last executing test programs: 2m55.93805411s ago: executing program 2 (id=4025): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x2, 0x4) bind$inet(r2, &(0x7f0000000280)={0x2, 0x5e21, @empty}, 0x10) 2m55.626135271s ago: executing program 2 (id=4017): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160-generic\x00'}, 0x58) accept(r0, 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000080), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r2}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r1], 0x48}}, 0x0) 2m55.305480524s ago: executing program 2 (id=4020): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000840), r2) sendmsg$TIPC_NL_NET_SET(r2, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000880)={0x14, r3, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x40004) 2m55.167534247s ago: executing program 2 (id=4022): r0 = userfaultfd(0x80001) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5']) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ftruncate(r1, 0x8008976) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x738}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000200)={{&(0x7f0000463000/0x4000)=nil, 0x4000}, 0x1}) 2m54.904232144s ago: executing program 2 (id=4036): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x280449c, 0x0) 2m54.763860078s ago: executing program 2 (id=4028): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001800150000000000ffffffff0a0000000202000000000000240009801c00000000000000140005"], 0x40}], 0x1}, 0x0) 2m54.532594821s ago: executing program 32 (id=4028): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001800150000000000ffffffff0a0000000202000000000000240009801c00000000000000140005"], 0x40}], 0x1}, 0x0) 2m46.077584995s ago: executing program 1 (id=4141): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40004) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@ipv6_newnexthop={0x1c, 0x68, 0x1, 0x70bd25, 0x25dfdbff, {}, [@NHA_FDB={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0xc802) 2m45.873044585s ago: executing program 1 (id=4144): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001400add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000800ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1) 2m45.601717273s ago: executing program 1 (id=4146): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000100)={'ip6tnl0\x00', 0x0, 0x11, 0xc7, 0x2, 0x5, 0xd, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x13}}, @mcast2, 0x7, 0x80, 0x0, 0x3ff}}) 2m45.405385193s ago: executing program 1 (id=4149): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x12c5008, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/sctp\x00') mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0) mount$9p_unix(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x321f008, 0x0) r1 = open_tree(r0, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/sctp\x00') 2m45.13882832s ago: executing program 1 (id=4153): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x6c, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x0, @loopback={0x2d21}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) 2m44.647163949s ago: executing program 1 (id=4162): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r3, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000240)="3d4077e50823a7746c0ee30dd0afdfb5ff2a258d495dc9d2c2a25bc7dc0b11bde0d15d0770675db17901", 0x2a}, {&(0x7f0000000080)="b28231adddba8ed6f23bf98ca8caa015ab797f57", 0x14}], 0x2, 0x0) recvmmsg(r3, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/111}]}}], 0x700, 0x40002002, 0x0) write$binfmt_misc(r2, &(0x7f0000000040), 0xffc1) setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f0000000180)=0x55b7, 0x4) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 2m44.404604954s ago: executing program 33 (id=4162): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r3, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000240)="3d4077e50823a7746c0ee30dd0afdfb5ff2a258d495dc9d2c2a25bc7dc0b11bde0d15d0770675db17901", 0x2a}, {&(0x7f0000000080)="b28231adddba8ed6f23bf98ca8caa015ab797f57", 0x14}], 0x2, 0x0) recvmmsg(r3, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/111}]}}], 0x700, 0x40002002, 0x0) write$binfmt_misc(r2, &(0x7f0000000040), 0xffc1) setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f0000000180)=0x55b7, 0x4) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 1m25.615172367s ago: executing program 0 (id=5309): r0 = getpid() rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xd4000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r2, @ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x22020600) r3 = syz_pidfd_open(r0, 0x0) setns(r3, 0x24020000) 1m25.451480914s ago: executing program 0 (id=5312): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r4 = socket(0x11, 0x800000003, 0x0) bind$packet(r4, &(0x7f0000000d00)={0x11, 0x0, r3, 0x1, 0x7f, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb5}}, 0x14) 1m25.29365515s ago: executing program 0 (id=5315): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r2) add_key$keyring(&(0x7f0000000340), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, r3) keyctl$KEYCTL_MOVE(0x1e, r3, r3, r2, 0x1) 1m25.149665544s ago: executing program 0 (id=5320): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x12c5008, 0x0) 1m23.766966764s ago: executing program 0 (id=5325): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) setuid(0xee01) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r2, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000000100)={0x14, 0x2, 0x2, 0x201, 0x0, 0x0, {0xa, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x4048800) 1m23.245174387s ago: executing program 0 (id=5334): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r2, 0x0, 0x10, &(0x7f0000000080)="17000000", 0x4) 1m22.841560878s ago: executing program 34 (id=5334): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r2, 0x0, 0x10, &(0x7f0000000080)="17000000", 0x4) 19.602736511s ago: executing program 6 (id=6207): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6(0xa, 0x2, 0x0) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r2, 0x30925) keyctl$get_security(0x11, r2, 0x0, 0x0) 19.498398991s ago: executing program 5 (id=6209): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4}, 0xe) 19.398720781s ago: executing program 6 (id=6211): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$kvm(0xffffffffffffff9c, 0x0, 0x230802, 0x0) 19.332749828s ago: executing program 5 (id=6212): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x0) 19.181674073s ago: executing program 6 (id=6215): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) prctl$PR_CAPBSET_DROP(0x18, 0x26) 19.158741946s ago: executing program 5 (id=6216): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x4, 0x5, 0x7, 0x401, 0x25, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10, 0x80, 0x5}}) 18.967235225s ago: executing program 6 (id=6218): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket(0x1, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000040)=0x7, 0x4) readv(r2, &(0x7f0000003600)=[{&(0x7f0000002340)=""/138, 0x8a}], 0x1) 18.833427358s ago: executing program 5 (id=6220): write(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x40000000000001, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x20000328) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848360000005e140602000000000e000a00100000", 0x27}, {&(0x7f0000000200)="ef7f513cb53f563df86e6ff4199de5567ba1ea96d2eadcd67c70b7876fb26228bbc649975acab6b2f49b02d74fb84a0f295d5285866c76b77baf8014faa60aafcbe96618a6ae29ee29109c3684de0603b957c747277d6992bdd465f9c491cdcc114bafbbc228bd26b9af6f6c4d804547873b88d349277cee0b1e", 0x7a}], 0x2}, 0x0) 18.234791469s ago: executing program 5 (id=6224): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) splice(r2, 0x0, r3, 0x0, 0x6, 0x0) 17.322627981s ago: executing program 4 (id=6228): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x33, &(0x7f00000a2000)={0x0, 0x0}, 0x10) 17.215597572s ago: executing program 6 (id=6229): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, 0x0) 17.113332272s ago: executing program 5 (id=6231): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) read$FUSE(r0, &(0x7f00000009c0)={0x2020}, 0x2020) timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) 17.112534502s ago: executing program 7 (id=6232): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) ioperm(0x0, 0x1, 0x1) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800714, &(0x7f0000000500), 0x1, 0x488, &(0x7f0000001640)="$eJzs3M1rXFUbAPDn3iT9bpO3b622thqtYvEjadKqXbhQUXChIOiiLmOS1tppI00EW4JGkbqUgntxKfgXuNKNqAsR3Cq4lELRIDR1FblfzXQySZM0ydjM7weTOefec+ecZ+49M+fekzsBtK3e7E8SsSMifo2I7iJ7c4He4mlmenL4+vTkcBKzs6/9meTlrk1PDldFq+22l5nDaUT6cRLPJvPrHb9w8cxQrTZ6vsz3T5x9p3/8wsUnTp8dOjV6avTc4PHjx44OPP3U4JOrEmcW17X9748d2PfSG5dfGT5x+c0fvsqatfdgsb4+jlu63iSgpr6J+Gs217jm4SVXdmfYWZdOOlvYEJalIyKy3dWV9//u6Ii5ndcdL37U0sYBayr7btq88OqpWWADS6LVLQBao/qiz85/q8c6DT3+E64+F7GpTM9MTw7P3Ii/M9Jyedca1t8bESem/vk8e8Ryr0MAAKxAPrZ5vNn4L429+XMx17GrnEPpiYj/RU/sjoj/R8SeiLgrIi97d0TcU2w8273E+nsb8vPHP+mVpm1eJdn475m6sd9MXfzlU09HmduZx9+VnDxdGz1SvieHo2tzlh9YpI5vX/jl04XW1Y//skdWfzUWLBtwpbPhAt3I0MTQar0JVz+M2N/ZLP7kxkxAdgTsi4j9y3vpXVXi9KNfHlio0K3jX8QqzDPNfhHxSLH/p6Ih/kqy+Pxk/5aojR7pr46K+X78+dKrC9V/W/Gvgmz/b7v5+G8o0f13UszXdkWtNnp+fPl1XPrtkwXPaVZ6/G9KXs/nrH96q1j23tDExPmBiE3Jy3m+OqfLlw/ObVvlq/JZ/IcPNe//u8ttsvjvjYgDsxEHI+K+iLi/bPsDEfFgRBxaJP7vn3/o7UXiTyKJlu7/kaaffzeO/56kfr5+BYmOM999vdCM+dL2/7GYyj9rC/nn3y0stYG3+fYBAADAHSGNiB2RpH1FundHpGlfX/E//HtiW1obG5947OTYu+dGinsEeqIrra50ddddDx1IpspXLPKD5bXiav3R/LpxxGcdW/N83/BYbaTFsUO7235z/4+q/2f+6Gh164A1534taF+N/T9tUTuA9beU73/nArAxNen/W1vRDmD9Of+H9tWs/3/QkDf+h41pfv//vclP1gEbkfE/tC/9H9qX/g9t6Xbu6195orpZYOWvs2XJd/i3S6L6xYu1rGtrzC2JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4NAAD//7n06Go=") 16.802368913s ago: executing program 4 (id=6234): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) 16.801643064s ago: executing program 7 (id=6244): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008020000d9"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000003e7400850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 16.792607685s ago: executing program 6 (id=6235): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) unshare(0x62040200) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet(0x2, 0x3, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00', 0x10) sendmmsg$inet(r2, &(0x7f0000000280)=[{{&(0x7f0000000240)={0x2, 0x4e01, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00\x00\x00\x00\x00', @ANYRESDEC], 0x38}}], 0x1, 0x46000) 16.474141927s ago: executing program 3 (id=6236): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) pipe2$9p(0x0, 0x880) 16.333497191s ago: executing program 7 (id=6237): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) 1.4803316s ago: executing program 4 (id=6238): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) 1.47993277s ago: executing program 3 (id=6239): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x55) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000180)={[{@grpjquota}, {@barrier_val={'barrier', 0x3d, 0x1}}]}, 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") 1.47772689s ago: executing program 3 (id=6240): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x4, 0x5, 0x7, 0x401, 0x25, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10, 0x80, 0x5}}) 1.477351191s ago: executing program 4 (id=6241): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) dup2(0xffffffffffffffff, 0xffffffffffffffff) 1.475220431s ago: executing program 3 (id=6242): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) process_vm_writev(0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0x0) 1.474838531s ago: executing program 7 (id=6243): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) truncate(0x0, 0x32e3) 1.474494491s ago: executing program 3 (id=6245): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) renameat2(0xffffffffffffffff, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, 0x0, 0x4) 1.474028061s ago: executing program 7 (id=6246): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x5]}, 0x8) close(r2) syz_usb_connect(0x0, 0x41, &(0x7f0000001a80)=ANY=[], 0x0) ioctl$GIO_UNIMAP(r2, 0x4b66, 0x0) 1.473652451s ago: executing program 4 (id=6247): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, 0x0, &(0x7f0000000140)) 1.472958931s ago: executing program 35 (id=6231): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) read$FUSE(r0, &(0x7f00000009c0)={0x2020}, 0x2020) timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) 1.406560178s ago: executing program 36 (id=6235): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) unshare(0x62040200) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet(0x2, 0x3, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00', 0x10) sendmmsg$inet(r2, &(0x7f0000000280)=[{{&(0x7f0000000240)={0x2, 0x4e01, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00\x00\x00\x00\x00', @ANYRESDEC], 0x38}}], 0x1, 0x46000) 365.949µs ago: executing program 7 (id=6248): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x1000}, 0x4) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f00000003c0)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) 146.4µs ago: executing program 3 (id=6251): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0xe8034000, 0x0, 0xfffffffffffffe32, 0x0, 0x0, 0x5dc}, 0x50) 0s ago: executing program 4 (id=6252): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) ioprio_set$pid(0x1, 0xffffffffffffffff, 0x6003) kernel console output (not intermixed with test programs): ated). [ 260.356834][T10151] loop1: detected capacity change from 0 to 1024 [ 260.434173][T10151] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 260.777056][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 262.574859][ T26] audit: type=1326 audit(1763421712.164:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10205 comm="syz.0.2634" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x0 [ 263.381254][T10262] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2657'. [ 263.708453][ T52] block nbd4: Attempted send on invalid socket [ 263.715103][ T52] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 263.725749][T10269] XFS (nbd4): SB validate failed with error -5. [ 263.859984][T10280] loop2: detected capacity change from 0 to 1024 [ 263.992130][T10280] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 264.011385][T10280] ext4 filesystem being mounted at /517/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 264.037026][T10283] loop4: detected capacity change from 0 to 1024 [ 264.055412][T10283] EXT4-fs: Ignoring removed mblk_io_submit option [ 264.061907][T10283] EXT4-fs: Ignoring removed oldalloc option [ 264.086440][T10283] EXT4-fs: Ignoring removed nomblk_io_submit option [ 264.123816][T10287] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2666'. [ 264.143080][T10283] /dev/loop4: Can't open blockdev [ 264.164534][ T4276] EXT4-fs (loop2): unmounting filesystem. [ 264.858915][T10306] loop2: detected capacity change from 0 to 1024 [ 264.911720][T10306] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 265.232809][ T4276] EXT4-fs (loop2): unmounting filesystem. [ 265.408927][T10319] netlink: 'syz.3.2681': attribute type 28 has an invalid length. [ 266.510285][T10349] loop0: detected capacity change from 0 to 764 [ 267.716536][T10381] loop0: detected capacity change from 0 to 512 [ 268.395050][ T4349] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 268.500120][T10405] netlink: 'syz.1.2720': attribute type 12 has an invalid length. [ 268.615030][ T4349] usb 3-1: Using ep0 maxpacket: 8 [ 268.621888][ T4349] usb 3-1: too many endpoints for config 0 interface 0 altsetting 250: 251, using maximum allowed: 30 [ 268.655090][ T4349] usb 3-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 251 [ 268.695004][ T4349] usb 3-1: config 0 interface 0 has no altsetting 0 [ 268.702096][ T4349] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 268.745011][ T4349] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.775897][ T4349] usb 3-1: config 0 descriptor?? [ 268.987374][ T4349] usbhid 3-1:0.0: can't add hid device: -71 [ 268.993502][ T4349] usbhid: probe of 3-1:0.0 failed with error -71 [ 269.041734][ T4349] usb 3-1: USB disconnect, device number 7 [ 269.670924][T10433] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2732'. [ 269.759004][T10439] overlayfs: failed to resolve './file0': -2 [ 269.993977][T10446] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2740'. [ 270.623177][T10463] binder: 10462:10463 ioctl c0306201 200000000300 returned -11 [ 270.806738][ T4349] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 270.843080][T10473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2750'. [ 271.006601][ T4349] usb 2-1: Using ep0 maxpacket: 8 [ 271.036307][ T4349] usb 2-1: too many endpoints for config 0 interface 0 altsetting 250: 251, using maximum allowed: 30 [ 271.062623][ T4349] usb 2-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 251 [ 271.093099][ T4349] usb 2-1: config 0 interface 0 has no altsetting 0 [ 271.104182][ T4349] usb 2-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 271.121489][ T4349] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.143933][ T4349] usb 2-1: config 0 descriptor?? [ 271.362315][ T4349] usbhid 2-1:0.0: can't add hid device: -71 [ 271.371940][ T4349] usbhid: probe of 2-1:0.0 failed with error -71 [ 271.407367][ T4349] usb 2-1: USB disconnect, device number 9 [ 271.451918][T10489] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 271.481552][T10489] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 271.491425][T10489] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 271.510384][T10489] device bridge_slave_0 left promiscuous mode [ 271.519113][T10489] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.547878][T10489] device bridge_slave_1 left promiscuous mode [ 271.554217][T10489] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.574857][T10489] bond0: (slave bond_slave_0): Releasing backup interface [ 271.756708][T10489] bond0: (slave bond_slave_1): Releasing backup interface [ 272.109342][T10489] team0: Port device team_slave_0 removed [ 272.167092][T10489] team0: Port device team_slave_1 removed [ 272.184037][T10489] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 272.199349][T10489] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 272.219987][T10489] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 272.230815][T10489] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 272.322165][T10500] netlink: 'syz.1.2763': attribute type 11 has an invalid length. [ 272.340846][T10500] netlink: 'syz.1.2763': attribute type 2 has an invalid length. [ 273.294997][T10541] IPVS: length: 112 != 8 [ 273.939281][T10569] 9pnet_fd: Insufficient options for proto=fd [ 275.409422][T10634] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2829'. [ 276.382168][T10682] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 276.444249][T10682] device bridge_slave_0 left promiscuous mode [ 276.481324][T10682] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.530580][T10682] device bridge_slave_1 left promiscuous mode [ 276.541087][T10682] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.554238][T10682] bond0: (slave bond_slave_0): Releasing backup interface [ 276.583187][T10682] bond0: (slave bond_slave_1): Releasing backup interface [ 276.677867][T10682] team0: Port device team_slave_0 removed [ 276.725555][T10682] team0: Port device team_slave_1 removed [ 276.732151][T10682] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 276.755756][T10682] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 276.781905][T10682] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 276.800295][T10682] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 276.895673][T10688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2854'. [ 277.633500][T10724] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2871'. [ 277.811977][T10729] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 277.857789][T10729] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 277.885552][T10729] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 277.910203][T10729] device bridge_slave_0 left promiscuous mode [ 277.944704][T10729] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.977115][T10729] device bridge_slave_1 left promiscuous mode [ 277.985760][T10729] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.175599][T10741] loop0: detected capacity change from 0 to 512 [ 278.196739][T10741] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 278.235007][T10741] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 278.258641][T10729] bond0: (slave bond_slave_0): Releasing backup interface [ 278.301542][T10741] EXT4-fs (loop0): 1 truncate cleaned up [ 278.307656][T10741] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 278.323449][T10729] bond0: (slave bond_slave_1): Releasing backup interface [ 278.359823][ T4278] EXT4-fs (loop0): unmounting filesystem. [ 278.445563][T10729] team0: Port device team_slave_0 removed [ 278.500125][T10729] team0: Port device team_slave_1 removed [ 278.527114][T10729] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.559217][T10729] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 278.574776][T10729] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.592518][T10729] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 279.115843][T10766] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2887'. [ 279.163617][ T26] audit: type=1326 audit(1763421728.754:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 279.238381][ T26] audit: type=1326 audit(1763421728.784:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 279.363355][ T26] audit: type=1326 audit(1763421728.784:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 279.431999][ T26] audit: type=1326 audit(1763421728.784:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 279.528025][ T26] audit: type=1326 audit(1763421728.784:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 279.952643][T10803] can0: slcan on ptm0. [ 280.171009][T10814] loop4: detected capacity change from 0 to 512 [ 280.180234][T10812] netlink: 'syz.0.2909': attribute type 10 has an invalid length. [ 280.197013][T10799] can0 (unregistered): slcan off ptm0. [ 280.212286][T10814] /dev/loop4: Can't open blockdev [ 280.216315][T10812] team0: Cannot enslave team device to itself [ 282.053125][T10889] overlayfs: missing 'lowerdir' [ 282.551655][T10913] netlink: 'syz.0.2943': attribute type 2 has an invalid length. [ 282.581433][T10913] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2943'. [ 283.123756][T10925] loop2: detected capacity change from 0 to 4096 [ 283.179172][T10925] EXT4-fs (loop2): Test dummy encryption mode enabled [ 283.312351][T10925] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 283.386984][T10925] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 283.550396][ T4276] EXT4-fs (loop2): unmounting filesystem. [ 283.974668][T10960] netlink: 'syz.4.2963': attribute type 10 has an invalid length. [ 284.046081][T10960] team0: Cannot enslave team device to itself [ 284.191617][T10970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2968'. [ 284.330041][T10974] loop0: detected capacity change from 0 to 256 [ 284.746381][T10994] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2980'. [ 284.779389][T10994] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2980'. [ 284.817280][T10996] netlink: 680 bytes leftover after parsing attributes in process `syz.3.2981'. [ 284.836736][T10998] netlink: 'syz.2.2982': attribute type 10 has an invalid length. [ 284.879361][T10998] team0: Cannot enslave team device to itself [ 286.242007][T11048] xt_CT: You must specify a L4 protocol and not use inversions on it [ 286.679624][T11064] loop4: detected capacity change from 0 to 4096 [ 286.717476][T11064] /dev/loop4: Can't open blockdev [ 286.794668][ T4958] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 287.541144][T11079] overlayfs: missing 'lowerdir' [ 289.671788][T11143] netlink: 288 bytes leftover after parsing attributes in process `syz.2.3051'. [ 290.598013][T11172] netlink: 'syz.0.3065': attribute type 19 has an invalid length. [ 292.829714][T11247] netlink: 'syz.3.3097': attribute type 4 has an invalid length. [ 292.915764][T11247] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 293.303410][T11264] delete_channel: no stack [ 294.731600][T11318] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 295.406851][T11339] mmap: syz.4.3141 (11339): VmData 50036736 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 295.665046][ T4680] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 295.818292][T11352] loop4: detected capacity change from 0 to 512 [ 295.837458][T11352] EXT4-fs: Ignoring removed oldalloc option [ 295.855084][ T4680] usb 3-1: Using ep0 maxpacket: 32 [ 295.862074][T11352] /dev/loop4: Can't open blockdev [ 295.868156][ T4680] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 295.896986][ T4680] usb 3-1: config 0 has no interface number 0 [ 295.913406][ T4680] usb 3-1: config 0 interface 89 has no altsetting 0 [ 295.940824][ T4680] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 295.966647][ T4680] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.980803][ T4680] usb 3-1: Product: syz [ 295.986025][ T4680] usb 3-1: Manufacturer: syz [ 295.990667][ T4680] usb 3-1: SerialNumber: syz [ 296.029850][ T4680] usb 3-1: config 0 descriptor?? [ 296.061308][ T4680] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 296.088153][ T4680] em28xx 3-1:0.89: Video interface 89 found: bulk [ 296.644871][T11374] binder: 11373:11374 ioctl 400c620e 0 returned -14 [ 296.662886][ T4680] em28xx 3-1:0.89: unknown em28xx chip ID (0) [ 297.491534][ T4680] em28xx 3-1:0.89: writing to i2c device at 0xa0 failed (error=-5) [ 297.511584][ T4680] em28xx 3-1:0.89: failed to read eeprom (err=-5) [ 297.521730][ T4680] em28xx 3-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 297.610085][ T4680] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67) [ 297.637260][ T4680] em28xx 3-1:0.89: analog set to bulk mode. [ 297.662851][ T4680] usb 3-1: USB disconnect, device number 8 [ 297.680530][ T4680] em28xx 3-1:0.89: Disconnecting em28xx [ 297.708120][ T4687] em28xx 3-1:0.89: Registering V4L2 extension [ 297.742679][T11405] xt_CT: No such helper "pptp" [ 297.925254][ T4687] em28xx 3-1:0.89: Config register raw data: 0xffffffed [ 297.932837][ T4687] em28xx 3-1:0.89: AC97 chip type couldn't be determined [ 297.955496][ T4687] em28xx 3-1:0.89: No AC97 audio processor [ 298.006583][ T4687] usb 3-1: Decoder not found [ 298.011248][ T4687] em28xx 3-1:0.89: failed to create media graph [ 298.050156][ T4687] em28xx 3-1:0.89: V4L2 device video103 deregistered [ 298.113836][ T4687] em28xx 3-1:0.89: Registering snapshot button... [ 298.153583][ T4687] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input17 [ 298.201085][ T4687] em28xx 3-1:0.89: Remote control support is not available for this card. [ 298.235495][ T4680] em28xx 3-1:0.89: Closing input extension [ 298.243839][ T4680] em28xx 3-1:0.89: Deregistering snapshot button [ 298.338824][ T4680] em28xx 3-1:0.89: Freeing device [ 299.339996][T11473] loop1: detected capacity change from 0 to 256 [ 299.374104][T11473] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 299.399698][T11473] FAT-fs (loop1): Filesystem has been set read-only [ 299.434865][T11473] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 299.462915][T11473] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 299.494055][ T26] audit: type=1800 audit(2000000015.420:574): pid=11473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3201" name="file1" dev="loop1" ino=1048606 res=0 errno=0 [ 299.652395][T11473] syz.1.3201 (11473) used greatest stack depth: 20704 bytes left [ 300.568308][T11522] loop0: detected capacity change from 0 to 2048 [ 300.640436][T11522] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 300.686216][T11522] ext4 filesystem being mounted at /649/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 300.900357][ T4278] EXT4-fs (loop0): unmounting filesystem. [ 301.349451][T11560] loop0: detected capacity change from 0 to 128 [ 301.406542][T11560] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 301.432218][T11560] ext4 filesystem being mounted at /651/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 301.560412][ T4278] EXT4-fs (loop0): unmounting filesystem. [ 302.165169][T11597] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3257'. [ 302.868217][T11622] loop4: detected capacity change from 0 to 1024 [ 302.889274][T11622] EXT4-fs: Ignoring removed i_version option [ 302.917967][T11622] EXT4-fs: Ignoring removed nobh option [ 302.940130][T11626] Cannot find add_set index 4 as target [ 302.964349][T11622] EXT4-fs: Ignoring removed orlov option [ 302.994089][T11622] EXT4-fs: Ignoring removed bh option [ 303.019191][T11622] ext4: Unknown parameter 'noacl' [ 303.553258][T11649] netlink: 13 bytes leftover after parsing attributes in process `syz.0.3282'. [ 303.815964][T11659] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3287'. [ 304.217477][T11674] loop1: detected capacity change from 0 to 1024 [ 304.304090][T11674] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 304.570458][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 305.470570][T11729] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3315'. [ 305.496764][T11733] loop2: detected capacity change from 0 to 512 [ 305.551759][T11733] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 305.565039][T11733] System zones: 1-12 [ 305.591269][T11733] EXT4-fs error (device loop2): dx_probe:823: inode #2: comm syz.2.3317: Directory hole found for htree index block 0 [ 305.615373][T11733] EXT4-fs (loop2): Remounting filesystem read-only [ 305.622798][T11733] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117 [ 305.705607][T11733] EXT4-fs error (device loop2): dx_probe:823: inode #2: comm syz.2.3317: Directory hole found for htree index block 0 [ 305.790012][T11733] EXT4-fs (loop2): Remounting filesystem read-only [ 305.805357][T11733] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 305.835036][T11733] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 305.912670][T11733] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 306.030663][ T4276] EXT4-fs (loop2): unmounting filesystem. [ 306.074605][T11752] loop4: detected capacity change from 0 to 128 [ 306.829163][T11780] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 306.901216][T11780] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 306.951705][T11780] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 306.995713][T11780] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 307.075368][T11787] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3339'. [ 307.312555][T11795] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3343'. [ 307.493477][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.528510][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.552746][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.571182][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.587848][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.595887][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.603393][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.612211][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.619998][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.628176][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.636131][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.644006][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.659208][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.667065][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.674625][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.682817][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.705062][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.723525][ T4680] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 307.755034][ T4680] hid-generic 0003:0004:0000.0004: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 308.094249][T11818] fido_id[11818]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 308.165113][T11827] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 308.733423][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.767388][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.795300][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.809729][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.833087][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.850169][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.855742][T11853] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3370'. [ 308.865947][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.884318][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.894246][T11853] bridge_slave_0: default FDB implementation only supports local addresses [ 308.901201][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.920660][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.945017][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.972974][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.980749][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.990798][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 308.998494][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 309.020386][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 309.035082][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 309.053317][ T4349] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 309.095494][ T4349] hid-generic 0003:0004:0000.0005: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 309.427461][T11877] 9pnet_fd: Insufficient options for proto=fd [ 309.450344][T11872] fido_id[11872]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 310.377737][T11915] loop2: detected capacity change from 0 to 128 [ 310.461173][T11919] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3400'. [ 310.815188][ T48] Bluetooth: hci4: command 0x0405 tx timeout [ 312.022159][T11985] loop1: detected capacity change from 0 to 512 [ 312.048175][T11985] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 312.062030][T11985] System zones: 1-12 [ 312.070672][T11987] mkiss: ax0: crc mode is auto. [ 312.084515][T11985] EXT4-fs error (device loop1): dx_probe:823: inode #2: comm syz.1.3431: Directory hole found for htree index block 0 [ 312.105501][T11985] EXT4-fs (loop1): Remounting filesystem read-only [ 312.139964][T11985] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -117 [ 312.159958][T11985] EXT4-fs error (device loop1): dx_probe:823: inode #2: comm syz.1.3431: Directory hole found for htree index block 0 [ 312.174096][T11985] EXT4-fs (loop1): Remounting filesystem read-only [ 312.191163][T11985] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 312.199555][T11985] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 312.230092][T11985] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 312.245024][T11993] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3434'. [ 312.374318][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 312.548695][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 312.587281][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 312.622177][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 312.886825][T12017] device sit0 entered promiscuous mode [ 312.923330][T12017] netlink: 'syz.3.3445': attribute type 1 has an invalid length. [ 312.953908][T12017] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3445'. [ 313.754828][T12052] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3462'. [ 313.918985][T12060] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 315.345884][T12119] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3494'. [ 315.758301][T12135] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3502'. [ 316.547711][ T26] audit: type=1326 audit(2000000032.480:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 316.613876][ T26] audit: type=1326 audit(2000000032.480:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 316.675649][ T26] audit: type=1326 audit(2000000032.480:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 316.745692][ T26] audit: type=1326 audit(2000000032.480:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 316.830034][ T26] audit: type=1326 audit(2000000032.480:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 316.925090][ T26] audit: type=1326 audit(2000000032.480:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 316.969192][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.975618][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.025007][ T26] audit: type=1326 audit(2000000032.480:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 317.125038][ T26] audit: type=1326 audit(2000000032.480:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 317.203415][ T26] audit: type=1326 audit(2000000032.540:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0daadc1f85 code=0x7ffc0000 [ 317.274962][ T26] audit: type=1326 audit(2000000032.540:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.1.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0daadc1f85 code=0x7ffc0000 [ 317.451475][T12197] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3532'. [ 317.528445][T12202] fuse: blksize only supported for fuseblk [ 317.977614][T12220] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3544'. [ 320.547040][T12321] netlink: 'syz.2.3589': attribute type 3 has an invalid length. [ 321.405033][ T4688] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 321.625276][ T4688] usb 1-1: Using ep0 maxpacket: 32 [ 321.648907][ T4688] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 321.657839][ T4688] usb 1-1: config 0 has no interface number 0 [ 321.664542][ T4688] usb 1-1: config 0 interface 89 has no altsetting 0 [ 321.763965][ T4688] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 321.775520][ T4688] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.784090][ T4688] usb 1-1: Product: syz [ 321.790795][ T4688] usb 1-1: Manufacturer: syz [ 321.797280][ T4688] usb 1-1: SerialNumber: syz [ 321.849689][ T4688] usb 1-1: config 0 descriptor?? [ 321.867526][ T4688] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 321.877705][ T4688] em28xx 1-1:0.89: Video interface 89 found: bulk [ 322.137667][T12366] overlayfs: failed to clone upperpath [ 322.480678][ T4688] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 323.298392][ T4688] em28xx 1-1:0.89: writing to i2c device at 0xa0 failed (error=-5) [ 323.324976][ T4688] em28xx 1-1:0.89: failed to read eeprom (err=-5) [ 323.336508][ T4688] em28xx 1-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 323.425012][ T4688] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 323.432301][ T4688] em28xx 1-1:0.89: analog set to bulk mode. [ 323.472750][ T4688] usb 1-1: USB disconnect, device number 6 [ 323.502676][ T4688] em28xx 1-1:0.89: Disconnecting em28xx [ 323.526205][ T4680] em28xx 1-1:0.89: Registering V4L2 extension [ 323.693515][T12417] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3633'. [ 323.744805][ T4680] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 323.755038][ T4680] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 323.775472][ T4680] em28xx 1-1:0.89: No AC97 audio processor [ 323.805874][ T4680] usb 1-1: Decoder not found [ 323.831801][ T4680] em28xx 1-1:0.89: failed to create media graph [ 323.855082][ T4680] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 323.897524][ T4680] em28xx 1-1:0.89: Registering snapshot button... [ 323.943212][ T4680] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input18 [ 323.994722][ T4680] em28xx 1-1:0.89: Remote control support is not available for this card. [ 324.029534][ T4688] em28xx 1-1:0.89: Closing input extension [ 324.037237][ T4688] em28xx 1-1:0.89: Deregistering snapshot button [ 324.098888][ T4688] em28xx 1-1:0.89: Freeing device [ 324.489193][T12438] tipc: New replicast peer: 255.255.255.255 [ 324.516120][T12438] tipc: Enabled bearer , priority 10 [ 325.919332][T12488] loop1: detected capacity change from 0 to 128 [ 325.991002][T12493] netlink: 'syz.0.3668': attribute type 1 has an invalid length. [ 326.000905][T12488] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 326.020326][T12488] ext4 filesystem being mounted at /706/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 326.099736][T12493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 326.179357][T12496] bond1: (slave vlan0): making interface the new active one [ 326.210935][T12496] bond1: (slave vlan0): Enslaving as an active interface with an up link [ 326.245992][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 326.444456][T12510] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3672'. [ 326.562178][T12488] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 326.670687][T12521] netlink: 'syz.2.3676': attribute type 28 has an invalid length. [ 326.753462][T12488] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 326.816179][T12505] fscrypt: loop1: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 326.995798][ T4272] EXT4-fs (loop1): unmounting filesystem. [ 328.305041][T12581] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3701'. [ 328.395943][T12580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 328.455470][ T4688] wlan1: authenticate with 08:02:11:00:00:00 [ 328.488812][ T4688] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 328.499610][T12580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 328.518733][ T8617] wlan1: authenticated [ 328.529773][ T4680] mac80211_hwsim hwsim11 wlan1: disabling HT/VHT/HE as WMM/QoS is not supported by the AP [ 328.557634][ T8617] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 328.596925][T12587] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 328.607284][ T6631] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 328.629979][ T6631] wlan1: associated [ 329.063096][T12604] tipc: Enabling of bearer rejected, failed to enable media [ 329.314130][T12610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3716'. [ 329.351229][T12613] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3717'. [ 329.836223][T12634] overlayfs: failed to clone lowerpath [ 330.349189][T12654] netlink: 'syz.2.3736': attribute type 1 has an invalid length. [ 330.368451][T12654] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3736'. [ 330.606689][T12664] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on. [ 330.980867][T12677] sock: sock_timestamping_bind_phc: sock not bind to device [ 331.662660][T12707] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3764'. [ 331.703873][T12702] kvm: pic: non byte read [ 331.728946][T12702] kvm: pic: non byte read [ 331.733416][T12702] kvm: pic: non byte read [ 331.749171][T12702] kvm: pic: non byte read [ 331.759329][T12702] kvm: pic: non byte read [ 331.769448][T12702] kvm: pic: non byte read [ 331.779562][T12702] kvm: pic: non byte read [ 331.796267][T12702] kvm: pic: non byte read [ 331.816629][T12702] kvm: pic: non byte read [ 331.838557][T12702] kvm: pic: non byte read [ 332.302642][T12724] netlink: 'syz.4.3770': attribute type 6 has an invalid length. [ 332.350135][T12724] netlink: 'syz.4.3770': attribute type 6 has an invalid length. [ 333.063448][T12744] loop1: detected capacity change from 0 to 4096 [ 333.138705][T12744] EXT4-fs: Mount option(s) incompatible with ext3 [ 333.180889][T12744] Bluetooth: MGMT ver 1.22 [ 333.443378][T12767] binder: 12764:12767 ioctl 40046205 0 returned -22 [ 333.789394][T12777] device sit0 entered promiscuous mode [ 333.834660][T12777] netlink: 'syz.1.3794': attribute type 1 has an invalid length. [ 333.867938][T12777] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3794'. [ 334.241054][T12795] loop4: detected capacity change from 0 to 512 [ 334.265193][T12795] /dev/loop4: Can't open blockdev [ 334.291025][T12796] loop2: detected capacity change from 0 to 256 [ 334.437942][T12796] FAT-fs (loop2): Directory bread(block 64) failed [ 334.450368][T12796] FAT-fs (loop2): Directory bread(block 65) failed [ 334.490377][T12796] FAT-fs (loop2): Directory bread(block 66) failed [ 334.561186][T12796] FAT-fs (loop2): Directory bread(block 67) failed [ 334.586897][T12796] FAT-fs (loop2): Directory bread(block 68) failed [ 334.625124][T12796] FAT-fs (loop2): Directory bread(block 69) failed [ 334.645232][T12796] FAT-fs (loop2): Directory bread(block 70) failed [ 334.705238][T12796] FAT-fs (loop2): Directory bread(block 71) failed [ 334.711907][T12796] FAT-fs (loop2): Directory bread(block 72) failed [ 334.741384][T12796] FAT-fs (loop2): Directory bread(block 73) failed [ 334.854076][T12810] can0: slcan on ttyS3. [ 335.258736][T12809] can0 (unregistered): slcan off ttyS3. [ 335.574596][T12808] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 336.743941][ T26] kauditd_printk_skb: 87 callbacks suppressed [ 336.743957][ T26] audit: type=1326 audit(2000000052.670:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 336.805373][ T48] Bluetooth: hci0: command 0x0c20 tx timeout [ 336.909514][ T26] audit: type=1326 audit(2000000052.720:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 336.931870][ C1] vkms_vblank_simulate: vblank timer overrun [ 336.959670][T12892] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3840'. [ 337.031758][ T26] audit: type=1326 audit(2000000052.720:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 337.145130][ T26] audit: type=1326 audit(2000000052.720:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 337.243061][ T26] audit: type=1326 audit(2000000052.720:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 337.350531][ T26] audit: type=1326 audit(2000000052.720:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 337.471658][ T26] audit: type=1326 audit(2000000052.720:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 337.561166][ T26] audit: type=1326 audit(2000000052.720:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 337.654719][ T26] audit: type=1326 audit(2000000052.720:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 337.695958][T12918] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3850'. [ 337.730444][T12921] loop2: detected capacity change from 0 to 128 [ 337.749617][ T26] audit: type=1326 audit(2000000052.720:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12883 comm="syz.0.3835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f7f41f8f6c9 code=0x7ffc0000 [ 337.806217][T12921] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 337.890632][T12921] FAT-fs (loop2): FAT read failed (blocknr 4128) [ 338.138367][T12928] netlink: 'syz.3.3853': attribute type 1 has an invalid length. [ 338.183040][T12928] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3853'. [ 338.975181][T12959] netlink: 'syz.4.3869': attribute type 1 has an invalid length. [ 338.982993][T12959] netlink: 1 bytes leftover after parsing attributes in process `syz.4.3869'. [ 339.228840][T12970] bridge0: port 1(gretap0) entered blocking state [ 339.241266][T12970] bridge0: port 1(gretap0) entered disabled state [ 339.254399][T12970] device gretap0 entered promiscuous mode [ 339.270119][T12970] bridge0: port 1(gretap0) entered blocking state [ 339.277739][T12970] bridge0: port 1(gretap0) entered forwarding state [ 339.295660][T12972] device gretap0 left promiscuous mode [ 339.328203][T12972] bridge0: port 1(gretap0) entered disabled state [ 340.257941][T13001] bridge0: port 1(gretap0) entered blocking state [ 340.273344][T13001] bridge0: port 1(gretap0) entered disabled state [ 340.291873][T13001] device gretap0 entered promiscuous mode [ 340.328599][T13001] bridge0: port 1(gretap0) entered blocking state [ 340.335256][T13001] bridge0: port 1(gretap0) entered forwarding state [ 340.377926][T13008] device gretap0 left promiscuous mode [ 340.391501][T13008] bridge0: port 1(gretap0) entered disabled state [ 340.428469][T13007] netlink: 'syz.2.3891': attribute type 10 has an invalid length. [ 340.462691][T13007] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3891'. [ 340.542189][T13007] team0: Port device geneve0 added [ 340.772686][T13018] sock: sock_timestamping_bind_phc: sock not bind to device [ 340.854040][T12992] loop0: detected capacity change from 0 to 32768 [ 340.991631][T12992] XFS (loop0): Mounting V5 Filesystem [ 341.110053][T12992] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 341.169477][T12992] XFS (loop0): Starting recovery (logdev: internal) [ 341.203175][T13040] binder: 13037:13040 ioctl 40046205 0 returned -22 [ 341.237245][T12992] XFS (loop0): Ending recovery (logdev: internal) [ 341.449977][T12992] syz.0.3882 (12992) used greatest stack depth: 20656 bytes left [ 341.485362][ T4278] XFS (loop0): Unmounting Filesystem [ 343.429859][T13111] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.686195][T13111] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.957186][T13111] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.104237][T13111] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.288702][T13111] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.336765][T13111] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.411755][T13111] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.461094][T13111] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.837607][T13170] loop0: detected capacity change from 0 to 512 [ 344.853781][T13167] binder: 13166:13167 ioctl c0306201 200000000040 returned -14 [ 344.912902][T13172] tipc: Started in network mode [ 344.924430][T13170] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 344.928460][T13172] tipc: Node identity ac14140f, cluster identity 4711 [ 344.940406][T13172] tipc: New replicast peer: 255.255.255.255 [ 344.947486][T13172] tipc: Enabled bearer , priority 10 [ 344.991192][T13170] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 345.067283][T13170] System zones: 0-1, 15-15, 18-18, 34-34 [ 345.074408][T13170] EXT4-fs (loop0): orphan cleanup on readonly fs [ 345.126818][T13170] __quota_error: 60 callbacks suppressed [ 345.126835][T13170] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0 [ 345.174634][T13170] EXT4-fs warning (device loop0): ext4_enable_quotas:7061: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 345.235279][T13170] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 345.246270][T13185] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3965'. [ 345.274719][T13170] EXT4-fs (loop0): 1 truncate cleaned up [ 345.285039][T13170] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 345.385891][T13170] fscrypt (loop0, inode 16): Error -61 getting encryption context [ 345.430278][T13189] fscrypt (loop0, inode 16): Error -61 getting encryption context [ 345.602155][ T4278] EXT4-fs (loop0): unmounting filesystem. [ 345.880850][T13206] netlink: 'syz.3.3972': attribute type 10 has an invalid length. [ 345.904492][T13206] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3972'. [ 345.955100][ T4320] tipc: Node number set to 2886997007 [ 345.965589][ T26] audit: type=1326 audit(2000000061.900:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.1.3973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 345.986656][T13206] team0: Port device geneve0 added [ 346.058421][ T26] audit: type=1326 audit(2000000061.920:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.1.3973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 346.133442][ T26] audit: type=1326 audit(2000000061.940:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.1.3973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 346.215239][ T26] audit: type=1326 audit(2000000061.940:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.1.3973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 346.304970][ T26] audit: type=1326 audit(2000000061.940:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.1.3973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 346.374980][ T26] audit: type=1326 audit(2000000061.940:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.1.3973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 346.468669][ T26] audit: type=1326 audit(2000000061.940:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.1.3973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 346.555621][ T26] audit: type=1326 audit(2000000061.940:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.1.3973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 346.659015][ T26] audit: type=1326 audit(2000000061.940:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.1.3973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0daad8f6c9 code=0x7ffc0000 [ 346.984486][T13244] netlink: 'syz.0.3991': attribute type 10 has an invalid length. [ 347.015097][T13244] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3991'. [ 347.041833][T13244] team0: Port device geneve0 added [ 348.471112][T13283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4011'. [ 348.511206][T13283] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 348.819282][T13283] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 349.598358][T13314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4023'. [ 350.906948][ T4275] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 350.919005][ T4275] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 350.927705][ T4275] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 350.942077][ T4275] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 350.949667][ T4275] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 350.957104][ T4275] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 351.461078][ T26] kauditd_printk_skb: 17 callbacks suppressed [ 351.461093][ T26] audit: type=1326 audit(2000000067.390:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 351.552496][ T26] audit: type=1326 audit(2000000067.390:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 351.635085][ T26] audit: type=1326 audit(2000000067.390:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 351.694333][ T26] audit: type=1326 audit(2000000067.390:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 351.749944][T13351] chnl_net:caif_netlink_parms(): no params data found [ 351.775977][ T26] audit: type=1326 audit(2000000067.430:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 351.862362][ T26] audit: type=1326 audit(2000000067.430:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 351.894628][ T26] audit: type=1326 audit(2000000067.430:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 351.918467][ T26] audit: type=1326 audit(2000000067.430:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 351.942376][ T26] audit: type=1326 audit(2000000067.430:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 352.123064][T13351] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.134346][T13351] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.139096][ T26] audit: type=1326 audit(2000000067.430:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 352.146708][T13351] device bridge_slave_0 entered promiscuous mode [ 352.231211][T13351] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.255644][T13351] bridge0: port 2(bridge_slave_1) entered disabled state [ 352.291129][T13351] device bridge_slave_1 entered promiscuous mode [ 352.379226][T13351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 352.404799][T13351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 352.452790][T13351] team0: Port device team_slave_0 added [ 352.461297][T13351] team0: Port device team_slave_1 added [ 352.482836][T13351] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 352.490086][T13351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.517916][T13351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 352.530460][T13351] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 352.537588][T13351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.563949][T13351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 352.596852][T13351] device hsr_slave_0 entered promiscuous mode [ 352.603622][T13351] device hsr_slave_1 entered promiscuous mode [ 352.610334][T13351] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 352.618028][T13351] Cannot create hsr debugfs directory [ 352.734222][T13351] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 352.746077][T13351] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 352.782808][T13351] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 352.840904][T13351] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 353.045070][ T4275] Bluetooth: hci3: command 0x0409 tx timeout [ 353.221398][T13351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 353.277518][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 353.290164][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 353.316167][T13351] 8021q: adding VLAN 0 to HW filter on device team0 [ 353.351151][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 353.376042][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 353.401499][ T8617] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.408715][ T8617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 353.434752][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 353.466364][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 353.481984][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 353.492179][ T8617] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.499375][ T8617] bridge0: port 2(bridge_slave_1) entered forwarding state [ 353.516806][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 353.539516][T13445] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4083'. [ 353.575817][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 353.601079][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 353.625979][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 353.646778][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 353.664969][ T4320] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 353.690926][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 353.732798][T13351] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 353.768803][T13351] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 353.795087][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 353.811261][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 353.821744][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 353.856019][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 353.874729][ T4320] usb 2-1: Using ep0 maxpacket: 16 [ 353.883199][ T4320] usb 2-1: config 0 has an invalid interface number: 147 but max is 0 [ 353.891806][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 353.904988][ T4320] usb 2-1: config 0 has no interface number 0 [ 353.911628][ T4320] usb 2-1: config 0 interface 147 altsetting 0 bulk endpoint 0xA has invalid maxpacket 40 [ 353.920834][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 353.939755][T13457] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4088'. [ 353.946066][ T4320] usb 2-1: config 0 interface 147 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 353.978637][ T4320] usb 2-1: New USB device found, idVendor=0525, idProduct=1080, bcdDevice=5b.44 [ 354.000274][ T4320] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.029452][ T4320] usb 2-1: Product: syz [ 354.033674][ T4320] usb 2-1: Manufacturer: syz [ 354.054955][ T4320] usb 2-1: SerialNumber: syz [ 354.066453][ T4320] usb 2-1: config 0 descriptor?? [ 354.075625][T13440] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 354.082981][T13440] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 354.316765][T13440] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 354.335355][T13440] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 354.381446][ T4320] net1080 2-1:0.147 usb0: register 'net1080' at usb-dummy_hcd.1-1, NetChip TurboCONNECT, b6:d0:b5:82:39:a7 [ 354.571861][ T4687] usb 2-1: USB disconnect, device number 10 [ 354.589105][ T4687] net1080 2-1:0.147 usb0: unregister 'net1080' usb-dummy_hcd.1-1, NetChip TurboCONNECT [ 354.703345][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 354.721221][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 354.752507][T13351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.125156][ T4275] Bluetooth: hci3: command 0x041b tx timeout [ 355.245644][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 355.254834][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 355.284659][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 355.303669][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 355.324918][T13351] device veth0_vlan entered promiscuous mode [ 355.344580][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 355.353714][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 355.372321][T13351] device veth1_vlan entered promiscuous mode [ 355.400653][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 355.412734][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 355.428998][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 355.441572][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 355.456637][T13351] device veth0_macvtap entered promiscuous mode [ 355.471673][T13351] device veth1_macvtap entered promiscuous mode [ 355.494548][T13351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.508194][T13351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.518238][T13351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.529413][T13351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.541305][T13351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 355.556106][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 355.564753][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 355.580262][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 355.591196][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 355.606144][T13351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 355.624849][T13351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.645722][T13351] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 355.654992][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 355.664442][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 355.682113][T13351] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.692128][T13351] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.701349][T13351] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.712432][T13351] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.811618][ T4355] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.833754][ T4355] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.858596][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 355.873566][ T6631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.882023][ T6631] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.894144][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 357.205069][ T4275] Bluetooth: hci3: command 0x040f tx timeout [ 357.554343][T13564] tipc: Bearer : already 2 bearers with priority 10 [ 357.575402][T13564] tipc: Bearer : trying with adjusted priority [ 357.602812][T13564] tipc: Enabling of bearer rejected, failed to enable media [ 358.089583][T13585] netlink: 9 bytes leftover after parsing attributes in process `syz.4.4132'. [ 358.135844][T13589] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4131'. [ 358.523471][T13601] tipc: Started in network mode [ 358.533406][T13601] tipc: Node identity 0000000000002d210000000000000001, cluster identity 4711 [ 358.569811][T13601] tipc: Enabling of bearer rejected, failed to enable media [ 359.227125][T13621] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4147'. [ 359.284946][ T4275] Bluetooth: hci3: command 0x0419 tx timeout [ 360.026489][ T9] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.146785][ T9] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.312573][ T9] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.375937][T13654] netlink: 'syz.4.4167': attribute type 1 has an invalid length. [ 360.540183][ T9] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.570317][T13660] loop5: detected capacity change from 0 to 7 [ 360.624766][T13656] device bond1 entered promiscuous mode [ 360.637270][T13656] 8021q: adding VLAN 0 to HW filter on device bond1 [ 360.682100][T13654] device bridge2 entered promiscuous mode [ 360.709896][T13654] bond1: (slave bridge2): Enslaving as a backup interface with an up link [ 360.737209][ T6631] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 360.773315][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 360.831382][ T48] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 360.842562][ T48] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 360.863497][ T48] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 360.877065][ T48] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 360.894625][ T48] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 360.902373][ T48] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 360.909581][ T46] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 361.053078][T13664] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.355704][T13664] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.529979][T13664] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.568229][ T9] tipc: Disabling bearer [ 361.600835][ T9] tipc: Left network mode [ 361.790562][T13664] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.353242][T13716] binder: 13715:13716 ioctl c0306201 200000000280 returned -14 [ 362.452144][T13664] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.576100][T13664] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.601239][T13664] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.678454][T13664] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.819208][T13661] chnl_net:caif_netlink_parms(): no params data found [ 362.974797][ T4286] Bluetooth: hci2: command 0x0409 tx timeout [ 363.367849][T13661] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.392198][T13661] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.416280][T13661] device bridge_slave_0 entered promiscuous mode [ 363.529922][T13661] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.554791][T13661] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.574969][T13661] device bridge_slave_1 entered promiscuous mode [ 363.916599][T13661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.023682][T13661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.133873][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 364.133888][ T26] audit: type=1326 audit(2000000007.030:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13775 comm="syz.4.4211" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ccc18f6c9 code=0x0 [ 364.400387][ T9] device hsr_slave_0 left promiscuous mode [ 364.407815][ T9] device hsr_slave_1 left promiscuous mode [ 364.417043][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 364.432451][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 364.515087][ T9] device veth1_macvtap left promiscuous mode [ 364.529663][ T9] device veth0_macvtap left promiscuous mode [ 364.543867][ T9] device veth1_vlan left promiscuous mode [ 364.559808][ T9] device veth0_vlan left promiscuous mode [ 365.046383][ T4286] Bluetooth: hci2: command 0x041b tx timeout [ 365.677659][ T9] team0 (unregistering): Port device team_slave_1 removed [ 365.761960][ T9] team0 (unregistering): Port device team_slave_0 removed [ 365.838257][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 365.895139][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 366.376192][ T9] bond0 (unregistering): Released all slaves [ 366.414357][T13661] team0: Port device team_slave_0 added [ 366.523959][T13661] team0: Port device team_slave_1 added [ 366.588297][T13661] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 366.605368][T13661] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 366.675937][T13661] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 366.716404][T13661] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 366.723664][T13661] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 366.780809][T13661] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 366.997190][T13661] device hsr_slave_0 entered promiscuous mode [ 367.021289][T13661] device hsr_slave_1 entered promiscuous mode [ 367.124723][ T4275] Bluetooth: hci2: command 0x040f tx timeout [ 367.507068][T13661] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 367.561553][T13661] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 367.607223][T13661] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 367.639356][T13661] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 367.713315][T13865] binder_alloc: binder_alloc_mmap_handler: 13863 200000ffc000-200000fff000 already mapped failed -16 [ 367.942744][T13661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 367.983347][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 368.011395][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 368.049626][T13661] 8021q: adding VLAN 0 to HW filter on device team0 [ 368.098543][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 368.149679][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 368.176912][ T8617] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.184093][ T8617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 368.235074][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 368.301309][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 368.318043][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 368.355145][ T6347] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.362293][ T6347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 368.444164][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 368.482268][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 368.603202][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 368.623711][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 368.665697][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 368.705380][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 368.743916][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 368.762151][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 368.778551][ T6347] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 368.830996][T13661] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 368.863870][T13661] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 368.893105][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 368.911353][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 369.204723][ T4275] Bluetooth: hci2: command 0x0419 tx timeout [ 369.886206][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 369.893708][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 369.937333][T13661] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 370.862425][T13983] IPv6: NLM_F_CREATE should be specified when creating new route [ 370.916592][ T4275] Bluetooth: hci4: Malformed MSFT vendor event: 0x02 [ 371.240891][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 371.253666][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 371.335843][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 371.345625][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 371.384163][T13661] device veth0_vlan entered promiscuous mode [ 371.419884][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 371.428717][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 371.479578][T13661] device veth1_vlan entered promiscuous mode [ 371.583705][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 371.600360][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 371.620884][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 371.652600][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 371.686157][T13661] device veth0_macvtap entered promiscuous mode [ 371.703927][T13661] device veth1_macvtap entered promiscuous mode [ 371.761344][T13661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.799339][T13661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.843428][T13661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.864184][T13661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.895882][T13661] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 371.904633][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 371.922824][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 371.982315][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 372.024595][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 372.067366][T13661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.109358][T13661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.139588][T13661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.170698][T13661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.204535][T13661] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 372.223607][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 372.275907][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 372.313210][T13661] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.387339][T13661] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.423189][T13661] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.427562][T14034] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4301'. [ 372.471173][T13661] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.723744][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.769892][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.812414][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 372.851266][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.874505][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.933150][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 374.745279][T14122] netlink: 88 bytes leftover after parsing attributes in process `syz.0.4337'. [ 374.801036][ T4320] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 374.926762][T14131] netlink: 'syz.0.4341': attribute type 3 has an invalid length. [ 374.960123][T14131] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4341'. [ 375.024160][ T4320] usb 7-1: Using ep0 maxpacket: 32 [ 375.031695][ T4320] usb 7-1: unable to get BOS descriptor or descriptor too short [ 375.081797][ T4320] usb 7-1: config 7 has an invalid interface number: 128 but max is 0 [ 375.109163][ T4320] usb 7-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 375.143710][ T4320] usb 7-1: config 7 has no interface number 0 [ 375.194070][ T4320] usb 7-1: config 7 interface 128 altsetting 2 has an invalid endpoint with address 0x17, skipping [ 375.247650][ T4320] usb 7-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 375.301601][ T4320] usb 7-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 375.354119][ T4320] usb 7-1: config 7 interface 128 has no altsetting 0 [ 375.391681][ T4320] usb 7-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13 [ 375.422068][ T4320] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.452113][ T4320] usb 7-1: Product: syz [ 375.466948][ T4320] usb 7-1: Manufacturer: syz [ 375.471598][ T4320] usb 7-1: SerialNumber: syz [ 375.507679][T14114] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 375.746755][ T4320] usb 7-1: MIDIStreaming interface descriptor not found [ 375.860103][ T4320] usb 7-1: USB disconnect, device number 2 [ 376.518650][ T26] audit: type=1326 audit(2000000019.420:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14186 comm="syz.6.4362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a6558f6c9 code=0x7ffc0000 [ 376.612426][ T26] audit: type=1326 audit(2000000019.440:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14186 comm="syz.6.4362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7a6558f6c9 code=0x7ffc0000 [ 376.739030][ T26] audit: type=1326 audit(2000000019.440:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14186 comm="syz.6.4362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a6558f6c9 code=0x7ffc0000 [ 376.833983][ T26] audit: type=1326 audit(2000000019.440:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14186 comm="syz.6.4362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a6558f6c9 code=0x7ffc0000 [ 377.606658][T14230] Bluetooth: MGMT ver 1.22 [ 378.354527][T14253] binder: 14252:14253 ioctl c0306201 200000000180 returned -22 [ 378.408946][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.415329][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.005296][T14283] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4401'. [ 379.907792][T14323] binder: 14321:14323 ioctl c00c6211 0 returned -14 [ 380.124150][T14329] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4421'. [ 380.422730][ T9] tipc: Subscription rejected, illegal request [ 380.428734][T14340] loop6: detected capacity change from 0 to 512 [ 380.514856][T14340] EXT4-fs: inline encryption not supported [ 380.572393][T14340] EXT4-fs: Ignoring removed mblk_io_submit option [ 380.604940][T14340] EXT4-fs: Ignoring removed mblk_io_submit option [ 380.654350][T14340] EXT4-fs (loop6): Test dummy encryption mode enabled [ 380.661192][T14340] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 380.740166][T14340] EXT4-fs (loop6): can't mount with commit=255, fs mounted w/o journal [ 382.272136][T14392] devpts: called with bogus options [ 386.079926][T14529] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4503'. [ 386.121259][T14529] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4503'. [ 387.889575][T14590] program syz.4.4529 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 389.366459][T14630] trusted_key: encrypted_key: keyword 'new0default' not recognized [ 389.836445][T14645] netlink: 'syz.6.4553': attribute type 4 has an invalid length. [ 389.879856][T14645] netlink: 'syz.6.4553': attribute type 5 has an invalid length. [ 389.903818][T14645] netlink: 3657 bytes leftover after parsing attributes in process `syz.6.4553'. [ 391.825775][T14718] netlink: 580 bytes leftover after parsing attributes in process `syz.5.4584'. [ 391.867089][T14720] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4586'. [ 393.492591][T14790] device veth0_to_team entered promiscuous mode [ 393.754732][T14760] loop5: detected capacity change from 0 to 32768 [ 393.925649][T14760] XFS (loop5): Mounting V5 Filesystem [ 394.137426][T14760] XFS (loop5): Ending clean mount [ 394.187006][T14760] XFS (loop5): Quotacheck needed: Please wait. [ 394.358725][T14760] XFS (loop5): Quotacheck: Done. [ 394.428562][T14834] overlayfs: workdir and upperdir must be separate subtrees [ 394.662224][ T26] audit: type=1804 audit(2000000293.555:793): pid=14760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.4602" name="/newroot/113/file0/bus" dev="loop5" ino=9291 res=1 errno=0 [ 394.763226][T14844] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4631'. [ 395.092918][T13351] XFS (loop5): Unmounting Filesystem [ 395.906012][T14886] netlink: 'syz.5.4638': attribute type 12 has an invalid length. [ 396.310000][T14893] loop4: detected capacity change from 0 to 8192 [ 397.350232][T14936] loop5: detected capacity change from 0 to 4096 [ 397.383370][T14936] EXT4-fs (loop5): Test dummy encryption mode enabled [ 397.448516][T14936] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 397.594636][T13351] EXT4-fs (loop5): unmounting filesystem. [ 397.694826][T14954] tipc: Enabling of bearer rejected, media not registered [ 399.158087][T15008] netlink: 'syz.5.4694': attribute type 10 has an invalid length. [ 399.187166][T15008] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4694'. [ 399.346355][T15008] team0: Port device geneve0 added [ 399.440759][T15018] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4698'. [ 399.513207][T15017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 400.128320][T15042] x_tables: duplicate underflow at hook 1 [ 400.387166][ T6299] Bluetooth: hci5: Frame reassembly failed (-84) [ 400.423231][T15048] Bluetooth: hci5: Frame reassembly failed (-84) [ 400.490481][T15050] Bluetooth: hci5: Frame reassembly failed (-84) [ 400.926868][T15074] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4716'. [ 401.327540][T15090] loop6: detected capacity change from 0 to 512 [ 401.474824][T15090] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 401.493969][T15090] ext4 filesystem being mounted at /80/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 401.538936][ T26] audit: type=1800 audit(2000000300.435:794): pid=15090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4723" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 401.587178][T15090] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4723'. [ 401.597726][ T26] audit: type=1800 audit(2000000300.485:795): pid=15090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4723" name="file2" dev="loop6" ino=16 res=0 errno=0 [ 401.721644][T13661] EXT4-fs (loop6): unmounting filesystem. [ 401.778170][T15104] xt_CT: You must specify a L4 protocol and not use inversions on it [ 402.404012][ T4275] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 405.792480][T15232] netlink: 92 bytes leftover after parsing attributes in process `syz.0.4774'. [ 406.819222][ T26] audit: type=1326 audit(2000000305.715:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.6.4791" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a6558f6c9 code=0x0 [ 407.475210][T15300] loop0: detected capacity change from 0 to 1024 [ 407.504644][T15300] EXT4-fs: Ignoring removed nobh option [ 407.510254][T15300] EXT4-fs: Ignoring removed bh option [ 407.546522][T15300] ext4: Unknown parameter 'measure' [ 407.693882][ T4680] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 407.886866][ T4680] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 407.919331][ T4680] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 407.950308][ T4680] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 407.969249][ T4680] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 407.980249][T15316] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4807'. [ 407.989376][ T4680] usb 6-1: SerialNumber: syz [ 408.218185][ T4680] usb 6-1: 0:2 : does not exist [ 408.279296][ T4680] usb 6-1: USB disconnect, device number 2 [ 408.535951][T14167] udevd[14167]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 409.930092][T15393] netlink: 'syz.0.4840': attribute type 4 has an invalid length. [ 410.601093][T15420] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4854'. [ 412.237275][T15495] netlink: 'syz.3.4889': attribute type 4 has an invalid length. [ 413.103781][T15526] netlink: 'syz.5.4904': attribute type 4 has an invalid length. [ 413.473799][T15537] loop6: detected capacity change from 0 to 512 [ 413.531326][T15537] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 415.495995][T15618] loop6: detected capacity change from 0 to 4096 [ 415.549475][T15618] EXT4-fs (loop6): Test dummy encryption mode enabled [ 415.612594][T15618] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 415.846516][T13661] EXT4-fs (loop6): unmounting filesystem. [ 416.642271][T15649] fuse: Bad value for 'fd' [ 416.901169][T15662] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4969'. [ 417.308503][T15678] loop5: detected capacity change from 0 to 256 [ 417.928554][ T6631] tipc: Subscription rejected, illegal request [ 418.916776][T15707] loop5: detected capacity change from 0 to 32768 [ 418.963827][T15707] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.4989 (15707) [ 419.032685][T15707] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 419.063245][T15707] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 419.091306][T15707] BTRFS info (device loop5): turning off barriers [ 419.112581][T15707] BTRFS info (device loop5): setting nodatasum [ 419.135812][T15707] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 419.136246][T15735] tipc: Enabling of bearer rejected, failed to enable media [ 419.183787][T15707] BTRFS info (device loop5): use zstd compression, level 3 [ 419.217399][T15707] BTRFS info (device loop5): using free space tree [ 419.702214][T15757] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5007'. [ 420.341971][T15786] loop0: detected capacity change from 0 to 4096 [ 420.387498][T15786] EXT4-fs (loop0): Test dummy encryption mode enabled [ 420.431023][T15786] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 420.681170][ T4278] EXT4-fs (loop0): unmounting filesystem. [ 420.727525][T13351] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 420.917584][T15802] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5025'. [ 421.666874][T15835] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5034'. [ 421.702314][T15836] netlink: 312 bytes leftover after parsing attributes in process `syz.0.5035'. [ 421.959659][ T26] audit: type=1326 audit(2000000320.855:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15844 comm="syz.0.5038" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f41f8f6c9 code=0x0 [ 423.543502][T15910] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5068'. [ 426.020985][T16001] netlink: 240 bytes leftover after parsing attributes in process `syz.3.5113'. [ 426.433874][T15815] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 426.626652][T15815] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 426.653677][T15815] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.689211][T15815] usb 7-1: config 0 descriptor?? [ 426.715584][T15815] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 427.790193][T16036] loop4: detected capacity change from 0 to 32768 [ 427.905454][T16054] loop0: detected capacity change from 0 to 1024 [ 427.944589][T16054] hfsplus: invalid uid specified [ 427.983445][T16054] hfsplus: unable to parse mount options [ 427.999318][T16058] binder: 16057:16058 ioctl c0306201 2000000001c0 returned -14 [ 428.211007][ T4958] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by udevd (4958) [ 428.330336][T15815] usb 7-1: USB disconnect, device number 3 [ 429.679742][ T26] audit: type=1326 audit(2000000328.575:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16114 comm="syz.3.5166" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x0 [ 430.594929][T15818] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 431.113917][T15818] usb 7-1: Using ep0 maxpacket: 16 [ 431.121347][T15818] usb 7-1: config 0 has no interfaces? [ 431.141599][T15818] usb 7-1: New USB device found, idVendor=056e, idProduct=b338, bcdDevice=7f.56 [ 431.163670][T15818] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.182511][T15818] usb 7-1: Product: syz [ 431.192296][T15818] usb 7-1: Manufacturer: syz [ 431.237092][T16161] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5187'. [ 431.306156][T15818] usb 7-1: SerialNumber: syz [ 431.313110][T15818] usb 7-1: config 0 descriptor?? [ 431.532555][T15821] usb 7-1: USB disconnect, device number 4 [ 432.032363][T16185] loop5: detected capacity change from 0 to 1024 [ 432.082226][T16185] hfsplus: invalid uid specified [ 432.106922][T16185] hfsplus: unable to parse mount options [ 432.801641][ T26] audit: type=1326 audit(2000000331.695:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16207 comm="syz.6.5207" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7a6558f6c9 code=0x0 [ 433.210873][T16224] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 433.902839][T16246] netlink: 72 bytes leftover after parsing attributes in process `syz.3.5226'. [ 434.377139][T16234] loop0: detected capacity change from 0 to 32768 [ 434.395912][T16258] overlayfs: unrecognized mount option "/" or missing value [ 434.432093][T16234] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 434.468972][T16234] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 434.480015][T16234] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 434.505139][T16234] BTRFS info (device loop0): force zstd compression, level 3 [ 434.522451][T16234] BTRFS info (device loop0): turning on sync discard [ 434.530445][T16234] BTRFS info (device loop0): force clearing of disk cache [ 434.537990][T16234] BTRFS info (device loop0): enabling disk space caching [ 434.545884][T16234] BTRFS info (device loop0): turning off discard [ 434.552323][T16234] BTRFS info (device loop0): disk space caching is enabled [ 434.851901][T16234] BTRFS info (device loop0): enabling ssd optimizations [ 434.875287][T16290] 9pnet_fd: Insufficient options for proto=fd [ 434.904999][T16234] BTRFS info (device loop0): rebuilding free space tree [ 434.963833][T16234] BTRFS info (device loop0): disabling free space tree [ 434.970788][T16234] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 435.013654][T16234] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 435.098487][T16296] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5242'. [ 435.241429][ T26] audit: type=1800 audit(2000000334.135:800): pid=16234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5218" name="file1" dev="loop0" ino=263 res=0 errno=0 [ 435.484411][ T4278] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 435.909484][T16326] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5255'. [ 436.058373][T16338] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 436.613679][T15818] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 436.809721][T15818] usb 1-1: Using ep0 maxpacket: 16 [ 436.817138][T15818] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 436.834804][T15818] usb 1-1: config 0 has no interface number 0 [ 436.848816][T15818] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 436.859545][T15818] usb 1-1: config 0 interface 41 has no altsetting 0 [ 436.878526][T15818] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 436.903379][T15818] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.921837][T15818] usb 1-1: Product: syz [ 436.931762][T15818] usb 1-1: Manufacturer: syz [ 436.938358][T15818] usb 1-1: SerialNumber: syz [ 436.951971][T15818] usb 1-1: config 0 descriptor?? [ 436.958207][T16350] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 436.969620][T16378] af_packet: tpacket_rcv: packet too big, clamped from 4087 to 3944. macoff=96 [ 436.983164][T15818] CoreChips: probe of 1-1:0.41 failed with error -22 [ 437.059473][T16382] ksmbd: Unknown IPC event: 4, ignore. [ 437.210770][T15818] usb 1-1: USB disconnect, device number 7 [ 438.141791][ T26] audit: type=1326 audit(2000000337.035:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.3.5298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 438.230900][ T26] audit: type=1326 audit(2000000337.075:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.3.5298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0276b8f6c9 code=0x7ffc0000 [ 438.562302][T16415] syz.4.5292[16415] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 438.562411][T16415] syz.4.5292[16415] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 438.624003][T16415] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5292'. [ 440.166383][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.173358][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.424238][T16495] device wlan0 entered promiscuous mode [ 441.855505][T16507] netlink: 96 bytes leftover after parsing attributes in process `syz.6.5326'. [ 442.581191][ T4286] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 442.591810][ T4286] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 442.603882][ T4286] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 442.605816][T16534] netlink: 37 bytes leftover after parsing attributes in process `syz.3.5351'. [ 442.620747][ T48] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 442.629595][ T48] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 442.645724][ T48] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 442.810877][ T4275] Bluetooth: hci2: command 0x0405 tx timeout [ 443.054732][T16532] chnl_net:caif_netlink_parms(): no params data found [ 443.385502][T16532] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.409641][T16532] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.445096][T16532] device bridge_slave_0 entered promiscuous mode [ 443.474767][T16532] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.482041][T16532] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.490625][T16532] device bridge_slave_1 entered promiscuous mode [ 443.505509][ T4680] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 443.598830][T16532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.636314][T16532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 443.659192][T16573] overlayfs: missing 'lowerdir' [ 443.714073][ T4680] usb 7-1: Using ep0 maxpacket: 16 [ 443.723071][T16532] team0: Port device team_slave_0 added [ 443.724718][ T4680] usb 7-1: config 1 has an invalid interface number: 64 but max is 0 [ 443.738898][T16532] team0: Port device team_slave_1 added [ 443.767744][ T4680] usb 7-1: config 1 has no interface number 0 [ 443.801812][ T4680] usb 7-1: New USB device found, idVendor=19d2, idProduct=ffbf, bcdDevice=68.78 [ 443.830403][ T4680] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.845377][T16532] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 443.852367][T16532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.863769][ T4680] usb 7-1: Product: syz [ 443.901863][T16532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 443.923169][ T4680] usb 7-1: Manufacturer: syz [ 443.951762][ T4680] usb 7-1: SerialNumber: syz [ 443.955264][T16532] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.986628][T16532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.086641][T16532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 444.175145][ T4680] option 7-1:1.64: GSM modem (1-port) converter detected [ 444.203476][ T4680] usb 7-1: USB disconnect, device number 5 [ 444.248406][ T4680] option 7-1:1.64: device disconnected [ 444.279117][T16532] device hsr_slave_0 entered promiscuous mode [ 444.320899][T16532] device hsr_slave_1 entered promiscuous mode [ 444.335517][T16532] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 444.343121][T16532] Cannot create hsr debugfs directory [ 444.444871][T16597] cgroup2: Unknown parameter 'memory_hugetlb_accounting' [ 444.724056][ T48] Bluetooth: hci4: command 0x0409 tx timeout [ 444.857724][T16532] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 444.900484][T16613] 9p: Unknown Cache mode doo [ 444.908324][T16532] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 444.959211][T16532] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 445.018777][T16532] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 445.192985][T16629] netlink: 120 bytes leftover after parsing attributes in process `syz.5.5392'. [ 445.205083][T16532] 8021q: adding VLAN 0 to HW filter on device bond0 [ 445.228924][T16629] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5392'. [ 445.279819][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 445.307607][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 445.337312][T16532] 8021q: adding VLAN 0 to HW filter on device team0 [ 445.385822][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 445.402689][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 445.413636][ T6631] bridge0: port 1(bridge_slave_0) entered blocking state [ 445.420758][ T6631] bridge0: port 1(bridge_slave_0) entered forwarding state [ 445.450310][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 445.520848][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 445.545328][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 445.563488][ T6631] bridge0: port 2(bridge_slave_1) entered blocking state [ 445.570689][ T6631] bridge0: port 2(bridge_slave_1) entered forwarding state [ 445.627144][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 445.656096][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 445.748299][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 445.778077][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 445.800632][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 445.828989][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 445.845997][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 445.888192][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 445.935884][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 445.961052][T16532] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 445.984845][T16532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 445.999700][ T26] audit: type=1326 audit(2000000344.895:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16654 comm="syz.4.5405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ccc18f6c9 code=0x7ffc0000 [ 446.034258][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 446.044662][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 446.075525][ T26] audit: type=1326 audit(2000000344.915:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16654 comm="syz.4.5405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ccc18f6c9 code=0x7ffc0000 [ 446.184306][ T26] audit: type=1326 audit(2000000344.925:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16654 comm="syz.4.5405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f1ccc18f6c9 code=0x7ffc0000 [ 446.294669][ T26] audit: type=1326 audit(2000000344.925:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16654 comm="syz.4.5405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ccc18f6c9 code=0x7ffc0000 [ 446.396141][ T26] audit: type=1326 audit(2000000344.925:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16654 comm="syz.4.5405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ccc18f6c9 code=0x7ffc0000 [ 446.803882][ T4275] Bluetooth: hci4: command 0x041b tx timeout [ 446.872196][T16474] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 446.881231][T16474] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 446.929843][T16532] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 447.196552][T16696] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5423'. [ 447.489941][T16706] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5426'. [ 448.222203][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 448.242327][ T6631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 448.287879][ T8615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 448.305147][ T8615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 448.343325][T16532] device veth0_vlan entered promiscuous mode [ 448.366641][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 448.382774][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 448.409929][T16532] device veth1_vlan entered promiscuous mode [ 448.505126][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 448.531805][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 448.561699][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 448.591034][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 448.608662][T16532] device veth0_macvtap entered promiscuous mode [ 448.627589][T16532] device veth1_macvtap entered promiscuous mode [ 448.788180][T16532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 448.835347][T16532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.850752][T16532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 448.864043][T16532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.880210][T16532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 448.891515][ T4275] Bluetooth: hci4: command 0x040f tx timeout [ 448.904555][T16532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.923341][T16532] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 448.938520][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 448.953053][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 448.961905][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 448.971410][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 449.660980][T16532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.722823][T16532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.753614][T16532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.759519][T16759] loop5: detected capacity change from 0 to 512 [ 449.781989][T16532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.793812][T16532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.841194][T16759] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 449.864465][T16532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.874128][T16759] ext4 filesystem being mounted at /274/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 449.915886][T16532] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 449.939899][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 449.984732][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 450.032104][T13351] EXT4-fs (loop5): unmounting filesystem. [ 450.047762][T16532] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.067124][T16532] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.114090][T16532] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.163408][T16532] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.436077][ T6631] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 450.465899][ T6631] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 450.527740][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 450.549573][ T6631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 450.594460][ T6631] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 450.618418][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 450.964105][ T4275] Bluetooth: hci4: command 0x0419 tx timeout [ 451.142002][T16785] futex_wake_op: syz.3.5459 tries to shift op by 32; fix this program [ 451.319197][T16791] netlink: 'syz.4.5462': attribute type 4 has an invalid length. [ 451.327392][T16791] netlink: 'syz.4.5462': attribute type 5 has an invalid length. [ 451.341150][T16791] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.5462'. [ 454.136445][T16888] netlink: 120 bytes leftover after parsing attributes in process `syz.3.5509'. [ 454.168872][T16894] binder: 16886:16894 ioctl c018620c 200000000000 returned -22 [ 454.171348][T16888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5509'. [ 456.250164][T16923] bridge0: port 3(hsr_slave_1) entered blocking state [ 456.267397][T16923] bridge0: port 3(hsr_slave_1) entered disabled state [ 457.569942][T16968] Device name cannot be null; rc = [-22] [ 458.104704][T16983] loop5: detected capacity change from 0 to 1024 [ 458.334172][ T6299] hfsplus: b-tree write err: -5, ino 8 [ 458.673222][ T26] audit: type=1326 audit(2000000357.565:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a6558f6c9 code=0x7ffc0000 [ 458.773933][ T26] audit: type=1326 audit(2000000357.565:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a6558f6c9 code=0x7ffc0000 [ 458.873815][ T26] audit: type=1326 audit(2000000357.565:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a6558f6c9 code=0x7ffc0000 [ 458.953807][ T4680] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 458.962175][ T26] audit: type=1326 audit(2000000357.575:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a6558f6c9 code=0x7ffc0000 [ 459.022341][ T26] audit: type=1326 audit(2000000357.585:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7a6558df10 code=0x7ffc0000 [ 459.055636][ T26] audit: type=1326 audit(2000000357.585:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7a6558f2cb code=0x7ffc0000 [ 459.133680][ T26] audit: type=1326 audit(2000000357.585:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7a6558f2cb code=0x7ffc0000 [ 459.167491][ T4680] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 459.212276][ T4680] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 459.238772][ T26] audit: type=1326 audit(2000000357.585:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7a6558f2cb code=0x7ffc0000 [ 459.264886][ T4680] usb 7-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 459.293632][ T4680] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.300124][ T26] audit: type=1326 audit(2000000357.585:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7a6558f2cb code=0x7ffc0000 [ 459.332306][ T4680] usb 7-1: Product: syz [ 459.342425][ T4680] usb 7-1: Manufacturer: syz [ 459.363849][ T26] audit: type=1326 audit(2000000357.855:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17002 comm="syz.6.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7a6558f2cb code=0x7ffc0000 [ 459.377443][ T4680] usb 7-1: SerialNumber: syz [ 459.444941][ T4680] usb 7-1: config 0 descriptor?? [ 459.463196][ T4680] usb 7-1: Found UVC 0.00 device syz (18ec:3288) [ 459.481189][ T4680] usb 7-1: No valid video chain found. [ 459.686123][ T4680] usb 7-1: USB disconnect, device number 6 [ 460.635831][T17062] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5584'. [ 462.430422][T17130] netlink: 104 bytes leftover after parsing attributes in process `syz.6.5614'. [ 463.721571][T17186] netlink: 72 bytes leftover after parsing attributes in process `syz.6.5638'. [ 467.611706][T17346] netlink: 68 bytes leftover after parsing attributes in process `syz.7.5716'. [ 468.734750][T17387] 9pnet: p9_errstr2errno: server reported unknown error [ 469.273652][T15818] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 469.469996][T15818] usb 7-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB3, skipping [ 469.498624][T15818] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 469.532605][T15818] usb 7-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 469.562247][T15818] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.603929][T15818] usb 7-1: config 0 descriptor?? [ 469.631305][T15818] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 469.842640][T15818] usb 7-1: USB disconnect, device number 7 [ 472.135122][T17500] ipt_CLUSTERIP: Please specify destination IP [ 473.054897][T17533] loop4: detected capacity change from 0 to 512 [ 473.100279][T17533] EXT4-fs: Ignoring removed bh option [ 473.126855][T17533] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 473.192892][T17533] EXT4-fs (loop4): write access unavailable, skipping orphan cleanup [ 473.233679][T17533] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 473.532651][ T4265] EXT4-fs (loop4): unmounting filesystem. [ 477.292531][T17621] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 477.793742][ T4275] Bluetooth: hci3: command 0x0406 tx timeout [ 477.968419][T17640] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 478.012477][T17640] overlayfs: missing 'lowerdir' [ 478.019576][T17643] 9pnet: p9_errstr2errno: server reported unknown error [ 478.297050][T17654] tap0: tun_chr_ioctl cmd 1074025672 [ 478.307071][T17654] tap0: ignored: set checksum enabled [ 479.129908][ T26] kauditd_printk_skb: 102 callbacks suppressed [ 479.129924][ T26] audit: type=1326 audit(2000000378.025:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17688 comm="syz.5.5867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7ffc0000 [ 480.610353][T17723] loop6: detected capacity change from 0 to 8 [ 480.652154][T17723] SQUASHFS error: zlib decompression failed, data probably corrupt [ 480.661218][T17723] SQUASHFS error: Failed to read block 0x9b: -5 [ 480.668724][T17723] SQUASHFS error: Unable to read metadata cache entry [99] [ 480.676607][T17723] SQUASHFS error: Unable to read inode 0x127 [ 480.839529][ T26] audit: type=1326 audit(2000000379.735:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17733 comm="syz.4.5888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ccc18f6c9 code=0x7ffc0000 [ 480.884870][ T26] audit: type=1326 audit(2000000379.735:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17733 comm="syz.4.5888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ccc18f6c9 code=0x7ffc0000 [ 481.587052][T17763] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 481.614238][T17763] overlayfs: missing 'lowerdir' [ 483.542490][ T26] audit: type=1326 audit(2000000382.435:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17819 comm="syz.7.5929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c8e18f6c9 code=0x7ffc0000 [ 483.637477][T17823] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5931'. [ 483.755736][ T52] block nbd4: Attempted send on invalid socket [ 483.762390][ T52] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 483.774759][T17825] XFS (nbd4): SB validate failed with error -5. [ 485.304377][ T26] audit: type=1326 audit(2000000384.205:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 485.372030][ T26] audit: type=1326 audit(2000000384.205:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 485.413938][ T26] audit: type=1326 audit(2000000384.205:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 485.457384][ T26] audit: type=1326 audit(2000000384.205:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 485.508158][ T26] audit: type=1326 audit(2000000384.205:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 485.597519][ T26] audit: type=1326 audit(2000000384.205:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 485.676898][ T26] audit: type=1326 audit(2000000384.205:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 485.718100][ T26] audit: type=1326 audit(2000000384.205:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 485.741358][ T26] audit: type=1326 audit(2000000384.205:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 485.824053][ T26] audit: type=1326 audit(2000000384.205:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17835 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6dd8f6c9 code=0x7fc00000 [ 487.865030][T17870] sched: RT throttling activated [ 488.003848][ T4275] Bluetooth: hci2: command 0x0406 tx timeout [ 491.546338][T17999] netlink: 40 bytes leftover after parsing attributes in process `syz.6.6010'. [ 492.118073][T18024] netlink: 'syz.5.6022': attribute type 4 has an invalid length. [ 492.141777][T18024] netlink: 'syz.5.6022': attribute type 5 has an invalid length. [ 492.159285][T18024] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.6022'. [ 494.139262][T18097] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6057'. [ 494.158658][T18097] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6057'. [ 494.343275][T18106] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6060'. [ 494.805978][T18131] sock: sock_timestamping_bind_phc: sock not bind to device [ 495.380974][T18160] netlink: 348 bytes leftover after parsing attributes in process `syz.5.6083'. [ 495.400339][T18160] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6083'. [ 495.420688][T18160] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6083'. [ 495.811131][T18181] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6093'. [ 498.238187][T18255] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6128'. [ 498.285578][T18255] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6128'. [ 498.900109][T18278] netlink: 'syz.5.6139': attribute type 12 has an invalid length. [ 499.120161][T18286] netlink: 348 bytes leftover after parsing attributes in process `syz.4.6143'. [ 499.153823][T18286] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6143'. [ 499.173096][T18286] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6143'. [ 499.219698][T18289] overlayfs: failed to clone lowerpath [ 501.933276][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.950577][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.720909][T18367] netlink: 72 bytes leftover after parsing attributes in process `syz.4.6176'. [ 503.626887][T18381] netlink: 96 bytes leftover after parsing attributes in process `syz.3.6179'. [ 505.168975][ T11] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.323382][ T11] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.399792][ T11] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.459956][ T11] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.862928][ T11] tipc: Disabling bearer [ 505.875158][T18458] netlink: 'syz.5.6220': attribute type 10 has an invalid length. [ 505.883454][ T11] tipc: Left network mode [ 508.398295][ T26] kauditd_printk_skb: 61 callbacks suppressed [ 508.398311][ T26] audit: type=1326 audit(2000000407.301:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18508 comm="syz.7.6237" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9c8e18f6c9 code=0x0 [ 524.339914][T18664] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 524.350456][T18664] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 524.359287][T18664] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 524.370078][T18664] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 524.381969][T18664] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 524.391792][T18664] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 524.433876][T18664] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 524.444220][T18664] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 524.453061][T18664] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 524.462130][T18664] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 524.470478][T18664] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 524.478228][T18664] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 524.842798][T18663] chnl_net:caif_netlink_parms(): no params data found [ 524.978460][T18663] bridge0: port 1(bridge_slave_0) entered blocking state [ 524.990278][T18663] bridge0: port 1(bridge_slave_0) entered disabled state [ 525.008112][T18663] device bridge_slave_0 entered promiscuous mode [ 525.022399][T18663] bridge0: port 2(bridge_slave_1) entered blocking state [ 525.042379][T18663] bridge0: port 2(bridge_slave_1) entered disabled state [ 525.060742][T18663] device bridge_slave_1 entered promiscuous mode [ 525.121498][T18663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 525.142814][T18663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 525.219449][T18663] team0: Port device team_slave_0 added [ 525.232099][T18663] team0: Port device team_slave_1 added [ 525.291544][T18663] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 525.305926][T18663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 525.341223][T18663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 525.363125][T18663] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 525.370397][T18663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 525.410987][T18663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 525.483509][T18663] device hsr_slave_0 entered promiscuous mode [ 525.498771][T18663] device hsr_slave_1 entered promiscuous mode [ 525.516804][T18663] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 525.532733][T18663] Cannot create hsr debugfs directory [ 525.852659][T18663] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 525.871953][T18663] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 525.891687][T18663] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 525.909764][T18663] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 525.968637][T18663] bridge0: port 2(bridge_slave_1) entered blocking state [ 525.975852][T18663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 525.983303][T18663] bridge0: port 1(bridge_slave_0) entered blocking state [ 525.990501][T18663] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.119661][T18663] 8021q: adding VLAN 0 to HW filter on device bond0 [ 526.159982][T18663] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.259525][T18663] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 526.489415][T18664] Bluetooth: hci5: command 0x0409 tx timeout [ 526.563859][T18664] Bluetooth: hci6: command 0x0409 tx timeout [ 526.818635][T18663] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 527.579307][T18663] device veth0_vlan entered promiscuous mode [ 527.612458][T18663] device veth1_vlan entered promiscuous mode [ 527.668821][T18663] device veth0_macvtap entered promiscuous mode [ 527.691530][T18663] device veth1_macvtap entered promiscuous mode [ 527.739267][T18663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.757162][T18663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.778877][T18663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.798280][T18663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.812409][T18663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.834722][T18663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.852648][T18663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.872892][T18663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.894435][T18663] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 527.913829][T18663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.933174][T18663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.957120][T18663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.973268][T18663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.991884][T18663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.003465][T18663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.022831][T18663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.043256][T18663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.066707][T18663] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 528.087287][T18663] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.105437][T18663] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.121679][T18663] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.132838][T18663] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.302832][ T4408] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 528.322505][ T4408] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.393932][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 528.411756][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.563809][T18664] Bluetooth: hci5: command 0x041b tx timeout [ 528.643695][T18664] Bluetooth: hci6: command 0x041b tx timeout [ 530.643742][T18664] Bluetooth: hci5: command 0x040f tx timeout [ 530.724000][T18664] Bluetooth: hci6: command 0x040f tx timeout [ 532.723773][T18664] Bluetooth: hci5: command 0x0419 tx timeout [ 532.803856][T18664] Bluetooth: hci6: command 0x0419 tx timeout [ 564.803909][ T48] Bluetooth: hci4: command 0x0406 tx timeout [ 628.083499][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 628.090156][ C1] rcu: 1-....: (1 GPs behind) idle=66c4/1/0x4000000000000000 softirq=66376/66377 fqs=5239 [ 628.101922][ C1] (t=10500 jiffies g=88645 q=245384 ncpus=2) [ 628.108137][ C1] CPU: 1 PID: 18490 Comm: syz.5.6231 Not tainted syzkaller #0 [ 628.115632][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 628.125696][ C1] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 [ 628.131514][ C1] Code: f5 ff 0f 1f 00 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 8e 8f 41 f7 48 89 df e8 e6 54 42 f7 e8 31 48 65 f7 fb bf 01 00 00 00 76 cd 35 f7 65 8b 05 f7 84 e0 75 85 c0 74 02 5b c3 e8 44 96 de [ 628.151465][ C1] RSP: 0000:ffffc9000379fbd8 EFLAGS: 00000286 [ 628.157528][ C1] RAX: c1630d67bc1ac400 RBX: ffff888072964a00 RCX: c1630d67bc1ac400 [ 628.165493][ C1] RDX: dffffc0000000000 RSI: ffffffff8a8c0580 RDI: 0000000000000001 [ 628.173481][ C1] RBP: ffff888072964e98 R08: dffffc0000000000 R09: ffffed100e52c941 [ 628.181462][ C1] R10: ffffed100e52c941 R11: 1ffff1100e52c940 R12: 1ffff1100e52c9d3 [ 628.189426][ C1] R13: 0000000000000021 R14: dffffc0000000000 R15: 0000000000000000 [ 628.197398][ C1] FS: 00007fda6bff66c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 628.206324][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 628.212904][ C1] CR2: 0000001b2d724220 CR3: 0000000088c6c000 CR4: 00000000003506e0 [ 628.220873][ C1] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 628.228893][ C1] DR3: ffffffffefffff15 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 628.236987][ C1] Call Trace: [ 628.240286][ C1] [ 628.243240][ C1] get_signal+0x1163/0x1350 [ 628.247765][ C1] arch_do_signal_or_restart+0xb7/0x1240 [ 628.253408][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 628.258604][ C1] ? get_sigframe_size+0x10/0x10 [ 628.263630][ C1] ? __sched_clock_gtod_offset+0xe0/0xe0 [ 628.269268][ C1] ? hrtimer_interrupt+0x7b7/0x9c0 [ 628.274386][ C1] ? __irq_exit_rcu+0x13b/0x220 [ 628.279243][ C1] ? exit_to_user_mode_loop+0x3b/0x110 [ 628.284710][ C1] exit_to_user_mode_loop+0x70/0x110 [ 628.289999][ C1] exit_to_user_mode_prepare+0xee/0x180 [ 628.295544][ C1] irqentry_exit_to_user_mode+0x5/0x30 [ 628.301022][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 628.307022][ C1] RIP: 0033:0x7fda6dd8f6c7 [ 628.311442][ C1] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 628.331041][ C1] RSP: 002b:00007fda6bff6038 EFLAGS: 00000246 [ 628.337127][ C1] RAX: 0000000000000000 RBX: 00007fda6dfe5fa0 RCX: 00007fda6dd8f6c9 [ 628.345100][ C1] RDX: 0000000000002020 RSI: 00002000000009c0 RDI: 0000000000000003 [ 628.353070][ C1] RBP: 00007fda6de11f91 R08: 0000000000000000 R09: 0000000000000000 [ 628.361129][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 628.369093][ C1] R13: 00007fda6dfe6038 R14: 00007fda6dfe5fa0 R15: 00007ffccc3e8ce8 [ 628.377103][ C1]