last executing test programs: 28.005157279s ago: executing program 2 (id=819): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x0, 0x9}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000980)={[{@nombcache}, {@sysvgroups}, {@norecovery}, {@grpid}, {@norecovery}]}, 0x9, 0x60b, &(0x7f00000001c0)="$eJzs3c1vVOUaAPDnTKcftPfeFnJz7+UupIkxkCgtLWCIMRHilhD82LmqtBCkUEJrtEhiSXCjMW5cmLhyIf4XSuLWhVsXblwZksYYFmJQxpzpmTofnTKdzkfb+f2SQ99zDnPe5ww8fd955z3nBNCzxtM/chEHI+J6EjFati8f2c7xtb/34NdbF9IliULhtV+SuPV+slJ+rCT7OZK9+M/RSL7PRRzoq613cfnmlZn5+bkb2frk0tXrk4vLN49evjpzae7S3LXp56dPnTxx8tTUsW2dX76sfPbOW++MfnjujS8/f5RMffXjuSROx+MstvS8ql87uK2a0/dsPAprHlbHdGqbx94pfhutfI9TSfUGdqyL2f/H/oj4b4xGX9m/5mh88EpXgwPaqpBEqY0Cek7SVP4PtT4QoMNK/YDSZ/uNPgfXyrW5VwJ0wuqZtQGAtdzvj4hS/ufXxgZjqDg2MPwgqRjnSSJieyNza9I6vvv23J10iTrjcEB7rNwujXJXt/9JMTfHYqi4NvwgV5H/ubIl3f5qk/WPV63Lf+icldsR8b+s/R+IpvP/zSbrl/8AAAAAAADQOvfORMRzG83/y63P/xnYYP7PSEScbkH9T/7+L3c/KyQtqA4os3om4sWa+b9/lM8OHuvLvuf/Z3E+QH/u4uX5uWMR8a+IOBL9g+n6VOVhKyYIH/34wGf16i+f/5cuaf2luYDZoe7nqy7EnZ1ZmmnN2UNvW70d8f/i/N9D2ZbK+T9p+5/UtP8fvZwm+PUG6zjwzN3z9fY9Of+Bdil8EXF4w+t//u5uJ5vfn2Oy2B+YLPUKaj313idf16tf/kP3pO3/8Ob5P5iU369ncWvHH4iI48v5Qr39zfb/B5LX+0rHT707s7R0YypiIDlbu316azHDXlXKh1K+pPl/5OnNx//W+/9lebgvIlYarPM/j0d+qrdP+w/dk+b/7Obt/1hl+7/VwlBM3x37JrvFWI3zDbX/J4pt+pFsi/E/KFd7P45GE7Qr4QIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALpeLiH9EkptYL+dyExMRIxHx7xjOzS8sLj17ceHta7Ppvsrn/4+urSel5/+Pla1PV60fj4j9EfFp377i+sSFhfnZbp88AAAAAAAAAAAAAAAAAAAA7BAjxWv+C4PV1/+nfu7rdnRA2+Wzn/Idek++6VcWBlsaCNBxzec/sNs1nv/9bY0D6Lz6+f/wUaGoo+EAHaT/D72ryfz3dQHsAdp/6FUNjukNtTsOoBsabv9X2xsHAAAAAADQEvsP3fshiYiVF/YVl9RAts9kf9jbct0OAOgac3ihd+UXuh0B0C0+4wPJeun3DS/2rz/7P2lPQAAAAAAAAAAAAABAjcMHXf8PvSoXsckjvM3th71sk+v/N0p+twuAPaT+oz8aafsTPQTYxXzGB57Ujrv+HwAAAAAAAAAAAAB2gKGbV2bm5+duLC7vvsJLOyOMrRVWZnZEGC0tPG7PkfsjYmecYKcLpVtwdDGMLv9eAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1v0VAAD//wwXMFk=") 26.078852477s ago: executing program 2 (id=828): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="d8000000180081054e81f782db4cb904021d0800fe007c05e8fe55a10a0015000200142603600e12080005007f370401a8001600200006000500027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2e98a61e284ce5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0) 25.002130535s ago: executing program 2 (id=829): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) close(r0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000002000000000000000000000a00000000000000000000000d"], 0x0, 0x32}, 0x20) close(r0) 24.738092877s ago: executing program 2 (id=832): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000063013d000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 24.653833324s ago: executing program 2 (id=833): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000063019d000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 23.704662391s ago: executing program 2 (id=835): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x0, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, 0x0, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r8, 0x400455c8, 0x0) ioctl$sock_bt_hci(r7, 0x400448e0, &(0x7f00000003c0)) socket$packet(0x11, 0x3, 0x300) mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@enum={0xb}]}, {0x0, [0x0, 0x5f, 0x0, 0x5f, 0x3e, 0x0]}}, &(0x7f0000000340)=""/137, 0x2c, 0x89, 0x1, 0x6}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x68, &(0x7f0000000640)=ANY=[@ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x72}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x39) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010180)='kmem_cache_free\x00'}, 0x10) 12.707308771s ago: executing program 0 (id=890): bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x15, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@remote}, {@dev, 0x65c}]}, @timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@broadcast, 0x52b1}, {@multicast2}]}]}}}}}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r2, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r2, &(0x7f0000000000), 0x10) dup3(r1, r2, 0x0) 12.538100624s ago: executing program 0 (id=895): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000040)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x38}}, 0x0) 12.325733292s ago: executing program 0 (id=897): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, 0x0) 12.288745145s ago: executing program 0 (id=898): socket$phonet(0x23, 0x2, 0x1) r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x18, &(0x7f0000000800)={0x0, 0x1, 0x6, @local}, 0x10) sendto$packet(r0, &(0x7f0000000040)="0303020000010000000045", 0xff4b, 0x4000050, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x4560}, 0x0, {0x0, r1}}) io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0) socket$igmp6(0xa, 0x3, 0x2) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) r4 = dup(r3) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000180), 0x12) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x12, r4, 0x0) io_submit(r2, 0x1, &(0x7f00000001c0)=[0x0]) 12.160069035s ago: executing program 0 (id=899): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_exit\x00'}, 0x10) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r2, @in={{0x2, 0x0, @empty}}}, 0x9c) 12.043565125s ago: executing program 0 (id=902): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x0, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, 0x0, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r8, 0x400455c8, 0x0) ioctl$sock_bt_hci(r7, 0x400448e0, &(0x7f00000003c0)) socket$packet(0x11, 0x3, 0x300) mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@enum={0xb}]}, {0x0, [0x0, 0x5f, 0x0, 0x5f, 0x3e, 0x0]}}, &(0x7f0000000340)=""/137, 0x2c, 0x89, 0x1, 0x6}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x68, &(0x7f0000000640)=ANY=[@ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x72}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x39) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010180)='kmem_cache_free\x00'}, 0x10) 3.507153003s ago: executing program 1 (id=934): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 3.483475645s ago: executing program 1 (id=935): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x401, 0x6c, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}}, 0x0) 3.412172281s ago: executing program 1 (id=936): socket$inet6(0xa, 0x2, 0x3a) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000)) syz_io_uring_setup(0x24f5, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "2af01c3d0040fbffffffffffffff00"}) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x13) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000140)=0x11) 3.411797041s ago: executing program 1 (id=937): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000495"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$kcm(0x10, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$tipc(0x1e, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0x40}, 0x48) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000001540)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010002fdb35d580000000c00000014000180080403000200000008000100540935a58296076e4096a4216124584cc82a21f53ae6c90b95726a7721f42eef05cd95e03ce10d2b0f47eb0016781561dc6e7868f47aa05200"/102, @ANYRES32=r5, @ANYBLOB="0800038004000380"], 0x30}}, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r3}, 0x20) openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) r6 = semget$private(0x0, 0x4000000009, 0x0) semop(r6, &(0x7f0000000240)=[{0x2, 0x7fff, 0x1000}], 0x1) semop(r6, &(0x7f0000000100)=[{0x2, 0xd5db}], 0x1) semop(r6, &(0x7f0000000140)=[{0x0, 0xfffb}, {0x2, 0x7f, 0x1800}], 0x2) semop(r6, &(0x7f0000001400)=[{0x0, 0x200}], 0x1) 2.854955327s ago: executing program 4 (id=939): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r3, 0x1, 0x25, &(0x7f00000000c0)=0xffff, 0x4) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) socket(0x2, 0x1, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8000001) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) fcntl$getflags(r2, 0x401) dup(0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00') read$FUSE(0xffffffffffffffff, 0x0, 0x0) read$FUSE(r4, &(0x7f0000004000)={0x2020}, 0x2020) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0xff, @dev={0xac, 0x14, 0x14, 0x14}, 0x4e22, 0x0, 'lblcr\x00', 0x10, 0x0, 0x7c}, 0x2c) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f00000002c0)={0x0, 0x0, 0x1000}, 0x0, &(0x7f0000000300), &(0x7f0000006040)=""/4096) read(0xffffffffffffffff, &(0x7f0000000380)=""/194, 0xc2) 2.750218835s ago: executing program 3 (id=941): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) accept4$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @my=0x1}, 0x10, 0x0) connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000001c0), 0x4) shutdown(r1, 0x1) ppoll(&(0x7f00000002c0)=[{r1}], 0x1, 0x0, 0x0, 0xfffffffffffffd4c) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_EXPBUF(r3, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r2) mmap(&(0x7f0000000000/0x2000)=nil, 0x152000, 0x0, 0x12, r5, 0x0) 1.892048835s ago: executing program 4 (id=943): syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x0, 0x2}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000100), 0x12) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100)) 1.785840194s ago: executing program 3 (id=944): bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @empty, 0x6}, 0x1c) ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f0000000000)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}) 1.785545954s ago: executing program 4 (id=945): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000690005"], 0x28}}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000440)=0xfffffbff, 0x4) recvmmsg(r0, &(0x7f0000006440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002022, 0x0) 1.742491297s ago: executing program 3 (id=946): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000033c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000012c0)=ANY=[@ANYBLOB=','], 0x60}}], 0x2, 0x0) 1.667898054s ago: executing program 3 (id=947): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r4, 0xc0044dff, &(0x7f0000001480)) 1.667650813s ago: executing program 4 (id=948): syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001bc0), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$SNAPSHOT_S2RAM(r0, 0x330b) 1.433841673s ago: executing program 4 (id=949): bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x15, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@remote}, {@dev, 0x65c}]}, @timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@broadcast, 0x52b1}, {@multicast2}]}]}}}}}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r2, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r2, &(0x7f0000000000), 0x10) dup3(r1, r2, 0x0) 1.294300454s ago: executing program 1 (id=950): unshare(0x20400) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0) fcntl$getflags(r0, 0x401) 1.261807896s ago: executing program 1 (id=951): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x0, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, 0x0, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r8, 0x400455c8, 0x0) ioctl$sock_bt_hci(r7, 0x400448e0, &(0x7f00000003c0)) socket$packet(0x11, 0x3, 0x300) mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@enum={0xb}]}, {0x0, [0x0, 0x5f, 0x0, 0x5f, 0x3e, 0x0]}}, &(0x7f0000000340)=""/137, 0x2c, 0x89, 0x1, 0x6}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x68, &(0x7f0000000640)=ANY=[@ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x72}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x39) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010180)='kmem_cache_free\x00'}, 0x10) 1.211710061s ago: executing program 4 (id=952): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000100)={'syzkaller1\x00', {0x2, 0x0, @broadcast}}) fchdir(0xffffffffffffffff) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"]) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000014000000160a01000000000000000000010000002c000000180a0101000b000000000000010000000900020073797a3000e7df623250368185611d0000000900010073797a3000000000140000001000010000000000000000000000000a"], 0x88}}, 0x0) ioctl$USBDEVFS_RELEASEINTERFACE(r0, 0x80045510, &(0x7f0000000200)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x4) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x2, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040), 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x1, 0x4}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4) 1.88789ms ago: executing program 3 (id=953): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioprio_set$pid(0x1, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = dup(r0) read$FUSE(r1, 0x0, 0x0) 0s ago: executing program 3 (id=954): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_pressure(r1, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r2, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f) r3 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0) socket$unix(0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_pressure(r3, &(0x7f0000000340)={'some'}, 0x2f) kernel console output (not intermixed with test programs): eared for block 255 [ 90.764867][ T4849] FAULT_INJECTION: forcing a failure. [ 90.764867][ T4849] name failslab, interval 1, probability 0, space 0, times 0 [ 90.768369][ T4849] CPU: 1 PID: 4849 Comm: syz.4.221 Not tainted 5.15.163-syzkaller #0 [ 90.770579][ T4849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 90.773040][ T4849] Call trace: [ 90.773839][ T4849] dump_backtrace+0x0/0x530 [ 90.775005][ T4849] show_stack+0x2c/0x3c [ 90.776091][ T4849] dump_stack_lvl+0x108/0x170 [ 90.777290][ T4849] dump_stack+0x1c/0x58 [ 90.778393][ T4849] should_fail+0x3b8/0x514 [ 90.779522][ T4849] __should_failslab+0xbc/0x110 [ 90.780802][ T4849] should_failslab+0x10/0x28 [ 90.781965][ T4849] slab_pre_alloc_hook+0x64/0xe8 [ 90.783183][ T4849] __kmalloc_node+0xbc/0x5b8 [ 90.784399][ T4849] kvmalloc_node+0x88/0x204 [ 90.785477][ T4849] generic_map_update_batch+0x430/0xbc8 [ 90.786831][ T4849] bpf_map_do_batch+0x3d0/0x574 [ 90.788127][ T4849] __sys_bpf+0x4d4/0x610 [ 90.789256][ T4849] __arm64_sys_bpf+0x80/0x98 [ 90.790428][ T4849] invoke_syscall+0x98/0x2b8 [ 90.791638][ T4849] el0_svc_common+0x138/0x258 [ 90.792979][ T4849] do_el0_svc+0x58/0x14c [ 90.794111][ T4849] el0_svc+0x7c/0x1f0 [ 90.795161][ T4849] el0t_64_sync_handler+0x84/0xe4 [ 90.796437][ T4849] el0t_64_sync+0x1a0/0x1a4 [ 90.810472][ T4018] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 90.843347][ T4018] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 90.867106][ T4852] loop1: detected capacity change from 0 to 256 [ 90.923543][ T4014] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 90.955874][ T4847] loop3: detected capacity change from 0 to 8192 [ 91.023541][ T4855] loop4: detected capacity change from 0 to 2364 [ 91.142252][ T4847] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 91.145780][ T4847] REISERFS (device loop3): using ordered data mode [ 91.147600][ T4847] reiserfs: using flush barriers [ 91.176517][ T4847] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 91.183390][ T4847] REISERFS (device loop3): checking transaction log (loop3) [ 91.895545][ T4865] loop0: detected capacity change from 0 to 512 [ 91.949464][ T4865] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 91.989693][ T4865] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e802e02c, mo2=0002] [ 92.006797][ T4865] System zones: 1-12 [ 92.032795][ T4865] EXT4-fs (loop0): orphan cleanup on readonly fs [ 92.052063][ T4865] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.227: bg 0: block 361: padding at end of block bitmap is not set [ 92.066566][ T4865] EXT4-fs (loop0): Remounting filesystem read-only [ 92.068305][ T4865] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 92.075860][ T4865] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.227: invalid indirect mapped block 12 (level 1) [ 92.108013][ T4865] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.227: invalid indirect mapped block 2 (level 2) [ 92.127231][ T4847] REISERFS (device loop3): Using tea hash to sort names [ 92.129260][ T4847] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 92.141978][ T4865] EXT4-fs (loop0): 1 truncate cleaned up [ 92.143739][ T4865] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x000000000000ffff,max_batch_time=0x0000000000000007,discard,errors=remount-ro,lazytime. Quota mode: none. [ 92.173745][ T4878] device syzkaller0 entered promiscuous mode [ 92.186806][ T4878] loop1: detected capacity change from 0 to 256 [ 92.189237][ T4878] exfat: Unknown parameter './file0' [ 92.200291][ T4847] netlink: 28 bytes leftover after parsing attributes in process `syz.3.222'. [ 92.201509][ T4878] overlayfs: missing 'workdir' [ 92.202513][ T4847] netlink: 28 bytes leftover after parsing attributes in process `syz.3.222'. [ 92.209417][ T4847] netlink: 32 bytes leftover after parsing attributes in process `syz.3.222'. [ 92.547767][ T4887] loop3: detected capacity change from 0 to 512 [ 92.566609][ T4889] loop1: detected capacity change from 0 to 128 [ 92.626694][ T4887] EXT4-fs (loop3): Ignoring removed oldalloc option [ 92.628455][ T4887] EXT4-fs (loop3): Journaled quota options ignored when QUOTA feature is enabled [ 92.645663][ T4887] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 92.648218][ T4887] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 92.650680][ T4887] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 92.652993][ T4889] FAULT_INJECTION: forcing a failure. [ 92.652993][ T4889] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.670399][ T4887] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 92.672894][ T4887] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e01c, mo2=0000] [ 92.676702][ T4889] CPU: 1 PID: 4889 Comm: syz.1.234 Not tainted 5.15.163-syzkaller #0 [ 92.678856][ T4889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 92.681336][ T4889] Call trace: [ 92.682058][ T4889] dump_backtrace+0x0/0x530 [ 92.683208][ T4889] show_stack+0x2c/0x3c [ 92.684234][ T4889] dump_stack_lvl+0x108/0x170 [ 92.685573][ T4889] dump_stack+0x1c/0x58 [ 92.686568][ T4889] should_fail+0x3b8/0x514 [ 92.687765][ T4889] should_fail_usercopy+0x20/0x30 [ 92.689014][ T4889] strncpy_from_user+0x48/0x580 [ 92.690229][ T4889] getname_flags+0x104/0x480 [ 92.691397][ T4889] __arm64_sys_mkdirat+0x80/0xa8 [ 92.692623][ T4889] invoke_syscall+0x98/0x2b8 [ 92.693814][ T4889] el0_svc_common+0x138/0x258 [ 92.694938][ T4889] do_el0_svc+0x58/0x14c [ 92.695965][ T4889] el0_svc+0x7c/0x1f0 [ 92.696850][ T4889] el0t_64_sync_handler+0x84/0xe4 [ 92.698110][ T4889] el0t_64_sync+0x1a0/0x1a4 [ 92.716648][ T4887] EXT4-fs (loop3): orphan cleanup on readonly fs [ 92.800275][ T4887] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.235: bg 0: block 34: padding at end of block bitmap is not set [ 92.838795][ T4887] Quota error (device loop3): write_blk: dquota write failed [ 92.852603][ T4887] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 92.864059][ T4887] EXT4-fs error (device loop3): ext4_acquire_dquot:6196: comm syz.3.235: Failed to acquire dquot type 1 [ 92.885045][ T4887] EXT4-fs (loop3): 1 truncate cleaned up [ 92.935818][ T4887] EXT4-fs (loop3): mounted filesystem without journal. Opts: oldalloc,discard,usrjquota=./file0,noblock_validity,,errors=continue. Quota mode: writeback. [ 93.250739][ T4897] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 93.253151][ T4897] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e01c, mo2=0000] [ 94.816065][ T4880] loop2: detected capacity change from 0 to 40427 [ 94.959615][ T4880] F2FS-fs (loop2): Invalid log blocks per segment (4278190089) [ 94.961604][ T4880] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 94.981651][ T4880] F2FS-fs (loop2): invalid crc value [ 95.002422][ T4906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.238'. [ 95.774874][ T4880] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-4) [ 95.832386][ T4912] loop1: detected capacity change from 0 to 128 [ 96.143505][ T4915] loop0: detected capacity change from 0 to 8192 [ 96.325888][ T4915] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 96.328766][ T4915] REISERFS (device loop0): using ordered data mode [ 96.332022][ T4915] reiserfs: using flush barriers [ 97.460267][ T4931] loop2: detected capacity change from 0 to 16 [ 97.468578][ T4915] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 97.481338][ T4915] REISERFS (device loop0): checking transaction log (loop0) [ 97.581050][ T4931] erofs: (device loop2): mounted with root inode @ nid 36. [ 98.148871][ T4936] loop3: detected capacity change from 0 to 512 [ 98.293860][ T4915] REISERFS (device loop0): Using tea hash to sort names [ 98.296106][ T4915] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 98.359682][ T4915] netlink: 28 bytes leftover after parsing attributes in process `syz.0.244'. [ 98.362034][ T4915] netlink: 28 bytes leftover after parsing attributes in process `syz.0.244'. [ 98.386616][ T4936] EXT4-fs (loop3): Ignoring removed oldalloc option [ 98.388391][ T4936] EXT4-fs (loop3): Journaled quota options ignored when QUOTA feature is enabled [ 98.391257][ T4936] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 98.406806][ T4936] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 98.409344][ T4936] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 98.414706][ T4915] netlink: 32 bytes leftover after parsing attributes in process `syz.0.244'. [ 98.427657][ T4936] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 98.430290][ T4936] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e01c, mo2=0000] [ 98.430603][ T4938] vcan0: tx drop: invalid da for name 0x0000000000000801 [ 98.445679][ T4936] EXT4-fs (loop3): orphan cleanup on readonly fs [ 98.472794][ T4936] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.249: bg 0: block 34: padding at end of block bitmap is not set [ 98.505433][ T4938] affs: No valid root block on device nbd1 [ 98.540400][ T4936] Quota error (device loop3): write_blk: dquota write failed [ 98.542561][ T4936] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 98.564889][ T4943] loop4: detected capacity change from 0 to 512 [ 98.579527][ T4936] EXT4-fs error (device loop3): ext4_acquire_dquot:6196: comm syz.3.249: Failed to acquire dquot type 1 [ 98.585572][ T4941] netlink: 4 bytes leftover after parsing attributes in process `syz.1.250'. [ 98.602340][ T4936] EXT4-fs (loop3): 1 truncate cleaned up [ 98.610610][ T4929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.242'. [ 98.613500][ T4936] EXT4-fs (loop3): mounted filesystem without journal. Opts: oldalloc,discard,usrjquota=./file0,noblock_validity,,errors=continue. Quota mode: writeback. [ 98.814593][ T4943] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.251: bg 0: block 5: invalid block bitmap [ 98.834908][ T4953] loop2: detected capacity change from 0 to 2048 [ 98.835043][ T4943] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 98.849251][ T4943] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.251: invalid indirect mapped block 3 (level 2) [ 98.854898][ T4943] EXT4-fs (loop4): 1 orphan inode deleted [ 98.856444][ T4943] EXT4-fs (loop4): 1 truncate cleaned up [ 98.859583][ T4943] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 98.920611][ T4956] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 98.922792][ T4956] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e01c, mo2=0000] [ 99.195107][ T4953] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 99.272965][ T4943] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #12: block 7: comm syz.4.251: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4278190093, rec_len=255, size=56 fake=0 [ 99.472273][ T4962] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #12: block 7: comm syz.4.251: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4278190093, rec_len=255, size=56 fake=0 [ 100.179366][ T4962] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #12: block 7: comm syz.4.251: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4278190093, rec_len=255, size=56 fake=0 [ 101.394110][ T4979] FAULT_INJECTION: forcing a failure. [ 101.394110][ T4979] name failslab, interval 1, probability 0, space 0, times 0 [ 101.397324][ T4979] CPU: 1 PID: 4979 Comm: syz.1.260 Not tainted 5.15.163-syzkaller #0 [ 101.399459][ T4979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 101.401928][ T4979] Call trace: [ 101.402796][ T4979] dump_backtrace+0x0/0x530 [ 101.404042][ T4979] show_stack+0x2c/0x3c [ 101.405208][ T4979] dump_stack_lvl+0x108/0x170 [ 101.406525][ T4979] dump_stack+0x1c/0x58 [ 101.407507][ T4979] should_fail+0x3b8/0x514 [ 101.408719][ T4979] __should_failslab+0xbc/0x110 [ 101.409947][ T4979] should_failslab+0x10/0x28 [ 101.410879][ T4979] slab_pre_alloc_hook+0x64/0xe8 [ 101.412310][ T4979] kmem_cache_alloc+0x98/0x45c [ 101.413510][ T4979] __alloc_file+0x30/0x240 [ 101.414678][ T4979] alloc_empty_file+0xa8/0x198 [ 101.416201][ T4979] alloc_file+0x64/0x494 [ 101.417396][ T4979] alloc_file_pseudo+0x1e0/0x278 [ 101.418719][ T4979] __shmem_file_setup+0x19c/0x26c [ 101.420255][ T4979] shmem_file_setup+0x40/0x54 [ 101.421495][ T4979] __arm64_sys_memfd_create+0x374/0x610 [ 101.423025][ T4979] invoke_syscall+0x98/0x2b8 [ 101.424179][ T4979] el0_svc_common+0x138/0x258 [ 101.425529][ T4979] do_el0_svc+0x58/0x14c [ 101.426609][ T4979] el0_svc+0x7c/0x1f0 [ 101.427724][ T4979] el0t_64_sync_handler+0x84/0xe4 [ 101.429079][ T4979] el0t_64_sync+0x1a0/0x1a4 [ 101.662681][ T4981] loop3: detected capacity change from 0 to 8192 [ 102.213426][ T4991] loop1: detected capacity change from 0 to 2048 [ 102.216758][ T4994] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 102.233198][ T4981] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 102.235418][ T4981] REISERFS (device loop3): using ordered data mode [ 102.237042][ T4981] reiserfs: using flush barriers [ 102.239031][ T4981] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 102.270302][ T4981] REISERFS (device loop3): checking transaction log (loop3) [ 102.293859][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.296455][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.319163][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.322330][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.357514][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.361336][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.371717][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.388753][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.391081][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.426367][ T4991] UDF-fs: iocharset cp86!¾þÞ4 not found [ 102.431221][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.448062][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.479270][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.481285][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.490712][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.492583][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.536013][ T4018] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 102.546673][ T4991] mkiss: ax0: crc mode is auto. [ 102.585353][ T4018] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 [ 102.691759][ T4981] REISERFS (device loop3): Using tea hash to sort names [ 102.700065][ T4981] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 102.802269][ T4981] netlink: 28 bytes leftover after parsing attributes in process `syz.3.262'. [ 102.822902][ T4981] netlink: 28 bytes leftover after parsing attributes in process `syz.3.262'. [ 103.168877][ T4984] loop2: detected capacity change from 0 to 32768 [ 103.366140][ T4981] netlink: 32 bytes leftover after parsing attributes in process `syz.3.262'. [ 103.528781][ T4984] XFS (loop2): Mounting V5 Filesystem [ 103.604824][ T5028] FAULT_INJECTION: forcing a failure. [ 103.604824][ T5028] name failslab, interval 1, probability 0, space 0, times 0 [ 103.608314][ T5028] CPU: 0 PID: 5028 Comm: syz.1.270 Not tainted 5.15.163-syzkaller #0 [ 103.610450][ T5028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 103.613043][ T5028] Call trace: [ 103.613939][ T5028] dump_backtrace+0x0/0x530 [ 103.615154][ T5028] show_stack+0x2c/0x3c [ 103.616219][ T5028] dump_stack_lvl+0x108/0x170 [ 103.617503][ T5028] dump_stack+0x1c/0x58 [ 103.618613][ T5028] should_fail+0x3b8/0x514 [ 103.619829][ T5028] __should_failslab+0xbc/0x110 [ 103.621199][ T5028] should_failslab+0x10/0x28 [ 103.622458][ T5028] slab_pre_alloc_hook+0x64/0xe8 [ 103.623762][ T5028] kmem_cache_alloc+0x98/0x45c [ 103.624994][ T5028] skb_clone+0x180/0x304 [ 103.626151][ T5028] __netlink_deliver_tap+0x360/0x714 [ 103.627541][ T5028] netlink_deliver_tap+0x1ac/0x1b0 [ 103.628920][ T5028] __netlink_sendskb+0x6c/0xbc [ 103.630167][ T5028] netlink_dump+0x734/0xa88 [ 103.631403][ T5028] __netlink_dump_start+0x488/0x6ec [ 103.632719][ T5028] unix_diag_handler_dump+0x184/0x724 [ 103.634152][ T5028] sock_diag_rcv_msg+0x174/0x39c [ 103.635518][ T5028] netlink_rcv_skb+0x20c/0x3b8 [ 103.636753][ T5028] sock_diag_rcv+0x3c/0x54 [ 103.637950][ T5028] netlink_unicast+0x664/0x938 [ 103.639165][ T5028] netlink_sendmsg+0x844/0xb38 [ 103.640362][ T5028] sock_write_iter+0x2b0/0x3f8 [ 103.641647][ T5028] vfs_write+0x884/0xb44 [ 103.642843][ T5028] ksys_write+0x15c/0x26c [ 103.643989][ T5028] __arm64_sys_write+0x7c/0x90 [ 103.645247][ T5028] invoke_syscall+0x98/0x2b8 [ 103.646432][ T5028] el0_svc_common+0x138/0x258 [ 103.647752][ T5028] do_el0_svc+0x58/0x14c [ 103.648923][ T5028] el0_svc+0x7c/0x1f0 [ 103.650023][ T5028] el0t_64_sync_handler+0x84/0xe4 [ 103.651361][ T5028] el0t_64_sync+0x1a0/0x1a4 [ 103.780063][ T4984] XFS (loop2): Ending clean mount [ 103.834310][ T5024] device syzkaller0 entered promiscuous mode [ 104.796386][ T4237] XFS (loop2): Unmounting Filesystem [ 104.957533][ T5036] netlink: 12 bytes leftover after parsing attributes in process `syz.1.275'. [ 104.978915][ T5041] ceph: No source [ 106.789999][ T5053] loop3: detected capacity change from 0 to 8192 [ 106.849436][ T5053] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 106.852392][ T5053] REISERFS (device loop3): using ordered data mode [ 106.862231][ T5053] reiserfs: using flush barriers [ 106.867707][ T5053] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 106.872007][ T5053] REISERFS (device loop3): checking transaction log (loop3) [ 107.092535][ T5053] REISERFS (device loop3): Using tea hash to sort names [ 107.095932][ T5053] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 107.127648][ T5053] netlink: 28 bytes leftover after parsing attributes in process `syz.3.281'. [ 107.129790][ T5053] netlink: 28 bytes leftover after parsing attributes in process `syz.3.281'. [ 107.131919][ T5053] netlink: 32 bytes leftover after parsing attributes in process `syz.3.281'. [ 107.331998][ T5074] loop4: detected capacity change from 0 to 1024 [ 107.438951][ T5074] hfsplus: unable to parse mount options [ 107.491481][ T5078] device syzkaller0 entered promiscuous mode [ 107.588423][ T5081] FAULT_INJECTION: forcing a failure. [ 107.588423][ T5081] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 107.591770][ T5081] CPU: 1 PID: 5081 Comm: syz.2.290 Not tainted 5.15.163-syzkaller #0 [ 107.593665][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 107.596009][ T5081] Call trace: [ 107.596794][ T5081] dump_backtrace+0x0/0x530 [ 107.597923][ T5081] show_stack+0x2c/0x3c [ 107.599012][ T5081] dump_stack_lvl+0x108/0x170 [ 107.600204][ T5081] dump_stack+0x1c/0x58 [ 107.601217][ T5081] should_fail+0x3b8/0x514 [ 107.602311][ T5081] should_fail_usercopy+0x20/0x30 [ 107.603682][ T5081] _copy_from_iter+0x1f0/0xcf0 [ 107.604909][ T5081] netlink_sendmsg+0x70c/0xb38 [ 107.606168][ T5081] ____sys_sendmsg+0x584/0x870 [ 107.607429][ T5081] ___sys_sendmsg+0x214/0x294 [ 107.608704][ T5081] __arm64_sys_sendmsg+0x1ac/0x25c [ 107.610045][ T5081] invoke_syscall+0x98/0x2b8 [ 107.611261][ T5081] el0_svc_common+0x138/0x258 [ 107.612488][ T5081] do_el0_svc+0x58/0x14c [ 107.613620][ T5081] el0_svc+0x7c/0x1f0 [ 107.614710][ T5081] el0t_64_sync_handler+0x84/0xe4 [ 107.615973][ T5081] el0t_64_sync+0x1a0/0x1a4 [ 108.944242][ T5074] loop4: detected capacity change from 0 to 32768 [ 109.165175][ T5074] XFS (loop4): Mounting V5 Filesystem [ 109.975501][ T5074] XFS (loop4): Ending clean mount [ 109.981010][ T5107] loop3: detected capacity change from 0 to 8192 [ 110.004649][ T5074] XFS (loop4): Quotacheck needed: Please wait. [ 110.048209][ T5074] XFS (loop4): Quotacheck: Done. [ 110.058034][ T5074] udc-core: couldn't find an available UDC or it's busy [ 110.059894][ T5074] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 110.176116][ T5107] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 110.178832][ T5107] REISERFS (device loop3): using ordered data mode [ 110.180597][ T5107] reiserfs: using flush barriers [ 110.187003][ T5107] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 110.200341][ T5107] REISERFS (device loop3): checking transaction log (loop3) [ 111.023486][ T5136] capability: warning: `syz.2.305' uses deprecated v2 capabilities in a way that may be insecure [ 111.186754][ T5107] REISERFS (device loop3): Using tea hash to sort names [ 111.188991][ T5107] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 111.768685][ T3983] XFS (loop4): Unmounting Filesystem [ 111.780037][ T5167] FAULT_INJECTION: forcing a failure. [ 111.780037][ T5167] name failslab, interval 1, probability 0, space 0, times 0 [ 111.811631][ T5167] CPU: 1 PID: 5167 Comm: syz.3.314 Not tainted 5.15.163-syzkaller #0 [ 111.813744][ T5167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 111.816312][ T5167] Call trace: [ 111.817156][ T5167] dump_backtrace+0x0/0x530 [ 111.818378][ T5167] show_stack+0x2c/0x3c [ 111.819494][ T5167] dump_stack_lvl+0x108/0x170 [ 111.820744][ T5167] dump_stack+0x1c/0x58 [ 111.821671][ T5167] should_fail+0x3b8/0x514 [ 111.822780][ T5167] __should_failslab+0xbc/0x110 [ 111.824011][ T5167] should_failslab+0x10/0x28 [ 111.825165][ T5167] slab_pre_alloc_hook+0x64/0xe8 [ 111.826456][ T5167] __kmalloc_track_caller+0x78/0x3d8 [ 111.827772][ T5167] kstrdup+0xe4/0x15c [ 111.828829][ T5167] ceph_parse_source+0xfc/0x5bc [ 111.830127][ T5167] ceph_parse_mount_param+0xc08/0x1324 [ 111.831448][ T5167] vfs_parse_fs_param+0x1bc/0x3f4 [ 111.832781][ T5167] __arm64_sys_fsconfig+0xae0/0xd18 [ 111.833990][ T5167] invoke_syscall+0x98/0x2b8 [ 111.835135][ T5167] el0_svc_common+0x138/0x258 [ 111.836334][ T5167] do_el0_svc+0x58/0x14c [ 111.837304][ T5167] el0_svc+0x7c/0x1f0 [ 111.838238][ T5167] el0t_64_sync_handler+0x84/0xe4 [ 111.839426][ T5167] el0t_64_sync+0x1a0/0x1a4 [ 111.992546][ T5173] loop3: detected capacity change from 0 to 16 [ 112.041586][ T5180] FAULT_INJECTION: forcing a failure. [ 112.041586][ T5180] name failslab, interval 1, probability 0, space 0, times 0 [ 112.079844][ T5180] CPU: 1 PID: 5180 Comm: syz.1.321 Not tainted 5.15.163-syzkaller #0 [ 112.082062][ T5180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 112.084733][ T5180] Call trace: [ 112.085632][ T5180] dump_backtrace+0x0/0x530 [ 112.086785][ T5180] show_stack+0x2c/0x3c [ 112.087865][ T5180] dump_stack_lvl+0x108/0x170 [ 112.089078][ T5180] dump_stack+0x1c/0x58 [ 112.090174][ T5180] should_fail+0x3b8/0x514 [ 112.091331][ T5180] __should_failslab+0xbc/0x110 [ 112.092616][ T5180] should_failslab+0x10/0x28 [ 112.093810][ T5180] slab_pre_alloc_hook+0x64/0xe8 [ 112.095134][ T5180] kmem_cache_alloc+0x98/0x45c [ 112.096357][ T5180] can_rx_register+0x12c/0x5f4 [ 112.097616][ T5180] bcm_rx_setup+0xcdc/0x14ac [ 112.098875][ T5180] bcm_sendmsg+0x3e8/0x628 [ 112.100086][ T5180] ____sys_sendmsg+0x584/0x870 [ 112.101349][ T5180] ___sys_sendmsg+0x214/0x294 [ 112.102609][ T5180] __sys_sendmmsg+0x23c/0x648 [ 112.103857][ T5180] __arm64_sys_sendmmsg+0xa0/0xbc [ 112.105112][ T5180] invoke_syscall+0x98/0x2b8 [ 112.106322][ T5180] el0_svc_common+0x138/0x258 [ 112.107582][ T5180] do_el0_svc+0x58/0x14c [ 112.108696][ T5180] el0_svc+0x7c/0x1f0 [ 112.109775][ T5180] el0t_64_sync_handler+0x84/0xe4 [ 112.111105][ T5180] el0t_64_sync+0x1a0/0x1a4 [ 112.270175][ T5191] FAULT_INJECTION: forcing a failure. [ 112.270175][ T5191] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.346318][ T5191] CPU: 1 PID: 5191 Comm: syz.1.326 Not tainted 5.15.163-syzkaller #0 [ 112.348705][ T5191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 112.351463][ T5191] Call trace: [ 112.352354][ T5191] dump_backtrace+0x0/0x530 [ 112.353529][ T5191] show_stack+0x2c/0x3c [ 112.354664][ T5191] dump_stack_lvl+0x108/0x170 [ 112.355942][ T5191] dump_stack+0x1c/0x58 [ 112.357114][ T5191] should_fail+0x3b8/0x514 [ 112.358196][ T5191] should_fail_usercopy+0x20/0x30 [ 112.359535][ T5191] simple_read_from_buffer+0xd8/0x26c [ 112.360999][ T5191] proc_fail_nth_read+0x1a0/0x248 [ 112.362433][ T5191] vfs_read+0x278/0xb18 [ 112.363732][ T5191] ksys_read+0x15c/0x26c [ 112.364899][ T5191] __arm64_sys_read+0x7c/0x90 [ 112.366129][ T5191] invoke_syscall+0x98/0x2b8 [ 112.367309][ T5191] el0_svc_common+0x138/0x258 [ 112.368503][ T5191] do_el0_svc+0x58/0x14c [ 112.369653][ T5191] el0_svc+0x7c/0x1f0 [ 112.370752][ T5191] el0t_64_sync_handler+0x84/0xe4 [ 112.371904][ T5191] el0t_64_sync+0x1a0/0x1a4 [ 112.840860][ T5196] FAULT_INJECTION: forcing a failure. [ 112.840860][ T5196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.880967][ T5196] CPU: 1 PID: 5196 Comm: syz.1.328 Not tainted 5.15.163-syzkaller #0 [ 112.883063][ T5196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 112.886044][ T5196] Call trace: [ 112.886915][ T5196] dump_backtrace+0x0/0x530 [ 112.888126][ T5196] show_stack+0x2c/0x3c [ 112.889251][ T5196] dump_stack_lvl+0x108/0x170 [ 112.890511][ T5196] dump_stack+0x1c/0x58 [ 112.891770][ T5196] should_fail+0x3b8/0x514 [ 112.892980][ T5196] should_fail_usercopy+0x20/0x30 [ 112.894389][ T5196] ioctl_standard_iw_point+0x450/0xe24 [ 112.895889][ T5196] ioctl_standard_call+0xcc/0x264 [ 112.897259][ T5196] wext_ioctl_dispatch+0x16c/0x3ec [ 112.898803][ T5196] wext_handle_ioctl+0x224/0x448 [ 112.900153][ T5196] sock_ioctl+0x140/0x8ac [ 112.901350][ T5196] __arm64_sys_ioctl+0x14c/0x1c8 [ 112.902728][ T5196] invoke_syscall+0x98/0x2b8 [ 112.903974][ T5196] el0_svc_common+0x138/0x258 [ 112.905196][ T5196] do_el0_svc+0x58/0x14c [ 112.906242][ T5196] el0_svc+0x7c/0x1f0 [ 112.907330][ T5196] el0t_64_sync_handler+0x84/0xe4 [ 112.908638][ T5196] el0t_64_sync+0x1a0/0x1a4 [ 112.974200][ T5198] netlink: 28 bytes leftover after parsing attributes in process `syz.2.329'. [ 112.976673][ T5198] netlink: 28 bytes leftover after parsing attributes in process `syz.2.329'. [ 112.978855][ T5198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.329'. [ 113.021527][ T5205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.330'. [ 114.173674][ T5202] loop4: detected capacity change from 0 to 32768 [ 114.252668][ T5226] loop3: detected capacity change from 0 to 1024 [ 114.262100][ T5228] binder: 5227:5228 tried to acquire reference to desc 0, got 1 instead [ 114.271246][ T5228] binder: 5227:5228 got transaction with invalid offsets size, 113 [ 114.290271][ T5228] binder: 5227:5228 transaction failed 29201/-22, size 112-113 line 3134 [ 114.297338][ T5226] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size [ 116.209841][ T3555] binder: undelivered TRANSACTION_ERROR: 29201 [ 117.433596][ T5270] cgroup: release_agent respecified [ 117.452236][ T5272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 117.472988][ T5272] FAULT_INJECTION: forcing a failure. [ 117.472988][ T5272] name failslab, interval 1, probability 0, space 0, times 0 [ 117.481950][ T5272] CPU: 1 PID: 5272 Comm: syz.0.352 Not tainted 5.15.163-syzkaller #0 [ 117.484000][ T5272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 117.484862][ T5283] FAULT_INJECTION: forcing a failure. [ 117.484862][ T5283] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.486545][ T5272] Call trace: [ 117.490859][ T5272] dump_backtrace+0x0/0x530 [ 117.491969][ T5272] show_stack+0x2c/0x3c [ 117.492922][ T5272] dump_stack_lvl+0x108/0x170 [ 117.494146][ T5272] dump_stack+0x1c/0x58 [ 117.495267][ T5272] should_fail+0x3b8/0x514 [ 117.496378][ T5272] __should_failslab+0xbc/0x110 [ 117.497630][ T5272] should_failslab+0x10/0x28 [ 117.498922][ T5272] slab_pre_alloc_hook+0x64/0xe8 [ 117.500208][ T5272] kmem_cache_alloc_trace+0x9c/0x47c [ 117.501690][ T5272] sctp_add_bind_addr+0xa0/0x2e8 [ 117.502908][ T5272] sctp_copy_local_addr_list+0x2d8/0x494 [ 117.504455][ T5272] sctp_copy_one_addr+0xc0/0x348 [ 117.505758][ T5272] sctp_bind_addr_copy+0xb8/0x388 [ 117.507064][ T5272] sctp_assoc_set_bind_addr_from_ep+0x11c/0x16c [ 117.508677][ T5272] sctp_connect_new_asoc+0x278/0x5dc [ 117.510107][ T5272] sctp_sendmsg+0x1684/0x2844 [ 117.511333][ T5272] inet_sendmsg+0x15c/0x290 [ 117.512589][ T5272] ____sys_sendmsg+0x584/0x870 [ 117.513771][ T5272] ___sys_sendmsg+0x214/0x294 [ 117.515003][ T5272] __sys_sendmmsg+0x23c/0x648 [ 117.516208][ T5272] __arm64_sys_sendmmsg+0xa0/0xbc [ 117.517533][ T5272] invoke_syscall+0x98/0x2b8 [ 117.518775][ T5272] el0_svc_common+0x138/0x258 [ 117.519950][ T5272] do_el0_svc+0x58/0x14c [ 117.521116][ T5272] el0_svc+0x7c/0x1f0 [ 117.522208][ T5272] el0t_64_sync_handler+0x84/0xe4 [ 117.523478][ T5272] el0t_64_sync+0x1a0/0x1a4 [ 117.540288][ T5283] CPU: 0 PID: 5283 Comm: syz.4.350 Not tainted 5.15.163-syzkaller #0 [ 117.542477][ T5283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 117.545043][ T5283] Call trace: [ 117.545897][ T5283] dump_backtrace+0x0/0x530 [ 117.547133][ T5283] show_stack+0x2c/0x3c [ 117.548237][ T5283] dump_stack_lvl+0x108/0x170 [ 117.549747][ T5283] dump_stack+0x1c/0x58 [ 117.550765][ T5283] should_fail+0x3b8/0x514 [ 117.551873][ T5283] should_fail_usercopy+0x20/0x30 [ 117.553137][ T5283] __copy_msghdr_from_user+0xbc/0x5d0 [ 117.554798][ T5283] ___sys_sendmsg+0x154/0x294 [ 117.556108][ T5283] __arm64_sys_sendmsg+0x1ac/0x25c [ 117.557421][ T5283] invoke_syscall+0x98/0x2b8 [ 117.558577][ T5283] el0_svc_common+0x138/0x258 [ 117.559857][ T5283] do_el0_svc+0x58/0x14c [ 117.561008][ T5283] el0_svc+0x7c/0x1f0 [ 117.561997][ T5283] el0t_64_sync_handler+0x84/0xe4 [ 117.563312][ T5283] el0t_64_sync+0x1a0/0x1a4 [ 117.678784][ T5293] loop4: detected capacity change from 0 to 164 [ 119.150498][ T5308] binder: 5307 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 119.150524][ T5308] binder: 5307:5308 ioctl c018620c 20000a00 returned -22 [ 119.222075][ T5310] loop4: detected capacity change from 0 to 164 [ 119.381250][ T5312] 9pnet: Insufficient options for proto=fd [ 119.451103][ T5317] FAULT_INJECTION: forcing a failure. [ 119.451103][ T5317] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.473122][ T5317] CPU: 0 PID: 5317 Comm: syz.3.370 Not tainted 5.15.163-syzkaller #0 [ 119.475244][ T5317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 119.477889][ T5317] Call trace: [ 119.478777][ T5317] dump_backtrace+0x0/0x530 [ 119.479946][ T5317] show_stack+0x2c/0x3c [ 119.480929][ T5317] dump_stack_lvl+0x108/0x170 [ 119.482159][ T5317] dump_stack+0x1c/0x58 [ 119.483298][ T5317] should_fail+0x3b8/0x514 [ 119.484376][ T5317] should_fail_usercopy+0x20/0x30 [ 119.485700][ T5317] __copy_msghdr_from_user+0xbc/0x5d0 [ 119.487100][ T5317] ___sys_recvmsg+0x150/0x2cc [ 119.488315][ T5317] do_recvmmsg+0x310/0x9a4 [ 119.489425][ T5317] __arm64_sys_recvmmsg+0x180/0x23c [ 119.490838][ T5317] invoke_syscall+0x98/0x2b8 [ 119.492021][ T5317] el0_svc_common+0x138/0x258 [ 119.493282][ T5317] do_el0_svc+0x58/0x14c [ 119.494395][ T5317] el0_svc+0x7c/0x1f0 [ 119.495407][ T5317] el0t_64_sync_handler+0x84/0xe4 [ 119.496760][ T5317] el0t_64_sync+0x1a0/0x1a4 [ 119.577629][ T5328] FAULT_INJECTION: forcing a failure. [ 119.577629][ T5328] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.587901][ T5328] CPU: 1 PID: 5328 Comm: syz.2.373 Not tainted 5.15.163-syzkaller #0 [ 119.589987][ T5328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 119.592646][ T5328] Call trace: [ 119.593451][ T5328] dump_backtrace+0x0/0x530 [ 119.594538][ T5328] show_stack+0x2c/0x3c [ 119.595619][ T5328] dump_stack_lvl+0x108/0x170 [ 119.596823][ T5328] dump_stack+0x1c/0x58 [ 119.597876][ T5328] should_fail+0x3b8/0x514 [ 119.598895][ T5328] should_fail_usercopy+0x20/0x30 [ 119.600137][ T5328] simple_read_from_buffer+0xd8/0x26c [ 119.601499][ T5328] proc_fail_nth_read+0x1a0/0x248 [ 119.602739][ T5328] vfs_read+0x278/0xb18 [ 119.603754][ T5328] ksys_read+0x15c/0x26c [ 119.604751][ T5328] __arm64_sys_read+0x7c/0x90 [ 119.605899][ T5328] invoke_syscall+0x98/0x2b8 [ 119.607091][ T5328] el0_svc_common+0x138/0x258 [ 119.608290][ T5328] do_el0_svc+0x58/0x14c [ 119.609318][ T5328] el0_svc+0x7c/0x1f0 [ 119.610348][ T5328] el0t_64_sync_handler+0x84/0xe4 [ 119.611600][ T5328] el0t_64_sync+0x1a0/0x1a4 [ 119.612712][ C1] vkms_vblank_simulate: vblank timer overrun [ 119.629186][ T5291] udc-core: couldn't find an available UDC or it's busy [ 119.631001][ T5291] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 119.824647][ T5337] xt_recent: hitcount (448) is larger than allowed maximum (255) [ 120.090945][ T5310] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 121.047109][ T4102] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.142267][ T4102] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.238658][ T4102] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.260661][ T5392] device pim6reg1 entered promiscuous mode [ 121.300148][ T4102] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.334987][ T5396] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 121.366155][ T5373] chnl_net:caif_netlink_parms(): no params data found [ 121.459142][ T5412] netlink: 12 bytes leftover after parsing attributes in process `syz.2.405'. [ 121.516316][ T5373] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.518530][ T5373] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.529915][ T5373] device bridge_slave_0 entered promiscuous mode [ 121.539082][ T5373] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.541067][ T5373] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.543972][ T5373] device bridge_slave_1 entered promiscuous mode [ 121.555512][ T5421] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 121.624803][ T5373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.631387][ T5373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.674195][ T5373] team0: Port device team_slave_0 added [ 121.684708][ T5373] team0: Port device team_slave_1 added [ 121.762927][ T5373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.775157][ T5373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.800076][ T5373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.863249][ T5373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.865373][ T5373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.872298][ T5373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.995786][ T5373] device hsr_slave_0 entered promiscuous mode [ 122.033723][ T5373] device hsr_slave_1 entered promiscuous mode [ 122.063440][ T5373] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 122.066963][ T5373] Cannot create hsr debugfs directory [ 122.733462][ T4015] Bluetooth: hci1: command 0x0409 tx timeout [ 122.907115][ T5373] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 122.944008][ T5487] dlm: dev_write: no op f4a73b f7fd00000000 [ 123.019295][ T5373] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 123.087137][ T5373] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 123.292964][ T5373] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 123.510078][ T5499] netlink: 20 bytes leftover after parsing attributes in process `syz.3.435'. [ 123.732876][ T5373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.809681][ T5373] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.824121][ T4102] device hsr_slave_0 left promiscuous mode [ 123.835450][ T4102] device hsr_slave_1 left promiscuous mode [ 123.924000][ T4102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.926127][ T4102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.929264][ T4102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.931130][ T4102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.935825][ T4102] device bridge_slave_1 left promiscuous mode [ 123.943882][ T4102] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.992058][ T4102] device bridge_slave_0 left promiscuous mode [ 123.994539][ T4102] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.133466][ T4102] device veth1_macvtap left promiscuous mode [ 124.135402][ T4102] device veth0_macvtap left promiscuous mode [ 124.137166][ T4102] device veth1_vlan left promiscuous mode [ 124.138759][ T4102] device veth0_vlan left promiscuous mode [ 124.326916][ T5557] netlink: 'syz.4.452': attribute type 13 has an invalid length. [ 124.525516][ T4102] team0 (unregistering): Port device team_slave_1 removed [ 124.544729][ T4102] team0 (unregistering): Port device team_slave_0 removed [ 124.562270][ T4102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 124.620720][ T4102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 124.823420][ T21] Bluetooth: hci1: command 0x041b tx timeout [ 124.889696][ T4102] bond0 (unregistering): Released all slaves [ 124.970669][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.973922][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.994023][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 124.996737][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 124.999099][ T4463] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.000917][ T4463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.032835][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 125.036804][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 125.039588][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 125.041985][ T21] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.043995][ T21] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.067019][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 125.070005][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 125.072810][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 125.077202][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 125.123665][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 125.127067][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 125.130203][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 125.132975][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 125.143769][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 125.150205][ T5373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 125.176123][ T5373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 125.189727][ T1963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 125.192854][ T1963] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 125.268565][ T5561] ODEBUG: Out of memory. ODEBUG disabled [ 126.674857][ T5595] netlink: 4 bytes leftover after parsing attributes in process `syz.2.463'. [ 126.690918][ T5562] syz.3.453 (5562): drop_caches: 2 [ 126.711830][ T5373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.745142][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 126.747155][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 126.779356][ T1963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 126.782314][ T1963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 126.839461][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 126.842385][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 126.845797][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 126.848181][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 126.859464][ T5373] device veth0_vlan entered promiscuous mode [ 126.899243][ T5373] device veth1_vlan entered promiscuous mode [ 126.910654][ T1963] Bluetooth: hci1: command 0x040f tx timeout [ 126.929515][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 126.932105][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 126.935077][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 126.937686][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 126.962544][ T5373] device veth0_macvtap entered promiscuous mode [ 126.967732][ T5373] device veth1_macvtap entered promiscuous mode [ 127.004686][ T5373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.007365][ T5373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.009810][ T5373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.024431][ T5373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.026804][ T5373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.029360][ T5373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.049826][ T5373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.053880][ T5373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.091290][ T5373] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 127.097221][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 127.099797][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 127.102708][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 127.113899][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 127.145376][ T5373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.148176][ T5373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.163202][ T5373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.171177][ T5373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.176032][ T5561] syz.3.453 (5561): drop_caches: 2 [ 127.182518][ T5373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.186021][ T5373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.189554][ T5373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.678987][ T5373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.074499][ T5373] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.132362][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 128.135131][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 128.169825][ T5373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.172168][ T5373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.195640][ T5373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.206833][ T5373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.237958][ T5623] netlink: 'syz.3.471': attribute type 17 has an invalid length. [ 128.240472][ T5623] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 128.282720][ T5623] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 128.541491][ T4115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.546210][ T4115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.551207][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 128.730138][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.732583][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.739414][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 128.929530][ T3972] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 128.973453][ T4015] Bluetooth: hci1: command 0x0419 tx timeout [ 129.021898][ T5644] dccp_invalid_packet: P.Data Offset(172) too large [ 129.548460][ T5675] dccp_invalid_packet: P.Data Offset(172) too large [ 129.711548][ T5683] syz.0.500 (5683): drop_caches: 2 [ 129.720579][ T5683] syz.0.500 (5683): drop_caches: 2 [ 129.800927][ T5682] hub 6-0:1.0: USB hub found [ 129.806867][ T5682] hub 6-0:1.0: 8 ports detected [ 129.832901][ T5679] syz.0.500 (5679): drop_caches: 2 [ 129.847543][ T5679] syz.0.500 (5679): drop_caches: 2 [ 129.907483][ T5688] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 129.924054][ T5688] VFS: Can't find a romfs filesystem on dev nullb0. [ 129.924054][ T5688] [ 129.957836][ T5692] netlink: 32 bytes leftover after parsing attributes in process `syz.2.503'. [ 130.068614][ T26] audit: type=1326 audit(130.040:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5697 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a3502a8 code=0x7ffc0000 [ 130.078144][ T26] audit: type=1326 audit(130.050:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5697 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=262 compat=0 ip=0xffff8a3502a8 code=0x7ffc0000 [ 130.089930][ T26] audit: type=1326 audit(130.050:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5697 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a3502a8 code=0x7ffc0000 [ 130.115712][ T26] audit: type=1326 audit(130.050:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5697 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8a3502a8 code=0x7ffc0000 [ 130.152046][ T26] audit: type=1326 audit(130.050:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5697 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a3502a8 code=0x7ffc0000 [ 130.168977][ T5705] dccp_invalid_packet: P.Data Offset(172) too large [ 130.179295][ T26] audit: type=1326 audit(130.050:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5697 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=263 compat=0 ip=0xffff8a3502a8 code=0x7ffc0000 [ 130.195328][ T26] audit: type=1326 audit(130.050:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5697 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a3502a8 code=0x7ffc0000 [ 130.225779][ T26] audit: type=1326 audit(130.050:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5697 comm="syz.2.505" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a3502a8 code=0x7ffc0000 [ 130.293950][ T5711] (syz.4.507,5711,1):ocfs2_fill_super:991 ERROR: superblock probe failed! [ 130.296368][ T5711] (syz.4.507,5711,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 130.410037][ T5718] syz.3.512 (5718): drop_caches: 2 [ 130.411944][ T5718] syz.3.512 (5718): drop_caches: 2 [ 130.457918][ T5718] syz.3.512 (5718): drop_caches: 2 [ 130.464868][ T5718] syz.3.512 (5718): drop_caches: 2 [ 130.579837][ T5742] dccp_invalid_packet: P.Data Offset(172) too large [ 130.963497][ T5763] syz.0.530 (5763): drop_caches: 2 [ 130.965753][ T5763] syz.0.530 (5763): drop_caches: 2 [ 130.977921][ T5763] syz.0.530 (5763): drop_caches: 2 [ 131.411998][ T5763] syz.0.530 (5763): drop_caches: 2 [ 131.863431][ T2047] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.864938][ T2047] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.220250][ T5798] netlink: 'syz.3.546': attribute type 10 has an invalid length. [ 132.248263][ T5798] team0: Port device netdevsim0 added [ 132.432695][ T5812] netlink: 40 bytes leftover after parsing attributes in process `syz.3.551'. [ 132.467192][ T5814] netlink: 72 bytes leftover after parsing attributes in process `syz.3.552'. [ 132.585319][ T4015] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 132.587851][ T4015] Bluetooth: hci0: Injecting HCI hardware error event [ 132.591034][ T3972] Bluetooth: hci0: hardware error 0x00 [ 132.865949][ T5831] xt_HMARK: spi-set and port-set can't be combined [ 133.595909][ T5865] netlink: 36 bytes leftover after parsing attributes in process `syz.3.574'. [ 134.605534][ T5895] udc-core: couldn't find an available UDC or it's busy [ 134.607386][ T5895] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 134.841529][ T5895] udc-core: couldn't find an available UDC or it's busy [ 134.849450][ T5895] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 135.265385][ T5927] device pim6reg1 entered promiscuous mode [ 135.620634][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.647851][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.649760][ T5947] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.690698][ T5953] device pim6reg1 entered promiscuous mode [ 136.159329][ T5958] chnl_net:caif_netlink_parms(): no params data found [ 136.373244][ T13] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 136.613130][ T13] usb 1-1: Using ep0 maxpacket: 8 [ 136.738338][ T13] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 136.741309][ T13] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 136.753186][ T13] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 136.756297][ T13] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 136.758985][ T13] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 136.761172][ T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.849520][ T13] hub 1-1:1.0: bad descriptor, ignoring hub [ 136.851370][ T13] hub: probe of 1-1:1.0 failed with error -5 [ 136.856078][ T4115] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.898596][ T13] cdc_wdm 1-1:1.0: skipping garbage [ 136.899902][ T13] cdc_wdm 1-1:1.0: skipping garbage [ 136.933363][ T5958] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.935253][ T5958] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.937879][ T5958] device bridge_slave_0 entered promiscuous mode [ 136.975888][ T13] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 136.977597][ T13] cdc_wdm 1-1:1.0: Unknown control protocol [ 137.062421][ T13] usb 1-1: USB disconnect, device number 2 [ 137.149334][ T4115] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.160676][ T5958] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.162496][ T5958] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.165516][ T5958] device bridge_slave_1 entered promiscuous mode [ 137.248946][ T5958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 137.264482][ T5958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 137.307462][ T4115] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.352043][ T5958] team0: Port device team_slave_0 added [ 137.357647][ T5958] team0: Port device team_slave_1 added [ 137.415438][ T4115] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.475643][ T5958] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 137.477545][ T5958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.495475][ T5958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 137.499737][ T5958] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 137.501485][ T5958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.528873][ T5958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 137.700314][ T13] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 137.745073][ T5958] device hsr_slave_0 entered promiscuous mode [ 137.790681][ T5958] device hsr_slave_1 entered promiscuous mode [ 137.859325][ T25] Bluetooth: hci0: command 0x0409 tx timeout [ 137.952298][ T13] usb 1-1: Using ep0 maxpacket: 8 [ 138.073316][ T13] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 138.076056][ T13] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 138.078345][ T13] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 138.081011][ T13] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 138.109672][ T13] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 138.112131][ T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.174315][ T13] hub 1-1:1.0: bad descriptor, ignoring hub [ 138.175854][ T13] hub: probe of 1-1:1.0 failed with error -5 [ 138.218969][ T13] cdc_wdm 1-1:1.0: skipping garbage [ 138.220411][ T13] cdc_wdm 1-1:1.0: skipping garbage [ 138.233411][ T13] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 138.235090][ T13] cdc_wdm 1-1:1.0: Unknown control protocol [ 138.524120][ T6030] device pim6reg1 entered promiscuous mode [ 139.046300][ T25] usb 1-1: USB disconnect, device number 3 [ 139.056424][ T5958] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 139.096418][ T5958] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 139.200927][ T5958] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 139.225771][ T5958] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 139.420365][ T6070] udc-core: couldn't find an available UDC or it's busy [ 139.443186][ T6070] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 139.492720][ T5958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.530270][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.532886][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.559090][ T5958] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.580218][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.582765][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.585359][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.587293][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.589460][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 139.624886][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.627583][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.629989][ T21] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.631634][ T21] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.645456][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 139.648410][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 139.752635][ T5958] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 139.793225][ T5958] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 139.866234][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 139.873672][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 139.876355][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 139.879065][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 139.881743][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 139.888007][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.890717][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 139.893452][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.905370][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 139.908094][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 139.933276][ T4015] Bluetooth: hci0: command 0x041b tx timeout [ 140.126221][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 140.128213][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 140.197974][ T4115] device hsr_slave_0 left promiscuous mode [ 140.297505][ T4115] device hsr_slave_1 left promiscuous mode [ 140.495503][ T6086] netlink: 8 bytes leftover after parsing attributes in process `syz.3.655'. [ 140.653434][ T4115] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.764884][ T4115] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.223169][ T4115] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.225242][ T4115] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.236371][ T4115] device bridge_slave_1 left promiscuous mode [ 141.238119][ T4115] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.306524][ T4115] device bridge_slave_0 left promiscuous mode [ 141.308308][ T4115] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.443413][ T4115] device veth1_macvtap left promiscuous mode [ 141.444878][ T4115] device veth0_macvtap left promiscuous mode [ 141.446508][ T4115] device veth1_vlan left promiscuous mode [ 141.447974][ T4115] device veth0_vlan left promiscuous mode [ 142.013178][ T4015] Bluetooth: hci0: command 0x040f tx timeout [ 142.091975][ T4115] team0 (unregistering): Port device team_slave_1 removed [ 142.129752][ T4115] team0 (unregistering): Port device team_slave_0 removed [ 142.159443][ T4115] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 142.200862][ T4115] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 142.448353][ T4115] bond0 (unregistering): Released all slaves [ 142.612678][ T5958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.720970][ T26] audit: type=1326 audit(142.690:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6100 comm="syz.4.662" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98e612a8 code=0x7ffc0000 [ 142.731430][ T26] audit: type=1326 audit(142.700:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6100 comm="syz.4.662" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=9 compat=0 ip=0xffff98e612a8 code=0x7ffc0000 [ 142.731798][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 142.739802][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 142.759226][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 142.759589][ T26] audit: type=1326 audit(142.710:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6100 comm="syz.4.662" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff98e612a8 code=0x7ffc0000 [ 142.761645][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 142.784397][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 142.800772][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 142.805257][ T5958] device veth0_vlan entered promiscuous mode [ 142.823531][ T5958] device veth1_vlan entered promiscuous mode [ 142.902660][ T5958] device veth0_macvtap entered promiscuous mode [ 142.933388][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 142.935978][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 142.938853][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 142.941425][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 142.972818][ T5958] device veth1_macvtap entered promiscuous mode [ 142.976392][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 142.978836][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 143.008418][ T5958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.011031][ T5958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.025962][ T5958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.028598][ T5958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.030730][ T5958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.043122][ T5958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.045591][ T5958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.053464][ T5958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.064285][ T5958] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.075291][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 143.078160][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 143.082646][ T5958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.104608][ T5958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.107195][ T5958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.109837][ T5958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.112189][ T5958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.135770][ T5958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.138380][ T5958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.141082][ T5958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.167533][ T5958] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.187703][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 143.190271][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 143.196372][ T5958] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.213525][ T5958] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.215611][ T5958] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.217776][ T5958] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.093308][ T4463] Bluetooth: hci0: command 0x0419 tx timeout [ 144.262669][ T6102] chnl_net:caif_netlink_parms(): no params data found [ 144.479917][ T294] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.483596][ T294] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.324314][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 145.343251][ T4014] Bluetooth: hci5: command 0x0409 tx timeout [ 145.413925][ T6102] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.415696][ T6102] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.418224][ T6102] device bridge_slave_0 entered promiscuous mode [ 145.432268][ T538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.432946][ T6102] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.436862][ T6102] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.439345][ T6102] device bridge_slave_1 entered promiscuous mode [ 145.441949][ T538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.462087][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 145.522054][ T6102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 145.532997][ T6102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 145.598537][ T6102] team0: Port device team_slave_0 added [ 145.627553][ T6102] team0: Port device team_slave_1 added [ 145.692869][ T6102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 145.702925][ T6102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 145.728126][ T6102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 145.735107][ T6102] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 145.737065][ T6102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 145.764520][ T6102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 145.905386][ T6102] device hsr_slave_0 entered promiscuous mode [ 145.954433][ T6102] device hsr_slave_1 entered promiscuous mode [ 146.063307][ T6102] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 146.065257][ T6102] Cannot create hsr debugfs directory [ 147.291527][ T6102] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.373215][ T4014] Bluetooth: hci5: command 0x041b tx timeout [ 147.374253][ T6166] netlink: 'syz.3.685': attribute type 10 has an invalid length. [ 147.376668][ T6166] netlink: 40 bytes leftover after parsing attributes in process `syz.3.685'. [ 147.380270][ T6166] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 148.523533][ T6102] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.768185][ T6102] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.942162][ T6102] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.212359][ T6208] loop3: detected capacity change from 0 to 1024 [ 150.087628][ T6215] input: syz0 as /devices/virtual/input/input6 [ 150.658927][ T6102] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 150.720482][ T4020] Bluetooth: hci5: command 0x040f tx timeout [ 150.796425][ T6102] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 150.857300][ T6102] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 150.896388][ T6102] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 151.126186][ T6224] loop3: detected capacity change from 0 to 128 [ 151.153147][ T6102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.198509][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 151.201226][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.213021][ T6102] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.221011][ T6224] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 151.226038][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 151.228760][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 151.231144][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.233028][ T4022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.240362][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 151.244044][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 151.246890][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 151.249502][ T4022] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.251536][ T4022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.265183][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 151.267908][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 151.271392][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 151.275584][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 151.278297][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 151.294914][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 151.305013][ T6102] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 151.307898][ T6102] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 151.314081][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 151.316659][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 151.319266][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 151.322126][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 151.326688][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 151.337187][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 151.643612][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 151.645772][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 151.655590][ T6102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.714295][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 151.717180][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 151.746402][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 151.749111][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 151.764536][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 151.767325][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 151.776036][ T6102] device veth0_vlan entered promiscuous mode [ 151.810500][ T6102] device veth1_vlan entered promiscuous mode [ 151.849640][ T26] audit: type=1326 audit(151.820:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6235 comm="syz.1.709" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb98442a8 code=0x0 [ 151.859378][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 151.862136][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 151.874553][ T6102] device veth0_macvtap entered promiscuous mode [ 151.892436][ T6102] device veth1_macvtap entered promiscuous mode [ 151.928382][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.941527][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.947030][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.953704][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.956282][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.958952][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.961280][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.994471][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.996902][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.999410][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.017741][ T6102] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.028450][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 152.031076][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 152.034114][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 152.040131][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 152.049132][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.055797][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.069874][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.080514][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.091327][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.102522][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.110905][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.119443][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.119603][ T6102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.119619][ T6102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.130324][ T6102] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.131230][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 152.131750][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 152.141676][ T6102] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.141746][ T6102] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.141769][ T6102] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.141792][ T6102] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.258423][ T6178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 152.260715][ T6178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 152.266780][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 152.297255][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 152.317824][ T6245] loop4: detected capacity change from 0 to 1024 [ 152.328811][ T4176] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 152.331224][ T4176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 152.338299][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 152.531639][ T6245] udc-core: couldn't find an available UDC or it's busy [ 152.533660][ T6245] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 152.540085][ T26] audit: type=1326 audit(152.510:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6252 comm="syz.2.713" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 152.553682][ T26] audit: type=1326 audit(152.530:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6252 comm="syz.2.713" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=425 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 152.562847][ T26] audit: type=1326 audit(152.530:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6252 comm="syz.2.713" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff8b9442dc code=0x7ffc0000 [ 152.584781][ T26] audit: type=1326 audit(152.530:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6252 comm="syz.2.713" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff8b9442dc code=0x7ffc0000 [ 152.623518][ T26] audit: type=1326 audit(152.530:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6252 comm="syz.2.713" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 152.633269][ T4020] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 152.646062][ T26] audit: type=1326 audit(152.540:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6252 comm="syz.2.713" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=427 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 152.646102][ T26] audit: type=1326 audit(152.540:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6252 comm="syz.2.713" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 152.733304][ T3769] Bluetooth: hci5: command 0x0419 tx timeout [ 152.756347][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.763989][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.770456][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.775849][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.780066][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.783338][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.787535][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.791770][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.796112][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.800290][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.805567][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.809944][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.814896][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.819204][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.823716][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.827090][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.831354][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.835943][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.840178][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.852955][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.860873][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.866164][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.873446][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.879828][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.883334][ T4020] usb 1-1: Using ep0 maxpacket: 8 [ 152.888874][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.905069][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.912607][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.919343][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.926071][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.932446][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 152.949997][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.342550][ T6262] input: syz0 as /devices/virtual/input/input7 [ 153.840753][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.842784][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.844827][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.846741][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.848671][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.850536][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.853775][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.857008][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.858827][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.860745][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.862571][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.883383][ T4020] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 153.885531][ T4020] usb 1-1: config 179 has no interface number 0 [ 153.887075][ T4020] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 153.889858][ T4020] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 153.892594][ T4020] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11 [ 153.907585][ T3769] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 153.910549][ T4020] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024 [ 153.920859][ T3769] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 153.923604][ T4020] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 153.951045][ T4020] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 153.960330][ T4020] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.083325][ T6249] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 154.086118][ T6249] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 154.099316][ T4020] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input8 [ 154.305413][ T4020] usb 1-1: USB disconnect, device number 4 [ 154.314332][ T4020] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 154.868870][ T26] audit: type=1326 audit(154.840:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6278 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbd9122a8 code=0x7ffc0000 [ 154.875728][ T26] audit: type=1326 audit(154.840:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6278 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=425 compat=0 ip=0xffffbd9122a8 code=0x7ffc0000 [ 155.633230][ T6295] udc-core: couldn't find an available UDC or it's busy [ 155.635067][ T6295] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 155.732952][ T648] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.851460][ T648] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.957582][ T648] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.061315][ T648] team0: Port device netdevsim0 removed [ 156.071204][ T648] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.117957][ T6293] chnl_net:caif_netlink_parms(): no params data found [ 156.217861][ T6293] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.227847][ T6293] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.230715][ T6293] device bridge_slave_0 entered promiscuous mode [ 156.244428][ T6293] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.246172][ T6293] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.249060][ T6293] device bridge_slave_1 entered promiscuous mode [ 156.396375][ T6293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.411609][ T6293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.498548][ T6293] team0: Port device team_slave_0 added [ 156.502221][ T6293] team0: Port device team_slave_1 added [ 156.570718][ T6293] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.572833][ T6293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.588309][ T6293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.592765][ T6293] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.611489][ T6293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.631800][ T6293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.764680][ T6293] device hsr_slave_0 entered promiscuous mode [ 156.803758][ T6293] device hsr_slave_1 entered promiscuous mode [ 156.813427][ T3769] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 156.853644][ T6293] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 156.855584][ T6293] Cannot create hsr debugfs directory [ 157.063273][ T3769] usb 1-1: Using ep0 maxpacket: 8 [ 157.976982][ T4463] Bluetooth: hci3: command 0x0409 tx timeout [ 158.043778][ T3769] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 158.045846][ T3769] usb 1-1: config 179 has no interface number 0 [ 158.047478][ T3769] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 158.050051][ T3769] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 158.053019][ T3769] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11 [ 158.056446][ T3769] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024 [ 158.059210][ T3769] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 158.062630][ T3769] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 158.064977][ T3769] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.094666][ T6315] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 158.096675][ T6315] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 158.116062][ T3769] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input9 [ 158.362209][ T3769] usb 1-1: USB disconnect, device number 5 [ 158.373404][ T3769] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 158.796436][ T6293] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 159.005042][ T6293] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 159.267557][ T6293] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 159.305224][ T6293] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 159.646425][ T6379] x_tables: unsorted underflow at hook 3 [ 160.013449][ T6148] Bluetooth: hci3: command 0x041b tx timeout [ 160.564941][ T6390] loop4: detected capacity change from 0 to 1024 [ 160.673081][ T6390] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 160.689983][ T6390] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback. [ 161.360866][ T6398] input: syz0 as /devices/virtual/input/input10 [ 161.670675][ T6293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.716554][ T648] device hsr_slave_0 left promiscuous mode [ 161.733994][ T648] device hsr_slave_1 left promiscuous mode [ 161.833609][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.838795][ T648] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.891098][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 161.895644][ T648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.923668][ T648] device bridge_slave_1 left promiscuous mode [ 161.925377][ T648] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.934929][ T6411] udc-core: couldn't find an available UDC or it's busy [ 161.936823][ T6411] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 162.033635][ T648] device bridge_slave_0 left promiscuous mode [ 162.035294][ T648] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.103350][ T6148] Bluetooth: hci3: command 0x040f tx timeout [ 162.203530][ T648] device veth1_macvtap left promiscuous mode [ 162.205262][ T648] device veth0_macvtap left promiscuous mode [ 162.206758][ T648] device veth1_vlan left promiscuous mode [ 162.208106][ T648] device veth0_vlan left promiscuous mode [ 162.566242][ T6430] loop4: detected capacity change from 0 to 128 [ 163.252271][ T6432] x_tables: unsorted underflow at hook 3 [ 163.853294][ T4463] Bluetooth: hci4: command 0x0406 tx timeout [ 163.922610][ T648] team0 (unregistering): Port device team_slave_1 removed [ 163.951089][ T648] team0 (unregistering): Port device team_slave_0 removed [ 163.970557][ T648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.032034][ T648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.173233][ T4022] Bluetooth: hci3: command 0x0419 tx timeout [ 164.249340][ T648] bond0 (unregistering): Released all slaves [ 164.368197][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 164.370762][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 164.389214][ T6293] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.413646][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.416468][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.443592][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.445388][ T4022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.453846][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 164.456977][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.468452][ T4022] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.470522][ T4022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.534773][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 164.537209][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 164.555487][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 164.567953][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 164.570762][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 164.573772][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.582173][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.702272][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 164.719532][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 164.806538][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 165.282137][ T6293] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 165.298615][ T6293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 165.447350][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 165.451570][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 165.639054][ T6477] input: syz0 as /devices/virtual/input/input11 [ 166.377475][ T6476] udc-core: couldn't find an available UDC or it's busy [ 166.379357][ T6476] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 166.994099][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 166.996443][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 167.030172][ T6293] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.087450][ T4020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 167.090157][ T4020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 167.125453][ T6500] x_tables: unsorted underflow at hook 3 [ 167.168012][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 167.175067][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 167.182634][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 167.187465][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 167.190961][ T6293] device veth0_vlan entered promiscuous mode [ 167.254173][ T6293] device veth1_vlan entered promiscuous mode [ 167.451440][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 167.454250][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 167.456826][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 167.459312][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 167.526771][ T6293] device veth0_macvtap entered promiscuous mode [ 167.559644][ T6293] device veth1_macvtap entered promiscuous mode [ 167.621579][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.630793][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.640544][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.649650][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.652412][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.666786][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.669303][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.671870][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.689086][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.691576][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.708218][ T6293] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 167.719104][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.779945][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.782495][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.809792][ T6520] udc-core: couldn't find an available UDC or it's busy [ 167.811916][ T6520] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 167.814272][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.816813][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.842096][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.144708][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.222134][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.303422][ T6293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.422168][ T6293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.615171][ T6293] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 168.635155][ T6293] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.637490][ T6293] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.639630][ T6293] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.673553][ T6293] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.678283][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 168.680979][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 168.683501][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 168.686220][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 168.688882][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 168.691587][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 168.851069][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.853652][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.857969][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 168.927422][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.929871][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.935167][ T4014] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 169.299853][ T6525] input: syz0 as /devices/virtual/input/input12 [ 170.009830][ T6527] loop3: detected capacity change from 0 to 1024 [ 170.030082][ T6533] loop4: detected capacity change from 0 to 1024 [ 170.171519][ T6533] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 170.183922][ T6539] udc-core: couldn't find an available UDC or it's busy [ 170.185660][ T6539] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 170.594706][ T6543] input: syz0 as /devices/virtual/input/input13 [ 171.939473][ T6555] udc-core: couldn't find an available UDC or it's busy [ 171.941582][ T6555] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 173.842930][ T4176] Bluetooth: hci2: Frame reassembly failed (-84) [ 174.000490][ T4176] Bluetooth: hci2: Frame reassembly failed (-84) [ 174.204511][ T6565] loop3: detected capacity change from 0 to 256 [ 174.724850][ T6568] input: syz0 as /devices/virtual/input/input14 [ 175.135406][ T6576] loop4: detected capacity change from 0 to 1024 [ 175.199813][ T6576] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 175.656378][ T6580] input: syz0 as /devices/virtual/input/input15 [ 175.773175][ T25] Bluetooth: hci2: command 0x1003 tx timeout [ 175.783429][ T3972] Bluetooth: hci2: sending frame failed (-49) [ 177.790149][ T6589] input: syz0 as /devices/virtual/input/input16 [ 177.936583][ T25] Bluetooth: hci2: command 0x1001 tx timeout [ 177.938156][ T3972] Bluetooth: hci2: sending frame failed (-49) [ 178.699768][ T6602] x_tables: unsorted underflow at hook 3 [ 179.405773][ T6613] loop4: detected capacity change from 0 to 128 [ 179.492833][ T6615] input: syz0 as /devices/virtual/input/input17 [ 180.057886][ T21] Bluetooth: hci2: command 0x1009 tx timeout [ 180.586530][ T6623] 9pnet: Insufficient options for proto=fd [ 180.673813][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 180.673830][ T26] audit: type=1326 audit(180.590:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6625 comm="syz.2.811" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 180.681160][ T26] audit: type=1326 audit(180.590:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6625 comm="syz.2.811" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 180.697696][ T26] audit: type=1326 audit(180.590:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6625 comm="syz.2.811" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 180.708933][ T26] audit: type=1326 audit(180.590:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6625 comm="syz.2.811" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=45 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 180.717015][ T26] audit: type=1326 audit(180.590:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6625 comm="syz.2.811" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b9442a8 code=0x7ffc0000 [ 180.926963][ T6621] input: syz0 as /devices/virtual/input/input18 [ 182.044061][ T6620] netlink: 4 bytes leftover after parsing attributes in process `syz.3.807'. [ 182.056068][ T6640] netlink: 4 bytes leftover after parsing attributes in process `syz.4.814'. [ 183.911615][ T6664] netlink: 'syz.1.824': attribute type 29 has an invalid length. [ 183.971029][ T6664] netlink: 'syz.1.824': attribute type 29 has an invalid length. [ 183.988651][ T6668] netlink: 'syz.1.824': attribute type 29 has an invalid length. [ 184.034500][ T6664] netlink: 'syz.1.824': attribute type 29 has an invalid length. [ 184.051947][ T6664] netlink: 'syz.1.824': attribute type 29 has an invalid length. [ 184.245831][ T6675] netlink: 'syz.2.828': attribute type 21 has an invalid length. [ 184.247998][ T6675] netlink: 'syz.2.828': attribute type 6 has an invalid length. [ 184.249997][ T6675] netlink: 132 bytes leftover after parsing attributes in process `syz.2.828'. [ 185.060252][ T6680] input: syz0 as /devices/virtual/input/input20 [ 186.455601][ T3555] Bluetooth: hci6: command 0x0409 tx timeout [ 186.495136][ T6691] loop4: detected capacity change from 0 to 8192 [ 186.678673][ T6676] chnl_net:caif_netlink_parms(): no params data found [ 188.948636][ T6178] Bluetooth: hci1: Frame reassembly failed (-84) [ 189.103585][ T4014] Bluetooth: hci6: command 0x041b tx timeout [ 189.137435][ T6676] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.139147][ T6676] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.141817][ T6676] device bridge_slave_0 entered promiscuous mode [ 189.160624][ T6676] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.162531][ T6676] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.177501][ T6676] device bridge_slave_1 entered promiscuous mode [ 189.271611][ T6676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.276623][ T6676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.318952][ T6676] team0: Port device team_slave_0 added [ 189.325166][ T6676] team0: Port device team_slave_1 added [ 189.399183][ T6676] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.401000][ T6676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.411302][ T6676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.431582][ T6676] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.437941][ T6676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.457776][ T6676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.595987][ T6676] device hsr_slave_0 entered promiscuous mode [ 189.623979][ T6676] device hsr_slave_1 entered promiscuous mode [ 189.683158][ T6676] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 189.685451][ T6676] Cannot create hsr debugfs directory [ 189.921497][ T6676] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.008946][ T6676] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.013808][ T6752] udc-core: couldn't find an available UDC or it's busy [ 190.023620][ T6752] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 190.094147][ T6676] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.165370][ T648] device hsr_slave_0 left promiscuous mode [ 190.294261][ T648] device hsr_slave_1 left promiscuous mode [ 190.735685][ T4022] Bluetooth: hci1: command 0x1003 tx timeout [ 190.754939][ T3976] Bluetooth: hci1: sending frame failed (-49) [ 190.775229][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 190.811983][ T648] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 190.987788][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 191.080056][ T648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 191.134280][ T4022] Bluetooth: hci6: command 0x040f tx timeout [ 191.148768][ T648] device bridge_slave_1 left promiscuous mode [ 191.157963][ T648] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.195442][ T648] device bridge_slave_0 left promiscuous mode [ 191.197229][ T648] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.213793][ T6148] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 191.333332][ T648] device veth1_macvtap left promiscuous mode [ 191.335068][ T648] device veth0_macvtap left promiscuous mode [ 191.336703][ T648] device veth1_vlan left promiscuous mode [ 191.338785][ T648] device veth0_vlan left promiscuous mode [ 191.637109][ T648] team0 (unregistering): Port device team_slave_1 removed [ 191.650391][ T648] team0 (unregistering): Port device team_slave_0 removed [ 191.664454][ T648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 191.710725][ T648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 191.849092][ T648] bond0 (unregistering): Released all slaves [ 191.978824][ T6676] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.319902][ T6676] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 192.395546][ T6676] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 192.435157][ T6676] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 192.495615][ T6676] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 192.498391][ T2047] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.500233][ T2047] ieee802154 phy1 wpan1: encryption failed: -22 [ 192.658273][ T6676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.331881][ T4022] Bluetooth: hci1: command 0x1001 tx timeout [ 193.334514][ T3976] Bluetooth: hci1: sending frame failed (-49) [ 193.336157][ T21] Bluetooth: hci6: command 0x0419 tx timeout [ 193.345743][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.348177][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.356047][ T6676] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.361483][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.364680][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.367179][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.369003][ T4022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.371303][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.384648][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.387576][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.390054][ T21] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.391818][ T21] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.395094][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.398018][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.411507][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.414645][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.417433][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.420686][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.444292][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.449611][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.481811][ T6676] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.489706][ T6676] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.500217][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.509920][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.512723][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.696664][ T4014] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.698865][ T4014] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.709393][ T6676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.753835][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 193.761238][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 193.790524][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 193.793800][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 193.797166][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 193.802088][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 193.807807][ T6676] device veth0_vlan entered promiscuous mode [ 193.828626][ T6676] device veth1_vlan entered promiscuous mode [ 193.873799][ T6676] device veth0_macvtap entered promiscuous mode [ 193.878210][ T6676] device veth1_macvtap entered promiscuous mode [ 193.887882][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.890929][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.893844][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.896485][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.898852][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.901525][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.904833][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.907705][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.910408][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.913764][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.917703][ T6676] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.922124][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.934288][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.939428][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.942815][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.951346][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.957606][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.961678][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.970734][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.977766][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.982063][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.991164][ T6676] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.999329][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 194.002346][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 194.015304][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 194.017999][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 194.031926][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 194.034687][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 194.037258][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 194.040002][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 194.042592][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 194.054243][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 194.101466][ T6676] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.516932][ T6676] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.950321][ T6676] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.952814][ T6676] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.173313][ T6824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.877'. [ 195.173313][ T4411] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 195.177869][ T4411] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 195.182480][ T4014] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 195.235706][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 195.238327][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 195.243549][ T4014] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 195.338324][ T6828] ALSA: mixer_oss: invalid OSS volume '' [ 195.373487][ T4057] Bluetooth: hci1: command 0x1009 tx timeout [ 197.516079][ T21] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 197.519677][ T21] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 197.626474][ T6562] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 198.111466][ T6869] chnl_net:caif_netlink_parms(): no params data found [ 199.380746][ T6562] Bluetooth: hci7: Frame reassembly failed (-84) [ 199.940555][ T3769] Bluetooth: hci2: command 0x0409 tx timeout [ 200.503418][ T6869] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.507773][ T6869] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.511036][ T6869] device bridge_slave_0 entered promiscuous mode [ 200.521420][ T6869] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.526659][ T6869] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.530456][ T6869] device bridge_slave_1 entered promiscuous mode [ 200.557153][ T6869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.562720][ T6869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.631587][ T6869] team0: Port device team_slave_0 added [ 200.649543][ T6916] input: syz1 as /devices/virtual/input/input22 [ 200.689707][ T6869] team0: Port device team_slave_1 added [ 200.736272][ T6869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.740622][ T6869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.762091][ T6869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.772645][ T6869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.777214][ T6869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.794808][ T6869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.875230][ T6869] device hsr_slave_0 entered promiscuous mode [ 200.940823][ T6869] device hsr_slave_1 entered promiscuous mode [ 200.983873][ T6869] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 200.985869][ T6869] Cannot create hsr debugfs directory [ 201.501609][ T3769] Bluetooth: hci7: command 0x1003 tx timeout [ 201.586929][ T3978] Bluetooth: hci7: sending frame failed (-49) [ 201.934410][ T4018] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 201.938381][ T4018] Bluetooth: hci6: Injecting HCI hardware error event [ 202.002077][ T3978] Bluetooth: hci6: hardware error 0x00 [ 202.013489][ T4057] Bluetooth: hci2: command 0x041b tx timeout [ 202.141654][ T6869] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.152055][ T6934] sctp: [Deprecated]: syz.3.914 (pid 6934) Use of int in maxseg socket option. [ 202.152055][ T6934] Use struct sctp_assoc_value instead [ 202.256283][ T6869] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.353292][ T6938] sock: sock_timestamping_bind_phc: sock not bind to device [ 203.127616][ T6869] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.205563][ T6869] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.339916][ T6951] 9pnet: Could not find request transport: j0xffffffffffffffff0xffffffffffffffff [ 203.373740][ T6562] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 203.387303][ T6869] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 203.411392][ T6955] udc-core: couldn't find an available UDC or it's busy [ 203.413720][ T6955] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 203.424983][ T6869] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 203.485146][ T6869] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 203.517820][ T6869] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 203.613260][ T3555] Bluetooth: hci7: command 0x1001 tx timeout [ 203.615858][ T3976] Bluetooth: hci7: sending frame failed (-49) [ 203.648483][ T26] audit: type=1326 audit(203.620:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6956 comm="syz.3.923" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad4332a8 code=0x7ffc0000 [ 203.655469][ T26] audit: type=1326 audit(203.620:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6956 comm="syz.3.923" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=439 compat=0 ip=0xffffad4332a8 code=0x7ffc0000 [ 203.661290][ T26] audit: type=1326 audit(203.620:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6956 comm="syz.3.923" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad4332a8 code=0x7ffc0000 [ 203.850300][ T648] device hsr_slave_0 left promiscuous mode [ 203.893526][ T648] device hsr_slave_1 left promiscuous mode [ 204.684138][ T4022] Bluetooth: hci2: command 0x040f tx timeout [ 204.714082][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 204.716448][ T648] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 204.726429][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 204.739018][ T648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 204.760103][ T648] device bridge_slave_1 left promiscuous mode [ 204.761767][ T648] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.887836][ T6968] sock: sock_timestamping_bind_phc: sock not bind to device [ 205.040624][ T648] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.693353][ T4057] Bluetooth: hci7: command 0x1009 tx timeout [ 205.773232][ T648] device veth1_macvtap left promiscuous mode [ 205.774750][ T648] device veth0_macvtap left promiscuous mode [ 205.776330][ T648] device veth1_vlan left promiscuous mode [ 205.777857][ T648] device veth0_vlan left promiscuous mode [ 206.625129][ T4057] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 206.743500][ T4022] Bluetooth: hci2: command 0x0419 tx timeout [ 206.936804][ T648] team0 (unregistering): Port device team_slave_1 removed [ 206.952054][ T648] team0 (unregistering): Port device team_slave_0 removed [ 206.967338][ T648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.010268][ T648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.232583][ T648] bond0 (unregistering): Released all slaves [ 207.340474][ T6869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.363738][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.366194][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.395841][ T6869] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.401583][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.404385][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.406904][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.408850][ T4022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.411179][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.448041][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.450689][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.453384][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.455330][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.457750][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.461025][ T4463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.562138][ T7008] sock: sock_timestamping_bind_phc: sock not bind to device [ 207.642483][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.704030][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.819189][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.958839][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.093960][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 208.190164][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.303299][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.312241][ T4057] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.348464][ T6869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.373338][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.526471][ T7021] netlink: 16 bytes leftover after parsing attributes in process `syz.4.945'. [ 208.809169][ T7015] chnl_net:caif_netlink_parms(): no params data found [ 208.876822][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 208.879131][ T4018] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 208.923395][ T6869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.953825][ T7015] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.955852][ T7015] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.960883][ T7015] device bridge_slave_0 entered promiscuous mode [ 208.977291][ T7015] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.979224][ T7015] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.982169][ T7015] device bridge_slave_1 entered promiscuous mode [ 208.998871][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 209.007109][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 209.137061][ T4176] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 209.160787][ T7048] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 209.167643][ T7015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.175775][ T7015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.190968][ T7048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.952'. [ 210.193874][ T294] Bluetooth: hci5: Frame reassembly failed (-84) [ 210.210467][ T7015] team0: Port device team_slave_0 added [ 210.242362][ T7015] team0: Port device team_slave_1 added [ 210.274585][ T3978] [ 210.275173][ T3978] ============================================ [ 210.276648][ T3978] WARNING: possible recursive locking detected [ 210.278022][ T3978] 5.15.163-syzkaller #0 Not tainted [ 210.279365][ T3978] -------------------------------------------- [ 210.280956][ T3978] kworker/u5:4/3978 is trying to acquire lock: [ 210.282589][ T3978] ffff0000ce538138 ((wq_completion)hci6){+.+.}-{0:0}, at: flush_workqueue+0x120/0x11c4 [ 210.285070][ T3978] [ 210.285070][ T3978] but task is already holding lock: [ 210.287022][ T3978] ffff0000ce538138 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 [ 210.289643][ T3978] [ 210.289643][ T3978] other info that might help us debug this: [ 210.291550][ T3978] Possible unsafe locking scenario: [ 210.291550][ T3978] [ 210.293439][ T3978] CPU0 [ 210.294309][ T3978] ---- [ 210.295215][ T3978] lock((wq_completion)hci6); [ 210.296638][ T3978] lock((wq_completion)hci6); [ 210.297934][ T3978] [ 210.297934][ T3978] *** DEADLOCK *** [ 210.297934][ T3978] [ 210.299983][ T3978] May be due to missing lock nesting notation [ 210.299983][ T3978] [ 210.302223][ T3978] 2 locks held by kworker/u5:4/3978: [ 210.303450][ T3978] #0: ffff0000ce538138 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 [ 210.306087][ T3978] #1: ffff80001c6b7c00 ((work_completion)(&hdev->error_reset)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 [ 210.309294][ T3978] [ 210.309294][ T3978] stack backtrace: [ 210.310802][ T3978] CPU: 0 PID: 3978 Comm: kworker/u5:4 Not tainted 5.15.163-syzkaller #0 [ 210.312856][ T3978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 210.315440][ T3978] Workqueue: hci6 hci_error_reset [ 210.316764][ T3978] Call trace: [ 210.317557][ T3978] dump_backtrace+0x0/0x530 [ 210.318739][ T3978] show_stack+0x2c/0x3c [ 210.319889][ T3978] dump_stack_lvl+0x108/0x170 [ 210.321005][ T3978] dump_stack+0x1c/0x58 [ 210.322049][ T3978] __lock_acquire+0x62bc/0x7638 [ 210.323371][ T3978] lock_acquire+0x240/0x77c [ 210.324557][ T3978] flush_workqueue+0x14c/0x11c4 [ 210.325969][ T3978] drain_workqueue+0xb8/0x32c [ 210.327181][ T3978] destroy_workqueue+0x80/0xa34 [ 210.328407][ T3978] hci_release_dev+0x118/0x116c [ 210.329678][ T3978] bt_host_release+0x70/0x88 [ 210.330943][ T3978] device_release+0x8c/0x1ac [ 210.332128][ T3978] kobject_put+0x2c4/0x438 [ 210.333282][ T3978] put_device+0x28/0x40 [ 210.334371][ T3978] hci_error_reset+0x124/0x2b8 [ 210.335481][ T3978] process_one_work+0x790/0x11b8 [ 210.337160][ T3978] worker_thread+0x910/0x1034 [ 210.338501][ T3978] kthread+0x37c/0x45c SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 210.339505][ T3978] ret_from_fork+0x10/0x20 [ 210.359312][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 210.380052][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 210.382655][ T6869] device veth0_vlan entered promiscuous mode [ 210.484057][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 210.486314][ T6148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 210.508137][ T4022] Bluetooth: hci1: command 0x0409 tx timeout [ 211.425155][ T648] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.458808][ T648] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.497929][ T648] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.549699][ T648] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.253379][ T4388] Bluetooth: hci5: command 0x1003 tx timeout [ 212.255165][ T3972] Bluetooth: hci5: sending frame failed (-49) [ 212.974064][ T136] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 213.933907][ T648] device hsr_slave_0 left promiscuous mode [ 213.993322][ T648] device hsr_slave_1 left promiscuous mode [ 214.073256][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.075315][ T648] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.077780][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.079712][ T648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.081998][ T648] device bridge_slave_1 left promiscuous mode [ 214.083832][ T648] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.124685][ T648] device bridge_slave_0 left promiscuous mode [ 214.126507][ T648] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.178708][ T136] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 214.186153][ T648] device hsr_slave_0 left promiscuous mode [ 214.258434][ T648] device hsr_slave_1 left promiscuous mode [ 214.333551][ T6148] Bluetooth: hci5: command 0x1001 tx timeout [ 214.335683][ T3972] Bluetooth: hci5: sending frame failed (-49) [ 214.343210][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.345290][ T648] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.348003][ T648] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.349976][ T648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.352295][ T648] device bridge_slave_1 left promiscuous mode [ 214.354088][ T648] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.403909][ T648] device bridge_slave_0 left promiscuous mode [ 214.405441][ T648] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.543277][ T648] device veth1_macvtap left promiscuous mode [ 214.545121][ T648] device veth0_macvtap left promiscuous mode [ 214.546694][ T648] device veth1_vlan left promiscuous mode [ 214.548288][ T648] device veth0_vlan left promiscuous mode [ 214.633290][ T648] device veth1_macvtap left promiscuous mode [ 214.634993][ T648] device veth0_macvtap left promiscuous mode [ 214.636618][ T648] device veth1_vlan left promiscuous mode [ 214.638050][ T648] device veth0_vlan left promiscuous mode [ 214.844544][ T648] team0 (unregistering): Port device team_slave_1 removed [ 214.850586][ T648] team0 (unregistering): Port device team_slave_0 removed [ 214.856550][ T648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 214.889644][ T648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 214.998356][ T648] bond0 (unregistering): Released all slaves [ 215.140254][ T648] team0 (unregistering): Port device team_slave_1 removed [ 215.148375][ T648] team0 (unregistering): Port device team_slave_0 removed [ 215.154078][ T648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.208020][ T648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.319165][ T648] bond0 (unregistering): Released all slaves [ 216.413376][ T4388] Bluetooth: hci5: command 0x1009 tx timeout [ 218.940214][ T648] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.997372][ T648] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.057852][ T648] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.097841][ T648] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.256606][ T648] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.287194][ T648] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.321333][ T648] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.367858][ T648] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0