6301] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.392632][ T6298] loop2: detected capacity change from 0 to 512 [ 135.434776][ T6298] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 135.562271][ T6298] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.840491][ T6298] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.779850][ T6309] overlayfs: failed to clone upperpath [ 137.143563][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.391818][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.405725][ T6315] 9pnet_fd: Insufficient options for proto=fd [ 137.700464][ T6326] binder: 6325:6326 ioctl c0306201 0 returned -14 [ 139.499971][ T6330] binder: 6325:6330 ioctl c0306201 0 returned -14 [ 139.865754][ T6338] loop2: detected capacity change from 0 to 512 [ 139.891851][ T6338] EXT4-fs: Ignoring removed orlov option [ 139.960634][ T6338] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 140.067984][ T6338] EXT4-fs (loop2): 1 truncate cleaned up [ 140.091844][ T6338] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.207109][ T6343] netlink: 'syz.3.149': attribute type 2 has an invalid length. [ 141.094826][ T6347] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 141.649711][ T6350] overlayfs: failed to clone upperpath [ 141.886899][ T6356] netlink: 16 bytes leftover after parsing attributes in process `syz.0.153'. [ 141.938470][ T5772] EXT4-fs error (device loop2): ext4_lookup:1858: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 142.001744][ T5772] EXT4-fs error (device loop2): ext4_lookup:1858: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 142.528563][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.415157][ T79] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.646806][ T79] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.830582][ T79] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.976604][ T79] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.070534][ T5782] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 145.091182][ T5782] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 145.100466][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 145.112679][ T5782] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 145.121327][ T5782] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 145.130938][ T5782] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 146.307776][ T6383] chnl_net:caif_netlink_parms(): no params data found [ 146.405025][ T6383] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.412582][ T6383] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.420392][ T6383] bridge_slave_0: entered allmulticast mode [ 146.428531][ T6383] bridge_slave_0: entered promiscuous mode [ 146.439704][ T6383] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.447112][ T6383] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.455246][ T6383] bridge_slave_1: entered allmulticast mode [ 146.463513][ T6383] bridge_slave_1: entered promiscuous mode [ 146.502986][ T6383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.516959][ T6383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 146.658815][ T6383] team0: Port device team_slave_0 added [ 146.695649][ T6383] team0: Port device team_slave_1 added [ 147.220378][ T5781] Bluetooth: hci1: command tx timeout [ 147.583130][ T28] audit: type=1326 audit(1774496158.859:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 147.611708][ T6383] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.618746][ T6383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.626404][ T28] audit: type=1326 audit(1774496158.889:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 147.665379][ T6383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.744075][ T28] audit: type=1326 audit(1774496158.889:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 147.800622][ T6383] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.828364][ T28] audit: type=1326 audit(1774496158.889:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 147.859277][ T6383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.889249][ T28] audit: type=1326 audit(1774496158.889:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 147.913168][ T28] audit: type=1326 audit(1774496158.929:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 147.936011][ T28] audit: type=1326 audit(1774496158.929:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 147.968674][ T6383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 147.984029][ T28] audit: type=1326 audit(1774496158.929:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 148.080537][ T6412] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 148.936504][ T28] audit: type=1326 audit(1774496158.929:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 149.129012][ T28] audit: type=1326 audit(1774496158.929:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 149.276818][ T5781] Bluetooth: hci1: command tx timeout [ 149.406436][ T6383] hsr_slave_0: entered promiscuous mode [ 149.420349][ T6383] hsr_slave_1: entered promiscuous mode [ 149.479261][ T6383] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 149.497241][ T6383] Cannot create hsr debugfs directory [ 151.350278][ T5781] Bluetooth: hci1: command tx timeout [ 151.545611][ T6383] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 151.587763][ T6383] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 151.695823][ T6383] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 151.730880][ T6383] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 151.914130][ T6459] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 152.654957][ T79] hsr_slave_0: left promiscuous mode [ 152.661863][ T79] hsr_slave_1: left promiscuous mode [ 152.669337][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.676855][ T79] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.693879][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.717180][ T79] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.738029][ T79] bridge_slave_1: left allmulticast mode [ 152.750619][ T79] bridge_slave_1: left promiscuous mode [ 152.757853][ T79] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.812409][ T79] bridge_slave_0: left allmulticast mode [ 152.818152][ T79] bridge_slave_0: left promiscuous mode [ 152.845225][ T79] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.947817][ T79] veth1_macvtap: left promiscuous mode [ 152.964005][ T79] veth0_macvtap: left promiscuous mode [ 152.984449][ T79] veth1_vlan: left promiscuous mode [ 152.999771][ T79] veth0_vlan: left promiscuous mode [ 153.429347][ T5781] Bluetooth: hci1: command tx timeout [ 155.131835][ T79] team0 (unregistering): Port device team_slave_1 removed [ 155.206502][ T79] team0 (unregistering): Port device team_slave_0 removed [ 155.274821][ T79] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 155.322393][ T79] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 155.695756][ T79] bond0 (unregistering): Released all slaves [ 156.137656][ T6383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.200382][ T6383] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.268486][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.275873][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.328380][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.336472][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.524822][ T6383] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 157.038190][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 157.038206][ T28] audit: type=1326 audit(1774496168.309:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6519 comm="syz.3.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 157.248391][ T28] audit: type=1326 audit(1774496168.309:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6519 comm="syz.3.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 157.420102][ T28] audit: type=1326 audit(1774496168.349:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6519 comm="syz.3.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 157.495183][ T28] audit: type=1326 audit(1774496168.349:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6519 comm="syz.3.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 157.537634][ T28] audit: type=1326 audit(1774496168.349:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6519 comm="syz.3.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 157.582404][ T28] audit: type=1326 audit(1774496168.349:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6519 comm="syz.3.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 157.625808][ T6383] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.629219][ T28] audit: type=1326 audit(1774496168.349:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6519 comm="syz.3.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 157.695382][ T28] audit: type=1326 audit(1774496168.349:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6519 comm="syz.3.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 157.956703][ T6546] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 158.627724][ T6383] veth0_vlan: entered promiscuous mode [ 158.722841][ T6383] veth1_vlan: entered promiscuous mode [ 158.951561][ T6383] veth0_macvtap: entered promiscuous mode [ 158.979687][ T6383] veth1_macvtap: entered promiscuous mode [ 158.999828][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.011041][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.020940][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.032210][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.044033][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.057268][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.072180][ T6383] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.092867][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.119651][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.138727][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.159148][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.229226][ T6383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.261654][ T6383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.295661][ T6383] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.330277][ T6383] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.374107][ T6383] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.389252][ T6383] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.408415][ T6383] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.608317][ T1306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.636992][ T1306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.693864][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.704547][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.251942][ T6583] netlink: 'syz.4.159': attribute type 2 has an invalid length. [ 161.129296][ T6588] loop4: detected capacity change from 0 to 16 [ 161.150361][ T6588] erofs: Unknown parameter '0xffffffffffffffff˙˙' [ 161.373781][ T28] audit: type=1326 audit(1774496172.629:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 161.426361][ T28] audit: type=1326 audit(1774496172.629:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 161.479395][ T6504] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 164.209204][ T5812] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 164.409233][ T5812] usb 5-1: Using ep0 maxpacket: 16 [ 164.417826][ T5812] usb 5-1: unable to get BOS descriptor or descriptor too short [ 164.428882][ T5812] usb 5-1: config 1 has an invalid interface number: 93 but max is 0 [ 164.447438][ T5812] usb 5-1: config 1 has no interface number 0 [ 164.457567][ T5812] usb 5-1: config 1 interface 93 has no altsetting 0 [ 164.477730][ T5812] usb 5-1: New USB device found, idVendor=2c7c, idProduct=0203, bcdDevice=56.2a [ 164.497257][ T5812] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.515973][ T5812] usb 5-1: Product: syz [ 164.535418][ T5812] usb 5-1: Manufacturer: syz [ 164.549299][ T5812] usb 5-1: SerialNumber: syz [ 164.629779][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 164.629796][ T28] audit: type=1326 audit(1774496175.899:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 164.726115][ T28] audit: type=1326 audit(1774496175.899:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 164.807648][ T5812] option 5-1:1.93: GSM modem (1-port) converter detected [ 164.857744][ T5812] usb 5-1: GSM modem (1-port) converter now attached to ttyUSB0 [ 164.912624][ T5812] usb 5-1: USB disconnect, device number 2 [ 164.964680][ T5812] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0 [ 164.992521][ T5812] option 5-1:1.93: device disconnected [ 166.010892][ T5812] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 166.055956][ T6670] 9pnet: Could not find request transport: fd00000000000000000010 [ 166.219341][ T5812] usb 5-1: Using ep0 maxpacket: 32 [ 166.297589][ T5812] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xA6, skipping [ 166.482225][ T5812] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 166.719619][ T5812] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 166.777513][ T5812] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 166.814642][ T5812] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.843286][ T5812] usb 5-1: Product: syz [ 166.847620][ T5812] usb 5-1: Manufacturer: syz [ 166.889178][ T5812] usb 5-1: SerialNumber: syz [ 166.934126][ T5812] usb 5-1: config 0 descriptor?? [ 167.534560][ T28] audit: type=1326 audit(1774496178.699:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.0.218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9acc19c799 code=0x7ffc0000 [ 167.616774][ T28] audit: type=1326 audit(1774496178.699:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6686 comm="syz.0.218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9acc19c799 code=0x7ffc0000 [ 168.607491][ T5815] usb 5-1: USB disconnect, device number 3 [ 168.795759][ T6725] 9pnet_fd: Insufficient options for proto=fd [ 169.318393][ T5815] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 169.550082][ T5815] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 169.581461][ T5815] usb 5-1: config 0 has no interface number 0 [ 169.609487][ T5815] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 169.619033][ T5815] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.642768][ T5815] usb 5-1: config 0 descriptor?? [ 169.660942][ T5815] usb 5-1: selecting invalid altsetting 1 [ 169.678132][ T5815] dvb_ttusb_budget: ttusb_init_controller: error [ 169.687003][ T5815] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 169.878566][ T28] audit: type=1326 audit(1774496181.149:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 170.011256][ T28] audit: type=1326 audit(1774496181.149:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 170.063121][ T5815] DVB: Unable to find symbol cx22700_attach() [ 170.070840][ T6722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.094601][ T6722] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 170.130838][ T6722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.167420][ T6722] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 170.224150][ T5815] DVB: Unable to find symbol tda10046_attach() [ 170.238987][ T5815] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 170.269544][ T5815] usb 5-1: USB disconnect, device number 4 [ 173.349360][ T5812] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 173.563221][ T5812] usb 5-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 173.589710][ T5812] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.610322][ T5812] usb 5-1: config 0 descriptor?? [ 173.823241][ T5812] hackrf 5-1:0.0: usb_control_msg() failed -71 request 0e [ 173.838921][ T5812] hackrf 5-1:0.0: Could not detect board [ 173.851616][ T5812] hackrf: probe of 5-1:0.0 failed with error -71 [ 173.872215][ T5812] usb 5-1: USB disconnect, device number 5 [ 174.721715][ T5813] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 175.849769][ T5813] usb 5-1: Using ep0 maxpacket: 8 [ 175.873131][ T5813] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 175.901546][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.922575][ T5813] usb 5-1: Product: syz [ 175.939298][ T5813] usb 5-1: Manufacturer: syz [ 175.947279][ T5813] usb 5-1: SerialNumber: syz [ 175.971197][ T5813] usb 5-1: config 0 descriptor?? [ 176.211224][ T5813] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 177.841477][ T5813] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 177.895164][ T5813] dvbdev: DVB: registering new adapter (TerraTec NOXON DAB Stick) [ 177.934459][ T5813] usb 5-1: media controller created [ 178.105744][ T5813] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 178.430095][ T5813] i2c i2c-1: Added multiplexed i2c bus 2 [ 178.435835][ T5813] rtl2832 1-0010: Realtek RTL2832 successfully attached [ 178.454993][ T5813] usb 5-1: DVB: registering adapter 1 frontend 0 (Realtek RTL2832 (DVB-T))... [ 178.476254][ T5813] dvbdev: dvb_create_media_entity: media entity 'Realtek RTL2832 (DVB-T)' registered. [ 178.974258][ T5813] usb 5-1: USB disconnect, device number 6 [ 179.204033][ T6858] netlink: 4 bytes leftover after parsing attributes in process `syz.3.252'. [ 179.374426][ T5813] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 179.579144][ T5813] usb 5-1: Using ep0 maxpacket: 16 [ 179.601385][ T5813] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.619119][ T5813] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.628941][ T5813] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 179.639862][ T6866] 9pnet_fd: Insufficient options for proto=fd [ 179.669267][ T5813] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 179.678687][ T5813] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.699969][ T5813] usb 5-1: config 0 descriptor?? [ 180.178615][ T6849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.206618][ T6849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.254009][ T5813] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 180.274281][ T5813] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 180.289584][ T5813] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 180.316339][ T5813] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 180.334966][ T5813] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 180.360755][ T5813] input: HID 0955:7214 Haptics as /devices/virtual/input/input5 [ 180.438212][ T5813] shield 0003:0955:7214.0001: Registered Thunderstrike controller [ 180.458683][ T5813] shield 0003:0955:7214.0001: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 180.553455][ T27] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 180.586051][ T5813] usb 5-1: USB disconnect, device number 7 [ 180.593565][ T27] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 180.640346][ T27] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 180.677033][ T27] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 183.113272][ T6899] capability: warning: `syz.4.261' uses 32-bit capabilities (legacy support in use) [ 193.128062][ T7044] overlayfs: failed to clone upperpath [ 194.713797][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.720825][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.450878][ T28] audit: type=1326 audit(1774496206.729:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7065 comm="syz.4.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 195.533089][ T28] audit: type=1326 audit(1774496206.759:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7065 comm="syz.4.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 195.643675][ T28] audit: type=1326 audit(1774496206.759:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7065 comm="syz.4.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 195.722590][ T28] audit: type=1326 audit(1774496206.759:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7065 comm="syz.4.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 195.798458][ T28] audit: type=1326 audit(1774496206.759:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7065 comm="syz.4.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 196.022708][ T28] audit: type=1326 audit(1774496206.759:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7065 comm="syz.4.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 197.280561][ T7095] Zero length message leads to an empty skb [ 198.935193][ T28] audit: type=1326 audit(1774496210.179:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7112 comm="syz.3.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 199.054437][ T28] audit: type=1326 audit(1774496210.179:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7112 comm="syz.3.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 199.156111][ T28] audit: type=1326 audit(1774496210.179:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7112 comm="syz.3.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 199.279163][ T28] audit: type=1326 audit(1774496210.179:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7112 comm="syz.3.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x7ffc0000 [ 201.630063][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 201.630079][ T28] audit: type=1326 audit(1774496212.899:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7198 comm="syz.4.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 201.758610][ T28] audit: type=1326 audit(1774496212.939:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7198 comm="syz.4.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 201.794100][ T28] audit: type=1326 audit(1774496212.939:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7198 comm="syz.4.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 201.821450][ T28] audit: type=1326 audit(1774496212.939:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7198 comm="syz.4.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 201.878237][ T28] audit: type=1326 audit(1774496212.939:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7198 comm="syz.4.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 201.907132][ T28] audit: type=1326 audit(1774496212.939:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7198 comm="syz.4.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 201.988364][ T5083] Bluetooth: hci0: command 0x0406 tx timeout [ 201.996835][ T5083] Bluetooth: hci3: command 0x0406 tx timeout [ 202.004696][ T5083] Bluetooth: hci2: command 0x0406 tx timeout [ 202.049865][ T28] audit: type=1326 audit(1774496212.939:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7198 comm="syz.4.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x7ffc0000 [ 207.821111][ T7277] overlayfs: failed to clone upperpath [ 209.275533][ T7288] netlink: 'syz.4.364': attribute type 2 has an invalid length. [ 213.160478][ T7316] netlink: 'syz.1.374': attribute type 2 has an invalid length. [ 218.885485][ T28] audit: type=1326 audit(1774496230.159:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 218.940089][ T28] audit: type=1326 audit(1774496230.179:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 219.008737][ T28] audit: type=1326 audit(1774496230.189:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 219.079263][ T28] audit: type=1326 audit(1774496230.189:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 219.131159][ T28] audit: type=1326 audit(1774496230.189:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 219.181170][ T7387] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 219.278882][ T28] audit: type=1326 audit(1774496230.189:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 219.369447][ T28] audit: type=1326 audit(1774496230.189:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 221.205838][ T28] audit: type=1326 audit(1774496232.479:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7404 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 221.269433][ T28] audit: type=1326 audit(1774496232.479:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7404 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 221.303353][ T28] audit: type=1326 audit(1774496232.509:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7404 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f022d59c799 code=0x7ffc0000 [ 222.728486][ T7420] overlayfs: failed to clone upperpath [ 229.282884][ T7485] netlink: 'syz.4.427': attribute type 2 has an invalid length. [ 231.181031][ T7509] overlayfs: failed to resolve './file0': -2 [ 231.216798][ T7509] fuse: Bad value for 'fd' [ 231.235751][ T7509] 9pnet_fd: Insufficient options for proto=fd [ 231.979991][ T7529] netlink: 'syz.1.444': attribute type 2 has an invalid length. [ 235.210088][ T7554] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 236.774783][ T7570] netlink: 12 bytes leftover after parsing attributes in process `syz.0.457'. [ 237.024752][ T7575] netlink: 'syz.3.456': attribute type 2 has an invalid length. [ 238.086054][ T7592] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 239.876905][ T7615] netlink: 'syz.3.471': attribute type 2 has an invalid length. [ 243.297240][ T7621] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 244.032652][ T7635] netlink: 'syz.1.484': attribute type 2 has an invalid length. [ 244.347000][ T7642] overlayfs: failed to clone upperpath [ 247.640549][ T7676] netlink: 104 bytes leftover after parsing attributes in process `syz.1.491'. [ 247.658785][ T7675] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 249.199363][ T7719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.509'. [ 250.260624][ T7753] netlink: 4 bytes leftover after parsing attributes in process `syz.1.522'. [ 250.891331][ T7770] netlink: 'syz.3.525': attribute type 2 has an invalid length. [ 251.926326][ T7776] netlink: 4 bytes leftover after parsing attributes in process `syz.3.530'. [ 256.175403][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.187446][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.738501][ T7934] sctp: failed to load transform for md5: -2 [ 262.804263][ T7965] overlayfs: failed to clone upperpath [ 264.152913][ T8015] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 265.582646][ T8057] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 267.407945][ T8086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.644'. [ 268.408920][ T8103] netlink: 4 bytes leftover after parsing attributes in process `syz.4.649'. [ 268.432102][ T8103] bond_slave_0: entered promiscuous mode [ 268.438301][ T8103] bond_slave_1: entered promiscuous mode [ 268.453589][ T8103] macvtap1: entered promiscuous mode [ 268.462993][ T8103] bond0: entered promiscuous mode [ 268.473915][ T8103] macvtap1: entered allmulticast mode [ 268.482539][ T5782] Bluetooth: hci1: command 0x0406 tx timeout [ 268.489525][ T8103] bond0: entered allmulticast mode [ 268.494940][ T8103] bond_slave_0: entered allmulticast mode [ 268.501441][ T8103] bond_slave_1: entered allmulticast mode [ 268.508762][ T8103] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 269.277871][ T8138] bridge0: port 3(syz_tun) entered blocking state [ 269.298875][ T8138] bridge0: port 3(syz_tun) entered disabled state [ 269.306248][ T8138] syz_tun: entered allmulticast mode [ 269.315959][ T8138] syz_tun: entered promiscuous mode [ 269.325051][ T8138] bridge0: port 3(syz_tun) entered blocking state [ 269.332670][ T8138] bridge0: port 3(syz_tun) entered forwarding state [ 269.344329][ T8140] netlink: 'syz.0.662': attribute type 10 has an invalid length. [ 269.355335][ T8140] bridge0: port 3(syz_tun) entered disabled state [ 269.362492][ T8140] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.371971][ T8140] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.413042][ T8140] bridge0: port 3(syz_tun) entered blocking state [ 269.419715][ T8140] bridge0: port 3(syz_tun) entered forwarding state [ 269.428272][ T8140] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.435689][ T8140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 269.443286][ T8140] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.450570][ T8140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 269.484509][ T8140] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 270.310187][ T8156] xt_hashlimit: size too large, truncated to 1048576 [ 270.370956][ T8157] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 271.443594][ T8170] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 272.443935][ T8186] netlink: 12 bytes leftover after parsing attributes in process `syz.1.678'. [ 274.167701][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.4.686'. [ 281.139245][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 281.139264][ T28] audit: type=1326 audit(1774496292.389:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8293 comm="syz.4.713" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff4d579c799 code=0x0 [ 282.957261][ T8319] tipc: Enabling of bearer rejected, failed to enable media [ 283.547458][ T8333] xt_hashlimit: size too large, truncated to 1048576 [ 284.776338][ T8350] tipc: Enabling of bearer rejected, failed to enable media [ 285.071695][ T8355] netlink: 'syz.4.730': attribute type 2 has an invalid length. [ 287.094555][ T8387] netlink: 80 bytes leftover after parsing attributes in process `syz.1.742'. [ 287.140511][ T8387] netlink: 80 bytes leftover after parsing attributes in process `syz.1.742'. [ 293.410000][ T8496] netlink: 4 bytes leftover after parsing attributes in process `syz.1.785'. [ 303.322077][ T8588] team0 (unregistering): Port device team_slave_0 removed [ 303.621854][ T8588] team0 (unregistering): Port device team_slave_1 removed [ 303.688643][ T28] audit: type=1326 audit(1774496314.959:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.3.817" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x0 [ 305.637104][ T8633] overlayfs: failed to clone upperpath [ 306.924980][ T8646] netlink: 'syz.1.840': attribute type 32 has an invalid length. [ 306.950353][ T8646] (unnamed net_device) (uninitialized): option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 307.645460][ T28] audit: type=1326 audit(1774496318.919:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8638 comm="syz.3.838" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x0 [ 310.461770][ T28] audit: type=1326 audit(1774496321.739:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.857" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f86bf79c799 code=0x0 [ 311.961881][ T8730] netlink: 'syz.1.864': attribute type 2 has an invalid length. [ 316.282203][ T8773] netlink: 'syz.0.883': attribute type 2 has an invalid length. [ 317.609737][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.616180][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.954391][ T8797] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 319.374703][ T8816] netlink: 'syz.3.899': attribute type 2 has an invalid length. [ 320.338171][ T28] audit: type=1326 audit(1774496331.609:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8804 comm="syz.0.898" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9acc19c799 code=0x0 [ 321.437660][ T8845] netlink: 'syz.3.908': attribute type 2 has an invalid length. [ 322.841510][ T28] audit: type=1326 audit(1774496334.099:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8846 comm="syz.1.913" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f022d59c799 code=0x0 [ 324.641915][ T8886] netlink: 'syz.1.923': attribute type 2 has an invalid length. [ 325.292184][ T8885] netlink: 'syz.4.925': attribute type 6 has an invalid length. [ 326.340288][ T8911] netlink: 'syz.4.934': attribute type 2 has an invalid length. [ 328.329506][ T8931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.941'. [ 328.351659][ T8931] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 328.775788][ T8942] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 328.880145][ T8943] netlink: 'syz.3.945': attribute type 2 has an invalid length. [ 330.169312][ T8960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.952'. [ 332.098008][ T8977] netlink: 'syz.3.957': attribute type 2 has an invalid length. [ 333.005368][ T8979] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 333.030517][ T8979] batadv_slave_0: entered promiscuous mode [ 333.036510][ T8979] batadv_slave_0: entered allmulticast mode [ 333.291472][ T8981] netlink: 8 bytes leftover after parsing attributes in process `syz.3.959'. [ 333.528508][ T8987] netlink: 8 bytes leftover after parsing attributes in process `syz.4.962'. [ 334.106384][ T9003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.969'. [ 334.189870][ T9004] netlink: 'syz.3.966': attribute type 2 has an invalid length. [ 335.014699][ T9013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.971'. [ 335.138911][ T9015] 9pnet_fd: Insufficient options for proto=fd [ 336.515235][ T9031] netlink: 8 bytes leftover after parsing attributes in process `syz.0.980'. [ 337.395937][ T9037] bridge0: port 3(syz_tun) entered disabled state [ 337.403575][ T9037] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.410923][ T9037] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.508016][ T9035] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 338.060579][ T9048] bridge0: port 3(syz_tun) entered blocking state [ 338.067178][ T9048] bridge0: port 3(syz_tun) entered disabled state [ 338.080287][ T9048] syz_tun: entered allmulticast mode [ 338.087253][ T9048] syz_tun: entered promiscuous mode [ 338.093360][ T9048] bridge0: port 3(syz_tun) entered blocking state [ 338.100783][ T9048] bridge0: port 3(syz_tun) entered forwarding state [ 338.119497][ T9053] netlink: 'syz.1.987': attribute type 10 has an invalid length. [ 338.175450][ T9053] bridge0: port 3(syz_tun) entered disabled state [ 338.182308][ T9053] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.190261][ T9053] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.259105][ T9053] bridge0: port 3(syz_tun) entered blocking state [ 338.265879][ T9053] bridge0: port 3(syz_tun) entered forwarding state [ 338.272946][ T9053] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.280201][ T9053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 338.287821][ T9053] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.295158][ T9053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 338.520301][ T9053] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 339.490422][ T9070] netlink: 24 bytes leftover after parsing attributes in process `syz.1.994'. [ 339.694165][ C1] dccp_invalid_packet: pskb_may_pull failed [ 341.530587][ T9094] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1004'. [ 343.274854][ T9121] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1016'. [ 343.669254][ T9133] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1021'. [ 344.026866][ T9139] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 348.242484][ T9205] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1051'. [ 348.520952][ T9217] xt_hashlimit: size too large, truncated to 1048576 [ 348.733550][ T9222] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 351.949603][ T9259] netlink: 'syz.0.1067': attribute type 2 has an invalid length. [ 353.265298][ T9273] 9pnet_fd: Insufficient options for proto=fd [ 355.292541][ T9296] netlink: 'syz.3.1077': attribute type 2 has an invalid length. [ 356.236223][ T9299] 9pnet_fd: Insufficient options for proto=fd [ 360.701935][ T9388] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1115'. [ 360.897860][ T9390] overlayfs: missing 'lowerdir' [ 362.867291][ T9432] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1131'. [ 363.522122][ T9455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1140'. [ 364.417859][ T9480] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1149'. [ 364.820247][ T9488] netlink: 'syz.4.1151': attribute type 2 has an invalid length. [ 365.748905][ T9501] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1157'. [ 365.891131][ T9509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1160'. [ 366.592925][ T9523] netlink: 'syz.0.1163': attribute type 2 has an invalid length. [ 367.457419][ T9529] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1167'. [ 367.632460][ T9537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1170'. [ 369.517324][ T9555] netlink: 'syz.3.1176': attribute type 2 has an invalid length. [ 369.846610][ T9561] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1178'. [ 370.177593][ T9576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1181'. [ 370.676552][ T9592] overlayfs: failed to clone upperpath [ 372.484656][ T9621] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1197'. [ 372.835084][ T9629] overlayfs: failed to clone upperpath [ 374.997958][ T9658] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 375.006949][ T9658] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 375.015558][ T9658] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 377.550626][ T9690] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 377.559752][ T9690] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 377.568291][ T9690] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 379.079958][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.086536][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.083785][ T9727] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 380.094148][ T9727] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 380.102969][ T9727] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 383.235146][ T9774] overlayfs: missing 'lowerdir' [ 384.131463][ T9773] team0 (unregistering): Port device team_slave_0 removed [ 384.197192][ T9773] team0 (unregistering): Port device team_slave_1 removed [ 385.859013][ T9803] overlayfs: missing 'lowerdir' [ 392.035958][ T9877] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1287'. [ 393.385646][ T9901] 9pnet_fd: Insufficient options for proto=fd [ 393.891358][ T9908] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1298'. [ 393.914036][ T9908] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 395.273007][ T9931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1308'. [ 395.405836][ T9936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1310'. [ 395.656282][ T9940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1311'. [ 395.718845][ T9940] bond_slave_0: entered promiscuous mode [ 395.725547][ T9940] bond_slave_1: entered promiscuous mode [ 395.770758][ T9940] vlan2: entered promiscuous mode [ 395.789311][ T9940] bond0: entered promiscuous mode [ 398.857215][ T9966] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1319'. [ 400.530029][ T9994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1331'. [ 400.605786][ T9994] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 403.389523][T10033] netlink: 'syz.0.1345': attribute type 4 has an invalid length. [ 403.472113][T10035] netlink: 'syz.0.1345': attribute type 4 has an invalid length. [ 404.139184][T10042] netlink: 'syz.3.1349': attribute type 6 has an invalid length. [ 405.842756][T10078] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1364'. [ 405.916239][T10078] gretap0: entered promiscuous mode [ 405.942189][T10078] vlan2: entered promiscuous mode [ 406.771544][T10085] netlink: 'syz.0.1367': attribute type 6 has an invalid length. [ 410.195581][T10124] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1379'. [ 410.727937][T10135] overlayfs: failed to clone upperpath [ 414.084595][T10173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1394'. [ 414.121851][T10173] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1394'. [ 414.603029][T10180] overlayfs: failed to clone upperpath [ 415.903343][T10188] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1398'. [ 416.490641][T10206] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1407'. [ 416.639900][T10210] overlayfs: failed to clone upperpath [ 418.508003][T10237] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1417'. [ 420.445839][T10250] overlayfs: failed to clone upperpath [ 421.628028][T10265] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1427'. [ 422.204122][T10282] overlayfs: failed to clone upperpath [ 424.399251][T10326] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1449'. [ 424.504116][T10328] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 426.743556][T10361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1466'. [ 427.831731][T10392] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1479'. [ 427.841959][T10392] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1479'. [ 428.012555][T10399] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 428.290275][T10411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1484'. [ 429.370661][T10428] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1491'. [ 429.380938][T10428] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1491'. [ 430.049240][T10423] syz.0.1490: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 430.095770][T10423] CPU: 0 PID: 10423 Comm: syz.0.1490 Not tainted syzkaller #0 [ 430.103407][T10423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 430.113607][T10423] Call Trace: [ 430.116923][T10423] [ 430.119891][T10423] dump_stack_lvl+0x18c/0x250 [ 430.124640][T10423] ? show_regs_print_info+0x20/0x20 [ 430.129897][T10423] ? load_image+0x400/0x400 [ 430.134549][T10423] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 430.141023][T10423] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 430.148005][T10423] warn_alloc+0x246/0x340 [ 430.152397][T10423] ? zone_watermark_ok_safe+0x230/0x230 [ 430.158013][T10423] ? _raw_spin_unlock+0x28/0x40 [ 430.162974][T10423] __vmalloc_node_range+0x662/0x1330 [ 430.168312][T10423] ? __asan_memset+0x22/0x40 [ 430.172977][T10423] ? free_vm_area+0x50/0x50 [ 430.177524][T10423] ? kvmalloc_node+0x70/0x180 [ 430.182243][T10423] ? rcu_is_watching+0x15/0xb0 [ 430.187058][T10423] ? kvmalloc_node+0x70/0x180 [ 430.191789][T10423] ? trace_kmalloc+0x1f/0x90 [ 430.196528][T10423] kvmalloc_node+0x13f/0x180 [ 430.201345][T10423] ? translate_table+0x192/0x2090 [ 430.206594][T10423] translate_table+0x192/0x2090 [ 430.211602][T10423] ? ip6t_register_table+0x7e0/0x7e0 [ 430.216934][T10423] ? __might_fault+0xaa/0x120 [ 430.221650][T10423] ? __lock_acquire+0x7d40/0x7d40 [ 430.226718][T10423] ? __virt_addr_valid+0x18c/0x540 [ 430.231898][T10423] ? __might_fault+0xaa/0x120 [ 430.236612][T10423] ? __might_fault+0xc6/0x120 [ 430.241322][T10423] ? __might_fault+0xaa/0x120 [ 430.246140][T10423] do_ip6t_set_ctl+0x9fc/0xe10 [ 430.250984][T10423] ? ip6t_unregister_table_exit+0x230/0x230 [ 430.256915][T10423] ? __lock_acquire+0x7d40/0x7d40 [ 430.261959][T10423] ? rcu_is_watching+0x15/0xb0 [ 430.266742][T10423] ? trace_contention_end+0x39/0xe0 [ 430.271959][T10423] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 430.277611][T10423] ? mutex_unlock+0x10/0x10 [ 430.282379][T10423] ? __raw_spin_lock_init+0x45/0x100 [ 430.287691][T10423] ? mutex_lock_nested+0x20/0x20 [ 430.292649][T10423] nf_setsockopt+0x263/0x280 [ 430.297261][T10423] ? sock_common_recvmsg+0x190/0x190 [ 430.302569][T10423] smc_setsockopt+0x243/0xac0 [ 430.307277][T10423] ? smc_shutdown+0x9b0/0x9b0 [ 430.311969][T10423] ? __fget_files+0x28/0x4b0 [ 430.316669][T10423] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 430.322300][T10423] ? security_socket_setsockopt+0x7e/0xa0 [ 430.328093][T10423] ? smc_shutdown+0x9b0/0x9b0 [ 430.332897][T10423] do_sock_setsockopt+0x175/0x1a0 [ 430.338062][T10423] ? __fdget+0x180/0x210 [ 430.342358][T10423] __x64_sys_setsockopt+0x182/0x200 [ 430.347596][T10423] do_syscall_64+0x55/0xa0 [ 430.352032][T10423] ? clear_bhb_loop+0x40/0x90 [ 430.356911][T10423] ? clear_bhb_loop+0x40/0x90 [ 430.361690][T10423] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 430.367600][T10423] RIP: 0033:0x7f9acc19c799 [ 430.372027][T10423] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 430.391749][T10423] RSP: 002b:00007f9aca3f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 430.400290][T10423] RAX: ffffffffffffffda RBX: 00007f9acc415fa0 RCX: 00007f9acc19c799 [ 430.408363][T10423] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 430.416441][T10423] RBP: 00007f9acc232c99 R08: 0000000000000330 R09: 0000000000000000 [ 430.424447][T10423] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 430.432645][T10423] R13: 00007f9acc416038 R14: 00007f9acc415fa0 R15: 00007ffd8c854fc8 [ 430.440748][T10423] [ 430.466111][T10423] Mem-Info: [ 430.495981][T10423] active_anon:7527 inactive_anon:0 isolated_anon:0 [ 430.495981][T10423] active_file:10807 inactive_file:40105 isolated_file:0 [ 430.495981][T10423] unevictable:768 dirty:80 writeback:0 [ 430.495981][T10423] slab_reclaimable:10491 slab_unreclaimable:92875 [ 430.495981][T10423] mapped:25841 shmem:2972 pagetables:620 [ 430.495981][T10423] sec_pagetables:0 bounce:0 [ 430.495981][T10423] kernel_misc_reclaimable:0 [ 430.495981][T10423] free:1336130 free_pcp:9907 free_cma:0 [ 430.558883][T10423] Node 0 active_anon:33808kB inactive_anon:0kB active_file:43228kB inactive_file:160220kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107064kB dirty:320kB writeback:0kB shmem:14052kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10620kB pagetables:2380kB sec_pagetables:0kB all_unreclaimable? no [ 430.664912][T10423] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 430.784631][T10448] netlink: 'syz.3.1496': attribute type 2 has an invalid length. [ 431.099256][T10423] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 431.193901][T10423] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 431.204043][T10423] Node 0 DMA32 free:1422432kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:43768kB inactive_anon:0kB active_file:43228kB inactive_file:159396kB unevictable:1536kB writepending:320kB present:3129332kB managed:2586956kB mlocked:0kB bounce:0kB free_pcp:19852kB local_pcp:3536kB free_cma:0kB [ 431.318699][T10423] lowmem_reserve[]: 0 0 0 0 0 [ 431.329486][T10423] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 431.372967][T10423] lowmem_reserve[]: 0 0 0 0 0 [ 431.377797][T10423] Node 1 Normal free:3892872kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:21032kB local_pcp:12612kB free_cma:0kB [ 431.407967][T10423] lowmem_reserve[]: 0 0 0 0 0 [ 431.413800][T10423] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 431.415235][T10450] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 431.437577][T10423] Node 0 DMA32: 101*4kB (UME) 169*8kB (UME) 35*16kB (M) 162*32kB (ME) 145*64kB (ME) 33*128kB (ME) 11*256kB (ME) 6*512kB (UM) 8*1024kB (UME) 4*2048kB (UM) 338*4096kB (M) = 1427724kB [ 431.456045][T10423] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 431.469099][T10423] Node 1 Normal: 226*4kB (UME) 54*8kB (UME) 45*16kB (UME) 50*32kB (UME) 21*64kB (UME) 10*128kB (UME) 2*256kB (UM) 2*512kB (UE) 2*1024kB (UE) 2*2048kB (UE) 947*4096kB (M) = 3892872kB [ 431.487599][T10450] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 431.487852][T10423] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 431.506145][T10423] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 431.507349][T10450] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 431.516110][T10423] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 431.516135][T10423] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 431.516151][T10423] 55145 total pagecache pages [ 431.516159][T10423] 0 pages in swap cache [ 431.516166][T10423] Free swap = 124704kB [ 431.516174][T10423] Total swap = 124996kB [ 431.516184][T10423] 2097051 pages RAM [ 431.516191][T10423] 0 pages HighMem/MovableOnly [ 431.516199][T10423] 416926 pages reserved [ 431.526101][T10450] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 431.550486][T10423] 0 pages cma reserved [ 431.701087][T10455] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1502'. [ 431.737942][T10455] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.745312][T10455] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.013199][T10462] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1504'. [ 432.031377][T10462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1504'. [ 433.645040][T10485] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1513'. [ 433.671127][T10485] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1513'. [ 435.696034][T10513] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1522'. [ 435.819288][T10516] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1523'. [ 435.839259][T10516] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1523'. [ 436.535964][T10529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1528'. [ 436.740543][T10531] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 436.766449][T10531] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 436.798012][T10531] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 436.824904][T10531] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 437.922628][T10542] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1533'. [ 438.167078][T10553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1537'. [ 438.724748][T10571] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1544'. [ 440.474314][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.489021][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.555212][T10593] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 440.705430][T10599] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1553'. [ 442.554221][T10627] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1563'. [ 443.790984][T10659] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1576'. [ 443.919873][T10663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1578'. [ 444.759239][T10683] netlink: 'syz.4.1584': attribute type 2 has an invalid length. [ 445.344819][T10685] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1588'. [ 447.472052][T10717] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1599'. [ 447.850612][T10723] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1600'. [ 449.269865][T10748] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1610'. [ 450.297053][T10784] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1625'. [ 450.522964][T10790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1628'. [ 451.769292][T10822] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1641'. [ 454.941352][T10875] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1662'. [ 455.699645][T10889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1669'. [ 456.802971][T10915] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1680'. [ 457.064232][T10933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1686'. [ 457.076371][T10934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1687'. [ 457.137282][T10933] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1686'. [ 457.162271][T10933] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1686'. [ 457.212655][T10933] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1686'. [ 457.723373][T10950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1695'. [ 458.388229][T10976] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1708'. [ 460.251262][ T28] audit: type=1326 audit(1774496471.529:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.0.1739" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9acc19c799 code=0x0 [ 460.399505][T11048] netlink: 'syz.1.1734': attribute type 2 has an invalid length. [ 460.728436][T11054] __nla_validate_parse: 2 callbacks suppressed [ 460.728454][T11054] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1742'. [ 460.953985][T11061] netlink: 'syz.1.1746': attribute type 3 has an invalid length. [ 460.962164][T11061] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1746'. [ 460.971855][T11061] ------------[ cut here ]------------ [ 460.977354][T11061] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16) [ 460.991406][T11061] WARNING: CPU: 0 PID: 11061 at net/sched/cls_u32.c:855 u32_change+0x1c5a/0x24f0 [ 461.000897][T11061] Modules linked in: [ 461.004924][T11061] CPU: 0 PID: 11061 Comm: syz.1.1746 Not tainted syzkaller #0 [ 461.012639][T11061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 461.023121][T11061] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 461.028462][T11061] Code: f8 eb 59 e8 58 b0 d8 f8 c6 05 35 39 c7 05 01 b9 10 00 00 00 48 c7 c7 80 5c c7 8b 4c 89 f6 48 c7 c2 00 5d c7 8b e8 66 68 a2 f8 <0f> 0b e9 86 f0 ff ff e8 2a b0 d8 f8 eb 24 e8 23 b0 d8 f8 c6 05 d7 [ 461.048432][T11061] RSP: 0018:ffffc9000c0a6d40 EFLAGS: 00010246 [ 461.054704][T11061] RAX: a941d26d0d804800 RBX: ffff888052352400 RCX: 0000000000080000 [ 461.062860][T11061] RDX: ffffc9000d25a000 RSI: 00000000000085c0 RDI: 00000000000085c1 [ 461.071185][T11061] RBP: ffffc9000c0a6ef8 R08: ffffc9000c0a6947 R09: 1ffff92001814d28 [ 461.079297][T11061] R10: dffffc0000000000 R11: fffff52001814d29 R12: ffff888052352000 [ 461.087355][T11061] R13: ffff8880523520e8 R14: 0000000000000020 R15: ffff88802fbdbb80 [ 461.095466][T11061] FS: 00007f022e4416c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 461.104683][T11061] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 461.111674][T11061] CR2: 0000000000000000 CR3: 0000000053c2d000 CR4: 00000000003506f0 [ 461.120731][T11061] Call Trace: [ 461.124056][T11061] [ 461.127022][T11061] ? tc_new_tfilter+0x8f7/0x17c0 [ 461.132149][T11061] ? u32_get+0x370/0x370 [ 461.136655][T11061] ? u32_get+0x370/0x370 [ 461.141004][T11061] tc_new_tfilter+0x11f9/0x17c0 [ 461.146029][T11061] ? tcf_proto_signal_destroying+0x240/0x240 [ 461.152146][T11061] ? rcu_read_unlock+0x8c/0xa0 [ 461.156964][T11061] ? tcf_proto_signal_destroying+0x240/0x240 [ 461.163187][T11061] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 461.168432][T11061] ? tcf_proto_signal_destroying+0x240/0x240 [ 461.174676][T11061] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 461.179744][T11061] ? lockdep_hardirqs_on+0x98/0x150 [ 461.184998][T11061] ? rtnetlink_bind+0x80/0x80 [ 461.190199][T11061] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 461.196235][T11061] ? lock_chain_count+0x20/0x20 [ 461.201298][T11061] ? __local_bh_enable_ip+0x13a/0x1c0 [ 461.206793][T11061] ? lockdep_hardirqs_on+0x98/0x150 [ 461.212141][T11061] ? __local_bh_enable_ip+0x13a/0x1c0 [ 461.217652][T11061] ? _local_bh_enable+0xa0/0xa0 [ 461.223065][T11061] ? __dev_queue_xmit+0x265/0x3660 [ 461.228482][T11061] ? __dev_queue_xmit+0x265/0x3660 [ 461.233687][T11061] ? __dev_queue_xmit+0x1b2c/0x3660 [ 461.239013][T11061] ? __dev_queue_xmit+0x265/0x3660 [ 461.244190][T11061] ? ref_tracker_free+0x690/0x840 [ 461.249405][T11061] netlink_rcv_skb+0x241/0x4d0 [ 461.254226][T11061] ? rtnetlink_bind+0x80/0x80 [ 461.259045][T11061] ? netlink_ack+0x1180/0x1180 [ 461.263965][T11061] ? __lock_acquire+0x7d40/0x7d40 [ 461.269241][T11061] ? netlink_deliver_tap+0x2e/0x1b0 [ 461.274517][T11061] netlink_unicast+0x751/0x8d0 [ 461.279469][T11061] netlink_sendmsg+0x8d0/0xbf0 [ 461.284298][T11061] ? netlink_getsockopt+0x590/0x590 [ 461.289790][T11061] ? aa_sock_msg_perm+0x94/0x150 [ 461.294795][T11061] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 461.300427][T11061] ? security_socket_sendmsg+0x80/0xa0 [ 461.306023][T11061] ? netlink_getsockopt+0x590/0x590 [ 461.311350][T11061] ____sys_sendmsg+0x5ba/0x960 [ 461.316261][T11061] ? __asan_memset+0x22/0x40 [ 461.320976][T11061] ? __sys_sendmsg_sock+0x30/0x30 [ 461.326046][T11061] ? __import_iovec+0x5f2/0x850 [ 461.331031][T11061] ? import_iovec+0x73/0xa0 [ 461.335589][T11061] ___sys_sendmsg+0x2a6/0x360 [ 461.340391][T11061] ? __sys_sendmsg+0x2a0/0x2a0 [ 461.345206][T11061] __sys_sendmmsg+0x2ca/0x510 [ 461.350136][T11061] ? __ia32_sys_sendmsg+0x90/0x90 [ 461.355192][T11061] ? __ia32_sys_get_robust_list+0x110/0x110 [ 461.361381][T11061] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 461.367415][T11061] ? lock_chain_count+0x20/0x20 [ 461.372406][T11061] __x64_sys_sendmmsg+0xa0/0xb0 [ 461.377374][T11061] do_syscall_64+0x55/0xa0 [ 461.382002][T11061] ? clear_bhb_loop+0x40/0x90 [ 461.386765][T11061] ? clear_bhb_loop+0x40/0x90 [ 461.391550][T11061] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 461.397587][T11061] RIP: 0033:0x7f022d59c799 [ 461.402157][T11061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 461.422181][T11061] RSP: 002b:00007f022e441028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 461.431014][T11061] RAX: ffffffffffffffda RBX: 00007f022d815fa0 RCX: 00007f022d59c799 [ 461.439112][T11061] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006 [ 461.447134][T11061] RBP: 00007f022d632c99 R08: 0000000000000000 R09: 0000000000000000 [ 461.455215][T11061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 461.463435][T11061] R13: 00007f022d816038 R14: 00007f022d815fa0 R15: 00007fff30fde318 [ 461.471627][T11061] [ 461.474697][T11061] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 461.481978][T11061] CPU: 0 PID: 11061 Comm: syz.1.1746 Not tainted syzkaller #0 [ 461.489433][T11061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 461.499520][T11061] Call Trace: [ 461.502819][T11061] [ 461.505769][T11061] dump_stack_lvl+0x18c/0x250 [ 461.510545][T11061] ? show_regs_print_info+0x20/0x20 [ 461.515753][T11061] ? load_image+0x400/0x400 [ 461.520263][T11061] panic+0x2dc/0x730 [ 461.524183][T11061] ? bpf_jit_dump+0xd0/0xd0 [ 461.528820][T11061] __warn+0x2e0/0x470 [ 461.532918][T11061] ? u32_change+0x1c5a/0x24f0 [ 461.537650][T11061] ? u32_change+0x1c5a/0x24f0 [ 461.542428][T11061] report_bug+0x2be/0x4f0 [ 461.546768][T11061] ? u32_change+0x1c5a/0x24f0 [ 461.551540][T11061] ? u32_change+0x1c5a/0x24f0 [ 461.556269][T11061] ? u32_change+0x1c5c/0x24f0 [ 461.561239][T11061] handle_bug+0xcf/0x120 [ 461.565525][T11061] exc_invalid_op+0x1a/0x50 [ 461.570035][T11061] asm_exc_invalid_op+0x1a/0x20 [ 461.574920][T11061] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 461.580270][T11061] Code: f8 eb 59 e8 58 b0 d8 f8 c6 05 35 39 c7 05 01 b9 10 00 00 00 48 c7 c7 80 5c c7 8b 4c 89 f6 48 c7 c2 00 5d c7 8b e8 66 68 a2 f8 <0f> 0b e9 86 f0 ff ff e8 2a b0 d8 f8 eb 24 e8 23 b0 d8 f8 c6 05 d7 [ 461.599917][T11061] RSP: 0018:ffffc9000c0a6d40 EFLAGS: 00010246 [ 461.606004][T11061] RAX: a941d26d0d804800 RBX: ffff888052352400 RCX: 0000000000080000 [ 461.613989][T11061] RDX: ffffc9000d25a000 RSI: 00000000000085c0 RDI: 00000000000085c1 [ 461.621988][T11061] RBP: ffffc9000c0a6ef8 R08: ffffc9000c0a6947 R09: 1ffff92001814d28 [ 461.630060][T11061] R10: dffffc0000000000 R11: fffff52001814d29 R12: ffff888052352000 [ 461.638062][T11061] R13: ffff8880523520e8 R14: 0000000000000020 R15: ffff88802fbdbb80 [ 461.646069][T11061] ? tc_new_tfilter+0x8f7/0x17c0 [ 461.651050][T11061] ? u32_get+0x370/0x370 [ 461.655418][T11061] ? u32_get+0x370/0x370 [ 461.659763][T11061] tc_new_tfilter+0x11f9/0x17c0 [ 461.664657][T11061] ? tcf_proto_signal_destroying+0x240/0x240 [ 461.670725][T11061] ? rcu_read_unlock+0x8c/0xa0 [ 461.675504][T11061] ? tcf_proto_signal_destroying+0x240/0x240 [ 461.681547][T11061] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 461.686763][T11061] ? tcf_proto_signal_destroying+0x240/0x240 [ 461.692760][T11061] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 461.697996][T11061] ? lockdep_hardirqs_on+0x98/0x150 [ 461.703241][T11061] ? rtnetlink_bind+0x80/0x80 [ 461.707959][T11061] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 461.713959][T11061] ? lock_chain_count+0x20/0x20 [ 461.718852][T11061] ? __local_bh_enable_ip+0x13a/0x1c0 [ 461.724327][T11061] ? lockdep_hardirqs_on+0x98/0x150 [ 461.729539][T11061] ? __local_bh_enable_ip+0x13a/0x1c0 [ 461.734938][T11061] ? _local_bh_enable+0xa0/0xa0 [ 461.739812][T11061] ? __dev_queue_xmit+0x265/0x3660 [ 461.744962][T11061] ? __dev_queue_xmit+0x265/0x3660 [ 461.750088][T11061] ? __dev_queue_xmit+0x1b2c/0x3660 [ 461.755309][T11061] ? __dev_queue_xmit+0x265/0x3660 [ 461.760437][T11061] ? ref_tracker_free+0x690/0x840 [ 461.765491][T11061] netlink_rcv_skb+0x241/0x4d0 [ 461.770280][T11061] ? rtnetlink_bind+0x80/0x80 [ 461.774965][T11061] ? netlink_ack+0x1180/0x1180 [ 461.779862][T11061] ? __lock_acquire+0x7d40/0x7d40 [ 461.784941][T11061] ? netlink_deliver_tap+0x2e/0x1b0 [ 461.790353][T11061] netlink_unicast+0x751/0x8d0 [ 461.795152][T11061] netlink_sendmsg+0x8d0/0xbf0 [ 461.799964][T11061] ? netlink_getsockopt+0x590/0x590 [ 461.805293][T11061] ? aa_sock_msg_perm+0x94/0x150 [ 461.810256][T11061] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 461.815552][T11061] ? security_socket_sendmsg+0x80/0xa0 [ 461.821022][T11061] ? netlink_getsockopt+0x590/0x590 [ 461.826240][T11061] ____sys_sendmsg+0x5ba/0x960 [ 461.831024][T11061] ? __asan_memset+0x22/0x40 [ 461.835626][T11061] ? __sys_sendmsg_sock+0x30/0x30 [ 461.840828][T11061] ? __import_iovec+0x5f2/0x850 [ 461.845714][T11061] ? import_iovec+0x73/0xa0 [ 461.850226][T11061] ___sys_sendmsg+0x2a6/0x360 [ 461.854926][T11061] ? __sys_sendmsg+0x2a0/0x2a0 [ 461.859741][T11061] __sys_sendmmsg+0x2ca/0x510 [ 461.864452][T11061] ? __ia32_sys_sendmsg+0x90/0x90 [ 461.869492][T11061] ? __ia32_sys_get_robust_list+0x110/0x110 [ 461.875419][T11061] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 461.881502][T11061] ? lock_chain_count+0x20/0x20 [ 461.886375][T11061] __x64_sys_sendmmsg+0xa0/0xb0 [ 461.891238][T11061] do_syscall_64+0x55/0xa0 [ 461.895764][T11061] ? clear_bhb_loop+0x40/0x90 [ 461.900450][T11061] ? clear_bhb_loop+0x40/0x90 [ 461.905140][T11061] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 461.911059][T11061] RIP: 0033:0x7f022d59c799 [ 461.915482][T11061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 461.935288][T11061] RSP: 002b:00007f022e441028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 461.943749][T11061] RAX: ffffffffffffffda RBX: 00007f022d815fa0 RCX: 00007f022d59c799 [ 461.951852][T11061] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006 [ 461.959846][T11061] RBP: 00007f022d632c99 R08: 0000000000000000 R09: 0000000000000000 [ 461.967862][T11061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 461.975855][T11061] R13: 00007f022d816038 R14: 00007f022d815fa0 R15: 00007fff30fde318 [ 461.983859][T11061] [ 461.987249][T11061] Kernel Offset: disabled [ 461.991603][T11061] Rebooting in 86400 seconds..