last executing test programs: 5.001121245s ago: executing program 1 (id=1320): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x148}, 0x1, 0x0, 0x0, 0x200c0881}, 0x10) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x9fe, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4) io_setup(0x281, 0x0) io_submit(0x0, 0x0, &(0x7f0000000a00)) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 4.248238821s ago: executing program 2 (id=1322): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x80, r4, 0xacf5e67dd0b583a1, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x56, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @broadcast, @initial, {0x4, 0x3}, @value=@ver_80211n={0x0, 0x7ffe}}, 0x1c000000000000, @default, 0x10a, @void, @val, @void, @void, @val={0x6, 0x2, 0x8}, @val={0x5, 0x3, {0x0, 0xbd}}, @void, @void, @val={0x3c, 0x4, {0x1, 0x5, 0x9, 0xff}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x1, 0x2, 0x8, 0x8}}, @val={0x76, 0x6, {0xd0, 0x3, 0x34, 0x2}}}}]]}, 0x80}}, 0x0) 4.245252411s ago: executing program 4 (id=1323): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)="2e00000025008101040000000000009f1ba1f848430000005e1406ca000000ffffffff25ed5860000a898988a800", 0x2e}], 0x1}, 0x0) 4.224026912s ago: executing program 2 (id=1324): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000000002003043060000000000001090224000100000000090401000103000000092100000001220200090581030000"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="002202"], 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x44, &(0x7f0000000100)={0x20, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.220908301s ago: executing program 3 (id=1325): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc4}}, 0x0) 4.152784973s ago: executing program 4 (id=1326): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) fcntl$notify(0xffffffffffffffff, 0x402, 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r2, 0x5411, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) landlock_create_ruleset(&(0x7f0000000300)={0x1102}, 0x18, 0x0) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) connect$x25(r4, &(0x7f0000000000), 0x12) 4.095347654s ago: executing program 1 (id=1327): socket$key(0xf, 0x3, 0x2) r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x6, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ptrace$ARCH_MAP_VDSO_X32(0x1e, 0x0, 0xba, 0x2001) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) keyctl$setperm(0x5, 0x0, 0x30925) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x137) socket$nl_xfrm(0x10, 0x3, 0x6) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x123481, 0x1a7) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs(r3, &(0x7f0000000180)='syscall\x00') sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x0, 0x0, 0xfffffe2a}}, {{0x0, 0x0, 0x0}}], 0x400000000000059, 0x2040, 0x0) 4.092409494s ago: executing program 0 (id=1328): bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x9, 0xa, 0x42, 0x40, 0x2}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000080), 0x200, r3}, 0x38) 3.323693801s ago: executing program 4 (id=1329): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x6) bind$ax25(r0, &(0x7f0000000480)={{0x3, @default, 0x21}, [@null, @default, @default, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48) connect$ax25(r0, &(0x7f0000000000)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @null, @default, @bcast]}, 0x48) 3.322272051s ago: executing program 3 (id=1330): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendmmsg$inet(r0, &(0x7f0000002c00)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)='\r', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000007c0)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db", 0x223}], 0x1}}], 0x2, 0x0) 3.303082911s ago: executing program 3 (id=1331): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0xa0000, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x5}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0x2, 0xb}, {0x7, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7f, 0x0, 0x5, 0x1, 0x8}, 0xb, 0x0, 0x80008, 0x5, 0x8, 0x1, 0x9, 0xd, 0x9, 0x1, {0xffff1c72, 0xb9f, 0x1000, 0x102, 0x2, 0x2}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x2000c860}, 0x4008000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 3.294157921s ago: executing program 4 (id=1332): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e21, 0x1f0268bc, @empty, 0x6}}, 0x0, 0x0, 0x3fc, 0x1, 0x32, 0xb}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x4, 0x8a}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x300, 0x0, 0x0, 0x54}, 0x9c) 3.201023603s ago: executing program 2 (id=1333): syz_usb_connect(0x2, 0x113, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000dac9fd20720c0c00ca4701020301090201010100002000090482010675c812800905800000040704050725018102090009050d"], 0x0) 3.199853013s ago: executing program 0 (id=1334): socket$nl_rdma(0x10, 0x3, 0x14) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000080), 0x4) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r6 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendmsg$inet6(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4040080) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x20, 0x68, 0x400, 0x70bd29, 0x7ffffffc, {}, [@NHA_OIF={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000340)={{0x1, 0x1, 0x18, r1, {0xdb86}}, './file0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r7) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001a80)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4004080) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0xfffffffffffffda3, &(0x7f0000000180)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x4000000) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(0xffffffffffffffff, 0x111, 0x1, 0x80000001, 0x4) 3.140662274s ago: executing program 1 (id=1335): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r2 = socket(0x1e, 0x4, 0x0) io_destroy(0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sendmmsg(r1, 0x0, 0x0, 0x9200000000000000) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) recvmmsg$unix(r1, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/240, 0xf0}], 0x1}}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x32, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) 2.664263054s ago: executing program 3 (id=1336): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x80, r3, 0xacf5e67dd0b583a1, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x56, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @broadcast, @initial, {0x4, 0x3}, @value=@ver_80211n={0x0, 0x7ffe}}, 0x1c000000000000, @default, 0x10a, @void, @val, @void, @void, @val={0x6, 0x2, 0x8}, @val={0x5, 0x3, {0x0, 0xbd}}, @void, @void, @val={0x3c, 0x4, {0x1, 0x5, 0x9, 0xff}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x1, 0x2, 0x8, 0x8}}, @val={0x76, 0x6, {0xd0, 0x3, 0x34, 0x2}}}}]]}, 0x80}}, 0x0) 2.40071815s ago: executing program 4 (id=1337): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x148}, 0x1, 0x0, 0x0, 0x200c0881}, 0x10) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x9fe, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4) io_setup(0x281, 0x0) io_submit(0x0, 0x0, &(0x7f0000000a00)) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 2.309384802s ago: executing program 0 (id=1338): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f00000700"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0x4c, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) 1.92099219s ago: executing program 1 (id=1339): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc4}}, 0x0) 1.90564937s ago: executing program 2 (id=1340): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) fcntl$notify(0xffffffffffffffff, 0x402, 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r2, 0x5411, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) landlock_create_ruleset(&(0x7f0000000300)={0x1102}, 0x18, 0x0) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) connect$x25(r5, &(0x7f0000000000), 0x12) 1.808902943s ago: executing program 1 (id=1341): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendmmsg$inet(r0, &(0x7f0000002c00)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)='\r', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000007c0)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db", 0x223}], 0x1}}], 0x2, 0x0) 1.775584793s ago: executing program 3 (id=1342): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000046842, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x8, 0x4}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000080)=0x5, 0x4) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeeb, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_setup(0x222, &(0x7f0000000280)=0x0) io_submit(r6, 0x4, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000)='%', 0x1a000}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) 1.046535558s ago: executing program 0 (id=1343): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x3, 0x0, 0xf, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x0, 0xfffffffc, 0xfffffffc}}) 1.044923248s ago: executing program 4 (id=1353): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) timerfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000005c0)=ANY=[@ANYRESDEC, @ANYRES32=0x0, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) sendto(r1, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 1.017954089s ago: executing program 2 (id=1344): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000001bc0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x15) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) r2 = getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3}, 0x50) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f7, &(0x7f00000010c0)={'bond0\x00', 0x0}) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0xe, &(0x7f0000006680)) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x0, 0xfffffffffffffffe}}]}}}]}, 0x40}}, 0x0) msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000000)=""/174) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r0) sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001340)={0x20, r7, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x4}]}, 0x20}}, 0x20008080) 993.711259ms ago: executing program 0 (id=1345): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000000), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/anycast6\x00') preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x0) 347.362383ms ago: executing program 3 (id=1346): socket$key(0xf, 0x3, 0x2) r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x6, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ptrace$ARCH_MAP_VDSO_X32(0x1e, 0x0, 0xba, 0x2001) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) keyctl$setperm(0x5, 0x0, 0x30925) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x137) socket$nl_xfrm(0x10, 0x3, 0x6) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x123481, 0x1a7) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs(r3, &(0x7f0000000180)='syscall\x00') sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x0, 0x0, 0xfffffe2a}}, {{0x0, 0x0, 0x0}}], 0x400000000000059, 0x2040, 0x0) 333.538343ms ago: executing program 1 (id=1357): r0 = syz_open_dev$sndctrl(0x0, 0x1, 0x141000) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc1105511, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) inotify_rm_watch(r1, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000100)={'batadv_slave_0\x00', @multicast}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) r3 = getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) setresgid(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @private=0xa010101}, 0x10) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r6 = socket(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x89f7, &(0x7f00000010c0)={'bond0\x00', 0x0}) 99.344148ms ago: executing program 0 (id=1347): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x6) connect$ax25(r0, &(0x7f0000000000)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @null, @default, @bcast]}, 0x48) 0s ago: executing program 2 (id=1348): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) socket$inet(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, 0x0, 0x0) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r3, &(0x7f0000000300), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x5453, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000006a0083130000000000000000000000000000000008000e0000000000080005"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40040c0) kernel console output (not intermixed with test programs): state [ 32.337491][ T4320] device bridge_slave_1 entered promiscuous mode [ 32.339686][ T4321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.359511][ T4321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 32.362315][ T4328] team0: Port device team_slave_0 added [ 32.371283][ T4333] chnl_net:caif_netlink_parms(): no params data found [ 32.376835][ T4328] team0: Port device team_slave_1 added [ 32.377988][ T4324] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.379218][ T4324] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.381197][ T4324] device bridge_slave_0 entered promiscuous mode [ 32.383845][ T4320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.387187][ T4321] team0: Port device team_slave_0 added [ 32.388907][ T4320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 32.395734][ T4324] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.396942][ T4324] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.398447][ T4324] device bridge_slave_1 entered promiscuous mode [ 32.404210][ T4321] team0: Port device team_slave_1 added [ 32.409746][ T4328] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.411014][ T4328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.414853][ T4328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.426639][ T4320] team0: Port device team_slave_0 added [ 32.430483][ T4328] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.431645][ T4328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.435524][ T4328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.441561][ T4324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.445153][ T4320] team0: Port device team_slave_1 added [ 32.446461][ T4321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.447575][ T4321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.451831][ T4321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.454312][ T4321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.455296][ T4321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.459571][ T4321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.466108][ T4324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 32.474406][ T4320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.475540][ T4320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.479315][ T4320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.488395][ T4320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.489514][ T4320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.493384][ T4320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.510403][ T4333] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.511565][ T4333] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.513080][ T4333] device bridge_slave_0 entered promiscuous mode [ 32.516045][ T4324] team0: Port device team_slave_0 added [ 32.517051][ T4333] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.518119][ T4333] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.519478][ T4333] device bridge_slave_1 entered promiscuous mode [ 32.551619][ T4328] device hsr_slave_0 entered promiscuous mode [ 32.590447][ T4328] device hsr_slave_1 entered promiscuous mode [ 32.644423][ T4324] team0: Port device team_slave_1 added [ 32.701261][ T4321] device hsr_slave_0 entered promiscuous mode [ 32.750509][ T4321] device hsr_slave_1 entered promiscuous mode [ 32.790488][ T4321] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 32.791738][ T4321] Cannot create hsr debugfs directory [ 32.795899][ T4333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.797405][ T4324] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.798434][ T4324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.802712][ T4324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.841280][ T4320] device hsr_slave_0 entered promiscuous mode [ 32.880494][ T4320] device hsr_slave_1 entered promiscuous mode [ 32.940304][ T4320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 32.941367][ T4320] Cannot create hsr debugfs directory [ 32.947284][ T4333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 32.949621][ T4324] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.950918][ T4324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.954713][ T4324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.971440][ T4333] team0: Port device team_slave_0 added [ 32.979407][ T4333] team0: Port device team_slave_1 added [ 33.041288][ T4324] device hsr_slave_0 entered promiscuous mode [ 33.100435][ T4324] device hsr_slave_1 entered promiscuous mode [ 33.140312][ T4324] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 33.141412][ T4324] Cannot create hsr debugfs directory [ 33.147450][ T4333] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.148601][ T4333] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.153025][ T4333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.156153][ T4333] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.157219][ T4333] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.161060][ T4333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.231256][ T4333] device hsr_slave_0 entered promiscuous mode [ 33.270565][ T4333] device hsr_slave_1 entered promiscuous mode [ 33.310428][ T4333] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 33.311754][ T4333] Cannot create hsr debugfs directory [ 33.363646][ T4328] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 33.423771][ T4328] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 33.461739][ T4328] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 33.502415][ T4328] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 33.569676][ T4324] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 33.592683][ T4324] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 33.664724][ T4324] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 33.707814][ T4324] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 33.741224][ T4321] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 33.791573][ T4321] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 33.835371][ T4321] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 33.882128][ T4321] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 33.939079][ T4320] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 33.971745][ T4320] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 34.016561][ T4320] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 34.053239][ T4320] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 34.090675][ T4331] Bluetooth: hci1: command 0x0409 tx timeout [ 34.090698][ T47] Bluetooth: hci3: command 0x0409 tx timeout [ 34.100608][ T4325] Bluetooth: hci2: command 0x0409 tx timeout [ 34.101869][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 34.106605][ T4328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.118066][ T4333] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 34.151693][ T4333] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 34.170344][ T47] Bluetooth: hci4: command 0x0409 tx timeout [ 34.184187][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.185942][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.195797][ T4333] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 34.254014][ T4333] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 34.301958][ T4328] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.329501][ T4321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.336584][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 34.338568][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.340411][ T1831] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.341755][ T1831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.344511][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 34.356524][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 34.358161][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.359818][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.360976][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.367415][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.368942][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.373050][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 34.381407][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 34.383038][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 34.385175][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.386760][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 34.388354][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.389789][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 34.391701][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.393201][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.395595][ T4321] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.406515][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 34.408084][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.409650][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 34.412220][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.413739][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.414854][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.416378][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 34.419831][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.425745][ T4324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.428023][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 34.429871][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.432185][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.433294][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.445848][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 34.447578][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 34.452410][ T4333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.458122][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.459556][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.468965][ T4321] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.471340][ T4321] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.476031][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 34.477801][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.479327][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 34.482133][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.483856][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 34.485256][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.487201][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 34.488776][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.491659][ T4320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.495350][ T4324] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.497736][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.499364][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.504392][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.510780][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.513836][ T4333] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.519479][ T4320] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.521850][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.523228][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.528393][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 34.529872][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.532782][ T1831] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.533956][ T1831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.535424][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 34.536802][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.541111][ T1831] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.542307][ T1831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.543662][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 34.546703][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 34.560674][ T4328] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.564383][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 34.565888][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.567450][ T1831] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.568536][ T1831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.569938][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 34.572996][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 34.574596][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.576113][ T1831] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.577279][ T1831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.578711][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 34.580208][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.582888][ T1831] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.583915][ T1831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.585303][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.586552][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.587755][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 34.589372][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 34.596941][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 34.598716][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 34.603356][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.605330][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 34.606895][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.608375][ T1831] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.609482][ T1831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.611163][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.616049][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 34.617731][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 34.619336][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.625253][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 34.626971][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 34.628878][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.631465][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.636990][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 34.638723][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 34.640360][ T1831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.646305][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.647941][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.649513][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 34.651871][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.653291][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 34.654793][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.656237][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.658891][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.660042][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.666508][ T4333] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.668426][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.669872][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 34.671773][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.673220][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 34.675068][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.676523][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 34.677932][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.682921][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 34.684476][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.692915][ T4320] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.694843][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.698332][ T4321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.702752][ T4328] device veth0_vlan entered promiscuous mode [ 34.704552][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 34.706126][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.707660][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 34.709196][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.711994][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 34.713565][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.715667][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.716997][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.719828][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.735168][ T4328] device veth1_vlan entered promiscuous mode [ 34.742665][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 34.745092][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.746672][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.765777][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 34.767449][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.768996][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.781370][ T4328] device veth0_macvtap entered promiscuous mode [ 34.784227][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 34.785704][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 34.787253][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.789003][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.791573][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.794120][ T4321] device veth0_vlan entered promiscuous mode [ 34.803665][ T4328] device veth1_macvtap entered promiscuous mode [ 34.811981][ T4321] device veth1_vlan entered promiscuous mode [ 34.822443][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 34.825458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 34.826853][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 34.828338][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.829681][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.838661][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.839986][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.848278][ T4328] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.849443][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.851953][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.855364][ T4333] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.861725][ T4320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.873604][ T4328] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.874858][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.876631][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.888654][ T4321] device veth0_macvtap entered promiscuous mode [ 34.892053][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.893497][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.894789][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.896526][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.898060][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 34.905566][ T4324] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.910038][ T4321] device veth1_macvtap entered promiscuous mode [ 34.915566][ T4328] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.917040][ T4328] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.918462][ T4328] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.919863][ T4328] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.931706][ T4321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 34.933465][ T4321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.935753][ T4321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.938931][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 34.940989][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.942530][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.944003][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.945559][ T4419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.971653][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.973377][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.979404][ T4321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 34.982343][ T4321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.984888][ T4321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.986072][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.987726][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.993370][ T4324] device veth0_vlan entered promiscuous mode [ 34.996351][ T4324] device veth1_vlan entered promiscuous mode [ 35.005393][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 35.006833][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.008322][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 35.009769][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.011887][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.013266][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.014744][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.016178][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.017530][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.019023][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.025223][ T4320] device veth0_vlan entered promiscuous mode [ 35.031590][ T4320] device veth1_vlan entered promiscuous mode [ 35.034290][ T4321] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.035664][ T4321] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.036999][ T4321] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.038266][ T4321] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.053207][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.054616][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.055929][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 35.057495][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.068796][ T1573] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.071859][ T1573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.076954][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.078438][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 35.079866][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.082325][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 35.083900][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.085422][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.086731][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.099048][ T4324] device veth0_macvtap entered promiscuous mode [ 35.104136][ T4333] device veth0_vlan entered promiscuous mode [ 35.105729][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.107245][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 35.108812][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.111527][ T4320] device veth0_macvtap entered promiscuous mode [ 35.116697][ T4324] device veth1_macvtap entered promiscuous mode [ 35.129636][ T4324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.131737][ T4324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.133233][ T4324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.134866][ T4324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.137817][ T4324] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.139308][ T4320] device veth1_macvtap entered promiscuous mode [ 35.147105][ T1573] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.147695][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.148340][ T1573] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.149699][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.156014][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 35.157560][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.159074][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 35.161253][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.162831][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.164298][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.165751][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.169492][ T4333] device veth1_vlan entered promiscuous mode [ 35.172728][ T4324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.174303][ T4324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.175890][ T4324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.177638][ T4324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.179911][ T4324] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.183035][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.184517][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 35.186141][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.190071][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.193687][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.195358][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.197069][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.198658][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.200913][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.203193][ T4320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.208831][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.210857][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.212349][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.222186][ T4324] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.223688][ T4324] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.225169][ T4324] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.226627][ T4324] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.229680][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.232115][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.233586][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.235263][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.237312][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.238893][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.242238][ T4320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.247473][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 35.249115][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.252327][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 35.253856][ T1573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.258575][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.259648][ T4320] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.259860][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.264177][ T4320] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.271068][ T4320] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.272378][ T4320] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.278609][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.282007][ T4333] device veth0_macvtap entered promiscuous mode [ 35.284350][ T4333] device veth1_macvtap entered promiscuous mode [ 35.292217][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.293828][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.295305][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.297116][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.299241][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.304919][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.306341][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.307879][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.312052][ T4333] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.335255][ T1573] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.336670][ T1573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.366006][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.367728][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 35.369340][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.373839][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.375464][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.383252][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.385009][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.386454][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.388195][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.389846][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.392584][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.394046][ T4333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.395763][ T4333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.398004][ T4333] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.405311][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 35.407026][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.762320][ T4438] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.4'. [ 35.763982][ T4438] netlink: zone id is out of range [ 35.764794][ T4438] netlink: zone id is out of range [ 35.765221][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.769988][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.774474][ T4333] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.779735][ T4333] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.782860][ T4333] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.784405][ T4333] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.788866][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.816601][ T176] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.819243][ T176] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.826130][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.844117][ T4440] loop3: detected capacity change from 0 to 512 [ 35.860717][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.862025][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.863633][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.883108][ T4314] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 35.907867][ T176] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.909419][ T176] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.912712][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.942765][ T176] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.944560][ T176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.947129][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 36.058794][ T4447] loop2: detected capacity change from 0 to 512 [ 36.061272][ T4447] EXT4-fs: Ignoring removed i_version option [ 36.172688][ T47] Bluetooth: hci2: command 0x041b tx timeout [ 36.173918][ T4325] Bluetooth: hci1: command 0x041b tx timeout [ 36.174001][ T4338] Bluetooth: hci3: command 0x041b tx timeout [ 36.174988][ T4331] Bluetooth: hci0: command 0x041b tx timeout [ 36.250404][ T4331] Bluetooth: hci4: command 0x041b tx timeout [ 36.391641][ T4447] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a000c018, mo2=0002] [ 36.393126][ T4447] System zones: 0-2, 18-18, 34-35 [ 36.497793][ T4447] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 36.654864][ T4456] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3'. [ 36.982655][ T4444] loop1: detected capacity change from 0 to 8192 [ 37.579653][ T4444] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 37.591751][ T4324] EXT4-fs (loop2): unmounting filesystem. [ 37.595133][ T4444] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 37.596826][ T4444] REISERFS (device loop1): using ordered data mode [ 37.600615][ T4444] reiserfs: using flush barriers [ 37.611141][ T4444] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.621669][ T4444] REISERFS (device loop1): checking transaction log (loop1) [ 37.818396][ T4444] REISERFS (device loop1): Using tea hash to sort names [ 37.820117][ T4444] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 38.679826][ T4331] Bluetooth: hci3: command 0x040f tx timeout [ 38.679921][ T4325] Bluetooth: hci0: command 0x040f tx timeout [ 38.682244][ T4325] Bluetooth: hci2: command 0x040f tx timeout [ 38.683360][ T4325] Bluetooth: hci1: command 0x040f tx timeout [ 38.683740][ T4322] Bluetooth: hci4: command 0x040f tx timeout [ 38.961251][ T4466] loop0: detected capacity change from 0 to 32768 [ 38.965294][ T4466] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 38.966705][ T4466] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 38.977112][ T4466] gfs2: fsid=syz:syz.s: fatal: filesystem consistency error [ 38.977112][ T4466] inode = 1 19 [ 38.977112][ T4466] function = gfs2_check_internal_file_size, file = fs/gfs2/inode.h, line = 87 [ 38.980015][ T4466] gfs2: fsid=syz:syz.s: G: s:SH n:2/13 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 38.983416][ T4466] gfs2: fsid=syz:syz.s: H: s:SH f:eEcH e:0 p:4466 [syz.0.6] init_journal+0x13c0/0x1e14 [ 38.990487][ T4466] gfs2: fsid=syz:syz.s: I: n:1/19 t:8 f:0x00 d:0x00000200 s:4294967295 p:0 [ 38.995614][ T4466] gfs2: fsid=syz:syz.s: about to withdraw this file system [ 38.999381][ T4466] gfs2: fsid=syz:syz.s: Journal recovery skipped for jid 0 until next mount. [ 39.302979][ T4466] gfs2: fsid=syz:syz.s: Glock dequeues delayed: 0 [ 39.304220][ T4466] gfs2: fsid=syz:syz.s: File system withdrawn [ 39.305125][ T4466] CPU: 0 PID: 4466 Comm: syz.0.6 Not tainted syzkaller #0 [ 39.306296][ T4466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 39.307701][ T4466] Call trace: [ 39.308203][ T4466] dump_backtrace+0x1c8/0x1f4 [ 39.308935][ T4466] show_stack+0x2c/0x3c [ 39.309595][ T4466] __dump_stack+0x30/0x40 [ 39.310296][ T4466] dump_stack_lvl+0xf8/0x160 [ 39.311056][ T4466] dump_stack+0x1c/0x5c [ 39.311714][ T4466] gfs2_withdraw+0xf9c/0x13a8 [ 39.312440][ T4466] gfs2_consist_inode_i+0xf0/0x10c [ 39.313287][ T4466] gfs2_jdesc_check+0x12c/0x264 [ 39.314100][ T4466] check_journal_clean+0x16c/0x2e8 [ 39.314895][ T4466] init_journal+0x13c0/0x1e14 [ 39.315602][ T4466] init_inodes+0xe0/0x2d4 [ 39.316239][ T4466] gfs2_fill_super+0x122c/0x19ec [ 39.317029][ T4466] get_tree_bdev+0x358/0x544 [ 39.317764][ T4466] gfs2_get_tree+0x54/0x1b4 [ 39.318515][ T4466] vfs_get_tree+0x90/0x274 [ 39.319274][ T4466] do_new_mount+0x228/0x810 [ 39.319961][ T4466] path_mount+0x5b4/0xe78 [ 39.320627][ T4466] __arm64_sys_mount+0x49c/0x584 [ 39.321414][ T4466] invoke_syscall+0x98/0x2bc [ 39.322083][ T4466] el0_svc_common+0x138/0x258 [ 39.322779][ T4466] do_el0_svc+0x58/0x13c [ 39.323403][ T4466] el0_svc+0x58/0x138 [ 39.324011][ T4466] el0t_64_sync_handler+0x84/0xf0 [ 39.324744][ T4466] el0t_64_sync+0x18c/0x190 [ 39.404004][ T4466] gfs2: fsid=syz:syz.s: Error checking journal for spectator mount. [ 39.435295][ T4487] loop2: detected capacity change from 0 to 32768 [ 39.438691][ T4487] ======================================================= [ 39.438691][ T4487] WARNING: The mand mount option has been deprecated and [ 39.438691][ T4487] and is ignored by this kernel. Remove the mand [ 39.438691][ T4487] option from the mount to silence this warning. [ 39.438691][ T4487] ======================================================= [ 39.850184][ T4487] XFS (loop2): Mounting V5 Filesystem [ 39.909515][ T4487] XFS (loop2): Ending clean mount [ 39.919810][ T4487] XFS (loop2): Quotacheck needed: Please wait. [ 39.947651][ T4487] XFS (loop2): Quotacheck: Done. [ 40.363109][ T4515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.365204][ T4515] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 40.910446][ T4331] Bluetooth: hci1: command 0x0419 tx timeout [ 40.911693][ T4331] Bluetooth: hci2: command 0x0419 tx timeout [ 40.912968][ T4331] Bluetooth: hci0: command 0x0419 tx timeout [ 40.914171][ T4331] Bluetooth: hci4: command 0x0419 tx timeout [ 40.915298][ T4331] Bluetooth: hci3: command 0x0419 tx timeout [ 41.023643][ T4324] XFS (loop2): Unmounting Filesystem [ 42.524147][ T4551] input: syz1 as /devices/virtual/input/input2 [ 42.528837][ T4546] kernel write not supported for file /uinput (pid: 4546 comm: kworker/1:8) [ 42.625973][ T4563] binder: 4562:4563 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 42.789447][ T4572] netlink: 5 bytes leftover after parsing attributes in process `syz.4.32'. [ 42.815595][ T4579] netlink: 8 bytes leftover after parsing attributes in process `syz.1.37'. [ 42.876127][ T4572] hub 1-0:1.0: USB hub found [ 42.879595][ T4572] hub 1-0:1.0: 1 port detected [ 43.479370][ T4595] netlink: 'syz.3.41': attribute type 10 has an invalid length. [ 43.634462][ T4595] team0: Device hsr_slave_0 failed to register rx_handler [ 43.812033][ T4600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 43.816238][ T4600] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 44.051950][ T4614] netlink: 7 bytes leftover after parsing attributes in process `syz.4.49'. [ 44.054126][ T4614] netlink: 60 bytes leftover after parsing attributes in process `syz.4.49'. [ 44.156707][ T4614] netlink: 7 bytes leftover after parsing attributes in process `syz.4.49'. [ 44.158238][ T4614] netlink: 60 bytes leftover after parsing attributes in process `syz.4.49'. [ 44.220413][ T4396] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 44.228868][ T4614] netlink: 7 bytes leftover after parsing attributes in process `syz.4.49'. [ 44.230480][ T4614] netlink: 60 bytes leftover after parsing attributes in process `syz.4.49'. [ 44.274006][ T4632] netlink: 'syz.3.54': attribute type 2 has an invalid length. [ 44.316543][ T4634] binder: 4633:4634 tried to acquire reference to desc 0, got 1 instead [ 44.318231][ T4634] binder: 4634:4633 failed to get security context [ 44.319732][ T4634] binder: 4633:4634 transaction async to 4633:0 failed 7/29201/-22, size 0-0 line 3206 [ 44.321782][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 44.388845][ T4646] 9pnet_fd: Insufficient options for proto=fd [ 44.400422][ T4396] usb 1-1: Using ep0 maxpacket: 16 [ 44.404130][ T4396] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.405996][ T4396] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.407394][ T4396] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 44.408797][ T4396] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.417357][ T4396] usb 1-1: config 0 descriptor?? [ 44.455374][ T4652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 44.459070][ T4652] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 44.526571][ T4659] netlink: 8 bytes leftover after parsing attributes in process `syz.4.66'. [ 44.527986][ T4659] netlink: 20 bytes leftover after parsing attributes in process `syz.4.66'. [ 44.528829][ T4661] mmap: syz.1.63 (4661) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 44.825277][ T4396] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 44.826445][ T4396] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 44.837333][ T4396] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 44.838462][ T4396] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 44.839588][ T4396] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 44.843799][ T4396] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 45.032317][ T4606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 45.038178][ T4606] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 45.042132][ T4396] usb 1-1: USB disconnect, device number 2 [ 46.188884][ T4707] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 46.941760][ T4729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 46.945594][ T4729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 49.844017][ T4841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 49.846893][ T4841] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.140415][ T4754] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 50.427568][ T4875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.429878][ T4875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.480371][ T4754] usb 1-1: Using ep0 maxpacket: 8 [ 50.482555][ T4754] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 50.484067][ T4754] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 50.486477][ T4754] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 50.488365][ T4754] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 50.489960][ T4754] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 50.493025][ T4754] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 50.495256][ T4754] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.512593][ T4881] loop7: detected capacity change from 0 to 7 [ 50.515794][ T4460] Dev loop7: unable to read RDB block 7 [ 50.516791][ T4460] loop7: unable to read partition table [ 50.517737][ T4460] loop7: partition table beyond EOD, truncated [ 50.525567][ T4881] Dev loop7: unable to read RDB block 7 [ 50.526513][ T4881] loop7: unable to read partition table [ 50.527523][ T4881] loop7: partition table beyond EOD, truncated [ 50.536714][ T4881] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 50.547927][ T4883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.551058][ T4883] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.554807][ T4883] capability: warning: `syz.4.122' uses deprecated v2 capabilities in a way that may be insecure [ 50.599802][ T4887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.602224][ T4887] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.705359][ T4754] usb 1-1: usb_control_msg returned -32 [ 50.706398][ T4754] usbtmc 1-1:16.0: can't read capabilities [ 51.206376][ T4894] usbtmc 1-1:16.0: INITIATE_ABORT_BULK_OUT returned fd [ 51.691796][ T4397] usb 1-1: USB disconnect, device number 3 [ 51.746666][ T4917] __nla_validate_parse: 1 callbacks suppressed [ 51.746676][ T4917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.130'. [ 51.856854][ T4929] netlink: 24 bytes leftover after parsing attributes in process `syz.2.141'. [ 51.882363][ T4932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.884375][ T4932] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.891478][ T4948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.893374][ T4948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.943812][ T4953] netlink: 'syz.3.151': attribute type 12 has an invalid length. [ 53.012306][ T4961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.013345][ T4960] binder: 4957:4960 ioctl 400c620e 20000200 returned -22 [ 53.014679][ T4961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.087354][ T4966] block device autoloading is deprecated and will be removed. [ 53.094798][ T4962] md2: error: bitmap file must be a regular file [ 53.178495][ T4973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.179982][ T4973] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.261392][ T4979] netlink: 72 bytes leftover after parsing attributes in process `syz.4.162'. [ 53.316942][ T4986] syz.4.166 uses obsolete (PF_INET,SOCK_PACKET) [ 53.317999][ T4987] netlink: 20 bytes leftover after parsing attributes in process `syz.0.167'. [ 53.630569][ T5004] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 53.633052][ T5004] VFS: Can't find a romfs filesystem on dev nullb0. [ 53.633052][ T5004] [ 54.080024][ T5013] netlink: 28 bytes leftover after parsing attributes in process `syz.2.176'. [ 54.511144][ T5021] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 54.512742][ T5021] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 55.209796][ T5040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.185'. [ 56.590404][ T4546] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 56.747525][ T5088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 56.749936][ T5088] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.765898][ T4714] Bluetooth: hci5: Frame reassembly failed (-84) [ 56.767720][ T5085] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 56.781675][ T4546] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 56.783595][ T4546] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 56.785028][ T4546] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 56.787027][ T4546] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 56.788275][ T4546] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.793388][ T4546] usb 1-1: config 0 descriptor?? [ 57.204372][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.205538][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.206734][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.207895][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.209050][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.210222][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.215197][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.216298][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.217512][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.218731][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.219909][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.227034][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.228202][ T4546] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 57.229551][ T4546] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 57.240046][ T4546] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 57.505575][ T5102] xt_l2tp: unknown flags: 10 [ 57.735808][ T4376] usb 1-1: USB disconnect, device number 4 [ 57.820417][ T5107] device syzkaller1 entered promiscuous mode [ 57.948764][ T5113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.951938][ T5113] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.810466][ T4322] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 59.130410][ T5153] netlink: 116 bytes leftover after parsing attributes in process `syz.2.226'. [ 59.302776][ T5163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 59.308799][ T5163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 59.316713][ T5161] usb usb8: usbfs: process 5161 (syz.2.229) did not claim interface 0 before use [ 59.974527][ T5182] IPv6: ADDRCONF(NETDEV_CHANGE): rose0: link becomes ready [ 60.906142][ T5212] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 60.915489][ T5214] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.917373][ T5214] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.285816][ T27] audit: type=1326 audit(61.270:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5233 comm="syz.4.260" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffff8015b0e8 code=0x0 [ 61.343690][ T5241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 61.345379][ T5241] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 63.988151][ T5279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.993343][ T5279] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.581512][ T5289] device veth0_to_bridge entered promiscuous mode [ 64.853556][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.854789][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.905522][ T5285] device veth0_to_bridge left promiscuous mode [ 64.939848][ T5295] Zero length message leads to an empty skb [ 64.948352][ T5295] input: syz1 as /devices/virtual/input/input4 [ 65.024293][ T5298] netlink: 28 bytes leftover after parsing attributes in process `syz.4.284'. [ 65.059958][ T5300] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 65.441016][ T5327] netlink: 'syz.0.294': attribute type 11 has an invalid length. [ 65.442357][ T5327] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.294'. [ 66.154498][ T5349] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 66.249488][ T5356] netlink: 36 bytes leftover after parsing attributes in process `syz.4.309'. [ 66.337978][ T5366] tipc: Started in network mode [ 66.338965][ T5366] tipc: Node identity 363027685767, cluster identity 4711 [ 66.341063][ T5366] tipc: Enabled bearer , priority 0 [ 66.344800][ T5362] tipc: Disabling bearer [ 66.915599][ T5376] netlink: 16 bytes leftover after parsing attributes in process `syz.4.316'. [ 67.059662][ T5384] Illegal XDP return value 4294967274 on prog (id 8) dev syz_tun, expect packet loss! [ 68.168034][ T5409] netlink: 'syz.3.327': attribute type 11 has an invalid length. [ 68.169391][ T5409] netlink: 20 bytes leftover after parsing attributes in process `syz.3.327'. [ 68.182513][ T5416] binder: 5412:5416 got transaction to context manager from process owning it [ 68.186970][ T5416] binder: 5412:5416 transaction call to 5412:0 failed 9/29201/-22, size 0-0 line 3043 [ 68.189250][ T4546] binder: undelivered TRANSACTION_ERROR: 29201 [ 68.392615][ T5442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.394271][ T5442] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.648752][ T5446] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 68.650561][ T5446] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 68.780472][ T5446] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 68.958330][ T5449] process 'syz.3.341' launched './file0' with NULL argv: empty string added [ 69.124923][ T5458] netlink: 12 bytes leftover after parsing attributes in process `syz.3.346'. [ 69.173034][ T5463] input: syz0 as /devices/virtual/input/input5 [ 69.218716][ T5466] device syzkaller0 entered promiscuous mode [ 69.291602][ T4322] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 69.293021][ T4322] Bluetooth: hci4: Injecting HCI hardware error event [ 69.294830][ T4331] Bluetooth: hci4: hardware error 0x00 [ 69.390320][ T4397] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 69.762801][ T14] cfg80211: failed to load regulatory.db [ 69.860307][ T4397] usb 1-1: Using ep0 maxpacket: 16 [ 69.862948][ T4397] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 69.866219][ T4397] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d [ 69.867621][ T4397] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.868908][ T4397] usb 1-1: Product: syz [ 69.869570][ T4397] usb 1-1: Manufacturer: syz [ 69.870890][ T4397] usb 1-1: SerialNumber: syz [ 69.873799][ T4397] usb 1-1: config 0 descriptor?? [ 69.893530][ T4397] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 70.080410][ T4397] usb 1-1: USB disconnect, device number 5 [ 70.084253][ T5007] usb 1-1: Failed to submit usb control message: -71 [ 70.085411][ T5007] usb 1-1: unable to send the bmi data to the device: -71 [ 70.086605][ T5007] usb 1-1: unable to get target info from device [ 70.087717][ T5007] usb 1-1: could not get target info (-71) [ 70.088712][ T5007] usb 1-1: could not probe fw (-71) [ 70.408749][ T5487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 70.413354][ T5487] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.700419][ T4331] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 72.571787][ T5538] sock: sock_timestamping_bind_phc: sock not bind to device [ 74.410383][ T4397] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 74.600278][ T4397] usb 1-1: Using ep0 maxpacket: 32 [ 74.602356][ T4397] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 74.603607][ T4397] usb 1-1: config 0 has no interface number 0 [ 74.604590][ T4397] usb 1-1: config 0 interface 20 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 74.606032][ T4397] usb 1-1: config 0 interface 20 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 74.609067][ T4397] usb 1-1: New USB device found, idVendor=04e6, idProduct=0005, bcdDevice= 1.00 [ 74.610845][ T4397] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.612088][ T4397] usb 1-1: Product: syz [ 74.612745][ T4397] usb 1-1: Manufacturer: syz [ 74.613545][ T4397] usb 1-1: SerialNumber: syz [ 74.615280][ T4397] usb 1-1: config 0 descriptor?? [ 74.616392][ T5547] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 74.617662][ T5547] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 74.619460][ T4397] ums-sddr09 1-1:0.20: USB Mass Storage device detected [ 74.664748][ T4397] ums-sddr09: probe of 1-1:0.20 failed with error -22 [ 74.822710][ T4311] usb 1-1: USB disconnect, device number 6 [ 81.622359][ T5564] netlink: 'syz.0.378': attribute type 1 has an invalid length. [ 81.657574][ T5565] device gretap1 entered promiscuous mode [ 81.712132][ T5575] netlink: 28 bytes leftover after parsing attributes in process `syz.3.380'. [ 81.717196][ T5566] device macvlan2 entered promiscuous mode [ 81.719065][ T5566] device bond1 entered promiscuous mode [ 81.739450][ T5566] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 81.788106][ T5566] device bond1 left promiscuous mode [ 82.620292][ T14] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 82.810337][ T14] usb 1-1: Using ep0 maxpacket: 8 [ 82.815016][ T14] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 82.816285][ T14] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 82.817811][ T14] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 82.819233][ T14] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 82.820811][ T14] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 82.822873][ T14] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 82.824423][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.155327][ T14] usb 1-1: usb_control_msg returned -32 [ 83.156242][ T14] usbtmc 1-1:16.0: can't read capabilities [ 83.592098][ T5622] libceph: resolve '. [ 83.592098][ T5622] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 83.592098][ T5622] ' (ret=-3): failed [ 84.042601][ T5634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.045572][ T5634] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.153344][ T5636] netlink: 8 bytes leftover after parsing attributes in process `syz.0.389'. [ 84.154953][ T5636] netlink: 'syz.0.389': attribute type 5 has an invalid length. [ 84.159690][ T5636] netlink: 28 bytes leftover after parsing attributes in process `syz.0.389'. [ 84.168090][ T5636] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 84.169365][ T5636] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 84.170888][ T5636] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 84.172210][ T5636] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 84.173640][ T5636] device geneve2 entered promiscuous mode [ 84.196677][ T5635] usbtmc 1-1:16.0: usb_control_msg returned -32 [ 84.204096][ T5638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.206662][ T5638] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.303132][ T4311] usb 1-1: USB disconnect, device number 7 [ 84.775151][ T5663] netlink: 'syz.1.412': attribute type 11 has an invalid length. [ 84.776501][ T5663] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.412'. [ 84.886002][ T5671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.894889][ T5671] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.931626][ T5677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.418'. [ 85.950169][ T5692] netlink: 12 bytes leftover after parsing attributes in process `syz.3.424'. [ 86.015088][ T5701] netlink: 8 bytes leftover after parsing attributes in process `syz.3.424'. [ 86.626674][ T5708] hub 9-0:1.0: USB hub found [ 86.627638][ T5708] hub 9-0:1.0: 8 ports detected [ 88.824319][ T5729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.839001][ T5729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.937725][ T5742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.939318][ T5742] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.336606][ T5746] device batadv_slave_1 entered promiscuous mode [ 89.345205][ T5746] device batadv_slave_1 left promiscuous mode [ 89.422416][ T5749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.423908][ T5749] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.307271][ T5778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.315449][ T5778] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.399237][ T5783] netlink: 'syz.2.456': attribute type 1 has an invalid length. [ 90.592781][ T5799] netlink: 'syz.4.463': attribute type 10 has an invalid length. [ 90.594033][ T5799] netlink: 32 bytes leftover after parsing attributes in process `syz.4.463'. [ 90.618634][ T5802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.620075][ T5802] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.634030][ T5797] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 90.703327][ T5806] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 91.609416][ T5816] netlink: 4 bytes leftover after parsing attributes in process `syz.2.469'. [ 91.736037][ T5816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.765554][ T5816] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.705135][ T4331] block nbd1: Receive control failed (result -32) [ 92.709914][ T5824] block nbd1: shutting down sockets [ 92.747850][ T5854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.749714][ T5854] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 93.493854][ T5869] netlink: 'syz.4.491': attribute type 4 has an invalid length. [ 93.514595][ T5871] nvme_fabrics: unknown parameter or missing value 'C' in ctrl creation request [ 93.634737][ T5885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.497'. [ 94.109421][ T5891] binder: 5890:5891 tried to acquire reference to desc 0, got 1 instead [ 94.138415][ T5891] binder: 5891:5890 failed to get security context [ 94.142470][ T5891] binder: 5890:5891 transaction call to 5890:0 failed 14/29201/-22, size 96-24 line 3206 [ 94.144827][ T4311] binder: undelivered TRANSACTION_ERROR: 29201 [ 94.226262][ T5910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.228719][ T5910] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 94.758509][ T5937] Malformed UNC in devname [ 94.758509][ T5937] [ 94.759839][ T5937] CIFS: VFS: Malformed UNC in devname [ 95.058312][ T5909] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 95.059902][ T5909] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 95.076628][ T5909] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 95.078080][ T5909] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 95.079054][ T5909] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 95.083329][ T5909] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 95.084419][ T5909] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 95.085543][ T5909] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 95.087719][ T5909] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 96.330351][ T4331] Bluetooth: hci2: command 0x0c1a tx timeout [ 96.535494][ T5969] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 96.537850][ T5969] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 96.620686][ T5969] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 96.912715][ T5972] netlink: 12 bytes leftover after parsing attributes in process `syz.3.528'. [ 97.323030][ T4322] Bluetooth: hci3: command 0x0c1a tx timeout [ 97.325859][ T4331] Bluetooth: hci1: command 0x0c1a tx timeout [ 98.346239][ T6004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.349020][ T6004] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 98.447266][ T4331] Bluetooth: hci2: command 0x0406 tx timeout [ 99.470179][ T4322] Bluetooth: hci1: command 0x0406 tx timeout [ 99.471316][ T4331] Bluetooth: hci3: command 0x0406 tx timeout [ 100.100888][ T4546] hid (null): global environment stack underflow [ 100.101983][ T4546] hid (null): invalid report_count 458457392 [ 100.102906][ T4546] hid (null): report_id 0 is invalid [ 100.103795][ T4546] hid (null): unknown global tag 0xc [ 100.104690][ T4546] hid (null): unknown global tag 0xd [ 100.105491][ T4546] hid (null): report_id 0 is invalid [ 100.106304][ T4546] hid (null): unknown global tag 0xd [ 100.108951][ T4546] hid-generic 0FFF:0007:0003.0003: global environment stack underflow [ 100.110146][ T4546] hid-generic 0FFF:0007:0003.0003: item 0 0 1 11 parsing failed [ 100.121996][ T4546] hid-generic: probe of 0FFF:0007:0003.0003 failed with error -22 [ 100.446247][ T6048] device gretap1 entered promiscuous mode [ 100.453503][ T6051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.551'. [ 100.852600][ T6059] infiniband syz2: set active [ 100.853697][ T6059] infiniband syz2: added syz_tun [ 100.991975][ T6059] RDS/IB: syz2: added [ 100.992903][ T6059] smc: adding ib device syz2 with port count 1 [ 100.994034][ T6059] smc: ib device syz2 port 1 has pnetid [ 101.005657][ T6052] ALSA: mixer_oss: invalid OSS volume '8' [ 101.235248][ T6052] syz.2.550 (6052): drop_caches: 2 [ 101.517755][ T6070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.519285][ T6070] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.711726][ T6079] netlink: 596 bytes leftover after parsing attributes in process `syz.2.558'. [ 102.670713][ T6092] netlink: 32 bytes leftover after parsing attributes in process `syz.2.561'. [ 102.977746][ T6096] netlink: 52 bytes leftover after parsing attributes in process `syz.0.564'. [ 103.580465][ T4376] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 103.918554][ T4376] usb 1-1: config 0 has an invalid interface number: 36 but max is 0 [ 103.920039][ T4376] usb 1-1: config 0 has no interface number 0 [ 103.921388][ T4376] usb 1-1: config 0 interface 36 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 103.937055][ T4376] usb 1-1: New USB device found, idVendor=0733, idProduct=0430, bcdDevice=ce.72 [ 103.938627][ T4376] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.939940][ T4376] usb 1-1: Product: syz [ 103.943719][ T4376] usb 1-1: Manufacturer: syz [ 103.944544][ T4376] usb 1-1: SerialNumber: syz [ 103.947591][ T4376] usb 1-1: config 0 descriptor?? [ 103.955316][ T4376] gspca_main: spca505-2.14.0 probing 0733:0430 [ 104.080375][ T6125] binder: 6124:6125 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 104.082561][ T6125] binder: 6125 RLIMIT_NICE not set [ 104.124236][ T6132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.130443][ T6132] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.161738][ T4376] gspca_spca505: reg write: error -71 [ 104.162686][ T4376] spca505: probe of 1-1:0.36 failed with error -5 [ 104.165490][ T4376] usb 1-1: USB disconnect, device number 8 [ 104.823015][ T6144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.825608][ T6144] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.830554][ T6174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 105.834389][ T6174] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.860948][ T27] audit: type=1326 audit(105.850:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6167 comm="syz.2.591" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8415b0e8 code=0x0 [ 106.836882][ T6196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 106.847609][ T6196] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.960870][ T4376] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 108.456001][ T4376] usb 1-1: config 0 has an invalid interface number: 130 but max is 0 [ 108.457415][ T4376] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.459033][ T4376] usb 1-1: config 0 has no interface number 0 [ 108.460123][ T4376] usb 1-1: config 0 interface 130 altsetting 1 has an invalid endpoint with address 0x80, skipping [ 108.464397][ T4376] usb 1-1: config 0 interface 130 altsetting 1 endpoint 0xD has invalid wMaxPacketSize 0 [ 108.466738][ T4376] usb 1-1: config 0 interface 130 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 108.471879][ T4376] usb 1-1: config 0 interface 130 has no altsetting 0 [ 108.603929][ T4376] usb 1-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=47.ca [ 108.605572][ T4376] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.606860][ T4376] usb 1-1: Product: syz [ 108.607567][ T4376] usb 1-1: Manufacturer: syz [ 108.608288][ T4376] usb 1-1: SerialNumber: syz [ 108.614706][ T4376] usb 1-1: config 0 descriptor?? [ 108.669000][ T6231] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.671223][ T6231] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.705195][ T6234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.707337][ T6234] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.827013][ T4376] usb 1-1: USB disconnect, device number 9 [ 109.079125][ T6255] netlink: 8 bytes leftover after parsing attributes in process `syz.3.621'. [ 109.191531][ T6258] netlink: 'syz.2.618': attribute type 1 has an invalid length. [ 109.275468][ T6259] device gretap1 entered promiscuous mode [ 109.279146][ T6259] bond1: (slave gretap1): making interface the new active one [ 109.283418][ T6259] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 109.852432][ T6276] binder: BC_ATTEMPT_ACQUIRE not supported [ 109.853427][ T6276] binder: 6263:6276 ioctl c0306201 200001c0 returned -22 [ 109.881704][ T6276] block device autoloading is deprecated and will be removed. [ 111.150373][ T4376] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 111.342452][ T4376] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 111.343929][ T4376] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 111.345650][ T4376] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 111.347168][ T4376] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 111.350619][ T4376] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 111.357241][ T4376] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 111.358784][ T4376] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 111.361001][ T4376] usb 1-1: Product: syz [ 111.361872][ T4376] usb 1-1: Manufacturer: syz [ 111.373206][ T4376] cdc_wdm 1-1:1.0: skipping garbage [ 111.376205][ T4376] cdc_wdm 1-1:1.0: skipping garbage [ 111.380217][ T4376] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 111.385608][ T4376] cdc_wdm 1-1:1.0: Unknown control protocol [ 111.579642][ T6333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.583584][ T6333] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.691739][ T6336] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.698634][ T6336] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.868207][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 113.869391][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 113.871476][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 113.872563][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 113.876164][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 113.877162][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 113.878199][ T4435] usb 1-1: USB disconnect, device number 10 [ 115.499003][ T47] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260 [ 116.512603][ T6413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.854633][ T6413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.208326][ T6413] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.234423][ T6413] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.236179][ T6413] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.237733][ T6413] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.470781][ T6413] device gretap1 left promiscuous mode [ 117.480182][ T6427] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.485381][ T6457] netlink: 'syz.1.689': attribute type 10 has an invalid length. [ 117.487133][ T6457] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.489155][ T6457] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.504069][ T6457] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.505242][ T6457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.506584][ T6457] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.507649][ T6457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.512555][ T6457] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 117.711391][ T6486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.714067][ T6486] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.037652][ T6472] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.038895][ T6472] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.460780][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.703'. [ 118.507913][ T6472] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.543660][ T6472] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.651933][ T6503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 118.655079][ T6503] random: crng reseeded on system resumption [ 118.670111][ T6505] loop8: detected capacity change from 0 to 7 [ 118.673387][ T5597] Dev loop8: unable to read RDB block 7 [ 118.674279][ T5597] loop8: unable to read partition table [ 118.675285][ T5597] loop8: partition table beyond EOD, truncated [ 118.684549][ T6505] Dev loop8: unable to read RDB block 7 [ 118.685457][ T6505] loop8: unable to read partition table [ 118.687087][ T6505] loop8: partition table beyond EOD, truncated [ 118.691345][ T6505] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 118.927300][ T6472] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.928765][ T6472] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.930668][ T6472] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.932135][ T6472] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.374101][ T6516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.379286][ T6516] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.580235][ C1] sched: RT throttling activated [ 120.770206][ T6539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.717'. [ 120.874943][ T47] Bluetooth: hci2: unexpected event for opcode 0x0c5a [ 121.546035][ T6557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.548086][ T6557] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.507399][ T6573] libceph: resolve '400' (ret=-3): failed [ 122.797648][ T6586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.799766][ T6586] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.903966][ T6590] Scaler: ================= START STATUS ================= [ 122.905398][ T6590] Scaler: ================== END STATUS ================== [ 124.485993][ T6634] bridge0: port 3(syz_tun) entered blocking state [ 124.487482][ T6634] bridge0: port 3(syz_tun) entered disabled state [ 124.493152][ T6634] device syz_tun entered promiscuous mode [ 124.495068][ T6634] bridge0: port 3(syz_tun) entered blocking state [ 124.496621][ T6634] bridge0: port 3(syz_tun) entered forwarding state [ 124.818181][ T6640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.819832][ T6640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.826629][ T6642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.828202][ T6642] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.802174][ T6663] netlink: 180 bytes leftover after parsing attributes in process `syz.3.767'. [ 125.804202][ T6663] netlink: 180 bytes leftover after parsing attributes in process `syz.3.767'. [ 125.822408][ T6665] netlink: 'syz.3.769': attribute type 1 has an invalid length. [ 125.859447][ T6670] netlink: 28 bytes leftover after parsing attributes in process `syz.2.768'. [ 125.864429][ T6670] netlink: 'syz.2.768': attribute type 7 has an invalid length. [ 125.867753][ T6670] netlink: 4 bytes leftover after parsing attributes in process `syz.2.768'. [ 125.931062][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.933232][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 125.944814][ T6670] device erspan0 entered promiscuous mode [ 126.010789][ T6670] device gretap0 entered promiscuous mode [ 126.115812][ T6670] hsr1: Slave A (erspan0) is not up; please bring it up to get a fully working HSR network [ 126.117806][ T6670] hsr1: Slave B (gretap0) is not up; please bring it up to get a fully working HSR network [ 126.121124][ T6675] netlink: 'syz.4.771': attribute type 10 has an invalid length. [ 127.118448][ T4404] hid (null): global environment stack underflow [ 127.119601][ T4404] hid (null): invalid report_count 458457392 [ 127.126628][ T4404] hid (null): report_id 0 is invalid [ 127.134562][ T4404] hid (null): unknown global tag 0xc [ 127.164888][ T4404] hid (null): unknown global tag 0xd [ 127.231338][ T4404] hid-generic 0FFF:0007:0003.0004: global environment stack underflow [ 127.232648][ T4404] hid-generic 0FFF:0007:0003.0004: item 0 0 1 11 parsing failed [ 127.234002][ T4404] hid-generic: probe of 0FFF:0007:0003.0004 failed with error -22 [ 127.352058][ T4321] cgroup: fork rejected by pids controller in /syz3 [ 128.316799][ T4322] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 128.319972][ T4322] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 128.326771][ T4322] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 128.330137][ T4322] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 128.332212][ T4322] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 128.334494][ T4322] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 128.773224][ T6755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.779251][ T6755] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.148631][ T6746] chnl_net:caif_netlink_parms(): no params data found [ 129.255050][ T6746] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.288557][ T6746] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.302371][ T6746] device bridge_slave_0 entered promiscuous mode [ 129.337425][ T6746] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.338688][ T6746] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.340745][ T6746] device bridge_slave_1 entered promiscuous mode [ 129.351200][ T6746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.353864][ T6746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.364386][ T6746] team0: Port device team_slave_0 added [ 129.366272][ T6746] team0: Port device team_slave_1 added [ 129.372976][ T6746] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.374181][ T6746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.378419][ T6746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.382167][ T6746] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.383299][ T6746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.387310][ T6746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.441470][ T6746] device hsr_slave_0 entered promiscuous mode [ 129.480534][ T6746] device hsr_slave_1 entered promiscuous mode [ 129.520437][ T6746] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.522711][ T6746] Cannot create hsr debugfs directory [ 129.601220][ T4754] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 129.604624][ T4754] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 129.765350][ T6746] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.884727][ T4435] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 129.887383][ T4435] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 129.972025][ T6746] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.112016][ T6746] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.416708][ T47] Bluetooth: hci1: command 0x0409 tx timeout [ 130.445953][ T6803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.447583][ T6803] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.471920][ T6746] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.653807][ T6746] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 130.682184][ T6746] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 131.175425][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 131.177431][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 131.180536][ T6811] infiniband syz2: set active [ 131.181563][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 131.320700][ T6811] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 131.332923][ T6746] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 131.381541][ T6746] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 131.607729][ T6831] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.620940][ T6831] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.653349][ T6746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.718000][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 131.719538][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 131.732447][ T6746] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.735120][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.736847][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.738289][ T176] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.739372][ T176] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.743823][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 131.747548][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.748950][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.751113][ T4446] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.752270][ T4446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.755097][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 131.758427][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 131.765250][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 131.767451][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.769108][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.772348][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.774304][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.778621][ T4545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 131.780568][ T4545] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.782676][ T4545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 131.784171][ T4545] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.788931][ T6746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 131.922255][ T4545] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 131.923655][ T4545] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 131.927779][ T6746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.935538][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 131.937153][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 131.952434][ T5690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 131.954109][ T5690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 131.955783][ T5690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 131.957214][ T5690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 132.262836][ T6746] device veth0_vlan entered promiscuous mode [ 132.281893][ T6746] device veth1_vlan entered promiscuous mode [ 132.324043][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 132.325859][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 132.327489][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 132.329065][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 132.339680][ T6746] device veth0_macvtap entered promiscuous mode [ 132.358435][ T6746] device veth1_macvtap entered promiscuous mode [ 132.372183][ T6746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 132.373885][ T6746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.380490][ T6746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 132.382021][ T6746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.383429][ T6746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 132.384862][ T6746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.397396][ T6746] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 132.398772][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 132.400571][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 132.401912][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 132.403377][ T176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 132.408236][ T6746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 132.409742][ T6746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.421917][ T6746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 132.423438][ T6746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.424986][ T6746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 132.426705][ T6746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.439255][ T6746] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 132.441580][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 132.443049][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 132.446189][ T6746] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.447586][ T6746] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.450371][ T6746] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.451814][ T6746] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.490714][ T4322] Bluetooth: hci1: command 0x041b tx timeout [ 132.506375][ T4545] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.508387][ T4545] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.513738][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 132.527252][ T4446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.529150][ T4446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.532889][ T4545] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 132.580944][ T4404] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 132.770354][ T4404] usb 1-1: Using ep0 maxpacket: 8 [ 132.772683][ T4404] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 132.774213][ T4404] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 132.775820][ T4404] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 132.777492][ T4404] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 132.779510][ T4404] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 132.786486][ T4404] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.869339][ T6865] batman_adv: batadv0: Adding interface: dummy0 [ 132.870613][ T6865] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.887019][ T6865] batman_adv: batadv0: Interface activated: dummy0 [ 132.909330][ T6865] batadv0: mtu less than device minimum [ 132.916873][ T6865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 132.920366][ T6865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 132.923539][ T6865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 132.926796][ T6865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 132.929960][ T6865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 132.933049][ T6865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 132.936138][ T6865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 132.939219][ T6865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 132.997938][ T4404] usb 1-1: GET_CAPABILITIES returned 0 [ 132.998973][ T4404] usbtmc 1-1:16.0: can't read capabilities [ 133.018431][ T6871] binder: 6870:6871 got reply transaction with no transaction stack [ 133.021954][ T6871] binder: 6870:6871 transaction reply to 0:0 failed 15/29201/-71, size 0-0 line 2955 [ 133.024868][ T6871] binder: 6870:6871 ioctl c0306201 20000440 returned -14 [ 133.035539][ T6869] netlink: 'syz.4.830': attribute type 10 has an invalid length. [ 133.038699][ T6874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.040123][ T6874] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.048835][ T6869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.051865][ T6869] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 133.209156][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.210808][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.212315][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.213778][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.512608][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.514200][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.515664][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.517042][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.518615][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.519979][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.521499][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.522972][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.525503][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.526951][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.528367][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 133.529825][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 133.536239][ T14] usb 1-1: USB disconnect, device number 11 [ 134.584199][ T47] Bluetooth: hci1: command 0x040f tx timeout [ 135.689046][ T6952] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 136.651258][ T47] Bluetooth: hci1: command 0x0419 tx timeout [ 136.888893][ T6998] syz.2.872 sent an empty control message without MSG_MORE. [ 137.664895][ T7015] tipc: Started in network mode [ 137.665960][ T7015] tipc: Node identity 1e1f2e714959, cluster identity 4711 [ 137.669243][ T7015] tipc: Enabled bearer , priority 0 [ 137.671926][ T7015] device syzkaller0 entered promiscuous mode [ 137.724217][ T7015] tipc: Resetting bearer [ 137.727701][ T7013] tipc: Resetting bearer [ 137.805841][ T7018] CUSE: info not properly terminated [ 137.833516][ T7013] tipc: Disabling bearer [ 138.080317][ T24] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 138.271491][ T24] usb 1-1: config 0 has no interfaces? [ 138.273913][ T24] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 138.275301][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.276588][ T24] usb 1-1: Product: syz [ 138.277238][ T24] usb 1-1: Manufacturer: syz [ 138.277886][ T24] usb 1-1: SerialNumber: syz [ 138.279739][ T24] usb 1-1: config 0 descriptor?? [ 138.490394][ T4322] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 138.508266][ T7023] netlink: 8 bytes leftover after parsing attributes in process `syz.4.881'. [ 138.509775][ T7023] netlink: 12 bytes leftover after parsing attributes in process `syz.4.881'. [ 138.834092][ T7034] netlink: 'syz.4.885': attribute type 3 has an invalid length. [ 138.857068][ T7034] netlink: 830 bytes leftover after parsing attributes in process `syz.4.885'. [ 138.859077][ T7034] device bond_slave_0 entered promiscuous mode [ 138.860368][ T7034] device bond_slave_1 entered promiscuous mode [ 138.861371][ T7034] device batadv0 entered promiscuous mode [ 139.664713][ T7057] netlink: 28 bytes leftover after parsing attributes in process `syz.3.894'. [ 139.764357][ T7063] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.766905][ T7063] random: crng reseeded on system resumption [ 139.876723][ T7069] netlink: 4 bytes leftover after parsing attributes in process `syz.2.897'. [ 140.401293][ T4322] block nbd1: Receive control failed (result -32) [ 140.404064][ T7052] block nbd1: shutting down sockets [ 140.502582][ T7073] usb usb1: usbfs: process 7073 (syz.1.899) did not claim interface 0 before use [ 140.632787][ T4389] usb 1-1: USB disconnect, device number 12 [ 141.533789][ T7090] netlink: 20 bytes leftover after parsing attributes in process `syz.4.906'. [ 142.516593][ T7100] netlink: 'syz.4.908': attribute type 11 has an invalid length. [ 142.518002][ T7100] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.908'. [ 142.541679][ T7102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.543345][ T7102] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.708955][ T7107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.711453][ T7107] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.726335][ T7109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.728712][ T7109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.071459][ T7115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.074156][ T7115] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.077222][ T7114] tipc: Started in network mode [ 143.078015][ T7114] tipc: Node identity dec1c17e6ee9, cluster identity 4711 [ 143.079338][ T7114] tipc: Enabled bearer , priority 0 [ 143.081683][ T7114] device syzkaller0 entered promiscuous mode [ 143.125367][ T7114] tipc: Resetting bearer [ 143.129916][ T7113] tipc: Resetting bearer [ 143.200915][ T7113] tipc: Disabling bearer [ 144.245646][ T7137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.248122][ T7137] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.264580][ T7144] netlink: 'syz.1.922': attribute type 11 has an invalid length. [ 145.265906][ T7144] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.922'. [ 145.525990][ T7150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.528604][ T7150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.555920][ T7151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.558345][ T7151] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.073273][ T7195] rdma_rxe: rxe_register_device failed with error -23 [ 148.075035][ T7195] rdma_rxe: failed to add syz_tun [ 148.857101][ T7200] netlink: 'syz.3.937': attribute type 11 has an invalid length. [ 148.858451][ T7200] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.937'. [ 149.196128][ T7199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 149.200747][ T7199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 149.222416][ T7204] 9pnet_fd: Insufficient options for proto=fd [ 150.159572][ T7222] netlink: 'syz.2.945': attribute type 3 has an invalid length. [ 150.177227][ T7222] netlink: 830 bytes leftover after parsing attributes in process `syz.2.945'. [ 150.779135][ T7243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.784383][ T7243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.788238][ T7243] netlink: 8 bytes leftover after parsing attributes in process `syz.4.948'. [ 150.789808][ T7243] netlink: 'syz.4.948': attribute type 5 has an invalid length. [ 150.791969][ T7243] netlink: 28 bytes leftover after parsing attributes in process `syz.4.948'. [ 150.795055][ T7243] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 150.796624][ T7243] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 150.798142][ T7243] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 150.799666][ T7243] device geneve2 entered promiscuous mode [ 151.308382][ T7249] rdma_rxe: rxe_register_device failed with error -23 [ 151.309949][ T7249] rdma_rxe: failed to add syz_tun [ 151.635825][ T6399] Bluetooth: hci5: Frame reassembly failed (-84) [ 151.649867][ T7262] netlink: 44 bytes leftover after parsing attributes in process `syz.2.959'. [ 151.831717][ T7269] netlink: 75 bytes leftover after parsing attributes in process `syz.1.956'. [ 153.690454][ T4322] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 153.733942][ T7299] rdma_rxe: rxe_register_device failed with error -23 [ 153.735499][ T7299] rdma_rxe: failed to add syz_tun [ 154.565478][ T7315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.577399][ T7315] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.975836][ T7362] binder: 7362 RLIMIT_NICE not set [ 156.163666][ T7374] netlink: 'syz.4.1002': attribute type 1 has an invalid length. [ 156.166158][ T7374] netlink: 'syz.4.1002': attribute type 2 has an invalid length. [ 157.316053][ T7398] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1010'. [ 157.800390][ T27] audit: type=1326 audit(157.780:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7415 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8415b0e8 code=0x7ffc0000 [ 157.851468][ T27] audit: type=1326 audit(157.790:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7415 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8415b0e8 code=0x7ffc0000 [ 157.980667][ T27] audit: type=1326 audit(157.790:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7415 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=243 compat=0 ip=0xffff8415b0e8 code=0x7ffc0000 [ 158.109835][ T27] audit: type=1326 audit(158.090:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7415 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8415b0e8 code=0x7ffc0000 [ 158.129891][ T27] audit: type=1326 audit(158.090:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7415 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8415b0e8 code=0x7ffc0000 [ 158.187443][ T7426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.188989][ T7426] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.751693][ T7444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.756167][ T7444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.359972][ T4331] Bluetooth: hci2: command 0x0406 tx timeout [ 159.361148][ T4331] Bluetooth: hci3: command 0x0406 tx timeout [ 162.999571][ T7525] loop8: detected capacity change from 0 to 7 [ 163.001669][ T5597] Dev loop8: unable to read RDB block 7 [ 163.002665][ T5597] loop8: unable to read partition table [ 163.003766][ T5597] loop8: partition table beyond EOD, truncated [ 163.010132][ T7525] Dev loop8: unable to read RDB block 7 [ 163.012219][ T7525] loop8: unable to read partition table [ 163.013128][ T7525] loop8: partition table beyond EOD, truncated [ 163.014306][ T7525] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 163.176281][ T7532] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 163.177508][ T7532] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 163.179916][ T7532] vhci_hcd vhci_hcd.0: Device attached [ 163.872222][ T7563] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 163.873361][ T7563] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 163.876685][ T7563] vhci_hcd vhci_hcd.0: Device attached [ 163.890721][ T7563] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(9) [ 163.891703][ T7563] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 163.893044][ T7563] vhci_hcd vhci_hcd.0: Device attached [ 163.896356][ T7563] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(11) [ 163.897439][ T7563] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 163.905411][ T7563] vhci_hcd vhci_hcd.0: Device attached [ 163.907192][ T7563] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 163.909361][ T7563] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 163.961655][ T7568] vhci_hcd: connection closed [ 163.962317][ T7566] vhci_hcd: connection closed [ 163.963199][ T7564] vhci_hcd: connection closed [ 163.966660][ T4455] vhci_hcd: stop threads [ 163.968747][ T4455] vhci_hcd: release socket [ 163.969449][ T4455] vhci_hcd: disconnect device [ 163.971132][ T4455] vhci_hcd: stop threads [ 163.973443][ T4455] vhci_hcd: release socket [ 163.974215][ T4455] vhci_hcd: disconnect device [ 163.976608][ T4455] vhci_hcd: stop threads [ 163.978198][ T4455] vhci_hcd: release socket [ 164.021391][ T4455] vhci_hcd: disconnect device [ 164.577801][ T7534] vhci_hcd: connection closed [ 164.579058][ T4419] vhci_hcd: stop threads [ 164.580488][ T4419] vhci_hcd: release socket [ 164.581784][ T4419] vhci_hcd: disconnect device [ 165.413812][ T7603] tipc: Enabled bearer , priority 0 [ 165.415599][ T7603] device syzkaller0 entered promiscuous mode [ 165.424208][ T7603] tipc: Resetting bearer [ 165.426974][ T7602] tipc: Resetting bearer [ 165.502771][ T7602] tipc: Disabling bearer [ 165.955065][ T7628] Bluetooth: MGMT ver 1.22 [ 167.989914][ T7648] device bridge_slave_0 left promiscuous mode [ 167.992289][ T7648] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.239090][ T7648] device bridge_slave_1 left promiscuous mode [ 168.244883][ T7648] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.251475][ T7656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.253525][ T7656] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.291866][ T7648] bond0: (slave bond_slave_0): Releasing backup interface [ 168.331365][ T7648] bond0: (slave bond_slave_1): Releasing backup interface [ 168.374273][ T7648] team0: Port device team_slave_0 removed [ 168.376070][ T7648] team0: Port device team_slave_1 removed [ 168.377197][ T7648] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.379131][ T7648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.381294][ T7648] bond1: (slave gretap1): Releasing active interface [ 169.058889][ T4435] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 169.250460][ T4435] usb 1-1: Using ep0 maxpacket: 8 [ 169.282252][ T4435] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 169.284377][ T4435] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 169.286885][ T4435] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 169.289393][ T4435] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 169.294918][ T4435] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 169.301726][ T4435] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.477013][ T7682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 169.491673][ T7682] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.643073][ T4435] usb 1-1: GET_CAPABILITIES returned 0 [ 169.644050][ T4435] usbtmc 1-1:16.0: can't read capabilities [ 169.973347][ T4435] usb 1-1: USB disconnect, device number 13 [ 171.561450][ T4331] Bluetooth: hci5: command 0x1003 tx timeout [ 171.561476][ T4322] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 183.742998][ T7751] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1136'. [ 183.813480][ T7775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 183.815989][ T7775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 183.842973][ T7768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 183.846336][ T7768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.487623][ T7774] Process accounting resumed [ 184.596890][ T7793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.598643][ T7793] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.664087][ T7796] tipc: Started in network mode [ 184.665036][ T7796] tipc: Node identity ce9167c4ff73, cluster identity 4711 [ 184.666666][ T7796] tipc: Enabled bearer , priority 0 [ 184.669462][ T7796] device syzkaller0 entered promiscuous mode [ 184.675079][ T7793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.677519][ T7793] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.722404][ T7796] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 184.764220][ T7796] tipc: Resetting bearer [ 184.769973][ T7795] tipc: Resetting bearer [ 184.894251][ T7795] tipc: Disabling bearer [ 185.480494][ T7808] ceph: No mds server is up or the cluster is laggy [ 185.533188][ T4435] libceph: connect (1)[c::]:6789 error -101 [ 185.550105][ T4435] libceph: mon0 (1)[c::]:6789 connect error [ 185.868533][ T4322] Bluetooth: hci5: command 0x1003 tx timeout [ 185.871835][ T4331] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 186.653654][ T7842] tipc: Enabled bearer , priority 0 [ 186.655563][ T7842] device syzkaller0 entered promiscuous mode [ 187.114811][ T7846] tipc: Resetting bearer [ 187.121731][ T7844] sch_tbf: burst 127 is lower than device syzkaller0 mtu (313) ! [ 187.184300][ T7841] tipc: Resetting bearer [ 187.208154][ T7853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.211030][ T7853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.274390][ T7859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.276950][ T7859] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.331497][ T7841] tipc: Disabling bearer [ 187.370687][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.391246][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 188.896046][ T7908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.898446][ T7908] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.972109][ T7908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.974612][ T7908] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.490314][ T4322] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 191.387739][ T4376] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 192.210428][ T4376] usb 1-1: Using ep0 maxpacket: 8 [ 192.214805][ T4376] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 192.216731][ T4376] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 192.218359][ T4376] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 192.219882][ T4376] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 192.222394][ T4376] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 192.223709][ T4376] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.433424][ T4376] usb 1-1: GET_CAPABILITIES returned 0 [ 192.434430][ T4376] usbtmc 1-1:16.0: can't read capabilities [ 192.649138][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.653737][ T4376] usb 1-1: USB disconnect, device number 14 [ 193.110735][ T7991] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1218'. [ 193.826495][ T8005] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1226'. [ 194.768171][ T8023] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 194.771341][ T8023] infiniband syz2: set active [ 194.971754][ T4322] Bluetooth: hci5: command 0x1003 tx timeout [ 194.973054][ T4331] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 195.169039][ T8029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.171142][ T8029] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.441548][ T8039] Trying to write to read-only block-device nullb0 [ 195.597116][ T8043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1238'. [ 195.745809][ T8047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.752297][ T8047] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.759469][ T8043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1238'. [ 195.764212][ T8043] netlink: 'syz.3.1238': attribute type 5 has an invalid length. [ 195.768761][ T8043] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1238'. [ 195.780052][ T8043] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 195.793678][ T8043] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 195.801527][ T8043] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 195.805878][ T8043] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 195.810803][ T8043] device geneve2 entered promiscuous mode [ 196.897241][ T8075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.899859][ T8075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.124771][ T8079] rdma_rxe: already configured on syz_tun [ 197.643849][ T8090] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1253'. [ 197.682250][ T8091] net_ratelimit: 14 callbacks suppressed [ 197.682282][ T8091] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 198.780336][ T4435] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 198.854644][ T8115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.856883][ T8115] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.960304][ T4435] usb 1-1: Using ep0 maxpacket: 16 [ 198.962369][ T4435] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 198.965323][ T4435] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 198.966580][ T4435] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.967699][ T4435] usb 1-1: Product: syz [ 198.968346][ T4435] usb 1-1: Manufacturer: syz [ 198.969031][ T4435] usb 1-1: SerialNumber: syz [ 198.971862][ T4435] usb 1-1: config 0 descriptor?? [ 198.974724][ T4435] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 198.976189][ T4435] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 199.281354][ T8122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.283605][ T8122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.799099][ T4435] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 200.208130][ T4435] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 200.209786][ T4435] em28xx 1-1:0.0: board has no eeprom [ 200.309828][ T8135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.315357][ T8135] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 200.360726][ T8131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.363306][ T8131] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.302548][ T8104] em28xx 1-1:0.0: reading from i2c device at 0x8 failed (error=-5) [ 201.360313][ T4435] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 201.361591][ T4435] em28xx 1-1:0.0: dvb set to bulk mode. [ 201.363399][ T4546] em28xx 1-1:0.0: Binding DVB extension [ 201.453245][ T4435] usb 1-1: USB disconnect, device number 15 [ 201.482741][ T4435] em28xx 1-1:0.0: Disconnecting em28xx [ 201.659614][ T4546] em28xx 1-1:0.0: Registering input extension [ 201.664639][ T4435] em28xx 1-1:0.0: Closing input extension [ 201.678067][ T4435] em28xx 1-1:0.0: Freeing device [ 201.792403][ T8168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 201.794282][ T8168] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.282189][ T8191] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1285'. [ 203.108416][ T27] audit: type=1326 audit(203.090:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8209 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa935b0e8 code=0x7ffc0000 [ 203.112912][ T27] audit: type=1326 audit(203.090:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8209 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa935b0e8 code=0x7ffc0000 [ 203.121525][ T27] audit: type=1326 audit(203.090:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8209 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=243 compat=0 ip=0xffffa935b0e8 code=0x7ffc0000 [ 203.408573][ T27] audit: type=1326 audit(203.390:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8209 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa935b0e8 code=0x7ffc0000 [ 203.412888][ T27] audit: type=1326 audit(203.390:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8209 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa935b0e8 code=0x7ffc0000 [ 203.470312][ T4376] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 203.892588][ T4376] usb 1-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 203.894053][ T4376] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.899446][ T4376] usb 1-1: config 0 descriptor?? [ 204.039000][ T8235] device syzkaller0 entered promiscuous mode [ 204.128001][ T4376] kaweth 1-1:0.0: Firmware present in device. [ 204.339098][ T8247] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1304'. [ 204.470913][ T4376] kaweth 1-1:0.0: Statistics collection: 0 [ 204.474817][ T4376] kaweth 1-1:0.0: Multicast filter limit: 0 [ 204.476917][ T4376] kaweth 1-1:0.0: MTU: 0 [ 204.477723][ T4376] kaweth 1-1:0.0: Read MAC address 00:00:00:00:00:00 [ 204.988042][ T8257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 204.992756][ T8257] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 205.195510][ T4376] kaweth 1-1:0.0: kaweth interface created at eth0 [ 205.391185][ T4376] usb 1-1: USB disconnect, device number 16 [ 205.624216][ T8297] device syzkaller0 entered promiscuous mode [ 207.003492][ T8322] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1323'. [ 207.025970][ T8327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.028539][ T8327] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.930168][ T8345] device syzkaller0 entered promiscuous mode [ 208.055433][ T8350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.057017][ T8350] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.845043][ T8396] infiniband syz2: set active [ 211.885537][ T8411] ax25_connect(): syz.0.1347 uses autobind, please contact jreuter@yaina.de [ 211.887237][ T8403] ------------[ cut here ]------------ [ 211.888163][ T8403] refcount_t: decrement hit 0; leaking memory. [ 211.889149][ T8403] WARNING: CPU: 0 PID: 8403 at lib/refcount.c:31 refcount_warn_saturate+0x194/0x1f8 [ 211.890576][ T8403] Modules linked in: [ 211.891154][ T8403] CPU: 0 PID: 8403 Comm: syz.0.1347 Not tainted syzkaller #0 [ 211.892244][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 211.893687][ T8403] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 211.894845][ T8403] pc : refcount_warn_saturate+0x194/0x1f8 [ 211.895674][ T8403] lr : refcount_warn_saturate+0x194/0x1f8 [ 211.896504][ T8403] sp : ffff8000216f7800 [ 211.897114][ T8403] x29: ffff8000216f7800 x28: 1fffe0001ef65505 x27: dfff800000000000 [ 211.898323][ T8403] x26: dfff800000000000 x25: ffff7000042def08 x24: ffff0000d24db800 [ 211.899605][ T8403] x23: ffff0000d24db810 x22: ffff8000216f7840 x21: 0000000000000000 [ 211.900867][ T8403] x20: ffff0000dc80c5fc x19: ffff800017a8b000 x18: 0000000000000000 [ 211.902187][ T8403] x17: 0000000000000000 x16: ffff8000082d22e0 x15: 0000000000000000 [ 211.903460][ T8403] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 211.904779][ T8403] x11: ff00800008191ca8 x10: 0000000000000000 x9 : 2c07976560cf4800 [ 211.906132][ T8403] x8 : 2c07976560cf4800 x7 : 0000000000000001 x6 : 0000000000000001 [ 211.907522][ T8403] x5 : ffff8000216f7298 x4 : ffff8000151a4820 x3 : ffff80000852e158 [ 211.908911][ T8403] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 211.910271][ T8403] Call trace: [ 211.910827][ T8403] refcount_warn_saturate+0x194/0x1f8 [ 211.911685][ T8403] ref_tracker_free+0x538/0x694 [ 211.912522][ T8403] ax25_release+0x2c8/0x88c [ 211.913253][ T8403] sock_close+0xb4/0x1f8 [ 211.913930][ T8403] __fput+0x1bc/0x7c0 [ 211.914561][ T8403] ____fput+0x20/0x30 [ 211.915124][ T8403] task_work_run+0x1ec/0x270 [ 211.915816][ T8403] do_notify_resume+0x1f70/0x2b0c [ 211.916610][ T8403] el0_svc+0x98/0x138 [ 211.917260][ T8403] el0t_64_sync_handler+0x84/0xf0 [ 211.918122][ T8403] el0t_64_sync+0x18c/0x190 [ 211.918758][ T8403] irq event stamp: 2794 [ 211.919438][ T8403] hardirqs last enabled at (2793): [] __up_console_sem+0xb4/0x100 [ 211.920952][ T8403] hardirqs last disabled at (2794): [] el1_dbg+0x24/0x80 [ 211.922316][ T8403] softirqs last enabled at (2750): [] ax25_cb_del+0x14c/0x198 [ 211.923940][ T8403] softirqs last disabled at (2748): [] ax25_cb_del+0x30/0x198 [ 211.925340][ T8403] ---[ end trace 0000000000000000 ]--- [ 217.930253][ C1] ================================================================== [ 217.931510][ C1] BUG: KASAN: use-after-free in ax25_heartbeat_expiry+0x10c/0x128 [ 217.932750][ C1] Read of size 4 at addr ffff0000d24db860 by task swapper/1/0 [ 217.933857][ C1] [ 217.934190][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W syzkaller #0 [ 217.935395][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 217.937083][ C1] Call trace: [ 217.937618][ C1] dump_backtrace+0x1c8/0x1f4 [ 217.938340][ C1] show_stack+0x2c/0x3c [ 217.938978][ C1] __dump_stack+0x30/0x40 [ 217.939690][ C1] dump_stack_lvl+0xf8/0x160 [ 217.940377][ C1] print_address_description+0x88/0x218 [ 217.941285][ C1] print_report+0x50/0x68 [ 217.941999][ C1] kasan_report+0xa8/0x100 [ 217.942650][ C1] __asan_report_load4_noabort+0x2c/0x38 [ 217.943518][ C1] ax25_heartbeat_expiry+0x10c/0x128 [ 217.944316][ C1] call_timer_fn+0x1b8/0x964 [ 217.945011][ C1] __run_timers+0x460/0x6bc [ 217.945710][ C1] run_timer_softirq+0x7c/0x114 [ 217.946461][ C1] handle_softirqs+0x318/0xc6c [ 217.947170][ C1] __do_softirq+0x14/0x20 [ 217.947784][ C1] ____do_softirq+0x14/0x20 [ 217.948427][ C1] call_on_irq_stack+0x30/0x48 [ 217.949163][ C1] do_softirq_own_stack+0x20/0x2c [ 217.949899][ C1] __irq_exit_rcu+0x23c/0x43c [ 217.950581][ C1] irq_exit_rcu+0x14/0x84 [ 217.951188][ C1] el1_interrupt+0x38/0x54 [ 217.951881][ C1] el1h_64_irq_handler+0x18/0x24 [ 217.952644][ C1] el1h_64_irq+0x64/0x68 [ 217.953370][ C1] arch_local_irq_enable+0xc/0x18 [ 217.954160][ C1] default_idle_call+0x68/0xdc [ 217.954903][ C1] do_idle+0x1d8/0x4bc [ 217.955588][ C1] cpu_startup_entry+0x5c/0x74 [ 217.956405][ C1] secondary_start_kernel+0x198/0x1c0 [ 217.957312][ C1] __secondary_switched+0xb0/0xb4 [ 217.958084][ C1] [ 217.958441][ C1] Allocated by task 5212: [ 217.959110][ C1] kasan_set_track+0x4c/0x80 [ 217.959803][ C1] kasan_save_alloc_info+0x28/0x34 [ 217.960632][ C1] __kasan_kmalloc+0xa0/0xb8 [ 217.961364][ C1] kmalloc_trace+0x7c/0x94 [ 217.962066][ C1] ax25_dev_device_up+0x5c/0x524 [ 217.962928][ C1] ax25_device_event+0x128/0x660 [ 217.963767][ C1] raw_notifier_call_chain+0xd4/0x164 [ 217.964638][ C1] __dev_notify_flags+0x250/0x46c [ 217.965450][ C1] dev_change_flags+0xc8/0x154 [ 217.966235][ C1] dev_ifsioc+0x524/0xed0 [ 217.966926][ C1] dev_ioctl+0x4c8/0xc8c [ 217.967562][ C1] sock_do_ioctl+0x18c/0x240 [ 217.968258][ C1] sock_ioctl+0x5c4/0x840 [ 217.968903][ C1] __arm64_sys_ioctl+0x14c/0x1c8 [ 217.969606][ C1] invoke_syscall+0x98/0x2bc [ 217.970359][ C1] el0_svc_common+0x138/0x258 [ 217.971101][ C1] do_el0_svc+0x58/0x13c [ 217.971788][ C1] el0_svc+0x58/0x138 [ 217.972405][ C1] el0t_64_sync_handler+0x84/0xf0 [ 217.973198][ C1] el0t_64_sync+0x18c/0x190 [ 217.973944][ C1] [ 217.974286][ C1] Freed by task 4435: [ 217.974930][ C1] kasan_set_track+0x4c/0x80 [ 217.975703][ C1] kasan_save_free_info+0x3c/0x60 [ 217.976568][ C1] ____kasan_slab_free+0x148/0x1b0 [ 217.977382][ C1] __kasan_slab_free+0x18/0x28 [ 217.978167][ C1] slab_free_freelist_hook+0x16c/0x1ec [ 217.979060][ C1] kmem_cache_free_bulk+0x340/0x3d4 [ 217.979873][ C1] kfree_rcu_work+0x290/0x694 [ 217.980609][ C1] process_one_work+0x7f4/0x13a8 [ 217.981397][ C1] worker_thread+0x8c8/0xfbc [ 217.982097][ C1] kthread+0x250/0x2d8 [ 217.982728][ C1] ret_from_fork+0x10/0x20 [ 217.983385][ C1] [ 217.983728][ C1] Second to last potentially related work creation: [ 217.984763][ C1] kasan_save_stack+0x40/0x70 [ 217.985490][ C1] __kasan_record_aux_stack+0xc0/0xdc [ 217.986288][ C1] kasan_record_aux_stack_noalloc+0x14/0x20 [ 217.987156][ C1] insert_work+0x64/0x37c [ 217.987807][ C1] __queue_work+0xcbc/0x123c [ 217.988482][ C1] queue_work_on+0xc0/0x16c [ 217.989127][ C1] netdevice_event+0x704/0x7f8 [ 217.989813][ C1] raw_notifier_call_chain+0xd4/0x164 [ 217.990623][ C1] dev_set_mac_address+0x264/0x38c [ 217.991422][ C1] dev_set_mac_address_user+0x44/0x68 [ 217.992249][ C1] do_setlink+0x69c/0x32c4 [ 217.992929][ C1] rtnl_newlink+0x12d0/0x1a1c [ 217.993646][ C1] rtnetlink_rcv_msg+0x734/0xce4 [ 217.994350][ C1] netlink_rcv_skb+0x208/0x3c4 [ 217.995034][ C1] rtnetlink_rcv+0x28/0x38 [ 217.995743][ C1] netlink_unicast+0x60c/0x824 [ 217.996475][ C1] netlink_sendmsg+0x6e8/0x9b0 [ 217.997256][ C1] __sys_sendto+0x304/0x3fc [ 217.998024][ C1] __arm64_sys_sendto+0xd8/0xf8 [ 217.998799][ C1] invoke_syscall+0x98/0x2bc [ 217.999515][ C1] el0_svc_common+0x138/0x258 [ 218.000253][ C1] do_el0_svc+0x58/0x13c [ 218.000951][ C1] el0_svc+0x58/0x138 [ 218.001582][ C1] el0t_64_sync_handler+0x84/0xf0 [ 218.002372][ C1] el0t_64_sync+0x18c/0x190 [ 218.003075][ C1] [ 218.003453][ C1] The buggy address belongs to the object at ffff0000d24db800 [ 218.003453][ C1] which belongs to the cache kmalloc-256 of size 256 [ 218.005601][ C1] The buggy address is located 96 bytes inside of [ 218.005601][ C1] 256-byte region [ffff0000d24db800, ffff0000d24db900) [ 218.007641][ C1] [ 218.007993][ C1] The buggy address belongs to the physical page: [ 218.008959][ C1] page:000000007bc9c2cd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1124da [ 218.010667][ C1] head:000000007bc9c2cd order:1 compound_mapcount:0 compound_pincount:0 [ 218.012000][ C1] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 218.013220][ C1] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480 [ 218.014535][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 218.015950][ C1] page dumped because: kasan: bad access detected [ 218.016971][ C1] [ 218.017342][ C1] Memory state around the buggy address: [ 218.018200][ C1] ffff0000d24db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 218.019427][ C1] ffff0000d24db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 218.020617][ C1] >ffff0000d24db800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 218.021845][ C1] ^ [ 218.022943][ C1] ffff0000d24db880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 218.024132][ C1] ffff0000d24db900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 218.025404][ C1] ================================================================== [ 218.026717][ C1] Disabling lock debugging due to kernel taint