last executing test programs: 6.911598416s ago: executing program 1 (id=2300): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r0, 0x8b25, &(0x7f0000000040)) 6.52894681s ago: executing program 4 (id=2303): ioperm(0x0, 0x7, 0x40000000000006) r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mknod(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) open$dir(&(0x7f0000000140)='./file0\x00', 0x10040, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) ppoll(&(0x7f0000000180)=[{}, {r1}], 0x2, 0x0, 0x0, 0x0) msgsnd(0x0, &(0x7f0000000140)=ANY=[], 0xb, 0x0) msgrcv(0x0, &(0x7f0000000040)={0x0, ""/83}, 0x5b, 0x2, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000300)={0x1}) socket$packet(0x11, 0x2, 0x300) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) epoll_create1(0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x5d5180, 0x84) getdents(r3, &(0x7f0000000280)=""/110, 0x6e) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioperm(0x0, 0x8001, 0x9) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 5.53755687s ago: executing program 4 (id=2304): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000ac0)=@newqdisc={0x54, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x54}}, 0x0) 2.960234254s ago: executing program 1 (id=2305): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r1}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}]}, 0x28}}, 0x0) 2.796222062s ago: executing program 4 (id=2307): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f00000002c0)=0x3f, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40) 2.782997721s ago: executing program 1 (id=2308): r0 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000000400), 0x4) 2.539889557s ago: executing program 1 (id=2313): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x9, 0x0, 0x0, 0xabb}) 2.455007699s ago: executing program 4 (id=2316): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x15}}, &(0x7f0000000480)='GPL\x00'}, 0x80) 2.406858835s ago: executing program 1 (id=2318): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001fc0)={0x0, 0x0, &(0x7f0000001f80)={&(0x7f00000000c0)=@ipv6_newrule={0x44, 0x20, 0x1, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_OIFNAME={0x14, 0x11, 'rose0\x00'}, @FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'veth1_virt_wifi\x00'}]}, 0x44}}, 0x0) 2.286986678s ago: executing program 1 (id=2319): socket$inet6(0xa, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100008859f1108205e605004e010203010902"], 0x0) socket$packet(0x11, 0x3, 0x300) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) socket$netlink(0x10, 0x3, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x2f, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}}, 0x0) 2.286514848s ago: executing program 3 (id=2320): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000100)={0x1, 0x1, @raw_data=[0x0, 0x0, 0x100f]}) 2.178093281s ago: executing program 4 (id=2323): openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000001700), 0x800, 0x0) r0 = syz_io_uring_setup(0x73fd, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000001080), &(0x7f0000000000)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000140), &(0x7f0000000040)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r0, 0x48e9, 0x0, 0x0, 0x0, 0x0) 2.170981654s ago: executing program 3 (id=2324): r0 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000180)={0x1}) r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) fcntl$lock(r1, 0x7, &(0x7f0000000100)={0x1}) r2 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1}) fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x2, 0x0, 0x400000000000}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000c40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a67880141cca555077e3a15910e193dd2ff1fa7c3205bfedbe9d8f3b423cdacfa7e32fe0231368b2264f9c504c9f1f65515b2e1a38d522be18bd11548b043ccc42646d25dfd73bb6d7535f7866907dc6751dfced1fd8accae66e8a0e4f653419e173a649c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbc6f2b2a3e3173d566a0f06c54c3a4ccbdf31c4d4acef2ce3599f455c7a3a48a01010000009f2f0517e4ca0e1803a2971a50f713d4e21b3336f1ae0796f23526ec0fd97f734c4c815bf694e6bd009d2e797ff6ff72ba8972b122b09789d99b3d0524f39dc09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249c8130b018d430054ffdca8b7fbc254f4348c8d7305000000000000593d60abc9b3e67d127e56f3d3759dcfeb820634fd4d419efaefb24305b2bea20007840484511b6efaad20633500000000e01446a6285f4665a7fe37da2349f8bf4064726dc32add75e0f435f28fbeda75cf971d54a9698cf3270f420edc85c176070bfff7909413f3fb654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa69187b6b0776952be5cb0417d33d3ab25494c18494d9d10d76e603129e9a726579ac7d672cacd581b7e2fc7a5758fcfb822de1dacc357341e000cc34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66d91254a6f911b1449c62a6e1e3f9ce19a9d1715c009a58e6eadac8f61b45853673df72dc812f7454ae22d7dac48034282f030408895886e9644179dcf66d93907cedd49e0c5752f755849953957143a033c398d81a69090a51ce63b29fe17925770fac12cf9e291200df6bb669d5a46dd74dd817ef2f9848f710c359afe73947afebdf5536ee2f9f3b19c5c90bbe7e93e42df3a673530796ff61c096cf1f571ab9737f4b1f7e9650823ca025a3ef04d97a5b7d92d3a29c2128513da5b483fa5da21b1459d0943665dc11d039bd5e0718577c95cb37b99974bc8be5c9c42d4da0a080e380fa7fe60153d81a4d947fbdb3b84465a098f8b99eeb4ec00000000000000000000000034d9b47e19cabfb1ff1f04e68580e64b66a0a54b9e3342a99d3332dab55483a5091542bf882772a92d18154e941a1473fef33d72345a985c6c58e150f0ad05c2fb6e743e985662541c4c49d5dae580fc6158bb384fa1a0b6e818473853557e383b341b178d8042022a53f68580e02035e237ec466d6e19fec86e0a4ed0735a4ff78b3d36030e13a9c98618f11bdae8bc6f7956d8b9866f96e3ea223952f6161ee455b24ffee284fb298db2a819cc2761b6fdb050fe85b96adb029603fa9b1d9661a9af46c37c9b18ddfda5088de96620247112b956149f49b7c6e4cc5c59b9c8b8e5f85655d872973e4af38c172bc1202e3930263ac788414bd925a0fe4185eb93ee1abb35540744dc54965dab69827bd6f0bcbc7f1cb8b04df232055087e66b7d030334f112db13e0b28ac21248873160a16c5378b0e86a06467bb9f65509db6430c1fbf5eca66c7ff9408a9969818cc11bdc67a8d15e146144bc164dfd9c871be44ef1070f7216b95f505bd3daf3ce4c94a2f61385b077adf326cef0d20f4427ac783e10ae6275e733f69b9cdca7208400"/1274], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) dup3(r3, r0, 0x0) 1.939700268s ago: executing program 2 (id=2328): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x9, 0x0, 0x0, 0xabb}) 1.938948413s ago: executing program 4 (id=2329): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r2, 0x4004662b, &(0x7f0000000040)={0xc}) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) close(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setreuid(0x0, r5) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000040)={0x0, 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r6, 0x0, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) syz_usb_connect(0x1, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="05010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b"], 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xd, 0x3, 0x4, 0x1, 0x0, r8, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) r9 = socket$key(0xf, 0x3, 0x2) vmsplice(r9, &(0x7f0000000180)=[{&(0x7f0000000380)="18688af3798c6606cb1625fdbadbfd12c14f2343b74c3293ce68cab970a2ea96bbc1d6affb0ceed3dbaf099f668a6a68a5988e9a9b42454d733d96eed93639879eec8bcc129c83c26221c215144b82bbc04d716fe68da445e7f0bb4123ef5ed0ff54f024b301eb6d00bda36103", 0x6d}, {&(0x7f0000002ac0)="66ba82969fc2e6fdffabac35d767164872dd438b8b403f85e21eade9aeae8890795ce8ff61171f415e0867ea57b8c392251c04967bcb93efd84571f6b007872712b639b9bda2a34c42064f9a96f8535a5a15315ab22537ce77e54430481b3b87b08694c4893c347a286a2ac35df651a78f98312dba1a252434be4278e41d5b6673480811e825a333cd3785a472185f078fd4de543384592530a87b5d043a37aefd5110181a95161e6d19afaba86fb4deb3ecf15339f8f74c9140da8d5c2fd3f7840f74941a1f1cc691e517bb1880bf39630cc9307447be10ac8044654e3a318a541b54965a6e63885c00e4cebb4ce1596ab5d816f70f1023845de2ed5ca08a0447427345ecf26ed0ce988351c1787c272c3c4bb7e88845d3a68df0f4c93e056c692a2ffd18ce134a70c8527dbdc49255e2459d36756a915dcc56a01860a48c9a721a526156046773d550d0c985698bd610463333beaa8adee7137865d1da198ec5b392c307d04523ee376d7b925cd2e14b22b5500a42e3929cd1064905afb0851c0072f791f9423463e2fab0f540fb6dbd929a79fa3be3fb6bc1fab1eab46b6d1d1a5092dd2bdab9e657eb4a013021a6ce08d171936027bb8408bedc7be2ad281b0c510984171392170bd1f3f6e6234c84eb163faa3f1dd6a18ef8d80a3cc3768695a098993f002eb39616ff2625e92c9642ef2f45630eca12c76889674ae67d9cb0024c538efde959bee581d9e76d9ca1ca05d667af08821c5153449f32e862b5d08232a8a3ca68c3055def49b962b96d559730babc3017989e39cbe8fa4e1d6dbb74c36b61e0267b0d66601b4bf431178db5a2d9d594a2a5dea0aec57293f29193dcd2f6a5a7898993484fcce7228c6b093f1d03465628429b201b291aed4c3e342116682984419b04bb5e02c941d6a22197edc324e91a7ad4d8abb87c670d23f74b581c9e882501bb5c90a93d0ec5834f7503b814fa519f2a8833653cb8d22c63cd5aaec8da5025afcb1bd2cc893dc14c390c23a93c47515984b510514c96948cfdff654d73ea0e26326af16944534b65ead31cf36431d62ff41b395ed3e77da75b0ac55c817be3c27310f91c28996a8d043c444bda8e29344c41b0addef2ac155f1ff683759a68330c6cc45e6b4c6f7e01f77966b476e8076bac2a7a44b6d5c1ebf19f1e448d177d6cf417ca53b8d246d16cd37b8565835efbc200a64f3b748bd3a29548a5623a283061274299c02fdc4bc55b3b794e167a88128dd1538cb79b0657eb1791c7f09518dee0bc70d091db6b9780f98750983b1d1c028e63b4f0f583edf22b97be6b4a9e5e1443537854562b0a02a67c6f3879202d6ac3ccd47915127cd3fe38e8880ca51b90381e03f4e1b4d79d915a77222bf9d0ca8352a63e3344ca0665de9f294c0a7af60cbf0a292f06f83a4949deac08d81d1f5cd7626d9bf7c7fff6ac4b89c279f54c5b04a2f04e19ee6aed170583a29eeef2a74443a6bb96885457def19afb284327d4fa62ddc254095e13591628600b17a988d5f2e20f169a367a95680dff0792d114a6daf9c4f13155ade857557f06d43efd47f069d59225fad064de2368dfd5aa6e42f00679613a519ecac2b48e6cd09310a44e91b20ff46925a43c54746ad1cbf08ac1e14ecbc1131c2e2965296001d82fd9dd8b069fd6f8611f025efe9b3867f6c07a41a6975cc386cd3d9d0bf963d0a836e40b302921b0aa2f060381c9ec158d4f37ddb93216c22a267a83a928cf357d845c3816f81c0121d3f67cde8afb9a0c59f5c8d52107efef7f587402f7c2f75d1ae20275872296c36f4a990998815b2e225ab1e29fafdcf9474c7511f5de32042e3006bea9c7b6443d3db54fbe70bb7ce50590e0c8ba31909f2f4b1fb03995746a8eefdac1ba57d1fe673d5bcbfd80eddb2157cce3328d9bac6c97021b40f0a5fb238255ceb78dd629cc19c99000f06797b17d6d12d670d55f8e1370a990828860ee05659957bdc73833f5c0fb312eff5c14cd92a9895b1e9c8c43c020944b10a76083cd406adf58aa46a7d11e77cc2ce7ab235c7272517dc6a26059c19cdfb732340514482ca469e90865ce6c21a56a6865c057f5855c29f846808b9357be681a06d3e4101e2d54f1170f9c87098ba64d1638a3ad791588726b3199fa8c8afdc04aea4bc3133387adeba212600b064ad66e392d808ac81333a7c4ba36034527029c6fc35f72ae14e1d0591b2d861750082311bb95475911bc6069ae2089f30d222338d5aacf1f1030c87b559aa745547f94bef5d2fc03a0b0aa701679ea59584f49bd4f94e2283ae6352e10f7679cf448ec729b4338a4a5dcac6fb7b783a834aa3d6d14f5662e4ec7fa893bb3d1647ceb3db05a6ff86b17de619401d7a4ba04f13e24e32de003f086a98c4b52f2a8f2eba02474fe9517c8afffc6aea55c74131c5081b6826d43b65cea0b3f2f6b0a21a739ae674e99ca6f2b9d97d29e00314ab9f918d04b5fab01664dbaea5d5f47492afc559ea5243b5b7e56406f9d60386483d91dd77aa6da358bd16accd261834a7802f082a8879901c44af69c7631b43c2ee29e634e3134f81936298ea64c91945fdf55a2d9229dd48e657981eb63049bad40390ad797692c07383ef3a9ba954d02ebf959dd9abe9f68a4cb731791055f37820a451869bf72ea4ab30897d4187cb2002c5cfe70db70865c4724ef2a6bca254faa1c63fa7de2e291fc2d2773ff8d3a3b1d36ce27f7cd7e131a3a754846cf0bdb187214c6ca697f1bbc5ffe58929625480b0716bb7bb05c1daca78c4397a4166df5f22c8c6c4095c8c856ae96c30cc599be938df243a345705ab5d0b1f46a0fad9f48be0c6003a3215e9304cd008e5f868cc159a67d478eaa0ddb7ea870efa9adc99608857de5a225285ee6698c2010a7358f4acc24a1d8ec2b2b69b118b57f7e1738ae4cf082092a1863bd1c9b1da2ef3994e9ab5a2d3f9ac2bde565b5ab9b32c366c106768feb9d01018b770952b2e5e4e783ed20dc9839d1387f33b75697ec36bd6d10216c8a0bb72c7e1ddcdbcd70af8bd0e07cf21aaf04ea0cdcfb1b1922c48ccfad84bd40df7874aa067a73ed370a4063bc0c39424b3f1cb61b8022b07311c805ed372796f968b4e1ba9cc663cad1eb6e18667a14ef31354a58b0e1dfe2979fea3ff562e58b2da30f2838e0908808392bd13148ed047f80d956ca6e4a33aeb3f9bb410b9dceac0d87342ee0a8c0080e4029233e6437233538bed1f1cc836ab9a25d9703f11af560cd279b5b8fcd22c82c204d2ce468d3cebb5b7da971915eb7fd8e82818be32c5a9773d2c0ee2ee565d279bc1c1fa1fcb764ef665516bbc085f494acc17afa85201d2cafdfa8f1d1698bfc62f4e52c0c9e61c3db8d2bcfbd5e8d5d22abad0206a39a027e3059886fdf440611e5b781a82e5d335a0abd6cd4febc04d99629433dab369d715bfb6ec59dae6c811322b96164d7aea227b42741e2d7cde91471813ee8d64c69820daacdee63c48d9fcc616c7f45e619d3486e0fe9542e8a51c4c8f8c90a63d563e20c3f9610c6af7cbf2daf1dce7af35d2f3ba56b34a8b413d9e931a7f3d8e405aa67697cdaf189bf1eb7092155cd033abcc0321dd40b93a35a2197228eca54f73ad88b80741d0df3219dc281a365cbb1c885c04e559861e2f5adbe82647f6742432f25ebaa4131c8f1e599fc0c8cdde26e8e76a472337d5f3e7d350184647dc6dba37d192b71db3b6b88d504c98d1b588c7287d9ee08e104190e8bf308eee3ec35605f082ab2fffa98d82e6f54b3b8fdae70c11d2c35891b0fd0e4654af950fdfaf701bdaa17311831ec012310eb490d8dbfd486a424fb6cb023bbeddbe101540d980ec4d0f8a9814d42babe1c8ea3006f44673aff843018ab848deb9d22c1e744f8f9e0cad121a400c8b205a6067eee86a6980e439583f05c37a25a2348eee1943a7b092841e1f75f1906e8c374fb9578bb306f6a12191fb9866cebdbf29367048daca1353b85a7928c57e17a3fac34dad27875bf6a80f37e4f41d1aadb455b39d1bfeb1f86e14ee7752e98d92feeb275f1e21ea7eb4ccf979ef320303a6d86a2769cb7ce9672e19761b36dc056564a49455c1f77c275cd5561e8a22b64e8ab26ae3ab4fa3b34c66ceddc464e8697557d93185d96ad338adec433c5e22774a72c94d69397e851a9bd0c874855b14e67b8ba7cf55157d8ac12b60c1e50bfcbf1fe5e2860820719e199bdc21cb1b66e2c23caf69c22f3a4578353e654c09abefc89de23ab41106ae79953b2eb1ff82d7f5419f6b6e4a3684be83e73e9a217617a5d4b44467ac5a8a5aabe9c7a08c570a208d61c53d6115552789d01dc342cf7083f46aa9333f7b2e6802606b2d1f5c5dcd5147701d0bf8c4a6f8b56614550a38e411969883b6fe73f202e6c0f4c9d397597df3df493d49aba38181d2171bd34991adf6dbd1030ab6b87a0bf48ed33742947d59371c26139cd022e834238154d9023d5c6d13c84b6966b18e28c07f615b131e7fd8f4d5b1e2a742b6f41c6b6c9db84a27ec39ec875257077c03f52c009e235a23848c614488f27f20d0badd3772a0a35d4a7662d924434e8bad5ac6c18576386381768640c33f024b0ca0b94a3a38d83d2214e21ee3c30b1c33a0879986d6c4afc4fe0ca2c7ab77db9fde56ff5277655d6a0cd16bc9938ea6284d5eb25ef3932d2e96b763258c965ab775b0a1a7d3a169aed4c8092a395325c1e6bd82d674da681aa18630f5d6a0e11a4d493dc0ad4cff441d2f1648d132290fc67c43f2935d928ad1dbf5f4377c3888f583a7eceaf12e8653575cbf9d43f01e0966c52ad544a4ed7cf294f64f1f38b9b3a819b78b7f377c9ac4808cc595910fe81e54928639b4a863cbd7835e5ace98c684d524f83f1d21d162eaa059fa2c34970b4683fcc67c125afeb970dc46398f17abf46ac59d25a07de39f6dff1da60cd61031dc17067544b6adcfbe8a51d8be53a94173f069d3a33539d2b7920cd6bff50a3ea2037a6e069ce82abcd016377a5627c20c40242de94383273e9863ec60fae34d6aee2f34b28f8a6c3cf504409b244a0dc234d629255f08458cb168b825c2eca363e4731b2bde0f0d716f67b871db929d4b6467152c2ba824ba8b11df9309c01133023ca85d8e53b3d4dcc870c3314c93e9c757920a272c5650902133d9155c8dd86a4cc66be778ac84397d51b360d8d7592f4ffde82cf810fd08af8a55d90005d718c2ef4478939927857b0bb554f25738b42cc2386f523fc996351bc362aa1c2e92ec1e566f1b0e9e31ebcc43407a54d821e3a24d2565a561fad83ac8625eee98e82ec431c681806f90d751d99e3af944096363891d02072660088a992dc4f464926032d878e71c79fa4900e31b61a7e6ec3b5697e3144a81c45c1a3ca666b5f55673b8ba4a981c29bdc944a74e2255ee1e3b79ab2568aeaf8b70b1ab51e5cf840a98679fab9fcb748efc6568df1d16ec3c11a5301decf2d07c8b9b68f965297400143c1328de7fc02266a1adfa092298986f96b53efa2d575372e0be11e39b877ce47628c19a51e2e6fae8a989b7045189d3eb9b23f092e5d76f3f4870e3af4c23875a9f6e5dfdf7adf9c9d7af16d0a31408070c739edc6a69be8ad23198e4ea9646a7941465567735cece11470a86f72fc16261adcbcaabd22209d5aa15953a2cd6d12f4fba6bf4812391fe607c067a081f9b6f06571e460521d739f7e2cd8f7dce1bc744e49565812ea1511e02e9eca3af92044b63977674268d97fe61f594ad585", 0x1000}, {&(0x7f0000000540)="c8516c7fddb31d89ad17b827c1426adea060b3763d62ac77ffe7cf483803058e5172901542f1544a369cfedee4b9cc97e576d8165bc6a730dbf2a569a18322848a9c2e6b3f5f180cb6169983dfd7f96401d1ff7f0000000000000b7cd12263f9b27125ba40e05078fb5d27e3b5d20c18440d52cad23690cb3a79289337ce9e77d6e9049e91f8e1583ddcaaf7d9ae6b377dca0dd6eb404f462380f9d904f6f0c86b2f9c57f8d8f64fd30a7dd01ae8961bcb542272a83ff88bfd1c655d19a5b205fba38cc895e11dd5c7ad05a39a2d38dd6c2a123b059df323b6d78253ad926d066839e88598874c7b0447d41c943340594c981f0d9a37", 0xf6}], 0x64, 0x0) 1.877536502s ago: executing program 2 (id=2330): syz_emit_ethernet(0x3b6, &(0x7f0000000940)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0302"}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x0, "b8a3e100908f61640000000200000000000000000000000000008879e66485201a0015ca83747357a02745000400"/55}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) 1.746451135s ago: executing program 2 (id=2332): r0 = memfd_create(&(0x7f0000000100)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xca', 0x2) fcntl$addseals(r0, 0x409, 0xb) io_setup(0xb4, &(0x7f0000002340)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYBLOB="0000000000000000b70200000300000085000000860000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x40046207, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000000)={0x54, 0x0, &(0x7f00000003c0)=[@increfs, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0x40046210, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000200)="f1"}) io_submit(r1, 0x1, &(0x7f0000000d40)=[&(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000540)='p', 0x1}]) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x18, &(0x7f0000000380)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8000}}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7f}}, @call={0x85, 0x0, 0x0, 0x15}, @ringbuf_query, @ldst={0x0, 0x3, 0x2, 0x4, 0x9, 0xfffffffffffffff0, 0xfffffffffffffff5}], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) 1.525946938s ago: executing program 0 (id=2334): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000100)={0x1, 0x1, @raw_data=[0x0, 0x0, 0x100f]}) 1.255577088s ago: executing program 0 (id=2335): personality(0x5d28870e52b2f29b) uname(&(0x7f0000000640)=""/4096) 756.381911ms ago: executing program 3 (id=2336): r0 = syz_io_uring_setup(0x7667, &(0x7f0000000100)={0x0, 0x0, 0x13580}, &(0x7f00000002c0)=0x0, &(0x7f00000001c0)=0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x2101}) io_uring_enter(r0, 0x6256, 0x0, 0x0, 0x0, 0x0) 660.309192ms ago: executing program 0 (id=2337): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000380)={0x0, @in6={{0xa, 0x0, 0x0, @mcast2}}}, &(0x7f0000000100)=0x90) 468.645816ms ago: executing program 3 (id=2338): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x0) listen(r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835c35c78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafc1bda83681b39b1cfa4b4dfdd882bdb110036e14c1035cafdfef6a358cbfa073579a285580a3c080d4e"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@map=r2, r1, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000540)=""/251, 0xfb}], 0x1, 0x0, 0xffffff25}}], 0x1, 0x40000022, 0x0) 415.819632ms ago: executing program 2 (id=2339): r0 = socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0xa38, 0x8e8, 0xb, 0x148, 0x0, 0x148, 0x9a0, 0x240, 0x240, 0x9a0, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth0\x00', {}, {}, 0x11}, 0x2e8, 0x880, 0x8e8, 0x0, {0xff0f000000000000}, [@common=@inet=@udp={{0x30}}, @common=@unspec=@u32={{0x7e0}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa98) 377.327544ms ago: executing program 0 (id=2340): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x9, 0x0, 0x0, 0xabb}) 273.004947ms ago: executing program 2 (id=2341): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = io_uring_setup(0x1694, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000002700)={0x1000000000000212, 0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000480)=""/264, 0xf9}, {&(0x7f00000015c0)=""/4096, 0x400400}, {&(0x7f0000002a00)=""/88, 0x8}], 0x0}, 0x20) 252.584496ms ago: executing program 3 (id=2342): syz_emit_ethernet(0x3b6, &(0x7f0000000940)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0302"}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x0, "b8a3e100908f61640000000200000000000000000000000000008879e66485201a0015ca83747357a02745000400"/55}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) 238.723736ms ago: executing program 0 (id=2343): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = openat$zero(0xffffff9c, &(0x7f0000000400), 0x0, 0x0) dup2(r0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev}}) 119.012199ms ago: executing program 3 (id=2344): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000ac0)=@newqdisc={0x54, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x54}}, 0x0) 75.143418ms ago: executing program 2 (id=2345): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a800000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) 0s ago: executing program 0 (id=2346): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) clock_settime(0x0, &(0x7f0000000080)={0x77359400}) kernel console output (not intermixed with test programs): T9] usb 3-1: Product: syz [ 243.535948][ T9] usb 3-1: Manufacturer: syz [ 243.552544][ T9] usb 3-1: SerialNumber: syz [ 243.560396][ T7999] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 243.586579][ T6309] Bluetooth: hci6: Frame reassembly failed (-84) [ 243.597690][ T9] usb 3-1: config 0 descriptor?? [ 243.645131][ T9] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 243.730900][ T8005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.973'. [ 244.104582][ T8012] syz.3.974[8012] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 244.105532][ T8012] syz.3.974[8012] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 245.035601][ T25] usb 3-1: USB disconnect, device number 6 [ 245.059181][ T25] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 245.594406][ T5086] Bluetooth: hci6: command 0x1003 tx timeout [ 245.594499][ T5098] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 246.224502][ T29] audit: type=1800 audit(1720413704.273:63): pid=8049 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.987" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 247.566921][ T8068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 247.626772][ T8068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 247.994938][ T5201] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 248.264680][ T5201] usb 4-1: Using ep0 maxpacket: 8 [ 248.302396][ T5201] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 248.322986][ T5201] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 248.558304][ T5201] usb 4-1: New USB device found, idVendor=054c, idProduct=0069, bcdDevice= a.8d [ 248.579989][ T5201] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.335465][ T5201] usb 4-1: config 0 descriptor?? [ 249.376479][ T5201] usb-storage 4-1:0.0: USB Mass Storage device detected [ 249.460216][ T5201] usb-storage 4-1:0.0: Quirks match for vid 054c pid 0069: 1 [ 249.652269][ T8072] ptrace attach of "./syz-executor exec"[5238] was attempted by "./syz-executor exec"[8072] [ 249.794762][ T8111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1016'. [ 250.162840][ T8126] tmpfs: Bad value for 'mpol' [ 250.316675][ T8131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 250.369446][ T8131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 251.077963][ T8152] ptrace attach of "./syz-executor exec"[5082] was attempted by "./syz-executor exec"[8152] [ 251.509699][ T5140] usb 4-1: USB disconnect, device number 4 [ 251.579691][ T8162] netlink: 'syz.4.1032': attribute type 5 has an invalid length. [ 251.589301][ T8162] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1032'. [ 251.731598][ T8165] tmpfs: Bad value for 'mpol' [ 251.912944][ T8171] xt_TCPMSS: Only works on TCP SYN packets [ 252.726695][ T8200] tmpfs: Bad value for 'mpol' [ 252.928227][ T8203] xt_TCPMSS: Only works on TCP SYN packets [ 253.324357][ T8214] i2c i2c-0: Invalid block write size 34 [ 253.929992][ T2529] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 254.069095][ T8229] tmpfs: Bad value for 'mpol' [ 254.135797][ T2529] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 254.158989][ T2529] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 254.180119][ T2529] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 254.194754][ T2529] usb 1-1: config 0 interface 0 has no altsetting 0 [ 254.206653][ T2529] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 254.225515][ T2529] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 254.236898][ T2529] usb 1-1: config 0 interface 0 has no altsetting 0 [ 254.248345][ T2529] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 254.259205][ T2529] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 254.280346][ T2529] usb 1-1: config 0 interface 0 has no altsetting 0 [ 254.296801][ T2529] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 254.316547][ T2529] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 254.330852][ T2529] usb 1-1: config 0 interface 0 has no altsetting 0 [ 254.337977][ T5137] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 254.341014][ T2529] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 254.356216][ T2529] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 254.376862][ T2529] usb 1-1: config 0 interface 0 has no altsetting 0 [ 254.385775][ T8234] binder: BINDER_SET_CONTEXT_MGR already set [ 254.388997][ T2529] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 254.415516][ T8234] binder: 8233:8234 ioctl 4018620d 20000040 returned -16 [ 254.417134][ T2529] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 254.459962][ T2529] usb 1-1: config 0 interface 0 has no altsetting 0 [ 254.473186][ T2529] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 254.500633][ T2529] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 254.512452][ T2529] usb 1-1: config 0 interface 0 has no altsetting 0 [ 254.522583][ T2529] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 254.564546][ T2529] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 254.574279][ T5137] usb 2-1: Using ep0 maxpacket: 8 [ 254.589825][ T2529] usb 1-1: config 0 interface 0 has no altsetting 0 [ 254.595459][ T5137] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 254.605708][ T2529] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 254.605747][ T2529] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 254.605772][ T2529] usb 1-1: Product: syz [ 254.605790][ T2529] usb 1-1: Manufacturer: syz [ 254.605809][ T2529] usb 1-1: SerialNumber: syz [ 254.653975][ T2529] usb 1-1: config 0 descriptor?? [ 254.673850][ T2529] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 254.680551][ T5137] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.745300][ T5137] usb 2-1: Product: syz [ 254.760670][ T5137] usb 2-1: Manufacturer: syz [ 254.779152][ T5137] usb 2-1: SerialNumber: syz [ 254.791253][ T5137] usb 2-1: config 0 descriptor?? [ 254.807569][ T5137] gspca_main: sq905-2.14.0 probing 2770:9120 [ 255.165040][ T8240] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1065'. [ 255.230475][ T8218] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 255.244663][ T5137] gspca_sq905: sq905_command: usb_control_msg failed 2 (-71) [ 255.261468][ T5137] sq905 2-1:0.0: probe with driver sq905 failed with error -71 [ 255.272371][ T5137] usb 2-1: USB disconnect, device number 9 [ 256.159044][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.165807][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.226522][ T8262] syz.2.1072[8262] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.227632][ T8262] syz.2.1072[8262] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 257.023111][ T5142] usb 1-1: USB disconnect, device number 4 [ 257.031879][ T8261] binder: BINDER_SET_CONTEXT_MGR already set [ 257.031936][ T8261] binder: 8259:8261 ioctl 4018620d 20000040 returned -16 [ 257.070475][ T5142] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 257.393496][ T29] audit: type=1326 audit(1720413715.423:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8269 comm="syz.2.1078" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8c2b75bd9 code=0x0 [ 258.603087][ T8300] syz.2.1088[8300] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 258.603760][ T8300] syz.2.1088[8300] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.554973][ T8305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1092'. [ 259.761624][ T8314] unsupported nla_type 25944 [ 259.912215][ T8321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1094'. [ 260.049330][ T29] audit: type=1326 audit(1720413718.093:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8323 comm="syz.1.1098" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcc96975bd9 code=0x0 [ 260.873131][ T5098] Bluetooth: hci1: unexpected event 0x04 length: 11 > 10 [ 261.034720][ T8352] vivid-000: disconnect [ 261.119470][ T8348] vivid-000: reconnect [ 262.543796][ T6310] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.790768][ T6310] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.877673][ T5098] Bluetooth: hci1: command 0x0406 tx timeout [ 262.988261][ T6310] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.206947][ T6310] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.665453][ T5086] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 264.691671][ T5086] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 264.706520][ T8417] netlink: 'syz.0.1135': attribute type 8 has an invalid length. [ 264.714715][ T5086] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 264.728935][ T8417] netlink: 154788 bytes leftover after parsing attributes in process `syz.0.1135'. [ 264.738622][ T5086] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 264.746557][ T5086] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 264.753948][ T5086] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 264.901420][ T6310] bridge_slave_1: left allmulticast mode [ 264.921866][ T6310] bridge_slave_1: left promiscuous mode [ 264.938473][ T6310] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.988416][ T6310] bridge_slave_0: left allmulticast mode [ 265.038251][ T6310] bridge_slave_0: left promiscuous mode [ 265.057012][ T6310] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.107729][ T8450] netlink: 'syz.3.1148': attribute type 8 has an invalid length. [ 266.124343][ T8450] netlink: 154788 bytes leftover after parsing attributes in process `syz.3.1148'. [ 266.337219][ T6310] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 266.407247][ T6310] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 266.448130][ T6310] bond0 (unregistering): Released all slaves [ 266.502038][ T6310] bond1 (unregistering): Released all slaves [ 266.884544][ T5086] Bluetooth: hci0: command tx timeout [ 268.043429][ T6310] hsr_slave_0: left promiscuous mode [ 268.084783][ T6310] hsr_slave_1: left promiscuous mode [ 268.093481][ T6310] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.140944][ T6310] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.189397][ T6310] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.231020][ T6310] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.330150][ T6310] veth1_macvtap: left promiscuous mode [ 268.371998][ T6310] veth0_macvtap: left promiscuous mode [ 268.384439][ T6310] veth1_vlan: left promiscuous mode [ 268.410277][ T6310] veth0_vlan: left promiscuous mode [ 268.954721][ T5086] Bluetooth: hci0: command tx timeout [ 268.983368][ T8526] x_tables: unsorted entry at hook 2 [ 270.962452][ T6310] team0 (unregistering): Port device team_slave_1 removed [ 271.034626][ T5086] Bluetooth: hci0: command tx timeout [ 271.066385][ T6310] team0 (unregistering): Port device team_slave_0 removed [ 271.898396][ T8528] netlink: 'syz.0.1176': attribute type 4 has an invalid length. [ 272.046939][ T8413] chnl_net:caif_netlink_parms(): no params data found [ 272.546075][ T8413] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.564830][ T8413] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.581488][ T8413] bridge_slave_0: entered allmulticast mode [ 272.596536][ T5141] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 272.615611][ T8413] bridge_slave_0: entered promiscuous mode [ 272.635465][ T8413] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.642670][ T8413] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.682591][ T8413] bridge_slave_1: entered allmulticast mode [ 272.711848][ T8413] bridge_slave_1: entered promiscuous mode [ 272.751240][ T8587] netlink: 'syz.3.1196': attribute type 4 has an invalid length. [ 272.824201][ T5141] usb 3-1: Using ep0 maxpacket: 16 [ 272.835495][ T8592] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 272.980667][ T5137] IPVS: starting estimator thread 0... [ 272.988788][ T5086] Bluetooth: hci1: unexpected event for opcode 0x041a [ 273.017644][ T8413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.088603][ T8413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.105636][ T8596] IPVS: using max 18 ests per chain, 43200 per kthread [ 273.115214][ T5086] Bluetooth: hci0: command tx timeout [ 273.522060][ T8413] team0: Port device team_slave_0 added [ 273.603319][ T8413] team0: Port device team_slave_1 added [ 274.525777][ T8413] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 274.532825][ T8413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.558995][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.609769][ T8413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 274.623082][ T8413] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 274.630222][ T8413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.656276][ T8413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 274.818112][ T8413] hsr_slave_0: entered promiscuous mode [ 274.850838][ T8413] hsr_slave_1: entered promiscuous mode [ 274.881498][ T8413] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 274.914228][ T8413] Cannot create hsr debugfs directory [ 274.999691][ T8628] netlink: 'syz.3.1210': attribute type 4 has an invalid length. [ 275.325992][ T5141] usb 3-1: unable to get BOS descriptor or descriptor too short [ 275.350031][ T5141] usb 3-1: no configurations [ 275.394313][ T5141] usb 3-1: can't read configurations, error -22 [ 276.895153][ T8413] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 276.939264][ T8413] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 277.028421][ T8413] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 277.098135][ T8413] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 277.114759][ T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 277.314905][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 277.376369][ T8677] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1231'. [ 277.488607][ T5137] IPVS: starting estimator thread 0... [ 277.604917][ T8681] IPVS: using max 17 ests per chain, 40800 per kthread [ 277.669722][ T5098] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 277.686322][ T5098] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 277.697553][ T5098] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 277.724583][ T5098] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 277.735204][ T5098] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 277.744851][ T5098] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 277.795766][ T8413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.929006][ T51] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.076148][ T51] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.268454][ T51] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.701056][ T8413] 8021q: adding VLAN 0 to HW filter on device team0 [ 278.986877][ T51] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.139865][ T5141] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.147129][ T5141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 279.271595][ T5141] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.278892][ T5141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 279.756174][ T8] usb 4-1: unable to get BOS descriptor or descriptor too short [ 279.763987][ T8] usb 4-1: no configurations [ 279.782407][ T8] usb 4-1: can't read configurations, error -22 [ 279.834575][ T5086] Bluetooth: hci3: command tx timeout [ 279.970459][ T8722] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "" [ 280.004630][ T51] bridge_slave_0: left allmulticast mode [ 280.039255][ T51] bridge_slave_0: left promiscuous mode [ 280.058266][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.644927][ T8732] xt_TPROXY: Can be used only with -p tcp or -p udp [ 281.924142][ T5086] Bluetooth: hci3: command tx timeout [ 282.051659][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.101108][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.129531][ T51] bond0 (unregistering): Released all slaves [ 282.222277][ T8738] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1248'. [ 282.549759][ T8683] chnl_net:caif_netlink_parms(): no params data found [ 283.109952][ T8772] tracefs: Bad value for 'uid' [ 283.399997][ T51] hsr_slave_0: left promiscuous mode [ 283.505686][ T51] hsr_slave_1: left promiscuous mode [ 283.758621][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.788986][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.885301][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.892878][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.975733][ T51] veth0_macvtap: left promiscuous mode [ 283.981408][ T51] veth1_vlan: left promiscuous mode [ 283.994543][ T5086] Bluetooth: hci3: command tx timeout [ 283.995040][ T51] veth0_vlan: left promiscuous mode [ 284.436769][ T8785] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "" [ 285.492717][ T8799] tracefs: Bad value for 'uid' [ 286.019899][ T51] team0 (unregistering): Port device team_slave_1 removed [ 286.080232][ T5086] Bluetooth: hci3: command tx timeout [ 286.232064][ T51] team0 (unregistering): Port device team_slave_0 removed [ 287.552356][ T8786] netlink: 'syz.3.1262': attribute type 4 has an invalid length. [ 287.671797][ T8413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.922373][ T8683] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.946041][ T8683] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.953360][ T8683] bridge_slave_0: entered allmulticast mode [ 287.994698][ T8683] bridge_slave_0: entered promiscuous mode [ 288.018840][ T8683] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.045898][ T8683] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.053249][ T8683] bridge_slave_1: entered allmulticast mode [ 288.079754][ T8683] bridge_slave_1: entered promiscuous mode [ 288.270388][ T8683] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 288.321174][ T8683] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 288.352005][ T8831] netlink: 'syz.3.1283': attribute type 4 has an invalid length. [ 288.541214][ T8683] team0: Port device team_slave_0 added [ 288.603999][ T8683] team0: Port device team_slave_1 added [ 288.718525][ T8683] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 288.746866][ T8683] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.773483][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.802938][ T8683] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 288.828516][ T8683] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 288.838155][ T8683] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.864284][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.888763][ T8683] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 289.180569][ T8683] hsr_slave_0: entered promiscuous mode [ 289.207016][ T8683] hsr_slave_1: entered promiscuous mode [ 289.234935][ T8683] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 289.261209][ T8683] Cannot create hsr debugfs directory [ 289.291504][ T8843] netlink: 'syz.0.1287': attribute type 4 has an invalid length. [ 289.425493][ T8857] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 289.774587][ T8413] veth0_vlan: entered promiscuous mode [ 290.053096][ T8413] veth1_vlan: entered promiscuous mode [ 290.351335][ T8413] veth0_macvtap: entered promiscuous mode [ 290.476421][ T8413] veth1_macvtap: entered promiscuous mode [ 291.557316][ T8413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.598540][ T8413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.630158][ T8413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.661630][ T8413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.694295][ T8413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.723312][ T8413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.743858][ T8413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.764579][ T8413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.802672][ T8413] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 292.129445][ T8897] hub 9-0:1.0: USB hub found [ 292.134999][ T8413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 292.135033][ T8413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 292.135047][ T8413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 292.135063][ T8413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 292.135078][ T8413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 292.135094][ T8413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 292.135108][ T8413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 292.135124][ T8413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 292.138985][ T8413] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 292.174815][ T8897] hub 9-0:1.0: 8 ports detected [ 292.361418][ T8886] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1301'. [ 292.430662][ T8413] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.460053][ T8413] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.478684][ T8413] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.503428][ T8413] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.036210][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.071359][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.197027][ T2813] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.203756][ T8683] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 293.255460][ T8683] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 293.274371][ T2813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.323759][ T8683] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 293.374748][ T8683] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 293.680142][ T8921] program syz.4.1127 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 294.033076][ T8925] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 294.862202][ T8683] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.965541][ T8683] 8021q: adding VLAN 0 to HW filter on device team0 [ 295.026072][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.033325][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 295.070792][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.078121][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.095443][ T8934] sctp: [Deprecated]: syz.0.1321 (pid 8934) Use of struct sctp_assoc_value in delayed_ack socket option. [ 295.095443][ T8934] Use struct sctp_sack_info instead [ 295.477490][ T8950] hub 9-0:1.0: USB hub found [ 295.488010][ T8950] hub 9-0:1.0: 8 ports detected [ 295.621127][ T8957] loop3: detected capacity change from 0 to 16384 [ 295.751566][ T8962] program syz.2.1328 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 295.849954][ T8683] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.081731][ T8683] veth0_vlan: entered promiscuous mode [ 296.137857][ T8683] veth1_vlan: entered promiscuous mode [ 296.483810][ T8972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1332'. [ 296.496934][ T8972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1332'. [ 296.509470][ T8972] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1332'. [ 297.410129][ T8683] veth0_macvtap: entered promiscuous mode [ 297.495100][ T8683] veth1_macvtap: entered promiscuous mode [ 297.555529][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.567159][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.587632][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.633618][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.669917][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.692337][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.712818][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.733141][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.780534][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.801912][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.815759][ T8683] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 297.852464][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.890724][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.918389][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.072899][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.116338][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.168676][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.178727][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.189481][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.200296][ T8683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.211307][ T8683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.223268][ T8683] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.298437][ T9001] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1344'. [ 298.314189][ T9001] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1344'. [ 298.325985][ T9001] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1344'. [ 299.043252][ T8683] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.087713][ T8683] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.123057][ T8683] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.173919][ T8683] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.584776][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.615053][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.787868][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.871009][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.919409][ T9024] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 301.944323][ T5143] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 302.155196][ T5143] usb 4-1: config 16 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0 [ 302.205400][ T5143] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 302.287165][ T29] audit: type=1326 audit(1720413760.323:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9055 comm="syz.2.1366" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8c2b75bd9 code=0x0 [ 303.054699][ T5143] usb 4-1: config 16 has no interfaces? [ 303.060357][ T5143] usb 4-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 303.075940][ T5143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.385748][ T5094] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 304.390581][ T9] usb 4-1: USB disconnect, device number 7 [ 304.404015][ T5094] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 304.419544][ T5094] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 304.430029][ T5094] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 304.439600][ T5094] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 304.447279][ T5094] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 304.999101][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.348135][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.485911][ T9112] netlink: 47 bytes leftover after parsing attributes in process `syz.2.1385'. [ 305.667850][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.797237][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.564524][ T5086] Bluetooth: hci6: command tx timeout [ 306.878655][ T9139] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 306.983315][ T9134] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1391'. [ 307.004641][ T9134] (unnamed net_device) (uninitialized): peer notification delay (2) is not a multiple of miimon (129), value rounded to 0 ms [ 307.039758][ T9134] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511) [ 307.050088][ T9134] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 307.309864][ T9087] chnl_net:caif_netlink_parms(): no params data found [ 307.429966][ T11] bridge_slave_1: left allmulticast mode [ 307.459474][ T11] bridge_slave_1: left promiscuous mode [ 307.486335][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.535341][ T11] bridge_slave_0: left allmulticast mode [ 307.554267][ T11] bridge_slave_0: left promiscuous mode [ 307.560283][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.637336][ T5094] Bluetooth: hci6: command tx timeout [ 309.185990][ T9175] Bluetooth: MGMT ver 1.22 [ 309.191660][ T9175] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 310.595195][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 310.658356][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 310.696071][ T11] bond0 (unregistering): Released all slaves [ 310.715128][ T5094] Bluetooth: hci6: command 0x040f tx timeout [ 311.648397][ T9087] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.667996][ T9087] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.944812][ T5143] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 311.971391][ T9087] bridge_slave_0: entered allmulticast mode [ 312.110024][ T9087] bridge_slave_0: entered promiscuous mode [ 312.315982][ T5143] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 312.333748][ T5143] usb 2-1: New USB device found, idVendor=056a, idProduct=0062, bcdDevice= 0.00 [ 312.334861][ T9087] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.350534][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.381796][ T5143] usb 2-1: config 0 descriptor?? [ 312.384815][ T9087] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.405905][ T9087] bridge_slave_1: entered allmulticast mode [ 312.416197][ T5143] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 312.425547][ T9087] bridge_slave_1: entered promiscuous mode [ 312.453776][ T9214] netlink: 'syz.2.1413': attribute type 10 has an invalid length. [ 312.493482][ T9214] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 312.794294][ T5086] Bluetooth: hci6: command 0x040f tx timeout [ 313.141845][ T9232] x_tables: duplicate underflow at hook 1 [ 313.770193][ T5142] usb 2-1: USB disconnect, device number 10 [ 313.799365][ T9087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.870867][ T9087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.893860][ T9235] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 262395 (only 8 groups) [ 314.100488][ T11] hsr_slave_0: left promiscuous mode [ 314.131447][ T11] hsr_slave_1: left promiscuous mode [ 314.140541][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 314.163605][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.195370][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.203171][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 314.298659][ T11] veth1_macvtap: left promiscuous mode [ 314.314884][ T11] veth0_macvtap: left promiscuous mode [ 314.320640][ T11] veth1_vlan: left promiscuous mode [ 314.340044][ T11] veth0_vlan: left promiscuous mode [ 314.894485][ T5086] Bluetooth: hci6: command 0x040f tx timeout [ 315.946755][ T11] team0 (unregistering): Port device team_slave_1 removed [ 316.036289][ T11] team0 (unregistering): Port device team_slave_0 removed [ 316.743644][ T9087] team0: Port device team_slave_0 added [ 316.817861][ T9254] netlink: 'syz.3.1430': attribute type 10 has an invalid length. [ 316.886538][ T9254] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 316.948181][ T9087] team0: Port device team_slave_1 added [ 316.956172][ T5086] Bluetooth: hci6: command 0x040f tx timeout [ 318.784373][ T9267] x_tables: duplicate underflow at hook 1 [ 320.021387][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 320.048933][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.146622][ T9087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 320.153627][ T9087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.208695][ T9087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 320.256398][ T9271] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 262395 (only 8 groups) [ 320.274510][ T9087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 320.293505][ T9087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.319537][ C1] vkms_vblank_simulate: vblank timer overrun [ 320.335430][ T9087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 320.583859][ T9087] hsr_slave_0: entered promiscuous mode [ 320.621456][ T9087] hsr_slave_1: entered promiscuous mode [ 320.643104][ T9087] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 320.666135][ T9087] Cannot create hsr debugfs directory [ 320.926401][ T9295] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1445'. [ 321.883105][ T9300] netlink: 'syz.2.1446': attribute type 1 has an invalid length. [ 322.085688][ T5086] Bluetooth: hci6: command 0x040f tx timeout [ 322.533822][ T29] audit: type=1804 audit(1720413780.573:67): pid=9326 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1458" name="/newroot/324/bus/file0" dev="overlay" ino=1724 res=1 errno=0 [ 323.133403][ T9087] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 323.227705][ T9087] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 323.324610][ T9087] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 323.383396][ T9087] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 323.814856][ T9087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 323.954714][ T9087] 8021q: adding VLAN 0 to HW filter on device team0 [ 324.009103][ T2529] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.016451][ T2529] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.044838][ T2529] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.052100][ T2529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 324.101825][ T29] audit: type=1804 audit(1720413782.143:68): pid=9354 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1469" name="/newroot/331/bus/file0" dev="overlay" ino=1768 res=1 errno=0 [ 324.777103][ T9087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 325.724930][ T9087] veth0_vlan: entered promiscuous mode [ 325.776886][ T9087] veth1_vlan: entered promiscuous mode [ 325.920940][ T9087] veth0_macvtap: entered promiscuous mode [ 325.968184][ T9087] veth1_macvtap: entered promiscuous mode [ 326.083605][ T29] audit: type=1804 audit(1720413784.123:69): pid=9390 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1480" name="/newroot/329/bus/file0" dev="overlay" ino=1780 res=1 errno=0 [ 326.130889][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 326.161185][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.176240][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 326.191935][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.204160][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 326.204187][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.204211][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 326.204227][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.204252][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 326.204269][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.206998][ T9087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 326.245456][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 326.245491][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.245506][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 326.245522][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.245538][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 326.245554][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.245570][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 326.245586][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.245601][ T9087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 326.245632][ T9087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 326.247851][ T9087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 326.263544][ T9087] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.263592][ T9087] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.263627][ T9087] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.263661][ T9087] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.522107][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 326.522193][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 326.647768][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 326.647797][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 326.974305][ T2529] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 327.157849][ T2529] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 327.157913][ T2529] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 327.157944][ T2529] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.178013][ T2529] usb 3-1: config 0 descriptor?? [ 327.403030][ T9403] mmap: syz.2.1485 (9403) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 327.454749][ T5086] Bluetooth: hci1: unknown advertising packet type: 0x65 [ 327.520996][ T5086] Bluetooth: hci1: Dropping invalid advertising data [ 327.521028][ T5086] Bluetooth: hci1: Malformed LE Event: 0x02 [ 327.594456][ T2529] ath6kl: Failed to submit usb control message: -71 [ 327.594536][ T2529] ath6kl: unable to send the bmi data to the device: -71 [ 327.594556][ T2529] ath6kl: Unable to send get target info: -71 [ 327.596147][ T2529] ath6kl: Failed to init ath6kl core: -71 [ 327.597601][ T2529] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 327.608179][ T2529] usb 3-1: USB disconnect, device number 9 [ 328.300457][ T9425] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1493'. [ 328.754585][ T9443] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1501'. [ 329.304245][ T5143] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 329.329332][ T9453] can0: slcan on pts0. [ 329.518008][ T5143] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 329.550487][ T5143] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 329.574386][ T5143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.596166][ T9454] can0 (unregistered): slcan off pts0. [ 329.604669][ T5143] usb 4-1: config 0 descriptor?? [ 330.574756][ T9465] 9pnet_fd: Insufficient options for proto=fd [ 330.803267][ T5143] ath6kl: Failed to submit usb control message: -110 [ 330.823571][ T5143] ath6kl: unable to send the bmi data to the device: -110 [ 330.831054][ T5143] ath6kl: Unable to send get target info: -110 [ 330.853299][ T5143] ath6kl: Failed to init ath6kl core: -110 [ 330.880351][ T5143] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 330.924539][ T5143] usb 4-1: USB disconnect, device number 8 [ 331.856815][ T9493] can0: slcan on pts0. [ 332.005030][ T9493] can0 (unregistered): slcan off pts0. [ 332.449780][ T9514] input: syz0 as /devices/virtual/input/input11 [ 332.468987][ T29] audit: type=1326 audit(1720413790.513:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9515 comm="syz.1.1530" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f60b7575bd9 code=0x0 [ 333.145667][ T9536] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1534'. [ 333.805912][ T9543] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1535'. [ 334.365701][ T9551] netlink: 'syz.0.1539': attribute type 28 has an invalid length. [ 334.434822][ T9551] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode [ 334.452399][ T9551] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode [ 337.784970][ T5142] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 337.878610][ T9593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1551'. [ 338.021297][ T5142] usb 4-1: config 0 has an invalid interface number: 226 but max is 0 [ 338.056654][ T5142] usb 4-1: config 0 has no interface number 0 [ 338.105717][ T5142] usb 4-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=9e.23 [ 338.134014][ T5142] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.166665][ T5142] usb 4-1: Product: syz [ 338.172290][ T5142] usb 4-1: Manufacturer: syz [ 338.183805][ T5142] usb 4-1: SerialNumber: syz [ 338.198544][ T5142] usb 4-1: config 0 descriptor?? [ 338.385429][ T5201] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 338.429255][ T9] usb 4-1: USB disconnect, device number 9 [ 338.608737][ T5201] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 338.680907][ T5201] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 338.902690][ T5201] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 339.065540][ T5201] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 339.260132][ T5201] usb 2-1: SerialNumber: syz [ 339.597784][ T5201] usb 2-1: 0:2 : does not exist [ 339.643405][ T9608] syz_tun: entered promiscuous mode [ 339.686647][ T5201] usb 2-1: USB disconnect, device number 11 [ 339.695229][ T9608] batadv_slave_0: entered promiscuous mode [ 340.004496][ T5085] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 340.231726][ T5085] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 341.117503][ T5085] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 341.127430][ T5085] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.216100][ T9638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1570'. [ 341.288062][ C0] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 341.295309][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 341.301917][ C0] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 341.308722][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 341.315596][ C0] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 341.322302][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 341.328906][ C0] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 341.335531][ T5085] usb 5-1: config 0 descriptor?? [ 341.340766][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 341.347346][ C0] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 341.354022][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 341.360621][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.368724][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.376694][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.384852][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.392800][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.400925][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.408925][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.417239][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.425385][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.433481][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.441668][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.449782][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.457884][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.466082][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.474051][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.482188][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.490190][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.498307][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.506927][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.515034][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.523167][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.531313][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.539307][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.547465][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.555453][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.563516][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.571607][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.579797][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.587791][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.595899][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.603866][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.612037][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 341.620454][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 341.931495][ T5086] Bluetooth: hci6: unknown advertising packet type: 0x65 [ 341.931651][ T5086] Bluetooth: hci6: Dropping invalid advertising data [ 341.946818][ T5086] Bluetooth: hci6: Malformed LE Event: 0x02 [ 342.049331][ T5085] ath6kl: Failed to submit usb control message: -71 [ 342.058530][ T5085] ath6kl: unable to send the bmi data to the device: -71 [ 342.067648][ T5085] ath6kl: Unable to send get target info: -71 [ 342.090869][ T5085] ath6kl: Failed to init ath6kl core: -71 [ 342.105656][ T5085] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 342.140879][ T5085] usb 5-1: USB disconnect, device number 5 [ 342.643873][ T9674] blktrace: Concurrent blktraces are not allowed on sg0 [ 344.135337][ T9695] netlink: 512 bytes leftover after parsing attributes in process `syz.0.1593'. [ 344.412148][ T9703] blktrace: Concurrent blktraces are not allowed on sg0 [ 344.882554][ T9680] ntfs3: nullb0: Primary boot signature is not NTFS. [ 344.912759][ T9680] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 345.646036][ T9716] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 345.656137][ T9716] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 346.103909][ T9726] netlink: 512 bytes leftover after parsing attributes in process `syz.1.1607'. [ 346.231540][ T9732] blktrace: Concurrent blktraces are not allowed on sg0 [ 346.470685][ T9742] xt_limit: Overflow, try lower: 0/0 [ 346.596108][ T2529] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 346.765852][ T9748] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 346.775652][ T9748] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 346.845439][ T2529] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 347.022572][ T2529] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 347.465894][ T2529] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 347.530457][ T2529] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 347.579918][ T2529] usb 5-1: SerialNumber: syz [ 347.825498][ T2529] usb 5-1: 0:2 : does not exist [ 347.870340][ T2529] usb 5-1: USB disconnect, device number 6 [ 348.103912][ T9760] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1620'. [ 348.235565][ T9765] netlink: 512 bytes leftover after parsing attributes in process `syz.1.1625'. [ 349.470205][ T9783] xt_limit: Overflow, try lower: 0/0 [ 349.889910][ T9791] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 349.899691][ T9791] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 350.618252][ T9793] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1636'. [ 351.097969][ T9811] xt_limit: Overflow, try lower: 0/0 [ 352.577271][ T9835] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1653'. [ 353.106194][ T9847] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1658'. [ 354.265841][ T9852] macvlan0: entered allmulticast mode [ 354.285701][ T9852] veth1_vlan: entered allmulticast mode [ 354.362309][ T9852] pim6reg: entered allmulticast mode [ 354.574393][ T2529] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 354.795441][ T2529] usb 4-1: Using ep0 maxpacket: 16 [ 354.820870][ T2529] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 354.876870][ T5094] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 354.892735][ T5094] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 354.906278][ T2529] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 354.918499][ T2529] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.927176][ T5094] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 354.940875][ T2529] usb 4-1: Product: syz [ 354.945701][ T2529] usb 4-1: Manufacturer: syz [ 354.950474][ T2529] usb 4-1: SerialNumber: syz [ 354.961126][ T2529] usb 4-1: config 0 descriptor?? [ 354.971557][ T5094] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 354.980333][ T2529] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 354.993244][ T2529] usb 4-1: Detected FT232R [ 354.998092][ T5094] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 355.008035][ T5094] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 355.236717][ T2529] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 355.477504][ T2529] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 355.853585][ T2785] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.948353][ T9891] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1676'. [ 356.003644][ T25] usb 4-1: USB disconnect, device number 10 [ 356.062126][ T25] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 356.107908][ T25] ftdi_sio 4-1:0.0: device disconnected [ 356.132422][ T2785] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.280424][ T9899] program syz.0.1679 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 356.338390][ T2785] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.529003][ T2785] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.923388][ T9866] chnl_net:caif_netlink_parms(): no params data found [ 357.114299][ T5094] Bluetooth: hci0: command tx timeout [ 357.191479][ T2785] bridge_slave_1: left allmulticast mode [ 357.207106][ T2785] bridge_slave_1: left promiscuous mode [ 357.212973][ T2785] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.276303][ T2785] bridge_slave_0: left allmulticast mode [ 357.296720][ T2785] bridge_slave_0: left promiscuous mode [ 357.302598][ T2785] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.419579][ T9926] program syz.1.1689 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 358.875091][ T2785] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 358.908202][ T2785] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 358.931812][ T2785] bond0 (unregistering): Released all slaves [ 358.982044][ T9947] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1696'. [ 358.982376][ T9931] smc: net device lo applied user defined pnetid SYZ2 [ 358.999952][ T9933] smc: net device lo erased user defined pnetid SYZ2 [ 359.145342][ T5142] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 359.195767][ T5094] Bluetooth: hci0: command tx timeout [ 359.356243][ T5142] usb 2-1: Using ep0 maxpacket: 16 [ 359.373997][ T5142] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 359.406254][ T9960] program syz.0.1701 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 359.432257][ T5142] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 359.624690][ T5142] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.633364][ T5142] usb 2-1: Product: syz [ 359.640250][ T5142] usb 2-1: Manufacturer: syz [ 359.648209][ T5142] usb 2-1: SerialNumber: syz [ 359.677795][ T5142] usb 2-1: config 0 descriptor?? [ 359.724757][ T9866] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.724877][ T9866] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.725205][ T9866] bridge_slave_0: entered allmulticast mode [ 359.726954][ T9866] bridge_slave_0: entered promiscuous mode [ 359.729889][ T9866] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.730005][ T9866] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.730200][ T9866] bridge_slave_1: entered allmulticast mode [ 359.731820][ T9866] bridge_slave_1: entered promiscuous mode [ 359.756090][ T5142] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 359.929692][ T5142] usb 2-1: Detected FT232R [ 359.965127][ T5142] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 360.289615][ T5142] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 360.323570][ T9866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.512031][ T2785] hsr_slave_0: left promiscuous mode [ 360.573754][ T2785] hsr_slave_1: left promiscuous mode [ 360.593198][ T2785] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 360.611352][ T2785] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 360.686482][ T2785] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 360.693996][ T2785] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 360.742192][ T5201] usb 2-1: USB disconnect, device number 12 [ 360.775403][ T5201] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 360.804938][ T5201] ftdi_sio 2-1:0.0: device disconnected [ 360.815917][ T2785] veth1_macvtap: left promiscuous mode [ 360.833752][ T2785] veth0_macvtap: left promiscuous mode [ 360.851059][ T2785] veth1_vlan: left promiscuous mode [ 360.865902][ T2785] veth0_vlan: left promiscuous mode [ 360.894967][ T9976] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 360.921117][ C1] vkms_vblank_simulate: vblank timer overrun [ 360.942762][ T9976] CIFS mount error: No usable UNC path provided in device string! [ 360.942762][ T9976] [ 361.024569][ T9976] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 361.274579][ T5094] Bluetooth: hci0: command tx timeout [ 361.956885][ T9990] affs: No valid root block on device nbd1 [ 362.491583][ T2785] team0 (unregistering): Port device team_slave_1 removed [ 362.614651][ T2785] team0 (unregistering): Port device team_slave_0 removed [ 363.356764][ T5094] Bluetooth: hci0: command tx timeout [ 363.397654][ T9866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 363.465963][ T9998] pimreg: entered allmulticast mode [ 363.492489][T10000] pimreg: left allmulticast mode [ 363.706825][T10009] Bluetooth: MGMT ver 1.22 [ 363.722721][ T9866] team0: Port device team_slave_0 added [ 363.777613][ T9866] team0: Port device team_slave_1 added [ 364.114863][ T9866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 364.520167][ T9866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.908642][ T9866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 364.989376][ T9866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.021843][ T9866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.122471][ T9866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.183672][T10016] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1721'. [ 365.421131][ T9866] hsr_slave_0: entered promiscuous mode [ 365.464812][ T9866] hsr_slave_1: entered promiscuous mode [ 365.524463][ T9866] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 365.540274][ T9866] Cannot create hsr debugfs directory [ 365.885246][T10016] Zero length message leads to an empty skb [ 365.908412][T10056] overlay: Unknown parameter 'obj_role' [ 366.605817][T10071] all: renamed from bridge_slave_0 (while UP) [ 367.048709][ T9866] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 367.130503][ T9866] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 367.208710][ T9866] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 367.271321][ T9866] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 367.800217][ T9866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 368.632882][ T9866] 8021q: adding VLAN 0 to HW filter on device team0 [ 368.695957][T10101] pimreg: entered allmulticast mode [ 368.749258][ T5142] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.756438][ T5142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 368.841447][ T2529] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.848631][ T2529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 369.068732][T10118] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 369.134467][T10101] pimreg: left allmulticast mode [ 370.647766][ T9866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 370.844786][T10156] ieee802154 phy0 wpan0: encryption failed: -22 [ 370.969732][T10160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1764'. [ 372.184024][T10178] vlan2: entered promiscuous mode [ 372.218967][T10178] team0: entered promiscuous mode [ 372.305470][T10178] team_slave_0: entered promiscuous mode [ 372.490178][T10178] team_slave_1: entered promiscuous mode [ 372.955356][T10178] vlan2: entered allmulticast mode [ 372.968856][T10178] team0: entered allmulticast mode [ 373.112853][T10178] team_slave_0: entered allmulticast mode [ 373.130559][T10178] team_slave_1: entered allmulticast mode [ 373.171511][T10178] team0: left allmulticast mode [ 373.182992][T10178] team_slave_0: left allmulticast mode [ 373.189495][T10178] team_slave_1: left allmulticast mode [ 373.202994][T10178] team0: left promiscuous mode [ 373.211415][T10178] team_slave_0: left promiscuous mode [ 373.221213][T10178] team_slave_1: left promiscuous mode [ 373.413136][ T9866] veth0_vlan: entered promiscuous mode [ 373.414261][T10191] ieee802154 phy0 wpan0: encryption failed: -22 [ 373.480971][ T9866] veth1_vlan: entered promiscuous mode [ 373.601528][ T9866] veth0_macvtap: entered promiscuous mode [ 373.674272][T10201] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1781'. [ 373.756140][ T9866] veth1_macvtap: entered promiscuous mode [ 374.376805][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.454375][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.517697][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.557313][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.586905][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.607859][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.622833][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.633819][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.643978][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.656790][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.686173][ T9866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 374.723248][T10211] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1787'. [ 374.760006][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 374.904420][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.952196][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 375.014531][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 375.025711][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 375.036576][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 375.046560][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 375.059091][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 375.069180][ T9866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 375.508373][ T9866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 375.555603][T10220] ieee802154 phy0 wpan0: encryption failed: -22 [ 375.606783][ T9866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 375.715950][T10215] vlan2: entered promiscuous mode [ 375.721068][T10215] team0: entered promiscuous mode [ 375.774353][T10215] team_slave_0: entered promiscuous mode [ 375.803130][T10215] team_slave_1: entered promiscuous mode [ 375.834767][T10215] vlan2: entered allmulticast mode [ 375.839959][T10215] team0: entered allmulticast mode [ 375.867492][T10215] team_slave_0: entered allmulticast mode [ 375.873445][T10215] team_slave_1: entered allmulticast mode [ 375.898547][T10215] team0: left allmulticast mode [ 375.903483][T10215] team_slave_0: left allmulticast mode [ 375.956820][T10215] team_slave_1: left allmulticast mode [ 375.992787][T10215] team0: left promiscuous mode [ 376.009512][T10215] team_slave_0: left promiscuous mode [ 376.032487][T10215] team_slave_1: left promiscuous mode [ 376.093054][ T9866] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.122513][ T9866] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.148810][ T9866] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.157970][ T9866] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.331311][T10242] ieee802154 phy0 wpan0: encryption failed: -22 [ 376.476091][T10249] netlink: 'syz.1.1802': attribute type 37 has an invalid length. [ 376.505054][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 376.531212][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 376.655696][T10249] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1802'. [ 376.655738][ T2813] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 376.689384][ T2813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 376.953967][T10263] xt_limit: Overflow, try lower: 0/0 [ 377.093961][T10271] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.347527][ T29] audit: type=1326 audit(1720413835.393:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10274 comm="syz.4.1815" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa4c5d75bd9 code=0x0 [ 377.574433][ T5137] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 377.584283][ T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 377.696308][T10286] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1820'. [ 377.794202][ T5137] usb 4-1: Using ep0 maxpacket: 32 [ 377.803652][ T5137] usb 4-1: config 7 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.820278][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 377.844702][ T5137] usb 4-1: config 7 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 377.857393][ T5137] usb 4-1: config 7 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 377.870796][ T9] usb 3-1: language id specifier not provided by device, defaulting to English [ 377.887390][ T9] usb 3-1: New USB device found, idVendor=056a, idProduct=0069, bcdDevice= 0.40 [ 377.904177][ T5137] usb 4-1: config 7 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 377.914878][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.925041][ T9] usb 3-1: Product: syz [ 377.929270][ T9] usb 3-1: Manufacturer: 꼳ฐḼ馊ᠪ횔ꑇ꛲⨀맾ߟな㡰홖⒙ᒅ煗ﵙ [ 377.945278][ T5137] usb 4-1: config 7 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 377.984149][ T9] usb 3-1: SerialNumber: syz [ 377.989043][ T5137] usb 4-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 378.011233][ T9] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 378.021729][ T5137] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.222471][ T9] usb 3-1: USB disconnect, device number 10 [ 378.305466][T10303] netlink: 'syz.4.1828': attribute type 3 has an invalid length. [ 378.368715][ T5086] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 378.380568][ T5086] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 378.395283][ T5086] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 378.407685][ T5086] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 378.416162][ T5086] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 378.423652][ T5086] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 378.621145][ T5137] ntrig 0003:1B96:000A.0004: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.3-1/input0 [ 378.702284][ T2780] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.846563][ T5137] usb 4-1: USB disconnect, device number 11 [ 379.039857][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.054278][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.177474][ T2780] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.441959][ T2780] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.723178][ T29] audit: type=1326 audit(1720413837.763:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10320 comm="syz.2.1833" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8c2b75bd9 code=0x0 [ 379.854334][ T2780] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.195086][T10329] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1836'. [ 380.486677][ T5094] Bluetooth: hci5: command tx timeout [ 380.564702][ T2780] bridge_slave_0: left allmulticast mode [ 380.607409][ T2780] bridge_slave_0: left promiscuous mode [ 380.622093][ T2780] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.973492][ T29] audit: type=1326 audit(1720413839.013:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.2.1844" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8c2b75bd9 code=0x0 [ 382.268330][ T2780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 382.289406][ T2780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 382.316657][ T2780] bond0 (unregistering): Released all slaves [ 382.360986][T10306] chnl_net:caif_netlink_parms(): no params data found [ 382.554300][ T5094] Bluetooth: hci5: command tx timeout [ 382.706206][ T7710] syz_tun (unregistering): left promiscuous mode [ 383.450046][T10306] bridge0: port 1(bridge_slave_0) entered blocking state [ 383.494786][T10306] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.552034][T10306] bridge_slave_0: entered allmulticast mode [ 383.661708][T10306] bridge_slave_0: entered promiscuous mode [ 383.781374][T10306] bridge0: port 2(bridge_slave_1) entered blocking state [ 383.844258][T10306] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.868424][T10306] bridge_slave_1: entered allmulticast mode [ 383.894852][T10306] bridge_slave_1: entered promiscuous mode [ 384.322214][ T5086] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 384.333816][ T5086] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 384.343012][ T5086] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 384.361641][ T5086] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 384.384396][ T5086] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 384.391956][ T5086] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 384.585223][ T5137] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 384.599012][ T2780] hsr_slave_0: left promiscuous mode [ 384.631544][ T2780] hsr_slave_1: left promiscuous mode [ 384.634355][ T5086] Bluetooth: hci5: command tx timeout [ 384.643535][ T2780] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 384.651333][ T2780] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 384.668105][ T2780] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 384.686167][ T2780] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 384.776797][ T2780] veth0_macvtap: left promiscuous mode [ 384.799740][ T2780] veth1_vlan: left allmulticast mode [ 384.814242][ T5137] usb 3-1: Using ep0 maxpacket: 16 [ 384.831810][ T2780] veth1_vlan: left promiscuous mode [ 384.852340][ T5137] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 384.889204][ T2780] veth0_vlan: left promiscuous mode [ 384.900693][ T5137] usb 3-1: New USB device found, idVendor=046d, idProduct=0821, bcdDevice=57.47 [ 384.910117][ T5137] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.918469][ T5137] usb 3-1: Product: syz [ 384.922816][ T5137] usb 3-1: Manufacturer: syz [ 384.966907][ T5137] usb 3-1: SerialNumber: syz [ 384.991325][ T5137] usb 3-1: config 0 descriptor?? [ 385.192489][ T2780] pim6reg (unregistering): left allmulticast mode [ 385.244981][ T5137] usb 3-1: Found UVC 0.00 device syz (046d:0821) [ 385.251424][ T5137] usb 3-1: No valid video chain found. [ 385.274829][ T5137] usb 3-1: USB disconnect, device number 11 [ 385.495340][ T2780] macvlan0 (unregistering): left allmulticast mode [ 386.154029][ T2780] team0 (unregistering): Port device team_slave_1 removed [ 386.306525][ T2780] team0 (unregistering): Port device team_slave_0 removed [ 386.475495][ T5086] Bluetooth: hci4: command tx timeout [ 386.714790][ T5086] Bluetooth: hci5: command tx timeout [ 387.096518][T10306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 387.124001][T10306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 387.154423][T10386] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 387.165864][T10388] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 387.483536][T10306] team0: Port device team_slave_0 added [ 387.540396][T10306] team0: Port device team_slave_1 added [ 387.700442][T10306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 387.724327][T10306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.849848][T10306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 387.912045][T10306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 387.924156][T10306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.982520][T10306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.188813][T10306] hsr_slave_0: entered promiscuous mode [ 388.201970][T10306] hsr_slave_1: entered promiscuous mode [ 388.209929][T10306] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 388.229943][T10306] Cannot create hsr debugfs directory [ 388.554596][ T5086] Bluetooth: hci4: command tx timeout [ 388.764450][ T5137] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 388.963114][ T2780] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.981877][ T5137] usb 3-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=cd.35 [ 389.009113][ T5137] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.045655][ T5137] usb 3-1: config 0 descriptor?? [ 389.091032][ T5137] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 389.107014][ T5137] dw2102: su3000_power_ctrl: 1, initialized 0 [ 389.121456][ T5137] dvb-usb: bulk message failed: -22 (2/0) [ 389.206422][ T5137] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 389.226323][ T5137] dvb-usb: TeVii S482 (tuner 2) error while loading driver (-19) [ 389.273912][ T2780] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.860877][T10415] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1868'. [ 389.892636][T10415] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 389.943803][ T2780] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.115409][ T5085] usb 3-1: USB disconnect, device number 12 [ 390.157986][ T2780] bond0: (slave netdevsim0): Releasing backup interface [ 390.208407][ T2780] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.294790][T10422] netdevsim netdevsim4 : renamed from netdevsim0 (while UP) [ 390.447837][T10378] chnl_net:caif_netlink_parms(): no params data found [ 390.637619][ T5086] Bluetooth: hci4: command tx timeout [ 390.913589][T10439] pimreg: entered allmulticast mode [ 391.069037][ T2780] bridge_slave_1: left allmulticast mode [ 391.096771][ T2780] bridge_slave_1: left promiscuous mode [ 391.102640][ T2780] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.146128][ T2780] bridge_slave_0: left allmulticast mode [ 391.167236][ T2780] bridge_slave_0: left promiscuous mode [ 391.186383][ T2780] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.199505][T10445] vhci_hcd: invalid port number 0 [ 391.514529][ T5085] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 391.734214][ T5085] usb 2-1: Using ep0 maxpacket: 32 [ 391.755243][ T5085] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 391.779113][ T5085] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 391.806676][ T5085] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 391.818887][ T5085] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.855194][ T5085] usb 2-1: config 0 descriptor?? [ 391.864784][T10447] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 391.889175][ T5085] hub 2-1:0.0: USB hub found [ 392.123748][ T5085] hub 2-1:0.0: 2 ports detected [ 392.130125][ T5085] hub 2-1:0.0: insufficient power available to use all downstream ports [ 392.346672][ T2780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 392.373394][ T2780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 392.398426][ T2780] bond0 (unregistering): Released all slaves [ 392.451074][T10378] bridge0: port 1(bridge_slave_0) entered blocking state [ 392.479047][T10378] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.500960][T10378] bridge_slave_0: entered allmulticast mode [ 392.519183][T10378] bridge_slave_0: entered promiscuous mode [ 392.539233][T10378] bridge0: port 2(bridge_slave_1) entered blocking state [ 392.591017][T10378] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.598609][ T5085] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 392.606544][T10378] bridge_slave_1: entered allmulticast mode [ 392.612642][ T5085] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 392.622346][T10378] bridge_slave_1: entered promiscuous mode [ 392.636792][ T5085] usbhid 2-1:0.0: can't add hid device: -71 [ 392.637270][T10462] netlink: 'syz.2.1886': attribute type 32 has an invalid length. [ 392.654402][ T5085] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 392.663350][T10462] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1886'. [ 392.676594][T10462] (unnamed net_device) (uninitialized): option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 392.718480][ T5086] Bluetooth: hci4: command tx timeout [ 392.745529][ T5085] usb 2-1: USB disconnect, device number 13 [ 392.880165][T10378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 392.936045][T10378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 393.025656][T10468] vhci_hcd: invalid port number 0 [ 393.226085][T10378] team0: Port device team_slave_0 added [ 393.238659][T10476] netlink: 'syz.1.1892': attribute type 5 has an invalid length. [ 393.323979][ T2780] batadv_slave_0: left promiscuous mode [ 393.376776][ T2780] hsr_slave_0: left promiscuous mode [ 393.383228][ T2780] hsr_slave_1: left promiscuous mode [ 393.393039][ T2780] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 393.402569][ T2780] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 393.425573][ T2780] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 393.433044][ T2780] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 393.478755][ T2780] veth1_macvtap: left promiscuous mode [ 393.494335][ T2780] veth0_macvtap: left promiscuous mode [ 393.500196][ T2780] veth1_vlan: left promiscuous mode [ 393.510288][ T2780] veth0_vlan: left promiscuous mode [ 393.664350][ T5085] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 393.848276][ T5085] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 393.868647][ T5085] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 393.887624][ T5085] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.936761][ T5085] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 394.570448][ T2780] team0 (unregistering): Port device team_slave_1 removed [ 394.656384][ T2780] team0 (unregistering): Port device team_slave_0 removed [ 395.036605][ T5085] stv0680 2-1:4.0: STV(e): camera ping failed!! [ 395.257107][ T5085] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 395.265601][ T5085] stv0680 2-1:4.0: last error: 0, command = 0x0 [ 395.292896][ T5085] usb 2-1: USB disconnect, device number 14 [ 395.392301][T10378] team0: Port device team_slave_1 added [ 395.530999][T10378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 395.554248][T10378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.592993][T10378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 395.624307][T10306] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 395.655709][T10378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 395.671849][T10378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.719794][T10498] netlink: 'syz.2.1902': attribute type 5 has an invalid length. [ 395.728286][T10378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 395.782225][T10306] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 395.816219][T10306] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 395.830227][T10306] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 396.053345][T10378] hsr_slave_0: entered promiscuous mode [ 396.132805][T10378] hsr_slave_1: entered promiscuous mode [ 396.154342][ T5086] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 396.163273][ T5086] Bluetooth: hci3: Injecting HCI hardware error event [ 396.173190][ T5094] Bluetooth: hci3: hardware error 0x00 [ 396.378218][ T2780] IPVS: stop unused estimator thread 0... [ 396.914038][T10522] netlink: 'syz.4.1913': attribute type 5 has an invalid length. [ 396.952938][T10306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.988781][T10306] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.024294][ T8] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 397.060271][ T5137] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.067557][ T5137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.112815][ T5137] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.120103][ T5137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 397.237716][ T8] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 397.265258][ T8] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 397.283905][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.380858][ T8] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 397.505800][T10378] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 397.623509][T10532] ubi0: attaching mtd0 [ 397.638702][T10532] ubi0: scanning is finished [ 397.643487][T10532] ubi0: empty MTD device detected [ 398.162800][T10378] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 398.213283][T10378] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 398.264147][T10532] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 398.266309][T10378] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 398.287259][T10532] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 398.297659][T10532] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 398.314657][ T5094] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 398.323274][T10532] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 398.354945][T10532] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 398.406988][T10532] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 398.429910][T10532] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2288098965 [ 398.469028][T10532] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 398.486014][ T8] stv0680 3-1:4.0: STV(e): camera ping failed!! [ 398.514397][T10536] ubi0: background thread "ubi_bgt0d" started, PID 10536 [ 398.688620][ T8] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 398.714833][ T8] stv0680 3-1:4.0: last error: 0, command = 0x0 [ 398.752270][ T8] usb 3-1: USB disconnect, device number 13 [ 398.802454][T10378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 398.832772][T10306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 398.912034][T10378] 8021q: adding VLAN 0 to HW filter on device team0 [ 398.978534][ T5085] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.986067][ T5085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 399.105836][ T5085] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.113153][ T5085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 399.320103][T10306] veth0_vlan: entered promiscuous mode [ 399.387482][T10306] veth1_vlan: entered promiscuous mode [ 399.552352][T10306] veth0_macvtap: entered promiscuous mode [ 399.620959][T10306] veth1_macvtap: entered promiscuous mode [ 399.715536][T10306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.749839][T10306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.768962][T10306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.787947][T10306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.816174][T10566] Cannot find map_set index 0 as target [ 399.818767][T10306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.851118][T10306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.872617][T10306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.902726][T10306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.933996][T10306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.968315][T10306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 400.016822][T10306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 400.054218][T10306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 400.065071][T10306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 400.082583][T10306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 400.106351][T10306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 400.132254][T10306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 400.151598][T10306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 400.180095][T10306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 400.263071][T10306] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.275902][T10306] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.285586][T10306] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.295141][T10306] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.487905][T10378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 401.256577][T10590] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1933'. [ 401.365417][ T2813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.405518][ T2813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.452119][T10378] veth0_vlan: entered promiscuous mode [ 401.532270][T10378] veth1_vlan: entered promiscuous mode [ 401.539540][ T6309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.576059][ T6309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.633293][T10599] pimreg: entered allmulticast mode [ 401.663441][T10599] pimreg: left allmulticast mode [ 401.938243][T10378] veth0_macvtap: entered promiscuous mode [ 402.001510][T10378] veth1_macvtap: entered promiscuous mode [ 402.105394][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.121806][ T5094] Bluetooth: hci5: SCO packet for unknown connection handle 0 [ 402.132286][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.219608][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.335692][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.523232][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.573315][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.637773][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.800900][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.875159][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.892462][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.956170][T10378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.990290][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.054284][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.083098][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.106290][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.130379][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.154273][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.168215][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.185848][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.206035][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.237707][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.267470][T10378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 403.401593][T10378] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.435904][T10378] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.458326][T10378] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.478614][T10378] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.772684][ T2785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.789875][ T2785] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.860649][ T2785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.880819][ T2785] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.974189][ T5201] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 404.184141][ T5201] usb 1-1: Using ep0 maxpacket: 32 [ 404.200265][ T5201] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 404.225212][ T5201] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 404.249770][ T5201] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 404.259548][ T5094] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 404.344524][ T5201] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 404.787893][ T5201] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 404.984693][ T5201] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 405.014293][ T5201] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.042763][ T5201] usb 1-1: Product: syz [ 405.061628][ T5201] usb 1-1: Manufacturer: syz [ 405.078693][ T5201] usb 1-1: SerialNumber: syz [ 405.266609][T10667] xt_CT: You must specify a L4 protocol and not use inversions on it [ 405.352329][ T5201] cdc_ncm 1-1:1.0: bind() failure [ 405.416927][ T5201] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 405.430914][ T5201] cdc_ncm 1-1:1.1: bind() failure [ 405.449523][ T5201] usb 1-1: USB disconnect, device number 5 [ 405.762885][T10687] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1971'. [ 405.783315][T10687] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1971'. [ 405.809193][T10687] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1971'. [ 405.826485][ T5144] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 406.046469][ T5144] usb 3-1: config 0 has no interfaces? [ 406.058700][ T5144] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 406.089594][ T5144] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.113162][ T5144] usb 3-1: config 0 descriptor?? [ 406.602852][ T5094] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 406.804389][ T5140] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 407.044401][ T5140] usb 1-1: Using ep0 maxpacket: 8 [ 407.079715][ T5140] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 407.098051][ T5140] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 407.126374][ T5140] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.423791][T10709] xt_CT: You must specify a L4 protocol and not use inversions on it [ 407.683436][ T5201] usb 3-1: USB disconnect, device number 14 [ 407.771562][T10713] netlink: 'syz.1.1980': attribute type 1 has an invalid length. [ 407.787951][T10713] netlink: 616 bytes leftover after parsing attributes in process `syz.1.1980'. [ 409.700938][ T5140] usb 1-1: USB disconnect, device number 6 [ 409.867092][T10740] xt_CT: You must specify a L4 protocol and not use inversions on it [ 409.937393][ T5085] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 410.144363][ T5085] usb 4-1: Using ep0 maxpacket: 8 [ 410.161534][ T5085] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 410.195344][ T5085] usb 4-1: config 179 has no interface number 0 [ 410.224924][ T5085] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 410.246184][ T5085] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 410.263364][ T5085] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 410.301351][ T5085] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 410.323457][T10750] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1996'. [ 410.333038][ T5085] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 410.356487][ T5085] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 410.369717][ T5085] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.391241][T10731] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 410.406665][ T5085] xpad 4-1:179.65: probe with driver xpad failed with error -5 [ 410.446615][T10750] bond1: entered promiscuous mode [ 410.451968][T10754] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 410.720818][ T5085] usb 4-1: USB disconnect, device number 12 [ 412.015181][ T5085] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 412.685325][ T5085] usb 2-1: Using ep0 maxpacket: 8 [ 412.888655][ T5085] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 412.904466][ T5085] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 412.913726][ T5085] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.294304][ T5144] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 414.429388][T10816] devpts: called with bogus options [ 415.194319][ T5144] usb 3-1: Using ep0 maxpacket: 8 [ 415.210096][ T5144] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 415.223483][ T5144] usb 3-1: config 179 has no interface number 0 [ 415.234165][ T5144] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 415.248251][ T5144] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 415.265468][ T5144] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 415.296860][ T9] usb 2-1: USB disconnect, device number 15 [ 415.327160][ T5144] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 415.364397][ T5144] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 415.378179][ T5144] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 415.425267][ T5144] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.471251][T10806] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 415.518808][ T5144] xpad 3-1:179.65: probe with driver xpad failed with error -5 [ 416.065864][ T25] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 416.466103][ T25] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 416.830235][ T9] usb 3-1: USB disconnect, device number 15 [ 416.913345][ T25] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 416.922910][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.940648][ T25] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 417.175928][T10845] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2031'. [ 417.428963][T10844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2031'. [ 417.995033][ T25] stv0680 1-1:4.0: STV(e): camera ping failed!! [ 418.054295][ T5142] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 418.217952][ T25] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 418.347084][ T5142] usb 3-1: Using ep0 maxpacket: 8 [ 418.369134][ T25] stv0680 1-1:4.0: last error: 0, command = 0x0 [ 418.467719][ T5142] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 418.595072][ T25] usb 1-1: USB disconnect, device number 7 [ 418.678205][ T5142] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 418.845238][ T5142] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.280822][ T5094] Bluetooth: hci5: SCO packet for unknown connection handle 0 [ 420.694264][ T5142] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 420.911750][ T5142] usb 1-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=cd.35 [ 420.943075][ T5142] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.963322][ T5142] usb 1-1: config 0 descriptor?? [ 420.977958][ T5142] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 420.988717][ T5142] dw2102: su3000_power_ctrl: 1, initialized 0 [ 421.000330][T10921] RDS: rds_bind could not find a transport for ::7900:0:0:0, load rds_tcp or rds_rdma? [ 421.014588][ T5142] dvb-usb: bulk message failed: -22 (2/0) [ 421.051123][ T5142] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 421.092718][ T5142] dvb-usb: TeVii S482 (tuner 2) error while loading driver (-19) [ 421.110486][ T5201] usb 3-1: USB disconnect, device number 16 [ 421.623766][T10940] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 421.643881][T10939] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 421.655844][T10906] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2051'. [ 421.674328][T10906] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 421.738796][ T5201] usb 1-1: USB disconnect, device number 8 [ 421.761577][T10943] RDS: rds_bind could not find a transport for ::7900:0:0:0, load rds_tcp or rds_rdma? [ 421.763372][T10945] devpts: called with bogus options [ 422.729032][T10968] program syz.4.2078 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 423.035942][T10979] RDS: rds_bind could not find a transport for ::7900:0:0:0, load rds_tcp or rds_rdma? [ 423.342548][ T29] audit: type=1326 audit(1720413881.383:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10983 comm="syz.0.2086" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4bf1775bd9 code=0x0 [ 423.517309][T10998] program syz.1.2092 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 423.883749][T11015] RDS: rds_bind could not find a transport for ::7900:0:0:0, load rds_tcp or rds_rdma? [ 423.998985][T11023] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2101'. [ 424.383013][T11035] program syz.3.2107 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 424.392979][T11041] netlink: 'syz.2.2111': attribute type 3 has an invalid length. [ 424.423995][T11041] netlink: 'syz.2.2111': attribute type 3 has an invalid length. [ 424.560598][T11048] netlink: 'syz.3.2113': attribute type 15 has an invalid length. [ 424.594600][T11048] netlink: 650 bytes leftover after parsing attributes in process `syz.3.2113'. [ 424.748680][T11056] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2116'. [ 429.685368][ T5201] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 429.701272][T11144] hpfs: Bad magic ... probably not HPFS [ 429.905613][ T5201] usb 1-1: Using ep0 maxpacket: 8 [ 429.913148][ T5201] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 429.933995][ T5201] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 429.958569][ T5201] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 429.983149][ T5201] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 430.044137][ T5201] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 430.072393][ T5201] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.312802][ T5201] usb 1-1: GET_CAPABILITIES returned 0 [ 430.340274][ T5201] usbtmc 1-1:16.0: can't read capabilities [ 430.572870][ T5201] usb 1-1: USB disconnect, device number 9 [ 430.767281][ T5086] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 430.777525][ T5086] CPU: 1 PID: 5086 Comm: kworker/u9:2 Not tainted 6.10.0-rc7-syzkaller #0 [ 430.786082][ T5086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 430.796169][ T5086] Workqueue: hci4 hci_rx_work [ 430.800890][ T5086] Call Trace: [ 430.804264][ T5086] [ 430.807205][ T5086] dump_stack_lvl+0x241/0x360 [ 430.811910][ T5086] ? __pfx_dump_stack_lvl+0x10/0x10 [ 430.817135][ T5086] ? __pfx__printk+0x10/0x10 [ 430.821740][ T5086] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 430.827554][ T5086] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 430.832955][ T5086] sysfs_create_dir_ns+0x2ce/0x3a0 [ 430.838105][ T5086] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 430.843788][ T5086] kobject_add_internal+0x435/0x8d0 [ 430.849051][ T5086] kobject_add+0x152/0x220 [ 430.853509][ T5086] ? do_raw_spin_unlock+0x13c/0x8b0 [ 430.858759][ T5086] ? device_add+0x3e7/0xbf0 [ 430.863292][ T5086] ? __pfx_kobject_add+0x10/0x10 [ 430.868280][ T5086] ? _raw_spin_unlock+0x28/0x50 [ 430.873173][ T5086] ? get_device_parent+0x165/0x410 [ 430.878311][ T5086] device_add+0x4e5/0xbf0 [ 430.882691][ T5086] hci_conn_add_sysfs+0xe8/0x200 [ 430.887661][ T5086] le_conn_complete_evt+0xc9f/0x12e0 [ 430.892975][ T5086] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 430.898766][ T5086] ? __mutex_unlock_slowpath+0x21d/0x750 [ 430.904428][ T5086] ? __copy_skb_header+0x437/0x5b0 [ 430.909571][ T5086] ? skb_pull_data+0x112/0x230 [ 430.914368][ T5086] hci_le_enh_conn_complete_evt+0x185/0x420 [ 430.920296][ T5086] hci_event_packet+0xa53/0x1540 [ 430.925255][ T5086] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 430.930565][ T5086] ? __pfx_hci_event_packet+0x10/0x10 [ 430.935961][ T5086] ? do_raw_spin_unlock+0x13c/0x8b0 [ 430.941182][ T5086] ? hci_send_to_monitor+0xd8/0x7f0 [ 430.946411][ T5086] ? kcov_remote_start+0x9e/0x7e0 [ 430.951452][ T5086] hci_rx_work+0x3e8/0xca0 [ 430.955927][ T5086] ? process_scheduled_works+0x945/0x1830 [ 430.961662][ T5086] process_scheduled_works+0xa2c/0x1830 [ 430.968488][ T5086] ? __pfx_process_scheduled_works+0x10/0x10 [ 430.974520][ T5086] ? assign_work+0x364/0x3d0 [ 430.979173][ T5086] worker_thread+0x86d/0xd50 [ 430.983823][ T5086] ? __kthread_parkme+0x169/0x1d0 [ 430.988898][ T5086] ? __pfx_worker_thread+0x10/0x10 [ 430.994034][ T5086] kthread+0x2f0/0x390 [ 430.998151][ T5086] ? __pfx_worker_thread+0x10/0x10 [ 431.003276][ T5086] ? __pfx_kthread+0x10/0x10 [ 431.007884][ T5086] ret_from_fork+0x4b/0x80 [ 431.012322][ T5086] ? __pfx_kthread+0x10/0x10 [ 431.016952][ T5086] ret_from_fork_asm+0x1a/0x30 [ 431.021837][ T5086] [ 431.034801][ T5086] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 431.049191][ T5086] Bluetooth: hci4: failed to register connection device [ 431.459815][T11185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2170'. [ 431.914244][T11180] Bluetooth: hci4: command 0x0405 tx timeout [ 431.978553][T11200] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2176'. [ 432.871503][ T29] audit: type=1326 audit(1720413890.903:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 432.962813][ T29] audit: type=1326 audit(1720413890.903:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 435.008349][ T29] audit: type=1326 audit(1720413890.943:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 435.047573][T11225] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2185'. [ 435.141309][ T29] audit: type=1326 audit(1720413890.963:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 435.246933][ T29] audit: type=1326 audit(1720413890.963:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 435.341524][ T29] audit: type=1326 audit(1720413890.963:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 435.382744][ T29] audit: type=1326 audit(1720413890.963:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 435.412362][ T29] audit: type=1326 audit(1720413890.963:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 435.435334][ T29] audit: type=1326 audit(1720413890.963:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 435.458226][ T29] audit: type=1326 audit(1720413890.963:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.3.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 435.514224][ T5094] Bluetooth: hci5: command tx timeout [ 435.647793][T11233] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2188'. [ 435.905625][T11247] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 435.979060][T11250] Bluetooth: MGMT ver 1.22 [ 436.964651][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 437.049588][ T5094] Bluetooth: hci4: command 0x0405 tx timeout [ 441.892191][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 442.114360][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.283981][T11264] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2200'. [ 442.791044][T11279] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2206'. [ 443.069541][T11288] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2209'. [ 443.347923][T11288] netdevsim netdevsim4 : set [0, 0] type 1 family 0 port 8472 - 0 [ 443.358645][T11288] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.369001][T11288] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.378031][T11288] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.742829][T11288] vxlan0: entered promiscuous mode [ 444.215663][T11302] syz.0.2214: attempt to access beyond end of device [ 444.215663][T11302] nbd0: rw=0, sector=1, nr_sectors = 1 limit=0 [ 444.291038][T11302] qnx4: unable to read the superblock [ 446.521927][T11316] syzkaller0: entered promiscuous mode [ 446.530052][T11316] syzkaller0: entered allmulticast mode [ 447.362898][T11180] Bluetooth: hci1: command 0x0406 tx timeout [ 448.962427][T11348] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2231'. [ 449.471050][ T5143] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 449.669233][ T5143] usb 1-1: too many configurations: 65, using maximum allowed: 8 [ 449.681646][ T5143] usb 1-1: config 0 has no interfaces? [ 449.701079][ T5143] usb 1-1: config 0 has no interfaces? [ 449.728693][ T5143] usb 1-1: config 0 has no interfaces? [ 449.763340][ T5143] usb 1-1: config 0 has no interfaces? [ 449.787778][ T5143] usb 1-1: config 0 has no interfaces? [ 449.799907][ T5143] usb 1-1: config 0 has no interfaces? [ 449.844180][ T5143] usb 1-1: config 0 has no interfaces? [ 449.857257][ T5143] usb 1-1: config 0 has no interfaces? [ 449.865188][ T5143] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 449.884187][ T5143] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.907631][ T5143] usb 1-1: config 0 descriptor?? [ 450.511110][ T25] usb 1-1: USB disconnect, device number 10 [ 450.789553][T11366] block nbd4: Device being setup by another task [ 450.830576][T11366] block nbd4: shutting down sockets [ 453.169558][T11319] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2220'. [ 453.772080][T11411] syz_tun: entered allmulticast mode [ 453.815391][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 453.815416][ T29] audit: type=1326 audit(1720413911.843:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11410 comm="syz.3.2256" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x0 [ 453.998985][T11422] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2260'. [ 454.160269][T11420] syzkaller0: entered promiscuous mode [ 454.168014][T11420] syzkaller0: entered allmulticast mode [ 455.415531][ T29] audit: type=1326 audit(1720413913.463:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11447 comm="syz.2.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8c2b75bd9 code=0x7ffc0000 [ 455.474153][ T29] audit: type=1326 audit(1720413913.493:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11447 comm="syz.2.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8c2b75bd9 code=0x7ffc0000 [ 455.530082][ T29] audit: type=1326 audit(1720413913.493:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11447 comm="syz.2.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb8c2b75bd9 code=0x7ffc0000 [ 455.588271][ T29] audit: type=1326 audit(1720413913.493:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11447 comm="syz.2.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8c2b75bd9 code=0x7ffc0000 [ 455.665047][ T29] audit: type=1326 audit(1720413913.493:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11447 comm="syz.2.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8c2b75bd9 code=0x7ffc0000 [ 455.720691][ T29] audit: type=1326 audit(1720413913.493:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11447 comm="syz.2.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb8c2b75bd9 code=0x7ffc0000 [ 455.752436][ T29] audit: type=1326 audit(1720413913.503:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11447 comm="syz.2.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8c2b75bd9 code=0x7ffc0000 [ 455.784557][ T29] audit: type=1326 audit(1720413913.503:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11447 comm="syz.2.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb8c2b6cc27 code=0x7ffc0000 [ 455.831343][ T29] audit: type=1326 audit(1720413913.503:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11447 comm="syz.2.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb8c2b115c9 code=0x7ffc0000 [ 456.240398][T11180] Bluetooth: hci1: unexpected event for opcode 0x042c [ 458.644443][T11410] syz_tun: left allmulticast mode [ 458.766507][T11461] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.773805][T11461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.944276][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 458.944296][ T29] audit: type=1326 audit(1720413916.983:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 459.042562][ T29] audit: type=1326 audit(1720413916.983:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 459.093802][ T29] audit: type=1326 audit(1720413916.993:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 459.173710][ T29] audit: type=1326 audit(1720413916.993:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 459.234325][ T29] audit: type=1326 audit(1720413916.993:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 459.300427][ T29] audit: type=1326 audit(1720413916.993:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 459.383408][ T29] audit: type=1326 audit(1720413917.033:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 459.426613][ T29] audit: type=1326 audit(1720413917.073:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f3b0bb75bd9 code=0x7ffc0000 [ 459.474281][ T5142] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 459.504371][ T29] audit: type=1326 audit(1720413917.073:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b0bb6cc27 code=0x7ffc0000 [ 459.530224][T11486] syzkaller0: entered promiscuous mode [ 459.546067][T11486] syzkaller0: entered allmulticast mode [ 459.553626][ T29] audit: type=1326 audit(1720413917.073:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.3.2282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b0bb115c9 code=0x7ffc0000 [ 459.553655][T11490] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.582609][T11490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 459.676816][ T5142] usb 1-1: Using ep0 maxpacket: 16 [ 459.704211][ T5142] usb 1-1: config 0 has no interfaces? [ 459.714918][ T5142] usb 1-1: New USB device found, idVendor=0582, idProduct=05e6, bcdDevice=4e.00 [ 459.744362][ T5142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.752607][ T5142] usb 1-1: Product: syz [ 459.761923][ T5142] usb 1-1: Manufacturer: syz [ 459.778125][ T5142] usb 1-1: SerialNumber: syz [ 459.799397][ T5142] usb 1-1: config 0 descriptor?? [ 464.120247][T11482] bond0: entered promiscuous mode [ 464.131817][T11482] bond_slave_0: entered promiscuous mode [ 464.140327][T11482] bond_slave_1: entered promiscuous mode [ 464.183883][T11482] dummy0: entered promiscuous mode [ 464.264529][T11530] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.271791][T11530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 464.310567][ T5143] usb 1-1: USB disconnect, device number 11 [ 464.768969][T11548] xt_CT: No such helper "snmp_trap" [ 465.174629][ T25] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 465.385108][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 465.417954][ T25] usb 2-1: config 0 has no interfaces? [ 465.438461][ T25] usb 2-1: New USB device found, idVendor=0582, idProduct=05e6, bcdDevice=4e.00 [ 465.459620][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.500916][ T25] usb 2-1: Product: syz [ 465.507828][ T25] usb 2-1: Manufacturer: syz [ 465.531733][ T25] usb 2-1: SerialNumber: syz [ 465.581050][ T25] usb 2-1: config 0 descriptor?? [ 465.586376][ T5085] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 466.466049][ T5085] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 200, setting to 8 [ 466.487803][ T5085] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 466.511621][ T5085] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 466.638354][ T5085] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 466.648360][ T5085] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 466.658584][ T5085] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.669469][ T5085] usb 5-1: config 0 descriptor?? [ 466.772754][T11559] bond0: entered promiscuous mode [ 466.775371][T11603] No such timeout policy "syz1" [ 466.791606][T11559] bond_slave_0: entered promiscuous mode [ 466.823951][T11559] bond_slave_1: entered promiscuous mode [ 466.863865][T11559] dummy0: entered promiscuous mode [ 466.894539][T11559] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 466.923437][T11559] Cannot create hsr debugfs directory [ 572.124060][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 572.131074][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P11614/1:b..l [ 572.139752][ C1] rcu: (detected by 1, t=10502 jiffies, g=54033, q=229 ncpus=2) [ 572.147484][ C1] task:syz.2.2345 state:R running task stack:24672 pid:11614 tgid:11614 ppid:5082 flags:0x00000000 [ 572.160260][ C1] Call Trace: [ 572.163556][ C1] [ 572.166501][ C1] __schedule+0x1796/0x49d0 [ 572.171051][ C1] ? mark_lock+0x9a/0x350 [ 572.175401][ C1] ? __pfx___schedule+0x10/0x10 [ 572.180266][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 572.186270][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 572.191504][ C1] ? preempt_schedule+0xe1/0xf0 [ 572.196365][ C1] preempt_schedule_common+0x84/0xd0 [ 572.201662][ C1] preempt_schedule+0xe1/0xf0 [ 572.206351][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 572.211729][ C1] ? folio_remove_rmap_ptes+0x39b/0x4f0 [ 572.217298][ C1] preempt_schedule_thunk+0x1a/0x30 [ 572.222520][ C1] _raw_spin_unlock+0x3e/0x50 [ 572.227220][ C1] unmap_page_range+0x3631/0x40f0 [ 572.232289][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 572.237707][ C1] ? mas_next_slot+0xeab/0xf90 [ 572.242503][ C1] ? uprobe_munmap+0x183/0x410 [ 572.247294][ C1] ? unmap_single_vma+0x1bd/0x2b0 [ 572.252343][ C1] unmap_vmas+0x3cc/0x5f0 [ 572.256690][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 572.261579][ C1] ? tlb_gather_mmu_fullmm+0x160/0x210 [ 572.267057][ C1] exit_mmap+0x264/0xc80 [ 572.271328][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 572.276112][ C1] ? __asan_memset+0x23/0x50 [ 572.280752][ C1] ? uprobe_clear_state+0x277/0x290 [ 572.285972][ C1] ? mm_update_next_owner+0x64e/0x6b0 [ 572.291370][ C1] __mmput+0x115/0x3c0 [ 572.295446][ C1] exit_mm+0x220/0x310 [ 572.299549][ C1] ? __pfx_exit_mm+0x10/0x10 [ 572.304154][ C1] ? taskstats_exit+0x348/0xa70 [ 572.309019][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 572.314235][ C1] do_exit+0x9aa/0x27e0 [ 572.318419][ C1] ? __pfx_do_exit+0x10/0x10 [ 572.323032][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 572.329047][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 572.335392][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 572.340615][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 572.345842][ C1] do_group_exit+0x207/0x2c0 [ 572.350463][ C1] __x64_sys_exit_group+0x3f/0x40 [ 572.355508][ C1] do_syscall_64+0xf3/0x230 [ 572.360038][ C1] ? clear_bhb_loop+0x35/0x90 [ 572.364740][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.370666][ C1] RIP: 0033:0x7fb8c2b75bd9 [ 572.375123][ C1] RSP: 002b:00007ffc217d5af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 572.383557][ C1] RAX: ffffffffffffffda RBX: 00007ffc217d5bf0 RCX: 00007fb8c2b75bd9 [ 572.391539][ C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 572.399518][ C1] RBP: 0000000000000001 R08: 00000004217d5c2f R09: 0000000000000000 [ 572.407511][ C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 572.415492][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 572.423504][ C1] [ 572.426546][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10499 jiffies! g54033 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 572.438914][ C1] rcu: Possible timer handling issue on cpu=0 timer-softirq=31159 [ 572.446811][ C1] rcu: rcu_preempt kthread starved for 10500 jiffies! g54033 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 572.458189][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 572.468162][ C1] rcu: RCU grace-period kthread stack dump: [ 572.474051][ C1] task:rcu_preempt state:I stack:26448 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 572.484228][ C1] Call Trace: [ 572.487527][ C1] [ 572.490480][ C1] __schedule+0x1796/0x49d0 [ 572.495031][ C1] ? __pfx___schedule+0x10/0x10 [ 572.499909][ C1] ? __pfx_lock_release+0x10/0x10 [ 572.504967][ C1] ? __asan_memset+0x23/0x50 [ 572.509600][ C1] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 572.515416][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 572.521755][ C1] ? schedule+0x90/0x320 [ 572.526009][ C1] schedule+0x14b/0x320 [ 572.530188][ C1] schedule_timeout+0x1be/0x310 [ 572.535062][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 572.540463][ C1] ? __pfx_process_timeout+0x10/0x10 [ 572.545866][ C1] ? prepare_to_swait_event+0x32e/0x350 [ 572.551475][ C1] rcu_gp_fqs_loop+0x2df/0x1330 [ 572.556423][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 572.561392][ C1] ? __pfx_dyntick_save_progress_counter+0x10/0x10 [ 572.567906][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 572.573200][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 572.579204][ C1] ? finish_swait+0xd4/0x1e0 [ 572.583810][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 572.588432][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 572.593648][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 572.599561][ C1] ? __kthread_parkme+0x169/0x1d0 [ 572.604599][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 572.609809][ C1] kthread+0x2f0/0x390 [ 572.613889][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 572.619096][ C1] ? __pfx_kthread+0x10/0x10 [ 572.623704][ C1] ret_from_fork+0x4b/0x80 [ 572.628144][ C1] ? __pfx_kthread+0x10/0x10 [ 572.632747][ C1] ret_from_fork_asm+0x1a/0x30 [ 572.637540][ C1] [ 572.640572][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 572.646912][ C1] Sending NMI from CPU 1 to CPUs 0: [ 572.652142][ C0] NMI backtrace for cpu 0 [ 572.652155][ C0] CPU: 0 PID: 11558 Comm: syz.1.2319 Not tainted 6.10.0-rc7-syzkaller #0 [ 572.652173][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 572.652183][ C0] RIP: 0010:__hrtimer_run_queues+0x33e/0xd50 [ 572.652211][ C0] Code: 28 00 74 08 48 89 df e8 d0 15 75 00 4c 89 33 48 8b 54 24 18 48 89 d6 48 c1 ee 03 42 0f b6 04 2e 84 c0 0f 85 dd 04 00 00 ff 02 <48> 89 74 24 60 42 0f b6 04 2e 84 c0 0f 85 f3 04 00 00 ff 02 4c 89 [ 572.652232][ C0] RSP: 0018:ffffc90000007d60 EFLAGS: 00000006 [ 572.652248][ C0] RAX: 0000000000000000 RBX: ffff8880b942c9c8 RCX: ffff888027193c00 [ 572.652261][ C0] RDX: ffff8880b942c990 RSI: 1ffff11017285932 RDI: ffffffff8c1f14e0 [ 572.652273][ C0] RBP: ffffc90000007ea8 R08: ffffffff8183b0b3 R09: 1ffffffff1f583a5 [ 572.652286][ C0] R10: dffffc0000000000 R11: fffffbfff1f583a6 R12: 1ffff1101728593b [ 572.652300][ C0] R13: dffffc0000000000 R14: ffff8880788e4340 R15: ffff8880b942c980 [ 572.652313][ C0] FS: 000055558b117500(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 572.652328][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 572.652340][ C0] CR2: 0000001b31fd6ff8 CR3: 0000000073ea2000 CR4: 00000000003506f0 [ 572.652355][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 572.652365][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 572.652375][ C0] Call Trace: [ 572.652384][ C0] [ 572.652391][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 572.652421][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 572.652451][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 572.652479][ C0] ? nmi_handle+0x2a/0x5a0 [ 572.652518][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 572.652537][ C0] ? nmi_handle+0x14f/0x5a0 [ 572.652562][ C0] ? nmi_handle+0x2a/0x5a0 [ 572.652587][ C0] ? __hrtimer_run_queues+0x33e/0xd50 [ 572.652610][ C0] ? default_do_nmi+0x63/0x160 [ 572.652630][ C0] ? exc_nmi+0x123/0x1f0 [ 572.652666][ C0] ? end_repeat_nmi+0xf/0x53 [ 572.652695][ C0] ? debug_deactivate+0x83/0x220 [ 572.652722][ C0] ? __hrtimer_run_queues+0x33e/0xd50 [ 572.652746][ C0] ? __hrtimer_run_queues+0x33e/0xd50 [ 572.652771][ C0] ? __hrtimer_run_queues+0x33e/0xd50 [ 572.652797][ C0] [ 572.652802][ C0] [ 572.652808][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 572.652837][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 572.652862][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 572.652898][ C0] hrtimer_interrupt+0x396/0x990 [ 572.652935][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 572.652961][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 572.652985][ C0] [ 572.652990][ C0] [ 572.652996][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 572.653021][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 572.653053][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 0e 82 70 f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 43 8c dd f5 65 8b 05 04 c4 7b 74 85 c0 74 43 48 c7 04 24 0e 36 [ 572.653067][ C0] RSP: 0018:ffffc9001406fb80 EFLAGS: 00000206 [ 572.653081][ C0] RAX: fe01d6282713ca00 RBX: 1ffff9200280df74 RCX: ffffffff94769603 [ 572.653094][ C0] RDX: dffffc0000000000 RSI: ffffffff8bcabb20 RDI: 0000000000000001 [ 572.653106][ C0] RBP: ffffc9001406fc10 R08: ffffffff8fac1d2f R09: 1ffffffff1f583a5 [ 572.653118][ C0] R10: dffffc0000000000 R11: fffffbfff1f583a6 R12: dffffc0000000000 [ 572.653131][ C0] R13: 1ffff9200280df70 R14: ffffc9001406fba0 R15: 0000000000000246 [ 572.653154][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 572.653187][ C0] do_nanosleep+0x158/0x600 [ 572.653213][ C0] ? do_nanosleep+0x80/0x600 [ 572.653237][ C0] ? __pfx_do_nanosleep+0x10/0x10 [ 572.653260][ C0] ? __asan_memset+0x23/0x50 [ 572.653283][ C0] ? __hrtimer_init+0x170/0x250 [ 572.653307][ C0] hrtimer_nanosleep+0x227/0x470 [ 572.653333][ C0] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 572.653358][ C0] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 572.653395][ C0] ? __pfx_get_timespec64+0x10/0x10 [ 572.653419][ C0] __se_sys_clock_nanosleep+0x32b/0x3c0 [ 572.653441][ C0] ? __pfx___se_sys_clock_nanosleep+0x10/0x10 [ 572.653461][ C0] ? exc_page_fault+0x590/0x8c0 [ 572.653483][ C0] ? do_syscall_64+0xb6/0x230 [ 572.653507][ C0] do_syscall_64+0xf3/0x230 [ 572.653531][ C0] ? clear_bhb_loop+0x35/0x90 [ 572.653555][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.653577][ C0] RIP: 0033:0x7f60b75a7bc5 [ 572.653591][ C0] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 c6 57 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 1f 58 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 572.653604][ C0] RSP: 002b:00007fff56408090 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 572.653619][ C0] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f60b75a7bc5 [ 572.653630][ C0] RDX: 00007fff564080d0 RSI: 0000000000000000 RDI: 0000000000000000 [ 572.653641][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000006 [ 572.653650][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000072b1d [ 572.653660][ C0] R13: 0000000000000032 R14: 00007f60b7705a60 R15: 00007fff564081e0 [ 572.653679][ C0]