last executing test programs: 28.554762799s ago: executing program 0 (id=1653): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x11, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan1\x00'}}]}, 0x64}}, 0x0) 27.786358245s ago: executing program 0 (id=1662): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075"], 0x0}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 27.570381471s ago: executing program 0 (id=1665): r0 = socket(0x2, 0x3, 0x100000001) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000280)={{}, {0x6, @random="e6ae0e173c2e"}, 0x2, {0x2, 0x0, @multicast2}, 'ip6_vti0\x00'}) 27.42836398s ago: executing program 0 (id=1667): r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$sock_cred(r0, 0x1, 0x6, &(0x7f0000000000), &(0x7f00000001c0)=0xc) 27.202986133s ago: executing program 0 (id=1671): r0 = socket$l2tp(0x2, 0x2, 0x73) sendmmsg(r0, &(0x7f0000005200)=[{{&(0x7f0000000480)=@un=@abs, 0x80, &(0x7f0000000040)=[{&(0x7f0000000500)="8f", 0x1}, {0x0, 0x2}], 0x2}}], 0x1, 0x0) 27.036546011s ago: executing program 0 (id=1675): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0x15, 0x8001}]}, 0x34}}, 0x0) 3.288899116s ago: executing program 2 (id=1783): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0x9, 0x2, 0x0, "f067c51ac931286a106a241012c9bd17b30a3e5c6817c45fb9ff6b7176716429"}) 3.238104312s ago: executing program 2 (id=1784): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) io_setup(0x4, &(0x7f0000000000)=0x0) r2 = io_uring_setup(0x7d5, &(0x7f0000000500)) close_range(r2, 0xffffffffffffffff, 0x0) io_getevents(r1, 0x6, 0x6, &(0x7f0000000580)=[{}, {}, {}, {}, {}, {}], 0x0) 3.205367227s ago: executing program 3 (id=1785): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xf}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 3.071944769s ago: executing program 1 (id=1787): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x30, r1, 0x1, 0x0, 0x0, {{}, {0x0, 0x5}, {0x14, 0x18, {0x0, @bearer=@udp='udp:syz2\x00'}}}}, 0x30}}, 0x0) 3.030020652s ago: executing program 3 (id=1788): r0 = socket$inet(0x2, 0x3, 0x8) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001900)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x0, 0xe138, 0x198, 0x1c0, 0x198, 0x2a0, 0x358, 0x358, 0x2a0, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bond\x00'}, 0x0, 0x158, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0004000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0x50}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x398) 3.021193977s ago: executing program 2 (id=1789): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x70, r1, 0x1, 0x0, 0x0, {0x6}, [@NLBL_UNLABEL_A_SECCTX={0x2c, 0x7, 'system_u:object_r:udev_helper_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private0}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00'}]}, 0x70}}, 0x0) 2.92946488s ago: executing program 1 (id=1790): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x2, 0x0, 0x20001100) 2.911554801s ago: executing program 4 (id=1791): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000002c0)=[@in={0x2, 0x0, @rand_addr=0x64010102}], 0x10) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x90) 2.907477404s ago: executing program 3 (id=1792): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(0xffffffffffffffff, 0x80044d00, &(0x7f0000000140)) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) r6 = open(&(0x7f0000000140)='./file1\x00', 0x10f0c2, 0x0) ftruncate(r6, 0x200004) read$FUSE(r5, &(0x7f00000023c0)={0x2020}, 0xfffffe9f) sendfile(r5, r6, 0x0, 0x80001d00c0d1) 2.863801288s ago: executing program 2 (id=1793): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0x9, 0x2, 0x0, "f067c51ac931286a106a241012c9bd17b30a3e5c6817c45fb9ff6b7176716429"}) 2.79928425s ago: executing program 1 (id=1794): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x87}, @printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000180)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 2.752624598s ago: executing program 2 (id=1795): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x1008400, &(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYRES64], 0x86, 0x680, &(0x7f0000000340)="$eJzs3c1vHGcdB/DvbNZONpTUTZM2RZUSNRIgIhI7Vgrm0oAQyqFCVTlwthInsbJJi+0it0LUvF8rkT+gHHzjgJC4R5QLF7j16mMlBJdeMKdFMzu7Xr/bCfHa4fOJxvPMPPM8z+/57czOvsRygP9bNy6l+ShFblx6c7HcXlmebK8sT97vlZMcT9JImt1Vin93Op1PkuvpLnml3Fl3V2w3zsPZqbc//Xzls+5Ws16q4xs7tdubpXrJhSTH6vXj+e2m/m7u1t+J3fos+jMsE3axlzgYtpEknco/H3b3/Oivz/VrBrS2ar3rmQ8cAUX3vrnJWHKyvtDL1wHdu2L3nn2kLQ07AAAAADgAz69mNYs5New4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Cip//5/US+NXvlCit7f/x+t96UuHy7n93f4o6cVBwAAAAAAAAAcoPOrWc1iTiVZKrc7RfWd/2tV5Znq5xfyXuYzk7lczmKms5CFzGUiydhAR6OL0wsLcxP9lr3/GbC55dUtW17dJdDj9br1v5o5AAAAAAAAADxTfp4b1ff/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwaBTJse6qWs70ymNpNJOcSDJaHreU/L1XPsoeDTsAAAAAeAKdPR73/GpWs5hT/XZF9Z7/pep9/4m8lwdZyGwW0s5MblWfBXTf9TdWlifbK8uT98tlc7/f/te+wq16TPezh61HPlcd0crtzFZ7Ludm3klR3Eqjalk614tn67h+VsZUvNE1slM4A9m7Va/LmX9Urzf5cF+T3c4+P0wZqzIy0s/IeB1bmY0Xds7EPh+djSNNpNEP9syGkTZMYl3O39jjeCfrdTmfX2+X86HYmImrA2ffSzvnPPnKn37/w7vtB/fu3p6/dHimtDe9DwW7V0ZrcyYmBzLx8rOciU3Gq0yc7W/fyPfyg1zKhbyVuczmx5nOQmZyId+tStP1+VwMXPLbZOr6uq23dotktD5Du8+i62PKLjG9VrU9ldl8P+/kVmbyevXvaibyjVzLtUwNPMJn9/BM29jmqu98ccvgL361LrSS/KZeV+40d5v4U1bm9YWBvA4+545VdYN71rJ0eh/3o16W/rBzKM0v1YVyjF/U68NhYyYmBjLx4s6Z+F31tDLffnBv7u70u3sb7vRHdaG8jn51qO4S5flyunywqq31Z0dZ92JdN1Ita/karb9x6bZrbKo726/rXqlL216po/VruM09Xa3qXt6ybrKqOzdQt/H1Vrv/euhZ+PIH4Jl18msnR1v/aP2t9XHrl627rTdPfOf4N4+/OpqRv4x8qzl+7MuNV4s/5uP8dO39PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Pjm3//g3nS7PTO3odDpdD7cpuooF47V0z7AQV95LhnWlEeTHI7M/6fT6dR7isMQz86FTul4Oo/Z/M9J9nZwM8lWVeeHn4QhPzEBT92VhfvvXpl//4Ovz96fvjNzZ+bB1LVrU+NT116fvHJ7tj0z3v057CiBp2Htpj/sSAAAAAAAAAAAAIC9OohfJ9h+9BMHOVUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgiLpxKc1HKTIxfnm83F5ZnmyXS6+8dmQzSSNJ8ZOk+CS5nu6SsYHuiu3GeTg79fann698ttZXs3d8Y6d2W2ps3LFUL7mQ5Fi9fgLr+rv5xP0V/RmWCbvYSxwM238DAAD///NMCDQ=") socket$inet(0x2, 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) 2.747397772s ago: executing program 4 (id=1796): syz_emit_ethernet(0x4e, &(0x7f0000000b80)={@link_local, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2c96ed", 0x18, 0x0, 0x0, @dev, @local, {[@hopopts={0x0, 0x2, '\x00', [@generic={0x7, 0x8, "846ddaa35696f9a4"}, @pad1, @pad1]}]}}}}}, 0x0) 615.765713ms ago: executing program 1 (id=1797): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xf}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 567.204797ms ago: executing program 4 (id=1798): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="17090000000000080000010000000500070000000000080009000008000008001700", @ANYRES32=r3, @ANYBLOB="08000a0000000000060002"], 0x3c}}, 0x0) 377.577301ms ago: executing program 3 (id=1799): r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x101c02, 0x0) pwritev(r0, &(0x7f0000001780)=[{&(0x7f0000000400)="f7", 0x1}, {&(0x7f0000000700)="79f8bdbc37a8fa771cbfe270f5960eb6118e83d2635d577b4017f249c25d0193b9fed92402501468bf3e7b0050f090d25a4890b98adc12c8ea507a0d93a7a7fb", 0x40}], 0x2, 0x0, 0x0) 333.061077ms ago: executing program 4 (id=1800): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f00005a9000/0x3000)=nil, 0x3000, 0x4) 332.444473ms ago: executing program 2 (id=1801): r0 = socket$inet(0x2, 0x3, 0x8) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001900)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x0, 0xe138, 0x198, 0x1c0, 0x198, 0x2a0, 0x358, 0x358, 0x2a0, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bond\x00'}, 0x0, 0x158, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0004000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0x50}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x398) 301.965319ms ago: executing program 1 (id=1802): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000040)=@framed={{0x18, 0xb}}, &(0x7f00000000c0)='syzkaller\x00', 0x5}, 0x90) 237.530427ms ago: executing program 3 (id=1803): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x2, 0x0, 0x20001100) 195.414787ms ago: executing program 1 (id=1804): syz_usb_connect(0x0, 0x0, 0x0, 0x0) r0 = socket(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x13, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @local}}}, &(0x7f0000003c00)=0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 158.567994ms ago: executing program 4 (id=1805): socket$inet6_sctp(0xa, 0x801, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_setup(0x24f9, &(0x7f0000000240), 0x0, 0x0) syz_io_uring_setup(0x6820, &(0x7f0000000380), 0x0, 0x0) syz_io_uring_setup(0x5dde, &(0x7f0000000640), 0x0, 0x0) syz_io_uring_setup(0x4033, &(0x7f0000000000), 0x0, 0x0) syz_io_uring_setup(0x4033, &(0x7f0000000100), 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0031d098edb942739f987b03"], 0x0, 0x26}, 0x20) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 31.471048ms ago: executing program 4 (id=1806): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffffffffffff16) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}}, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0) connect$inet6(r1, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140), 0x4) openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x2, &(0x7f0000000b40)=ANY=[@ANYRES32=0x0, @ANYBLOB="5e0de6d0a46fa97f7414d5d4beddb6230d028c2985c07fd13ab9cd215be43701b0695c176f010c8522dc892d07fde1c4dd61620c6f145357d324923d98eafd69fcb6929e5d0149b55ad366cb405eb1db194e21eff7ee1ffd0fc491f7a1bd5ef94daa60e4ca4f86b607c0bfa43209a15cc602bced1e30290c9c66b61c0ce079072dc9c55937e87e811990c0a91e53fb7262746f85989515c54010fd24e6ce0415a26322ae81df827d5dcd02a05bea25986e519c3ec6192d3b14cf5fe367c9165b7e625e7c8389494b52ea3019206695e90ce8167dbf5a4157b8943bb48d9b485936f5e27d9538b9a26e5aba36d03db6093d2d3572600e08431993ce973d4cc18848c4593672ae571311d7723653de6825ebf2cb1ea583fe04db14c9ce1762a6b8f00dfd20f64f9acc3ced5097658b468f02c66bb8a7a586d00970044ace79a1202a934310f37359976a87a4b407ee8c3838f48255c0dd8dec7e6be5ef228cb602d83169cc3cdd372823665e0173e6d17bce2a6fb31d80542852c651fbb12c1f875a9f9f7654944b6054fbd6a2755f1eac851d3574df50e5bcf52b771784b7494278b1ee4954fcc101a27cd2caa6bed9d137b06ac60716f64745446165f75818f9ee4d0d02407e33f2cbe25398555191dc68ca32d57d986da35f029b57bc9ddbdb3c7286994688782975d4e91dfd0ae1aca248ac78df50ecf1a84b8a88577c1884bd97c96b3feea64f35e34b41ee47cc845f9240bfabb68c11e1dec3ae7aa4642af97341fb2358ec2c9fffb1c0bb90f375020e7a14c3c46c41766614442a0eeb6c5a55c6dc8d735ad8f724be9123a12f1416ed9404a070da645be79878b39e36eb461ec426c46a5d0201543fa3ccd8b0c305655aee8dbbae71e1f187bae5abe882e52a41dfb52a057704dbf359f993f0fde8bcab0f8ba7ec1f84e7386e8c72c81a6317bc937529063f8f5cf7b8753592629199a0e63773f9d1c63373738804b8267c989434168ecdfd0805e8936f99b5dffbab3a2c326a8bcf5881fe5f79cf58bea52d236abdfb1986331fabb9aab70f3e50acf81e2f5b4db83a73f9d0ec011f840fc5f62e5762cd4abfabebe5737d1486d65ad58f846c29bb1e94c7b20b04a34be7be0ec348f502dffb12f7e4140f8d70120ff1015664afa4c0dab33e5c04ea296ae48c0f4d7c67db9c319de481e018299990c727eb95b6746cc5bbfbdee52a77d96f2406b2f883eb3cce1deb571bc322dd113d69aac36e3816ca2256067391a1d10386503d2788eb5f3289ed462c3bea4951e2e9843cfa0ee70826c2d29ab31a902ccd9f82e43e56a6299b3f5c19ab010ee56c7d71031684ab754c1a442c386b93fa66dcc36f9c1d372434e75a5a7f8651ec4bb2b46ab61fc45a019abf8e20107e9a228ec07ecadfcb2f2373bf977cdedcdaa103bba3b70fb2ab373070f3fa88ef3ff54c1bf05df0350c3d9f8fc6d35734798bfe454da9128e2011e33e8b7602d3e45c160eb85ff49d722c1d049de00b151a938c5cb59861e19669b381f0ebcae398a93789ce8e2579aaf7b1493db08d71165d6c60396e0f2626b9f4609965d6c063fc071592e5eb58b707a942ab6a8a09192fd0bd3f0964c9ff7c978fbb46bd951f0d60c296f00d38c78bdee7f9e894b04b174a15aa68ff527376b3fc319996400f2e705cdf15f133a59a496402afc90824306d0f5c49993d3fa24ede9304f11fd30b31e7ce0517d9ea1919f2f5ef3ed1ede8f39872e17e0fbfdf1a9342dc65b192cb01dcbae1bbfab8b3fa2db08b09cd2aa9ad36ad9d4fc7039dafe688b1dff5986e172cc2e3476caa63ad6603568b2290252dc015c12323a980c6a347ec50efc9aea18c124bb21877b3807df36b71ad0e108f819988b8769cd1a6ec5d5b853939845187763ccc818d50146b912e3c76dbb7d893d787c898727be3b369c1c0526845b4ce2e842dbb120b2d7174203b3096f381743f4e0480206a13aee6f6514818dc77c5bf1e0476c1e391a71d2c58cc862063c5723bb0e7eb06e7e2d22252793c5b65c77c850530ef57f894145b332708371a06135382b7eea0782f8f7a88392c2be365934785685a2af96aa2b6e2035c3cb6f556071be1fb411f8c8497c041573e261a205d40b098ac2546cf2d25b7947c503ed6c9c9c3217a8695e1ca1b359ac92b91740344796243fac99189c0c46215df1a42478ebdb8c4a8d99e6ee985886de89c5d33f9485891da2023ce3d3c3b7b620c4231100c1911730f9d03e90ccf9cd10e4c7953e79a10913d683b3860db3c40f53f85ef77b9bdc108661a1d7b6c28d3c9f1c8bdd4d6110ba986c1f639de668a027740124ecdf54ab9e877f3208dad0139d434eb76ad3d6fb08ef20b6bdca5392d5e21ff9be075658192e70ff175beaa325397b45bdf9d5025935f9369d6a8bb9e368cab2beae3b891faeb1c9623104cacebffac39be98e324991983a268fce8226ef81184e4f2bab4b05f4c0111bcff4de5633fe26dda28197418470c59a254d18320afb3264ba857e0666e35e504d93054c8fc6e5e6bde8845abd33f6607d988da0e41831bb1228dcd83a894d094fdae1f592078d6d1b79dc8dc40d76e7b065b7ddb42b82773251dfd887fd0083d581deefd2cc8bf133f239aa7d014b67cd27eab9c40578449f61aef4831d1cef26902d886f29ada6624c45ef13caea199e8e98a14eb66559cb55296d7b1bfe87ff39c4e29598a014d723d245a2501301d2e9ac28caa8848532acc0c142b45f02e2daf692ba28decf4e0f6afcf5eeaa84e5282b91c3026d7c350bae653b2fcae8b77e9236348be3717552db2351cb289a4848cfaef7fcca4d246c91aeb619c7fdfc2a740736fd3677599d7e0092cd32274817188964b2be954bcfb3bc7928367be69d05688509f0b1edfbdb2138d766cff0bed83d67fea0ed79a6d02cee5ff6a4a6c6cd05f769cae141cc543af8705d1878953b63b3b1bb9f65e3c35891e9716959627b8bd8cda654dbaf44b2240144d587b2ee6b7c14d4246a920eeb5dd6adde20e4782f015a39b7e1287a3b00d93e7ae0dab496644aa5e833fc2334777c41b8935461c845d44f82fbdd821d413ed3b4a8c35ce5e36729b755c10400e66f49e012b7b1416744498d99093074574068230236c3559a25b4badfc4610cd4bca127b17434a76f10638e26cd77bdc8d9063398def2a36b115b381d03ea4a556aa608bde59c0e6662c0a1382d4bb26563e42b80d21c8400e4f48ccf62bbff0faa291cca6d5093cf12ac83979505bcf31682c225d9f5d02b43a83c4b0d9a9ceaab087b9acf6ec300f3e82f1fb348786704dfb536cdb65e1e35a8e68c9cd2490b198c1d0d46fb7f51ea8f5e210d3547c9577396a6619476871b3260ea49a5bb95825192688cff7e22520b821ceeeccc1f54471b76ae855c3733054be0ce00a4c44de27e45c2c0569de1b7c1621089f731fe64022e5b2225f3d85b71d4dba61a0a51b2a93687a33fa26f586da98f7b811221c717180d717546ef88e8ef37fdb381643f9eb32fbf327f37dc16f725b384d7bec64fb64a25836dd46a3ed3403ae2d9c751056d6db1983c0b36226bef498caa786c78f26a0e56b6fae8034df8fe9e76b466c6f67774c6bcdfa4429c3a5fb1edaa3f0e44f60f13a63c9ed19f360a30dcbdff3a30c8003a5c0eb51d8f1620fc58134550c46a7e66cfcb411c9bb151fe823ef2dbdfaad4ed4b54bd02740aad65163d30c43425c05032107fdb2de4b9be600fd35a33abda297087cd206cc56ade830c52524130ca577cc34f7538fd1bdb1c0608ede243a47cc6021447183509091511565b138126840859812db525691bd0b357bd6499e70ae3aa2d2711298dda1b4f274a6c24e31f548693c2ffb86ac957b00fe7fb802c72cf70977a116972fe9ccfdf206977c6137d152010132a6a3b01197769a418126b57ad67661c555d8c11ad8c09c8ba43a4ff55b28bf37ff03febf4688f30a3ab759b0088810c7e7d45eeeee778fdc9cd0efc719a84170d47246e9ed1e072799d7e2419bab5af06f3d319e2e19819237b6b5ba746d221796086570e1bf3365078d4c9806c7949e773c752665a73adfc3ee5d24fd17c653009ad1f3f5a0b3184c99f72dea417702391bcc4f2d1f924298c056d18b4083e075255799b77ed11b003cb5b54f26f28716582dffbcb3fbb9891c2b27ee8a0e3ea8e0412a13e63920ef0886e97b7b22aea7d22734459fe2f09007e16160b0770b6e5235c6cd19fd76b9305615018a0b1ec748a2daedb768680ec63b5c4cc8848221e474c7f3e24f339ce640534e682209d119c29652b95b4d63e1633b31f4c31b27f67ddd456c2816bf9f60457c36c1b6f011251a30b708cb218e25523f967c90a320eaa1e7d9aa8bcfc3c46d89881a9ca821ee324ee883aa7fcfb528e588e05e9e9cdaa7ae84ef5dabba76681d9b2b16af60b0ec3770e5d44b72fdfa193ba723875ea8bc93d50fb22b2ebb576826da6c4e1f7574e4d9ef140986fdc01b0334d8a646e7ac43d12c12463d8142236432e5f03ba68beec4c578016c396ac719e108a6ff7c1d2c7aaea8085dd176f716cbb815f944153657289625f22a8ee62e596d498ed2246ae8daa093280f5e33677ccdb95682faecf22d091c31fd8a0d541adcdb78090368ccdba3afda265ca1bd4bd412b236892ca41a629cdd6bd96529ba789a8f25f7122902f9bd121b050ea3075cf9c8ab7051ec2e7647b5e7ca81ab314863868c2519b0700b924d862fcae1ad13c08cece894ee7026ed0795166e8abac03f593285a8e82a05d0354a8b9e464e363660b7b2674a109397fbb0d191dcd32b1aad1ff7742b7a208ba423058329038ff7e54c963322b1ab821af6d500a996afdf94086293ec0089ebebc7996b76f3a315d7e515c5c56363c8fbf8f5af457bc8ee55ab884b2129cc064e0540315bb758441c25e2c4675972966581ce8dbe69cb52e6ed39b6ea6f752f1d2014cf5e30928815ddff44fc2b7260eafa9a9fb647f2f211ef3a79bd0d2d46d2e64db000db30350977c5b7638565c0db0115e7affbf3b554dc4a7066c50a6a22c6e75487d8624bc2c46a97f51a93009f747cb685af75ae2e8f79894f63e8a79ecae8548ccaf89006607adc82197ed1ceaad2f74f63cef83454e0cae3220d0c2d5ae37f90938cda02ef853e03358ee634707c806262752cb33dfd1e9061d032f8402c075293c33c3fc850ae7cf79cafb1f7629cffbaa6afe2873470ddae816f46877f5d1b463fd0cdc6564b17968058a014ac214bd49240ef7e939ab4220f1e3f641591db5c2a289f42e3f831f6743e03491e7bd97e3eb6edd8b9b7d31985a052bdeaf5682bb8eac75ad212a5fe79fb2ddd3c170336d7d96fc121d0700f71b0e12d1dfed19c372d999dddfe3e350f99803cae669208822fb126a440650c8dc39151f82cb26810edf96a13a198fceafd94b1ad15aef421f01ee62e527295adbb10fda8e3335369cc31297b6bb6597f19a429d73d6f68a6719909c846b825c858f82b4c8f432475812ebe8085e445beea7807c00d3a092e1b00fa02ae41fdf2a1013a7f1f87bf5b3ed8238fe94d07a8851ac2c1d8399af64ac964e2011f888ae935e0c24349127a339cca1b23e1039b89045df50918dc869803526f3f761c66b5a32cb3f370810af2f7a2e6deab47ba0bce10f5f1650776d84896b60f735282196208cc477e68762303830cdb687f9c9f9727bd938b170a4cf32aedbe132fea64c3c649b20ba74caebe8587e634d4d86ca8d7dc637a998b8dd921e9", @ANYRES32], 0xff, 0x2e7, &(0x7f0000000280)="$eJzs3M9LG2kcx/Gvml9GNDksu+wuy37ZveyyMGj2XghFaWmgRU2pLRRGnbQh00QygyWlqD31WvpH9CDe6k1oe+jVS2899dKbhxZKqfTXlEwmGjX+oiZa836B5nGe5+vzTGYcPiNk1q48uFXIOUbOdKW7OyzdIguyLpKstkQq1W9dIhKTmi6JSKMF+bfv3cs/xiauXkhnMsOjqiPp8f9Tqjrw55Pbd5f+eub2XV4eWInKavL62tvU69WfV39d+zp+M+9o3tFiyVVTJ0uv3Mikbel03ikYqpc8z3QszRefT4j4/SXXrPbn7NLMTEXN4nR/fKZsOY6axYoWrIpKSKRcUfOGmS+qYRjaHxfsJ7o4Omqm/Wbs0MVTLVgQvtu5HSd+uZw2e0Skd8fY7GK7VgUAAE6OLfk/ptvzv68reK1u+eJ5XmO9n//fPxY5UP5fieyS/4N8X8//tlXL/45Vdg+W/92SutX8HyL/H0J2M//j1Krm/3jw9+u7d21p0G+Q/wEAAAAAAAAAAAAAAAAAAAAA+BGse17C87xE/bX+FQ0+El7/+bjXidbg+He2MQ0aqjER+/5sdjYrYodrGzeOuyWDkpDP/vkQqLVHzmeGB9WXlKf2fFA/P5vt8QvTOcmLLZYMSUKSzeuHavW6tT4s8cb6lCTkp+b1qab1Efnn74Z6QxLyYkpKYsu0f15v1s8NqZ69mNlW3+uPAwAAAADgNDB0Q9P7d8PYrb9Wn86J+PfX+/9/YNv9dUh+Cx3vvgMAAAAA0Cmcyp2CadtWuY2NmIi0fq7q3rV+d3r3HjP3X/vf3pPTSDRsqT9Euu3LCDVOGg1W0aK5fnn46MPR/cIzy79/atb1sS1v3QEuHuHWXZcAAAAAHL3N0L/7GO9NO1cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnad1TxHqCGfZ6sgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQWb4FAAD//9yVIwU=") mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x0) r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TCGETA(r2, 0x5405, &(0x7f0000000140)) open(&(0x7f0000000000)='./bus\x00', 0x4c37e, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x9000f4) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x10000, 0x0, 0x3, 0x0, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=1807): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x40, r0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @val={0xc}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1671}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]]}, 0x40}}, 0x0) setrlimit(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) lsetxattr(0x0, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffe000/0x1000)=nil, 0xffffdf004002, 0xffffdf004000, 0x0, &(0x7f0000ffc000/0x1000)=nil) r4 = socket(0x10, 0x3, 0x0) r5 = gettid() syz_open_procfs$userns(r5, &(0x7f0000000280)) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001e00050300", @ANYBLOB], 0x24}}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) prlimit64(r6, 0xa, &(0x7f00000000c0)={0x758, 0xeb0c}, &(0x7f00000001c0)) write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd) sched_setscheduler(0x0, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x4402, &(0x7f00000003c0)=ANY=[@ANYBLOB="706172743d3078300002a27f9edc6b44900000c63d5f852c6769643d", @ANYRESOCT, @ANYRESOCT, @ANYRES64=0x0, @ANYRESOCT=r7, @ANYRES8, @ANYBLOB="2c6e03d465636f6d706f73652c6769643d29ab72f4a2f73b811c7fd9bae7ecd520839bd791f81b6637f549a77ac6cb621635f9c08b2615964a3c43b727df50d049dc760465dea7349206240e6fb4756f276c72f20bab7d507fe4853b18ebe583cbf9009044b021249834326e80399ca072639251325e38177eef4f05093acfe76553919ecca99460ea4ebdbcef9c4e0ed3f10f86889116979b7aa52b38442546b806d6b8964f99a04195ad43adb611", @ANYRES16=r7, @ANYBLOB="4599"], 0x1, 0x701, &(0x7f00000009c0)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF1uOF6/lIClFNqVR+rj3kFNP6UG30ENJ74b23BAo6VHHQCGXnHRTmdmZ3Vlptbuy9Yrz+4mZ+Wa+x3zzn52ZfSC+AL6xlmej+iSSWJ59czNd39leaI1tL0zm2a2ImIiISkQ1Ikk3JauR5d7Kp/h25Dml5QEfNpfe/vyrnS/aa9V8yspXBtXrY+Lgpq18inpEjOXLg8YPafGT/bvvae/2oe2NKukcYRqwa0Xg4i/P1Co8s70Dtjp5H/8nm3fK9Kl+lOsWOKeS9nMz173UZyKmI2Iqov3Uz+8OldPv4fHaOusOAAAAwFHVjl7lhd3Yjc24cBLdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdVPv5/kk+VIl2PpBj/fyLfFnn6HBo+EOJnk+3lk5PvDAAAAAAAAACcuFd3Yzc240Kxvpdkv/m/VvqN/1vxXqzHSqzF9diMRmzERqzFfETMlBqa2GxsbKzNZzUjLg2oeTM+7VPz5uF9vNW7mhzHcQMAAAAAAADAOTY1JP/++MFtv4/l7u//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwHiQRY+1FNl0q0jNRqUbEVFFuK+LTiJg4294eSdJv45PT7wcAAAA8k6ne1WRqhDovvB+7sRkXivW9JPvMfyX7vDwV78VqbEQzNqIVK3En/wydfuqv7GwvtHa2Fx6k08F2f/rlkbqetRjt7x767/nlrEQt7kYz23I9bkcSe5lK3srLO9sL6fJB/359kPYp+UluQG/GSuk76ezqJ1n6z73fIlSPdIgj2t9o5dCSM1nueCcic3nf0hoXiwj0j8TQs1MduKf5qHS++bk0eE/9Y/7B4L1P7yvV95ubM7E/Ejej0jlDVwZHIuK7//j41/daq/fv3V2fPT+H1Nf7Q0vsj8RCKRJXn6NIDDeXReJyZ305fhG/itn4cvKtWItm/CYasREr9SK/kb+e0/nM4Eh9Nl1ee2tYT9Jrst65f/XrUz16+hT1+HmWasRr2Tm9EM1I4mFErMQb2d/NmO/cDbpn+PIIV31lhDttybXvZYtOmKJ2eNm/jdbkcUnjerEU1/I9dybLK2/pRunFvlEqnnWjP49Kqt/JE2kLfxj4fDht+yMxX4rES4e9Xtoh/eteOl9vrd5fu9d4d8T9vZ4v0+voTwOeEifymB4oPcMvxlR+cBezeZJdU3NZ3kudXhXx+m8zYj7Lu9RppfeJm+Zd7tRrX6m/jIdxp+dK/WEsxmIsZaWvZKXHDzyx0ryrnZZ67+FpXvpOq9r5Yaf8futhtNrvhyK2vva3bYDn2fT3pydq/6v9u/ZR7Y+1e7U3p342+aPJVyZi/F/jP67Ojb1eeSX5e3wUv+t+/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ7e+qPH9xut1spa/0Slf1YyuFajtVcMJDagTE8iyYfKGaFwsv7o8d7QBgcnJvPuPWX140wUozUOL1w/wW4kW/vP19Twc1GM8jTCLpJ8mMrSSysinrrPxZ67W8bPwancn6gfuVb9wHHlieIFWyp89Fdvrd/5GouIfoWH3DjGjuHmA5ypGxsP3r2x/ujxD5oPGu+svLOyOr64uDS3tPjGwo27zdbKXHteqnD6o+oBJ6T8dqJjIiJeHV53wECtAAAAAAAAAAAAwAk6jf+FOOtjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7elmej+iSSmJ+7Ppeu72wvtNKpSHdLViOiEhHJbyOSf0bcivYUM6XmksP282Fz6e3Pv9r5ottWtShfidg6tN6gNru28inqETGWL59BT3u3h7c30U1O9slOOkeRBuxaETg4a/8PAAD//9qm8z8=") ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x41, 0x0, 0x0) clock_adjtime(0x0, &(0x7f00000004c0)={0xc5}) syz_kvm_setup_cpu$x86(r8, r9, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r9, 0xae80, 0x0) kernel console output (not intermixed with test programs): lo speed is unknown, defaulting to 1000 [ 292.151853][ T5352] Trying to free block not in datazone [ 292.161792][ T5093] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 292.178376][ T5352] Trying to free block not in datazone [ 292.248960][ T5352] Trying to free block not in datazone [ 292.254505][ T5352] Trying to free block not in datazone [ 292.288772][ T5352] Trying to free block not in datazone [ 292.297713][ T5352] minix_free_inode: bit 6 already cleared [ 292.306952][ T5352] Trying to free block not in datazone [ 292.312493][ T5352] minix_free_inode: bit 7 already cleared [ 292.319371][ T8252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.988'. [ 292.336159][ T5352] minix_free_inode: bit 8 already cleared [ 292.346258][ T8248] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 292.786367][ T8266] netlink: 16 bytes leftover after parsing attributes in process `syz.3.994'. [ 292.852556][ T5098] Bluetooth: hci2: command tx timeout [ 292.900867][ T8261] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 293.050159][ T8261] loop2: detected capacity change from 0 to 2048 [ 293.130278][ T8261] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 293.176076][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 293.176097][ T29] audit: type=1326 audit(1719333622.889:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.998" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x0 [ 293.183670][ T2827] hsr_slave_0: left promiscuous mode [ 293.223060][ T2827] hsr_slave_1: left promiscuous mode [ 293.232166][ T2827] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 293.242439][ T2827] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 293.265042][ T2827] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 293.277235][ T2827] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 293.331599][ T2827] veth1_macvtap: left promiscuous mode [ 293.337475][ T2827] veth0_macvtap: left promiscuous mode [ 293.343360][ T2827] veth1_vlan: left promiscuous mode [ 293.351154][ T8282] loop3: detected capacity change from 0 to 8 [ 293.355243][ T2827] veth0_vlan: left promiscuous mode [ 293.747811][ T2827] team0 (unregistering): Port device macvlan1 removed [ 293.868840][ T8290] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 294.181178][ T8300] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1006'. [ 294.437573][ T8308] tmpfs: Bad value for 'uid' [ 294.663066][ T8314] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 294.892130][ T2827] team0 (unregistering): Port device team_slave_1 removed [ 294.925253][ T5098] Bluetooth: hci2: command tx timeout [ 295.116017][ T2827] team0 (unregistering): Port device team_slave_0 removed [ 295.131197][ T8318] loop2: detected capacity change from 0 to 256 [ 295.449863][ T8310] loop3: detected capacity change from 0 to 32768 [ 295.476229][ T8310] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1013 (8310) [ 295.547722][ T8310] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 295.576867][ T8310] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 295.592698][ T8310] BTRFS info (device loop3): using free-space-tree [ 295.840423][ T5093] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 295.867186][ T5093] FAT-fs (loop2): Filesystem has been set read-only [ 295.886226][ T5093] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 295.894389][ T8346] BTRFS info (device loop3): setting incompat feature flag for DEFAULT_SUBVOL (0x2) [ 296.118043][ T8310] BTRFS info (device loop3): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 296.164380][ T7569] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 296.995094][ T5098] Bluetooth: hci2: command tx timeout [ 297.167544][ T8159] chnl_net:caif_netlink_parms(): no params data found [ 297.317634][ T8376] loop3: detected capacity change from 0 to 512 [ 297.374111][ T8376] Quota error (device loop3): v2_read_file_info: Can't read info structure [ 297.403111][ T8376] EXT4-fs warning (device loop3): ext4_enable_quotas:7076: Failed to enable quota tracking (type=1, err=-5, ino=4). Please run e2fsck to fix. [ 297.440983][ T8376] EXT4-fs (loop3): mount failed [ 297.620952][ T8159] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.635892][ T8159] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.643224][ T8159] bridge_slave_0: entered allmulticast mode [ 297.678488][ T8159] bridge_slave_0: entered promiscuous mode [ 297.716776][ T8159] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.723977][ T8159] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.746040][ T8159] bridge_slave_1: entered allmulticast mode [ 297.757975][ T8159] bridge_slave_1: entered promiscuous mode [ 297.912459][ T5095] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 297.935110][ T5095] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 297.945626][ T29] audit: type=1326 audit(1719333627.659:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cfd575ae9 code=0x7ffc0000 [ 297.967878][ T8159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.969071][ T5095] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 298.017088][ T5095] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 298.031051][ T29] audit: type=1326 audit(1719333627.659:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cfd575ae9 code=0x7ffc0000 [ 298.062068][ T5095] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 298.069875][ T5095] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 298.137336][ T8159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 298.162142][ T29] audit: type=1326 audit(1719333627.709:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cfd575ae9 code=0x7ffc0000 [ 298.204288][ T29] audit: type=1326 audit(1719333627.709:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cfd575ae9 code=0x7ffc0000 [ 298.227204][ C0] vkms_vblank_simulate: vblank timer overrun [ 298.295135][ T29] audit: type=1326 audit(1719333627.709:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cfd575ae9 code=0x7ffc0000 [ 298.329601][ T29] audit: type=1326 audit(1719333627.709:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cfd575ae9 code=0x7ffc0000 [ 298.356536][ T29] audit: type=1326 audit(1719333627.709:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cfd575ae9 code=0x7ffc0000 [ 298.391390][ T2827] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.415685][ T29] audit: type=1326 audit(1719333627.709:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9cfd56cb67 code=0x7ffc0000 [ 298.497691][ T29] audit: type=1326 audit(1719333627.709:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9cfd511529 code=0x7ffc0000 [ 298.521606][ T29] audit: type=1326 audit(1719333627.709:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cfd575ae9 code=0x7ffc0000 [ 298.543897][ C0] vkms_vblank_simulate: vblank timer overrun [ 298.550783][ T29] audit: type=1326 audit(1719333627.709:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9cfd56cb67 code=0x7ffc0000 [ 298.578929][ T29] audit: type=1326 audit(1719333627.709:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9cfd511529 code=0x7ffc0000 [ 298.589417][ T8159] team0: Port device team_slave_0 added [ 298.613217][ T29] audit: type=1326 audit(1719333627.709:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8396 comm="syz.0.1040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cfd575ae9 code=0x7ffc0000 [ 298.722072][ T2827] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.932527][ T8159] team0: Port device team_slave_1 added [ 299.846149][ T8393] lo speed is unknown, defaulting to 1000 [ 299.981953][ T2827] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.125688][ T5098] Bluetooth: hci1: command tx timeout [ 300.233850][ T2827] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.567653][ T8159] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 300.694424][ T8159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.037238][ T8159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.123214][ T8159] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 301.185054][ T8159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.245164][ T8159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 301.316114][ T8440] loop3: detected capacity change from 0 to 128 [ 301.371801][ T8438] evm: overlay not supported [ 301.396713][ T8442] netlink: 'syz.4.1056': attribute type 1 has an invalid length. [ 301.404526][ T8442] bond0: option mode: unable to set because the bond device has slaves [ 301.632818][ T8159] hsr_slave_0: entered promiscuous mode [ 301.644097][ T8159] hsr_slave_1: entered promiscuous mode [ 301.713092][ T8454] kAFS: No cell specified [ 302.065715][ T8466] netlink: 'syz.3.1068': attribute type 1 has an invalid length. [ 302.094520][ T8466] bond0: option mode: unable to set because the bond device has slaves [ 302.167540][ T8474] loop4: detected capacity change from 0 to 512 [ 302.205120][ T5098] Bluetooth: hci1: command 0x041b tx timeout [ 302.214632][ T8474] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz.4.1071: bad orphan inode 17 [ 302.233403][ T8474] ext4_test_bit(bit=16, block=4) = 1 [ 302.239052][ T8474] is_bad_inode(inode)=0 [ 302.243239][ T8474] NEXT_ORPHAN(inode)=0 [ 302.282725][ T8474] max_ino=32 [ 302.300708][ T8474] i_nlink=1 [ 302.312831][ T8479] kAFS: No cell specified [ 302.323730][ T8474] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 302.353929][ T2827] bridge_slave_0: left allmulticast mode [ 302.364807][ T2827] bridge_slave_0: left promiscuous mode [ 302.371544][ T2827] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.521077][ T8474] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz.4.1071: path /root/syzkaller.c83aI3/185/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 302.602656][ T5352] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.941200][ T8506] loop3: detected capacity change from 0 to 256 [ 303.990195][ T2827] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.032056][ T2827] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.078308][ T2827] bond0 (unregistering): Released all slaves [ 304.276461][ T5095] Bluetooth: hci1: command 0x041b tx timeout [ 304.340143][ T2827] Êü: left promiscuous mode [ 304.347295][ T8488] syz.0.1074 (8488): drop_caches: 2 [ 304.478796][ T8393] chnl_net:caif_netlink_parms(): no params data found [ 304.897095][ T8534] loop4: detected capacity change from 0 to 512 [ 304.918427][ T8534] EXT4-fs: Ignoring removed nomblk_io_submit option [ 304.933896][ T8534] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 305.214011][ T8393] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.250685][ T8393] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.274706][ T8393] bridge_slave_0: entered allmulticast mode [ 305.297370][ T5352] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.309229][ T8393] bridge_slave_0: entered promiscuous mode [ 305.408455][ T8393] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.430474][ T8393] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.447906][ T8393] bridge_slave_1: entered allmulticast mode [ 305.467087][ T8393] bridge_slave_1: entered promiscuous mode [ 305.667804][ T2827] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 305.677832][ T2827] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.703210][ T2827] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 305.728577][ T2827] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.778300][ T2827] veth1_macvtap: left promiscuous mode [ 305.784417][ T2827] veth0_macvtap: left promiscuous mode [ 305.800363][ T2827] veth1_vlan: left promiscuous mode [ 305.816293][ T2827] veth0_vlan: left promiscuous mode [ 306.355563][ T5095] Bluetooth: hci1: command 0x041b tx timeout [ 306.517131][ T2827] team0 (unregistering): Port device team_slave_1 removed [ 306.573943][ T2827] team0 (unregistering): Port device team_slave_0 removed [ 307.177974][ T8393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 307.293121][ T8552] loop4: detected capacity change from 0 to 128 [ 307.297598][ T8393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.470337][ T8393] team0: Port device team_slave_0 added [ 307.522951][ T8393] team0: Port device team_slave_1 added [ 307.667211][ T8393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.674297][ T8393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.718118][ T8393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.814084][ T8393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.825293][ T8393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.860739][ T8393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.905616][ T8570] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1108'. [ 307.974249][ T8159] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 308.074656][ T8159] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 308.132343][ T8393] hsr_slave_0: entered promiscuous mode [ 308.145339][ T8393] hsr_slave_1: entered promiscuous mode [ 308.151988][ T8393] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 308.172906][ T8393] Cannot create hsr debugfs directory [ 308.185176][ T8159] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 308.203643][ T8159] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 308.435624][ T5095] Bluetooth: hci1: command 0x041b tx timeout [ 308.551417][ T8588] netlink: 'syz.4.1116': attribute type 3 has an invalid length. [ 309.706083][ T8604] loop4: detected capacity change from 0 to 256 [ 309.775993][ T8604] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x72685a33, utbl_chksum : 0xe619d30d) [ 310.102021][ T8159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 310.120190][ T8619] dccp_close: ABORT with 107 bytes unread [ 310.309279][ T8159] 8021q: adding VLAN 0 to HW filter on device team0 [ 310.372998][ T8625] Attempt to restore checkpoint with obsolete wellknown handles [ 310.459458][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.466751][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.536126][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.543310][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.758136][ T8632] loop3: detected capacity change from 0 to 128 [ 310.805810][ T8393] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 310.875107][ T8632] bio_check_eod: 193 callbacks suppressed [ 310.875132][ T8632] syz.3.1132: attempt to access beyond end of device [ 310.875132][ T8632] loop3: rw=3, sector=137, nr_sectors = 7 limit=128 [ 310.903348][ T8393] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 310.917885][ T8632] syz.3.1132: attempt to access beyond end of device [ 310.917885][ T8632] loop3: rw=2051, sector=144, nr_sectors = 897 limit=128 [ 310.964734][ T8393] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 311.071645][ T8393] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 311.725718][ T8650] io-wq is not configured for unbound workers [ 311.841688][ T8393] 8021q: adding VLAN 0 to HW filter on device bond0 [ 311.873033][ T8659] loop3: detected capacity change from 0 to 128 [ 311.893709][ T8159] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 311.910994][ T8659] syz.3.1142: attempt to access beyond end of device [ 311.910994][ T8659] loop3: rw=3, sector=137, nr_sectors = 7 limit=128 [ 311.934800][ T8659] syz.3.1142: attempt to access beyond end of device [ 311.934800][ T8659] loop3: rw=2051, sector=144, nr_sectors = 897 limit=128 [ 311.971110][ T8393] 8021q: adding VLAN 0 to HW filter on device team0 [ 312.018681][ T930] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.025942][ T930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.111505][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.118752][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.254103][ T8663] loop4: detected capacity change from 0 to 512 [ 312.316686][ T8663] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 312.345934][ T8663] ext4 filesystem being mounted at /root/syzkaller.c83aI3/206/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 312.363714][ T8159] veth0_vlan: entered promiscuous mode [ 312.452265][ T8159] veth1_vlan: entered promiscuous mode [ 312.702128][ T8661] loop3: detected capacity change from 0 to 32768 [ 312.720532][ T5352] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.733959][ T8661] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1143 (8661) [ 312.781113][ T8661] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 312.811229][ T8661] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 312.821481][ T8159] veth0_macvtap: entered promiscuous mode [ 312.821710][ T8661] BTRFS info (device loop3): using free-space-tree [ 312.874875][ T8159] veth1_macvtap: entered promiscuous mode [ 313.012702][ T8661] BTRFS info (device loop3): checking UUID tree [ 313.059506][ T8697] Attempt to restore checkpoint with obsolete wellknown handles [ 313.232776][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.289108][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.297935][ T7569] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 313.319329][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.334419][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.351702][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.362535][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.372752][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.383435][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.393470][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.408503][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.698432][ T8703] loop4: detected capacity change from 0 to 4096 [ 313.725448][ T8159] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 313.784967][ T8703] ntfs3: loop4: Primary boot: invalid bytes per index 12288(3). [ 313.793277][ T8703] ntfs3: loop4: try to read out of volume at offset 0x1ffe00 [ 314.371407][ T8393] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.379354][ T8707] capability: warning: `syz.4.1153' uses deprecated v2 capabilities in a way that may be insecure [ 314.413306][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.438375][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.453238][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.465551][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.494968][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.514895][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.533784][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.553597][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.569744][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.580410][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.604151][ T8159] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 314.796899][ T8159] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.813105][ T8719] x_tables: duplicate underflow at hook 3 [ 314.816838][ T8159] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.821400][ T29] kauditd_printk_skb: 52 callbacks suppressed [ 314.821421][ T29] audit: type=1804 audit(1719333644.529:435): pid=8717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1158" name="/root/syzkaller.f8pRli/103/file0" dev="sda1" ino=1978 res=1 errno=0 [ 314.858454][ T8159] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.886941][ T8159] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.023711][ T8719] loop3: detected capacity change from 0 to 2048 [ 315.039737][ T8719] udf: Unknown parameter 'norict' [ 315.232446][ T8393] veth0_vlan: entered promiscuous mode [ 315.412305][ T8393] veth1_vlan: entered promiscuous mode [ 315.435264][ T2827] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.459726][ T2827] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.665510][ T6542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.687646][ T6542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.820808][ T8393] veth0_macvtap: entered promiscuous mode [ 315.936000][ T8393] veth1_macvtap: entered promiscuous mode [ 316.125532][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.173868][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.212746][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.245027][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.260684][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.274351][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.297167][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.320124][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.333342][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.354117][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.397446][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.432648][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.480242][ T8393] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 316.521730][ T8743] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1168'. [ 317.147774][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.366671][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.404906][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.434959][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.445135][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.455760][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.465663][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.478022][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.489289][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.500003][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.510610][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.544901][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.567369][ T8393] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 317.649503][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.657363][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.667708][ T8393] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.706360][ T8393] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.728621][ T8393] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.764917][ T8393] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.911326][ T8761] loop1: detected capacity change from 0 to 1024 [ 317.993851][ T8761] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1175'. [ 318.003073][ T8765] loop4: detected capacity change from 0 to 256 [ 318.022824][ T8765] exfat: Deprecated parameter 'utf8' [ 318.078291][ T8765] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 318.290087][ T2827] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.322034][ T2827] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.497490][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.520942][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.522017][ T8778] sch_fq: defrate 0 ignored. [ 318.758461][ T8788] loop2: detected capacity change from 0 to 256 [ 319.040034][ T8795] ipvlan2: entered promiscuous mode [ 319.061361][ T8795] ipvlan2: entered allmulticast mode [ 319.086535][ T8795] batadv0: entered allmulticast mode [ 319.108683][ T8795] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 319.217238][ T8805] loop2: detected capacity change from 0 to 764 [ 319.227386][ T8792] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1185'. [ 319.295744][ T8808] sch_fq: defrate 0 ignored. [ 319.449392][ T8816] dccp_close: ABORT with 107 bytes unread [ 319.856383][ T8833] loop2: detected capacity change from 0 to 764 [ 320.014868][ T8836] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 320.024101][ T8836] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 320.154592][ T8838] serio: Serial port pts0 [ 320.952931][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 323.166304][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 323.188009][ T8905] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1232'. [ 323.843888][ T8936] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1248'. [ 324.129462][ T8943] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1252'. [ 325.105127][ T8951] loop2: detected capacity change from 0 to 512 [ 325.120536][ T8951] EXT4-fs (loop2): blocks per group (71) and clusters per group (20800) inconsistent [ 325.268679][ T8953] loop4: detected capacity change from 0 to 256 [ 325.530744][ T29] audit: type=1800 audit(1719333655.239:436): pid=8965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1254" name="file2" dev="sda1" ino=1987 res=0 errno=0 [ 326.101461][ T8984] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1268'. [ 326.367321][ T29] audit: type=1800 audit(1719333656.069:437): pid=8987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1270" name="bus" dev="sda1" ino=1997 res=0 errno=0 [ 326.387811][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.738157][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 326.831963][ T8983] loop4: detected capacity change from 0 to 32768 [ 326.935158][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 326.952868][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 326.992932][ T8] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 327.025992][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.073010][ T8] usb 1-1: Product: syz [ 327.106098][ T8] usb 1-1: Manufacturer: syz [ 327.110783][ T8] usb 1-1: SerialNumber: syz [ 327.252420][ T9015] loop2: detected capacity change from 0 to 256 [ 327.892068][ T8] usb 1-1: config 0 descriptor?? [ 327.908130][ T8996] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 327.926196][ T8] hub 1-1:0.0: bad descriptor, ignoring hub [ 327.934935][ T8] hub 1-1:0.0: probe with driver hub failed with error -5 [ 327.966458][ T8] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input18 [ 328.167076][ T930] usb 1-1: USB disconnect, device number 6 [ 328.167154][ C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 328.404220][ T9019] loop3: detected capacity change from 0 to 4096 [ 328.521233][ T9028] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 328.551104][ T9031] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1288'. [ 328.615452][ T29] audit: type=1800 audit(1719333658.319:438): pid=9019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1285" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 329.265394][ T5148] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 329.417340][ T9054] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 329.452932][ T9054] vhci_hcd: invalid port number 129 [ 329.474102][ T9054] vhci_hcd: invalid port number 129 [ 329.507087][ T5148] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 329.543991][ T5148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 329.591920][ T5148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 329.627924][ T5148] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 329.665235][ T5148] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 329.677524][ T5148] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 329.695134][ T5148] usb 4-1: Manufacturer: syz [ 329.706371][ T5148] usb 4-1: config 0 descriptor?? [ 330.007314][ T9038] loop2: detected capacity change from 0 to 32768 [ 330.112733][ T9065] loop4: detected capacity change from 0 to 2048 [ 330.140121][ T5148] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 330.161719][ T9065] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 330.181574][ T5148] appleir 0003:05AC:8243.0008: No inputs registered, leaving [ 330.192359][ T9065] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 330.216409][ T5148] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 330.375233][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 330.503837][ T5180] usb 4-1: USB disconnect, device number 8 [ 330.575045][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 330.580116][ T9083] loop4: detected capacity change from 0 to 256 [ 330.592991][ T8] usb 1-1: New USB device found, idVendor=0e41, idProduct=4156, bcdDevice=ec.07 [ 330.608421][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.627428][ T8] usb 1-1: Product: syz [ 330.640398][ T8] usb 1-1: Manufacturer: syz [ 330.661610][ T8] usb 1-1: SerialNumber: syz [ 330.726421][ T8] usb 1-1: config 0 descriptor?? [ 330.757664][ T8] snd_usb_podhd 1-1:0.0: Line 6 POD HDDESKTOP found [ 330.770046][ T8] usb 1-1: selecting invalid altsetting 1 [ 330.781246][ T8] snd_usb_podhd 1-1:0.0: set_interface failed [ 330.792162][ T8] snd_usb_podhd 1-1:0.0: Line 6 POD HDDESKTOP now disconnected [ 330.812338][ T8] snd_usb_podhd 1-1:0.0: probe with driver snd_usb_podhd failed with error -22 [ 330.998878][ T8] usb 1-1: USB disconnect, device number 7 [ 331.954590][ T9150] loop3: detected capacity change from 0 to 256 [ 332.140704][ T5148] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 332.335829][ T5180] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 332.365025][ T5148] usb 3-1: Using ep0 maxpacket: 8 [ 332.373036][ T5148] usb 3-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 332.400884][ T5148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.433030][ T5148] usb 3-1: config 0 descriptor?? [ 332.528162][ T5180] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 332.545079][ T5180] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 332.566825][ T5180] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 332.577120][ T5148] viperboard 3-1:0.0: version 0.00 found at bus 003 address 006 [ 332.595505][ T5180] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.636379][ T5180] usb 2-1: config 0 descriptor?? [ 332.661121][ T5148] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 332.695382][ T5148] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 332.758395][ T5148] usb 3-1: USB disconnect, device number 6 [ 333.067126][ T5180] isku 0003:1E7D:319C.0009: unknown main item tag 0x0 [ 333.088752][ T5180] isku 0003:1E7D:319C.0009: unknown main item tag 0x0 [ 333.095858][ T5180] isku 0003:1E7D:319C.0009: unknown main item tag 0x0 [ 333.110026][ T5180] isku 0003:1E7D:319C.0009: unknown main item tag 0x0 [ 333.124651][ T5180] isku 0003:1E7D:319C.0009: unknown main item tag 0x0 [ 333.143140][ T5180] isku 0003:1E7D:319C.0009: unknown main item tag 0x0 [ 333.151322][ T5180] isku 0003:1E7D:319C.0009: unknown main item tag 0x0 [ 333.166174][ T5180] isku 0003:1E7D:319C.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.1-1/input0 [ 333.450992][ T9187] sp0: Synchronizing with TNC [ 333.494236][ T9186] [U] è [ 333.566237][ T930] usb 2-1: USB disconnect, device number 6 [ 334.051719][ T5180] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 334.308616][ T9197] loop3: detected capacity change from 0 to 256 [ 334.385323][ T5180] usb 3-1: Using ep0 maxpacket: 16 [ 334.610219][ T5180] usb 3-1: New USB device found, idVendor=0e41, idProduct=4156, bcdDevice=ec.07 [ 334.655918][ T5180] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.674465][ T9197] FAT-fs (loop3): Directory bread(block 64) failed [ 334.699401][ T5180] usb 3-1: Product: syz [ 334.703627][ T5180] usb 3-1: Manufacturer: syz [ 334.714796][ T9197] FAT-fs (loop3): Directory bread(block 65) failed [ 334.743967][ T9197] FAT-fs (loop3): Directory bread(block 66) failed [ 334.763067][ T9197] FAT-fs (loop3): Directory bread(block 67) failed [ 334.765061][ T5180] usb 3-1: SerialNumber: syz [ 334.769932][ T9197] FAT-fs (loop3): Directory bread(block 68) failed [ 334.789023][ T9197] FAT-fs (loop3): Directory bread(block 69) failed [ 334.797981][ T9197] FAT-fs (loop3): Directory bread(block 70) failed [ 334.804564][ T9197] FAT-fs (loop3): Directory bread(block 71) failed [ 334.807410][ T5180] usb 3-1: config 0 descriptor?? [ 334.811247][ T9197] FAT-fs (loop3): Directory bread(block 72) failed [ 334.822613][ T9197] FAT-fs (loop3): Directory bread(block 73) failed [ 334.858524][ T5180] snd_usb_podhd 3-1:0.0: Line 6 POD HDDESKTOP found [ 334.899252][ T5180] usb 3-1: selecting invalid altsetting 1 [ 334.899283][ T5180] snd_usb_podhd 3-1:0.0: set_interface failed [ 334.899522][ T5180] snd_usb_podhd 3-1:0.0: Line 6 POD HDDESKTOP now disconnected [ 334.899721][ T5180] snd_usb_podhd 3-1:0.0: probe with driver snd_usb_podhd failed with error -22 [ 335.127259][ T5180] usb 3-1: USB disconnect, device number 7 [ 335.129600][ T9209] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1343'. [ 335.494946][ T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 335.705485][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 335.721710][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 335.753706][ T8] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 335.785079][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.837884][ T8] usb 1-1: Product: syz [ 335.842161][ T8] usb 1-1: Manufacturer: syz [ 335.846927][ T8] usb 1-1: SerialNumber: syz [ 335.854138][ T8] usb 1-1: config 0 descriptor?? [ 335.860226][ T9213] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 335.873662][ T8] hub 1-1:0.0: bad descriptor, ignoring hub [ 335.884374][ T8] hub 1-1:0.0: probe with driver hub failed with error -5 [ 336.418019][ T9231] loop4: detected capacity change from 0 to 64 [ 336.806681][ T8] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input19 [ 336.824533][ C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 336.833952][ T8] usb 1-1: USB disconnect, device number 8 [ 336.898706][ T9236] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1355'. [ 337.115122][ T9247] IPv6: NLM_F_CREATE should be specified when creating new route [ 337.115251][ T9247] netlink: 1 bytes leftover after parsing attributes in process `syz.4.1359'. [ 337.465074][ T8] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 337.644993][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 337.658225][ T8] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 337.667058][ T9268] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1366'. [ 337.683711][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.730787][ T8] usb 5-1: config 0 descriptor?? [ 337.876246][ T8] viperboard 5-1:0.0: version 0.00 found at bus 005 address 008 [ 337.983868][ T8] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 338.008575][ T8] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 338.840814][ T8] usb 5-1: USB disconnect, device number 8 [ 339.068494][ T9286] loop3: detected capacity change from 0 to 1024 [ 339.096226][ T9286] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 339.599610][ T9308] syz.0.1381 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 339.940043][ T9302] ceph: No mds server is up or the cluster is laggy [ 345.011228][ T9352] loop2: detected capacity change from 0 to 2048 [ 345.198234][ T9352] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 345.240240][ T9352] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 345.550857][ T9375] fuse: Unknown parameter 'fd0x0000000000000003' [ 345.566958][ T9375] cgroup: name respecified [ 345.617046][ T9375] EXT4-fs (sda1): re-mounted 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 r/w. Quota mode: none. [ 345.693938][ T29] audit: type=1326 audit(1719333675.399:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed3d775ae9 code=0x7ffc0000 [ 345.746468][ T29] audit: type=1326 audit(1719333675.399:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed3d775ae9 code=0x7ffc0000 [ 345.794162][ T29] audit: type=1326 audit(1719333675.399:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fed3d775ae9 code=0x7ffc0000 [ 345.849083][ T29] audit: type=1326 audit(1719333675.399:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed3d775ae9 code=0x7ffc0000 [ 345.910241][ T29] audit: type=1326 audit(1719333675.399:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed3d775ae9 code=0x7ffc0000 [ 345.935554][ T29] audit: type=1326 audit(1719333675.399:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fed3d775ae9 code=0x7ffc0000 [ 345.984629][ T9391] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 346.009933][ T29] audit: type=1326 audit(1719333675.439:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed3d775ae9 code=0x7ffc0000 [ 346.049787][ T29] audit: type=1326 audit(1719333675.439:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fed3d76cb67 code=0x7ffc0000 [ 346.136117][ T29] audit: type=1326 audit(1719333675.439:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fed3d711529 code=0x7ffc0000 [ 346.169287][ T29] audit: type=1326 audit(1719333675.439:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7fed3d775ae9 code=0x7ffc0000 [ 346.170891][ T9396] netlink: 'syz.2.1413': attribute type 4 has an invalid length. [ 346.262676][ T9397] netlink: 'syz.2.1413': attribute type 4 has an invalid length. [ 346.438657][ T9401] xt_hashlimit: overflow, rate too high: 0 [ 346.548174][ T9401] loop1: detected capacity change from 0 to 512 [ 347.233028][ T9431] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 347.366735][ T9434] loop1: detected capacity change from 0 to 1024 [ 347.577542][ T9442] loop3: detected capacity change from 0 to 64 [ 347.712356][ T9448] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1437'. [ 347.795798][ T5148] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 348.093822][ T5148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x61 has an invalid bInterval 97, changing to 7 [ 348.173223][ T5148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x61 has invalid maxpacket 24929, setting to 1024 [ 348.348660][ T5148] usb 3-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=39.78 [ 348.467976][ T5148] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.478743][ T5148] usb 3-1: Product: syz [ 348.484142][ T5148] usb 3-1: Manufacturer: syz [ 348.489268][ T5148] usb 3-1: SerialNumber: syz [ 348.720861][ T5148] usb 3-1: config 0 descriptor?? [ 348.738040][ T5148] usbtest 3-1:0.0: usb test device [ 348.743324][ T5148] usbtest 3-1:0.0: high-speed {control in/out iso-out} tests (+alt) [ 348.800966][ T9456] loop1: detected capacity change from 0 to 1024 [ 348.838171][ T9456] EXT4-fs: Ignoring removed orlov option [ 348.843884][ T9456] EXT4-fs: Ignoring removed nomblk_io_submit option [ 348.922997][ T9456] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 348.999717][ T5148] usb 3-1: USB disconnect, device number 8 [ 349.015236][ T9469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1445'. [ 349.222542][ T9482] loop3: detected capacity change from 0 to 256 [ 349.240564][ T9484] loop4: detected capacity change from 0 to 256 [ 349.249415][ T9484] FAT-fs (loop4): bogus sectors per cluster 0 [ 349.255838][ T9484] FAT-fs (loop4): Can't find a valid FAT filesystem [ 349.284089][ T9482] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 349.314961][ T5151] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 349.507716][ T5151] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.661587][ T5151] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 349.885085][ T5151] usb 2-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 350.728150][ T5151] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.738812][ T5151] usb 2-1: config 0 descriptor?? [ 350.833904][ T9494] loop4: detected capacity change from 0 to 2048 [ 350.900554][ T9494] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 351.135034][ T5352] UDF-fs: error (device loop4): udf_read_inode: (ino 1317) failed !bh [ 351.191453][ T5352] UDF-fs: error (device loop4): udf_read_inode: (ino 1317) failed !bh [ 351.556749][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 351.556787][ T29] audit: type=1326 audit(1719333681.209:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdd775ae9 code=0x7ffc0000 [ 351.857768][ T29] audit: type=1326 audit(1719333681.209:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdd775ae9 code=0x7ffc0000 [ 351.859667][ T9512] loop3: detected capacity change from 0 to 256 [ 351.905042][ T29] audit: type=1326 audit(1719333681.609:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effdd775ae9 code=0x7ffc0000 [ 351.959810][ T29] audit: type=1326 audit(1719333681.609:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdd775ae9 code=0x7ffc0000 [ 352.050625][ T5151] magicmouse 0003:05AC:0269.000A: hidraw0: USB HID v0.00 Device [HID 05ac:0269] on usb-dummy_hcd.1-1/input0 [ 352.075135][ T29] audit: type=1326 audit(1719333681.609:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7effdd76cb67 code=0x7ffc0000 [ 352.139215][ T29] audit: type=1326 audit(1719333681.609:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7effdd711529 code=0x7ffc0000 [ 352.188164][ T29] audit: type=1326 audit(1719333681.609:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7effdd76cb67 code=0x7ffc0000 [ 352.242408][ T29] audit: type=1326 audit(1719333681.609:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7effdd711529 code=0x7ffc0000 [ 352.314286][ T5151] usb 2-1: USB disconnect, device number 7 [ 352.361875][ T29] audit: type=1326 audit(1719333681.609:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7effdd76cb67 code=0x7ffc0000 [ 352.404247][ T29] audit: type=1326 audit(1719333681.609:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.2.1465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7effdd711529 code=0x7ffc0000 [ 352.459184][ T9522] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 352.775753][ T9529] netlink: 'syz.3.1474': attribute type 4 has an invalid length. [ 352.884045][ T9532] netlink: 'syz.3.1474': attribute type 4 has an invalid length. [ 353.025882][ T8159] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.151004][ T9538] loop2: detected capacity change from 0 to 512 [ 353.164712][ T9541] loop3: detected capacity change from 0 to 256 [ 353.187973][ T9538] EXT4-fs: Ignoring removed bh option [ 353.207394][ T9538] EXT4-fs (loop2): orphan cleanup on readonly fs [ 353.263369][ T9538] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 353.309909][ T9549] @ÿ: renamed from veth0_vlan (while UP) [ 353.314121][ T5098] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 353.336622][ T5098] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 353.349539][ T9538] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.1479: invalid indirect mapped block 8 (level 2) [ 353.374019][ T5098] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 353.384568][ T9538] EXT4-fs (loop2): Remounting filesystem read-only [ 353.392468][ T9538] EXT4-fs (loop2): 1 truncate cleaned up [ 353.404660][ T5098] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 353.407701][ T9538] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 353.445778][ T5098] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 353.453242][ T5098] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 353.635035][ T9544] lo speed is unknown, defaulting to 1000 [ 353.693988][ T9564] loop3: detected capacity change from 0 to 512 [ 353.748695][ T9564] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 353.789060][ T9566] netlink: 'syz.0.1490': attribute type 4 has an invalid length. [ 353.865068][ T9564] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1489'. [ 353.916172][ T9568] netlink: 'syz.0.1490': attribute type 4 has an invalid length. [ 354.015167][ T8393] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 354.109413][ T9570] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1489'. [ 354.353695][ T9581] loop2: detected capacity change from 0 to 1024 [ 354.396213][ T9581] hfsplus: bad catalog entry type [ 354.596963][ T9544] chnl_net:caif_netlink_parms(): no params data found [ 354.971585][ T9609] xt_hashlimit: overflow, rate too high: 0 [ 355.049785][ T9609] loop2: detected capacity change from 0 to 512 [ 355.070636][ T9544] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.093587][ T9544] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.118990][ T9544] bridge_slave_0: entered allmulticast mode [ 355.136124][ T9544] bridge_slave_0: entered promiscuous mode [ 355.164253][ T9544] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.193685][ T9544] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.219805][ T9544] bridge_slave_1: entered allmulticast mode [ 355.243090][ T9544] bridge_slave_1: entered promiscuous mode [ 355.446472][ T9544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 355.493466][ T9544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 355.557398][ T5095] Bluetooth: hci3: command tx timeout [ 355.763217][ T9544] team0: Port device team_slave_0 added [ 355.796431][ T9544] team0: Port device team_slave_1 added [ 355.892533][ T9544] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 355.908480][ T9544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 355.948751][ T9544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 355.972439][ T9544] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 355.984076][ T9544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 356.020071][ T9544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 356.306955][ T9544] hsr_slave_0: entered promiscuous mode [ 356.328589][ T9544] hsr_slave_1: entered promiscuous mode [ 356.364925][ T9544] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 356.372565][ T9544] Cannot create hsr debugfs directory [ 357.091061][ T9544] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.430226][ T9544] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.432820][ T9674] loop2: detected capacity change from 0 to 8192 [ 357.493671][ T9674] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 357.587674][ T9544] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.645361][ T5095] Bluetooth: hci3: command tx timeout [ 357.653592][ T29] kauditd_printk_skb: 28 callbacks suppressed [ 357.653611][ T29] audit: type=1326 audit(1719333687.359:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 357.711998][ T8393] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 357.723204][ T8393] FAT-fs (loop2): Filesystem has been set read-only [ 357.757761][ T29] audit: type=1326 audit(1719333687.359:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 357.824605][ T29] audit: type=1326 audit(1719333687.429:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 357.900196][ T9544] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.906875][ T29] audit: type=1326 audit(1719333687.429:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 358.011541][ T29] audit: type=1326 audit(1719333687.429:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 358.062913][ T29] audit: type=1326 audit(1719333687.439:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 358.113536][ T29] audit: type=1326 audit(1719333687.439:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 358.189597][ T29] audit: type=1326 audit(1719333687.449:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f99fd16cb67 code=0x7ffc0000 [ 358.277827][ T29] audit: type=1326 audit(1719333687.449:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f99fd111529 code=0x7ffc0000 [ 358.331066][ T29] audit: type=1326 audit(1719333687.449:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.3.1528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f99fd16cb67 code=0x7ffc0000 [ 358.548554][ T9544] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 358.667707][ T9708] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1538'. [ 358.709918][ T9544] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 358.741348][ T9544] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 358.777605][ T9544] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 359.183237][ T9718] loop2: detected capacity change from 0 to 128 [ 359.197395][ T9544] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.210186][ T9715] loop3: detected capacity change from 0 to 8192 [ 359.277178][ T9715] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 359.426855][ T9713] devtmpfs: Bad value for 'mpol' [ 359.504149][ T9544] 8021q: adding VLAN 0 to HW filter on device team0 [ 359.545573][ T7569] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 359.554146][ T7569] FAT-fs (loop3): Filesystem has been set read-only [ 359.573740][ T5148] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.581091][ T5148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 359.652265][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.659476][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 359.717507][ T5095] Bluetooth: hci3: command tx timeout [ 359.772850][ T9722] loop1: detected capacity change from 0 to 1024 [ 359.812081][ T9722] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 360.612696][ T9745] loop3: detected capacity change from 0 to 4096 [ 360.681285][ T5095] Bluetooth: hci5: command 0x0406 tx timeout [ 361.127242][ T9544] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.289139][ T25] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 361.491593][ T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 361.511188][ T9757] loop3: detected capacity change from 0 to 8192 [ 361.547398][ T25] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 361.578227][ T9757] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 361.586029][ T25] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 361.639038][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 361.667987][ T25] usb 2-1: Product: syz [ 361.687556][ T25] usb 2-1: Manufacturer: syz [ 361.703686][ T25] usb 2-1: SerialNumber: syz [ 361.745667][ T9755] devtmpfs: Bad value for 'mpol' [ 361.747772][ T25] usb 2-1: config 0 descriptor?? [ 361.795115][ T5098] Bluetooth: hci3: command tx timeout [ 361.921450][ T7569] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 361.937480][ T7569] FAT-fs (loop3): Filesystem has been set read-only [ 362.134510][ T25] usb 2-1: USB disconnect, device number 8 [ 362.334609][ T9544] veth0_vlan: entered promiscuous mode [ 362.355395][ T9776] loop2: detected capacity change from 0 to 2048 [ 362.365650][ T9776] udf: Unknown parameter 'gVñ3Žorget' [ 362.397528][ T9544] veth1_vlan: entered promiscuous mode [ 362.516738][ T9544] veth0_macvtap: entered promiscuous mode [ 362.548817][ T9544] veth1_macvtap: entered promiscuous mode [ 362.634068][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.659927][ T29] kauditd_printk_skb: 136 callbacks suppressed [ 362.659949][ T29] audit: type=1326 audit(1719333692.369:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 362.691705][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.704019][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.727798][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.739334][ T29] audit: type=1326 audit(1719333692.369:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 362.772145][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.785059][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.804999][ T29] audit: type=1326 audit(1719333692.419:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 362.813202][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.841987][ T9783] tmpfs: Bad value for 'mpol' [ 362.843601][ T29] audit: type=1326 audit(1719333692.429:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 362.908030][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.932132][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.936342][ T29] audit: type=1326 audit(1719333692.439:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 362.955974][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 363.019353][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 363.019400][ T29] audit: type=1326 audit(1719333692.439:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 363.040258][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 363.092057][ T29] audit: type=1326 audit(1719333692.479:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x7ffc0000 [ 363.097346][ T9789] loop2: detected capacity change from 0 to 1024 [ 363.133432][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 363.153602][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 363.175958][ T9544] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 363.193861][ T29] audit: type=1326 audit(1719333692.479:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f99fd16cb67 code=0x7ffc0000 [ 363.221008][ T9789] hfsplus: unable to parse mount options [ 363.255167][ T29] audit: type=1326 audit(1719333692.479:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f99fd111529 code=0x7ffc0000 [ 363.405390][ T29] audit: type=1326 audit(1719333692.479:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9780 comm="syz.3.1558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f99fd16cb67 code=0x7ffc0000 [ 364.243949][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.309797][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.319959][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.345020][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.368521][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.394783][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.444891][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.476972][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.523010][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.622262][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.632920][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.646166][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.659455][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.696462][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.758735][ T9544] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 364.998086][ T9544] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.045087][ T9544] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.064940][ T9544] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.073720][ T9544] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.184327][ T9818] tmpfs: Bad value for 'mpol' [ 365.192132][ T9819] netlink: 'syz.1.1572': attribute type 23 has an invalid length. [ 365.549613][ T9831] 9pnet: Found fid 0 not clunked [ 365.699378][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.734562][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.843986][ T9845] tmpfs: Bad value for 'mpol' [ 365.906298][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.925727][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.952333][ T9850] netlink: 'syz.1.1586': attribute type 23 has an invalid length. [ 366.235372][ T9862] Invalid ELF header magic: != ELF [ 366.445365][ T5105] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 366.556637][ T9863] loop3: detected capacity change from 0 to 2048 [ 366.615974][ T9863] udf: Unknown parameter 'gVñ3Žorget' [ 366.715593][ T5105] usb 5-1: Using ep0 maxpacket: 8 [ 366.792813][ T5105] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 366.894615][ T5105] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 366.975663][ T5105] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 366.984000][ T5105] usb 5-1: SerialNumber: syz [ 367.006493][ T5105] usb 5-1: config 0 descriptor?? [ 367.015664][ T5105] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 367.034482][ T5105] usb 5-1: Failed to create links for entity 255 [ 367.044486][ T5105] usb 5-1: Failed to register entities (-22). [ 367.299998][ T5148] usb 5-1: USB disconnect, device number 9 [ 367.521318][ T9885] syzkaller1: entered promiscuous mode [ 367.552607][ T9885] syzkaller1: entered allmulticast mode [ 367.559024][ T9886] tmpfs: Bad value for 'mpol' [ 367.927866][ T9897] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1602'. [ 368.096486][ T9903] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1603'. [ 368.108360][ T9903] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1603'. [ 368.143516][ T9903] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1603'. [ 368.155221][ T9903] vlan0: entered allmulticast mode [ 368.174336][ T9903] veth0_vlan: entered allmulticast mode [ 368.508271][ T9917] tmpfs: Bad value for 'mpol' [ 368.630735][ T9918] loop2: detected capacity change from 0 to 2048 [ 368.676477][ T9918] udf: Unknown parameter 'gVñ3Žorget' [ 368.715134][ T9926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1613'. [ 368.863082][ T9924] loop3: detected capacity change from 0 to 128 [ 369.359271][ T9891] loop1: detected capacity change from 0 to 32768 [ 369.576576][ T9891] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 369.586649][ T29] kauditd_printk_skb: 133 callbacks suppressed [ 369.586669][ T29] audit: type=1800 audit(1719333699.299:779): pid=9935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1612" name="bus" dev="loop3" ino=1048698 res=0 errno=0 [ 369.607616][ T9891] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 369.685615][ T9891] gfs2: fsid=syz:syz.s: journal 0 mapped with 16 extents in 0ms [ 370.128098][ T9891] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 371.025409][ T9964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1625'. [ 371.373772][ T9972] binder: 9970:9972 ioctl c0306201 200001c0 returned -14 [ 372.211504][ T9995] Invalid ELF header magic: != ELF [ 373.503619][T10011] process 'syz.1.1645' launched '/dev/fd/3' with NULL argv: empty string added [ 373.723074][ T29] audit: type=1800 audit(1719333703.429:780): pid=10013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1644" name="bus" dev="sda1" ino=1996 res=0 errno=0 [ 373.769940][ T29] audit: type=1326 audit(1719333703.429:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10010 comm="syz.3.1644" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f99fd175ae9 code=0x0 [ 374.487678][T10037] loop1: detected capacity change from 0 to 1024 [ 374.791202][T10037] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 375.432388][ T5180] libceph: connect (1)[c::]:6789 error -101 [ 375.465623][ T5180] libceph: mon0 (1)[c::]:6789 connect error [ 375.587356][T10037] ceph: No mds server is up or the cluster is laggy [ 375.623725][T10074] binder: 10073:10074 ioctl c018620b 20000380 returned -14 [ 376.016646][ T5236] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 376.119270][ T5095] Bluetooth: hci0: command 0x0405 tx timeout [ 376.245308][ T5236] usb 4-1: Using ep0 maxpacket: 8 [ 376.282651][ T5236] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 376.304133][ T5236] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 376.334959][ T5236] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 376.393796][ T5236] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 376.468444][ T5236] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 376.500718][ T5236] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.784698][ T5236] usb 4-1: GET_CAPABILITIES returned 0 [ 376.805347][ T5236] usbtmc 4-1:16.0: can't read capabilities [ 376.899297][ T5095] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 376.937313][ T5095] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 376.956873][ T5095] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 376.975588][ T5095] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 376.983423][ T5095] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 377.002079][ T5095] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 377.053797][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.118970][ T5105] usb 4-1: USB disconnect, device number 9 [ 377.297184][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.502669][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.582036][ T29] audit: type=1326 audit(1719333707.289:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dae175ae9 code=0x7ffc0000 [ 377.604634][ C0] vkms_vblank_simulate: vblank timer overrun [ 377.632141][ T29] audit: type=1326 audit(1719333707.319:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dae175ae9 code=0x7ffc0000 [ 377.654538][ C0] vkms_vblank_simulate: vblank timer overrun [ 377.671188][T10107] lo speed is unknown, defaulting to 1000 [ 377.716621][ T29] audit: type=1326 audit(1719333707.319:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5dae175ae9 code=0x7ffc0000 [ 377.738991][ C0] vkms_vblank_simulate: vblank timer overrun [ 377.760367][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.777202][ T29] audit: type=1326 audit(1719333707.329:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dae175ae9 code=0x7ffc0000 [ 377.803254][ T29] audit: type=1326 audit(1719333707.329:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5dae175ae9 code=0x7ffc0000 [ 377.905278][ T29] audit: type=1326 audit(1719333707.329:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dae175ae9 code=0x7ffc0000 [ 378.031003][ T29] audit: type=1326 audit(1719333707.329:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5dae16cb67 code=0x7ffc0000 [ 378.053315][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.137990][ T29] audit: type=1326 audit(1719333707.329:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5dae111529 code=0x7ffc0000 [ 378.154027][T10147] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1700'. [ 378.286814][ T29] audit: type=1326 audit(1719333707.329:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5dae16cb67 code=0x7ffc0000 [ 378.341110][ T29] audit: type=1326 audit(1719333707.329:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.4.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5dae111529 code=0x7ffc0000 [ 378.385737][T10153] ip6t_srh: unknown srh invflags 7F00 [ 379.015954][ T11] bridge_slave_1: left allmulticast mode [ 379.035162][ T11] bridge_slave_1: left promiscuous mode [ 379.041055][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 379.061363][ T11] bridge_slave_0: left allmulticast mode [ 379.074377][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 379.093399][ T5095] Bluetooth: hci4: command tx timeout [ 379.103810][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.112784][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.809125][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 379.822043][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 379.833407][ T11] bond0 (unregistering): Released all slaves [ 379.975198][ T11] Êü: left promiscuous mode [ 380.451411][T10107] chnl_net:caif_netlink_parms(): no params data found [ 380.573558][T10107] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.581189][T10107] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.588702][T10107] bridge_slave_0: entered allmulticast mode [ 380.606661][T10107] bridge_slave_0: entered promiscuous mode [ 380.619857][T10107] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.638270][T10107] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.647355][T10107] bridge_slave_1: entered allmulticast mode [ 380.665437][T10107] bridge_slave_1: entered promiscuous mode [ 380.748043][T10107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 380.772485][T10107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 380.884445][T10107] team0: Port device team_slave_0 added [ 380.913355][T10107] team0: Port device team_slave_1 added [ 380.977692][T10107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 380.984703][T10107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.017915][T10107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 381.037526][T10107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 381.044562][T10107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.070918][T10107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 381.082340][T10147] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 381.095121][T10147] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 381.156428][ T5098] Bluetooth: hci4: command tx timeout [ 381.397555][T10147] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 381.403544][T10147] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 381.429217][T10107] hsr_slave_0: entered promiscuous mode [ 381.447365][T10107] hsr_slave_1: entered promiscuous mode [ 381.461893][T10107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 381.470544][T10107] Cannot create hsr debugfs directory [ 381.473614][T10147] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 381.492810][T10147] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 381.788669][T10147] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 381.811376][T10147] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 382.188310][ T5236] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 382.362939][T10247] ax25_connect(): syz.3.1712 uses autobind, please contact jreuter@yaina.de [ 383.045642][T10147] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 383.051642][T10147] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 383.212216][ T5236] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 383.250814][ T5236] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.275002][ T5236] usb 3-1: Product: syz [ 383.279313][ T5236] usb 3-1: Manufacturer: syz [ 383.293506][ T5236] usb 3-1: SerialNumber: syz [ 383.315652][ T5236] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 383.506652][ T930] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 383.682729][T10270] loop4: detected capacity change from 0 to 512 [ 383.770346][T10270] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz.4.1717: casefold flag without casefold feature [ 383.802603][T10270] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.1717: couldn't read orphan inode 15 (err -117) [ 383.836454][ T5148] usb 3-1: USB disconnect, device number 9 [ 383.924118][T10270] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 383.945623][ T5236] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 384.035475][ T11] hsr_slave_0: left promiscuous mode [ 384.041858][ T11] hsr_slave_1: left promiscuous mode [ 384.068158][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 384.110209][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 384.129984][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 384.141289][ T9544] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 384.159399][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 384.210098][T10280] loop3: detected capacity change from 0 to 1024 [ 384.244766][ T5236] usb 2-1: Using ep0 maxpacket: 8 [ 384.272409][ T5236] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 384.295299][ T5236] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 384.304410][ T5236] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.316178][ T11] veth1_macvtap: left promiscuous mode [ 384.321783][ T11] veth0_macvtap: left promiscuous mode [ 384.327635][ T11] veth1_vlan: left promiscuous mode [ 384.332998][ T11] veth0_vlan: left promiscuous mode [ 384.342973][ T5236] usb 2-1: config 0 descriptor?? [ 384.365070][T10282] loop4: detected capacity change from 0 to 256 [ 384.459384][ T1095] hfsplus: b-tree write err: -5, ino 4 [ 384.599605][ T5236] usb 2-1: USB disconnect, device number 9 [ 384.614888][ T930] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 384.642226][ T930] ath9k_htc: Failed to initialize the device [ 384.729988][ T5148] usb 3-1: ath9k_htc: USB layer deinitialized [ 385.368444][T10287] loop2: detected capacity change from 0 to 1024 [ 385.417284][T10287] hfsplus: request for non-existent node 3 in B*Tree [ 385.475084][T10287] hfsplus: request for non-existent node 3 in B*Tree [ 386.126122][ T1095] hfsplus: b-tree write err: -5, ino 3 [ 387.378098][T10328] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1737'. [ 387.848464][ T11] team0 (unregistering): Port device team_slave_1 removed [ 388.034153][ T11] team0 (unregistering): Port device team_slave_0 removed [ 388.186532][T10358] loop1: detected capacity change from 0 to 4096 [ 388.209082][T10358] ntfs3: Unknown parameter 'pc' [ 388.234930][T10360] loop2: detected capacity change from 0 to 2048 [ 388.246186][T10360] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 388.267236][T10360] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 389.479035][ C1] DEBUG: holding rtnl_mutex for 547 jiffies. [ 389.485131][ C1] task:kworker/u8:0 state:R running task stack:20856 pid:11 tgid:11 ppid:2 flags:0x00004008 [ 389.496951][ C1] Workqueue: netns cleanup_net [ 389.501779][ C1] Call Trace: [ 389.505116][ C1] [ 389.507985][ C1] sched_show_task+0x578/0x740 [ 389.512807][ C1] ? report_rtnl_holders+0x183/0x2d0 [ 389.518201][ C1] ? __pfx__printk+0x10/0x10 [ 389.522836][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 389.528220][ C1] report_rtnl_holders+0x1ba/0x2d0 [ 389.533370][ C1] ? report_rtnl_holders+0x20/0x2d0 [ 389.538662][ C1] call_timer_fn+0x18e/0x650 [ 389.543292][ C1] ? call_timer_fn+0xc0/0x650 [ 389.548040][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 389.553709][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 389.558896][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 389.564573][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 389.570284][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 389.575993][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 389.581323][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 389.586694][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 389.592371][ C1] __run_timer_base+0x66a/0x8e0 [ 389.597324][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 389.602755][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 389.609199][ C1] run_timer_softirq+0xb7/0x170 [ 389.614115][ C1] handle_softirqs+0x2c4/0x970 [ 389.618980][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 389.623800][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 389.629184][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 389.634433][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 389.639106][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 389.644446][ C1] irq_exit_rcu+0x9/0x30 [ 389.648776][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 389.654461][ C1] [ 389.657469][ C1] [ 389.660441][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 389.666528][ C1] RIP: 0010:synchronize_rcu+0x0/0x360 [ 389.671951][ C1] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 15 50 80 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 389.691686][ C1] RSP: 0018:ffffc90000107678 EFLAGS: 00000206 [ 389.697842][ C1] RAX: dffffc0000000000 RBX: 1ffff92000020ed8 RCX: ffffffff947dc803 [ 389.705891][ C1] RDX: 0000000000000001 RSI: ffffffff8bcad500 RDI: ffffffff8c2074e0 [ 389.713902][ C1] RBP: ffffc90000107758 R08: ffffffff947d298f R09: 1ffffffff28fa531 [ 389.721967][ C1] R10: dffffc0000000000 R11: fffffbfff28fa532 R12: ffffffff947cfe08 [ 389.730033][ C1] R13: 1ffff92000020ed4 R14: 0000000000000206 R15: ffffc900001076c0 [ 389.738119][ C1] lockdep_unregister_key+0x4b7/0x540 [ 389.743549][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 389.749541][ C1] ? rcu_is_watching+0x15/0xb0 [ 389.754353][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 389.759044][ C1] __qdisc_destroy+0x165/0x410 [ 389.763861][ C1] dev_shutdown+0x357/0x440 [ 389.768485][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 389.774925][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 389.781936][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 389.788249][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 389.794561][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 389.800817][ C1] default_device_exit_batch+0xa0f/0xa90 [ 389.806565][ C1] ? __pfx___might_resched+0x10/0x10 [ 389.812157][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 389.818503][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 389.823834][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 389.830072][ C1] cleanup_net+0x89d/0xcc0 [ 389.834541][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 389.839581][ C1] ? process_scheduled_works+0x945/0x1830 [ 389.845373][ C1] process_scheduled_works+0xa2c/0x1830 [ 389.851009][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 389.857095][ C1] ? assign_work+0x364/0x3d0 [ 389.861736][ C1] worker_thread+0x86d/0xd40 [ 389.866429][ C1] ? __kthread_parkme+0x169/0x1d0 [ 389.871612][ C1] ? __pfx_worker_thread+0x10/0x10 [ 389.876809][ C1] kthread+0x2f0/0x390 [ 389.880926][ C1] ? __pfx_worker_thread+0x10/0x10 [ 389.886124][ C1] ? __pfx_kthread+0x10/0x10 [ 389.890763][ C1] ret_from_fork+0x4b/0x80 [ 389.895259][ C1] ? __pfx_kthread+0x10/0x10 [ 389.899903][ C1] ret_from_fork_asm+0x1a/0x30 [ 389.904730][ C1] [ 389.907816][ C1] DEBUG: waiting rtnl_mutex for 590 jiffies. [ 389.913907][ C1] task:syz-executor state:D stack:21024 pid:10107 tgid:10107 ppid:10091 flags:0x00004002 [ 389.924162][ C1] Call Trace: [ 389.927509][ C1] [ 389.930479][ C1] __schedule+0x17e8/0x4a20 [ 389.935122][ C1] ? __pfx___schedule+0x10/0x10 [ 389.940024][ C1] ? __pfx_lock_release+0x10/0x10 [ 389.945135][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 389.950659][ C1] ? schedule+0x90/0x320 [ 389.955004][ C1] schedule+0x14b/0x320 [ 389.959228][ C1] schedule_preempt_disabled+0x13/0x30 [ 389.964729][ C1] __mutex_lock+0x6a4/0xd70 [ 389.969341][ C1] ? __mutex_lock+0x527/0xd70 [ 389.974072][ C1] ? unregister_netdevice_notifier_net+0x89/0x3a0 [ 389.980673][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 389.985798][ C1] ? rtnl_lock+0xe7/0x130 [ 389.990175][ C1] unregister_netdevice_notifier_net+0x89/0x3a0 [ 389.996520][ C1] ? _raw_spin_unlock+0x28/0x50 [ 390.001399][ C1] ? mntput_no_expire+0x2da/0x850 [ 390.006501][ C1] ? __pfx_unregister_netdevice_notifier_net+0x10/0x10 [ 390.013398][ C1] ? __pfx_mntput_no_expire+0x10/0x10 [ 390.018845][ C1] ? _raw_spin_unlock+0x28/0x50 [ 390.023798][ C1] ? simple_release_fs+0x9c/0xd0 [ 390.028898][ C1] nsim_dev_hwstats_exit+0x81/0x290 [ 390.034131][ C1] ? kfree+0x149/0x360 [ 390.038261][ C1] nsim_dev_reload_destroy+0x2ad/0x490 [ 390.043759][ C1] ? __pfx_nsim_bus_remove+0x10/0x10 [ 390.049094][ C1] nsim_drv_remove+0x58/0x160 [ 390.053795][ C1] device_release_driver_internal+0x4a9/0x7c0 [ 390.060006][ C1] bus_remove_device+0x34f/0x420 [ 390.065007][ C1] device_del+0x57a/0x9b0 [ 390.069539][ C1] ? __pfx_device_del+0x10/0x10 [ 390.074405][ C1] device_unregister+0x20/0xc0 [ 390.079232][ C1] del_device_store+0x363/0x480 [ 390.084110][ C1] ? __pfx_del_device_store+0x10/0x10 [ 390.089633][ C1] ? sysfs_kf_write+0x182/0x2a0 [ 390.094519][ C1] ? bus_attr_store+0x4f/0xa0 [ 390.099252][ C1] ? __pfx_sysfs_kf_write+0x10/0x10 [ 390.104478][ C1] kernfs_fop_write_iter+0x3a1/0x500 [ 390.109843][ C1] vfs_write+0xa72/0xc90 [ 390.114105][ C1] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 390.119971][ C1] ? __pfx_vfs_write+0x10/0x10 [ 390.124769][ C1] ksys_write+0x1a0/0x2c0 [ 390.129172][ C1] ? __pfx_ksys_write+0x10/0x10 [ 390.134035][ C1] ? do_syscall_64+0x100/0x230 [ 390.138848][ C1] ? do_syscall_64+0xb6/0x230 [ 390.143540][ C1] do_syscall_64+0xf3/0x230 [ 390.148099][ C1] ? clear_bhb_loop+0x35/0x90 [ 390.152786][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.158718][ C1] RIP: 0033:0x7fac9937469f [ 390.163143][ C1] RSP: 002b:00007fffc0c6fc20 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 390.171597][ C1] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fac9937469f [ 390.179612][ C1] RDX: 0000000000000001 RSI: 00007fffc0c6fc70 RDI: 0000000000000005 [ 390.187627][ C1] RBP: 00007fac993e44d1 R08: 0000000000000000 R09: 00007fffc0c6fa77 [ 390.195674][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 390.203673][ C1] R13: 00007fffc0c6fc70 R14: 00007fac9a034620 R15: 0000000000000003 [ 390.211731][ C1] [ 390.214765][ C1] DEBUG: waiting rtnl_mutex for 609 jiffies. [ 390.220802][ C1] task:kworker/1:2 state:D stack:21816 pid:5105 tgid:5105 ppid:2 flags:0x00004000 [ 390.231013][ C1] Workqueue: events linkwatch_event [ 390.236264][ C1] Call Trace: [ 390.239548][ C1] [ 390.242487][ C1] __schedule+0x17e8/0x4a20 [ 390.247096][ C1] ? __pfx___schedule+0x10/0x10 [ 390.251987][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 390.258042][ C1] ? __pfx_lock_release+0x10/0x10 [ 390.263081][ C1] ? kick_pool+0x45c/0x620 [ 390.267545][ C1] ? preempt_schedule_thunk+0x1a/0x30 [ 390.273020][ C1] ? schedule+0x90/0x320 [ 390.277310][ C1] schedule+0x14b/0x320 [ 390.281487][ C1] schedule_preempt_disabled+0x13/0x30 [ 390.287025][ C1] __mutex_lock+0x6a4/0xd70 [ 390.291558][ C1] ? __mutex_lock+0x527/0xd70 [ 390.296299][ C1] ? linkwatch_event+0xe/0x60 [ 390.300994][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 390.306100][ C1] ? process_scheduled_works+0x945/0x1830 [ 390.311845][ C1] ? rtnl_lock+0xe7/0x130 [ 390.316226][ C1] ? process_scheduled_works+0x945/0x1830 [ 390.321972][ C1] linkwatch_event+0xe/0x60 [ 390.326528][ C1] process_scheduled_works+0xa2c/0x1830 [ 390.332116][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 390.338183][ C1] ? assign_work+0x364/0x3d0 [ 390.342832][ C1] worker_thread+0x86d/0xd40 [ 390.347505][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 390.353472][ C1] ? __kthread_parkme+0x169/0x1d0 [ 390.358554][ C1] ? __pfx_worker_thread+0x10/0x10 [ 390.363696][ C1] kthread+0x2f0/0x390 [ 390.367831][ C1] ? __pfx_worker_thread+0x10/0x10 [ 390.372963][ C1] ? __pfx_kthread+0x10/0x10 [ 390.377614][ C1] ret_from_fork+0x4b/0x80 [ 390.382051][ C1] ? __pfx_kthread+0x10/0x10 [ 390.386687][ C1] ret_from_fork_asm+0x1a/0x30 [ 390.391481][ C1] [ 390.394501][ C1] DEBUG: waiting rtnl_mutex for 618 jiffies. [ 390.400516][ C1] task:kworker/1:7 state:D stack:19824 pid:5180 tgid:5180 ppid:2 flags:0x00004000 [ 390.410745][ C1] Workqueue: events switchdev_deferred_process_work [ 390.417401][ C1] Call Trace: [ 390.420692][ C1] [ 390.423624][ C1] __schedule+0x17e8/0x4a20 [ 390.428184][ C1] ? __pfx___schedule+0x10/0x10 [ 390.433047][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 390.439075][ C1] ? __pfx_lock_release+0x10/0x10 [ 390.444117][ C1] ? kick_pool+0x45c/0x620 [ 390.448595][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 390.453812][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 390.459063][ C1] ? schedule+0x90/0x320 [ 390.463319][ C1] schedule+0x14b/0x320 [ 390.467524][ C1] schedule_preempt_disabled+0x13/0x30 [ 390.473008][ C1] __mutex_lock+0x6a4/0xd70 [ 390.477609][ C1] ? __mutex_lock+0x527/0xd70 [ 390.482380][ C1] ? switchdev_deferred_process_work+0xe/0x20 [ 390.488496][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 390.493547][ C1] ? process_scheduled_works+0x945/0x1830 [ 390.499316][ C1] ? rtnl_lock+0xe7/0x130 [ 390.503662][ C1] ? process_scheduled_works+0x945/0x1830 [ 390.509426][ C1] switchdev_deferred_process_work+0xe/0x20 [ 390.515381][ C1] process_scheduled_works+0xa2c/0x1830 [ 390.520981][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 390.527007][ C1] ? assign_work+0x364/0x3d0 [ 390.531627][ C1] worker_thread+0x86d/0xd40 [ 390.536283][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 390.542198][ C1] ? __kthread_parkme+0x169/0x1d0 [ 390.547298][ C1] ? __pfx_worker_thread+0x10/0x10 [ 390.552432][ C1] kthread+0x2f0/0x390 [ 390.556549][ C1] ? __pfx_worker_thread+0x10/0x10 [ 390.561676][ C1] ? __pfx_kthread+0x10/0x10 [ 390.566339][ C1] ret_from_fork+0x4b/0x80 [ 390.570792][ C1] ? __pfx_kthread+0x10/0x10 [ 390.575449][ C1] ret_from_fork_asm+0x1a/0x30 [ 390.580260][ C1] [ 390.583283][ C1] DEBUG: waiting rtnl_mutex for 635 jiffies. [ 390.589298][ C1] task:kworker/u8:10 state:D stack:20312 pid:2857 tgid:2857 ppid:2 flags:0x00004000 [ 390.599613][ C1] Workqueue: ipv6_addrconf addrconf_verify_work [ 390.605922][ C1] Call Trace: [ 390.609267][ C1] [ 390.612237][ C1] __schedule+0x17e8/0x4a20 [ 390.616825][ C1] ? __pfx___schedule+0x10/0x10 [ 390.621773][ C1] ? __pfx_lock_release+0x10/0x10 [ 390.626853][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 390.632323][ C1] ? kthread_data+0x52/0xd0 [ 390.636879][ C1] ? schedule+0x90/0x320 [ 390.641149][ C1] ? wq_worker_sleeping+0x66/0x240 [ 390.646314][ C1] ? schedule+0x90/0x320 [ 390.650564][ C1] schedule+0x14b/0x320 [ 390.654733][ C1] schedule_preempt_disabled+0x13/0x30 [ 390.660237][ C1] __mutex_lock+0x6a4/0xd70 [ 390.664761][ C1] ? __mutex_lock+0x527/0xd70 [ 390.669510][ C1] ? addrconf_verify_work+0x19/0x30 [ 390.674720][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 390.679787][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 390.685841][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 390.692215][ C1] ? process_scheduled_works+0x945/0x1830 [ 390.698003][ C1] ? rtnl_lock+0xe7/0x130 [ 390.702389][ C1] ? process_scheduled_works+0x945/0x1830 [ 390.708149][ C1] addrconf_verify_work+0x19/0x30 [ 390.713179][ C1] process_scheduled_works+0xa2c/0x1830 [ 390.718785][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 390.724837][ C1] ? assign_work+0x364/0x3d0 [ 390.729547][ C1] worker_thread+0x86d/0xd40 [ 390.734179][ C1] ? __kthread_parkme+0x169/0x1d0 [ 390.739256][ C1] ? __pfx_worker_thread+0x10/0x10 [ 390.744376][ C1] kthread+0x2f0/0x390 [ 390.748485][ C1] ? __pfx_worker_thread+0x10/0x10 [ 390.753606][ C1] ? __pfx_kthread+0x10/0x10 [ 390.758241][ C1] ret_from_fork+0x4b/0x80 [ 390.762667][ C1] ? __pfx_kthread+0x10/0x10 [ 390.767294][ C1] ret_from_fork_asm+0x1a/0x30 [ 390.772085][ C1] [ 390.775155][ C1] [ 390.775155][ C1] Showing all locks held in the system: [ 390.782884][ C1] 7 locks held by kworker/u8:0/11: [ 390.788112][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 390.799429][ C1] #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 390.810049][ C1] #2: ffffffff8f5ec210 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 390.819615][ C1] #3: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 390.829768][ C1] #4: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 390.839911][ C1] #5: ffffffff8e335620 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 390.849794][ C1] #6: ffffffff8e335620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 390.859704][ C1] 3 locks held by kworker/u8:10/2857: [ 390.865203][ C1] #0: ffff888029eb2148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 390.876875][ C1] #1: ffffc90009ac7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 390.890586][ C1] #2: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 390.900151][ C1] 2 locks held by getty/4848: [ 390.904953][ C1] #0: ffff88802f1080a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 390.914863][ C1] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 390.925062][ C1] 3 locks held by kworker/1:2/5105: [ 390.930278][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 390.941322][ C1] #1: ffffc900038afd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 390.952351][ C1] #2: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 390.961396][ C1] 3 locks held by kworker/1:7/5180: [ 390.966640][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 390.977666][ C1] #1: ffffc90004197d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 390.988689][ C1] #2: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 390.999119][ C1] 7 locks held by syz-executor/10107: [ 391.004491][ C1] #0: ffff88802a2a8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 391.013440][ C1] #1: ffff888023699c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 391.023253][ C1] #2: ffff888022c235a8 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 391.033346][ C1] #3: ffffffff8ef04e28 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 [ 391.043700][ C1] #4: ffff888015f290e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 391.054287][ C1] #5: ffff888015f2a250 (&devlink->lock_key#9){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 [ 391.064402][ C1] #6: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdevice_notifier_net+0x89/0x3a0 [ 391.075271][ C1] 1 lock held by syz.4.1725/10296: [ 391.080380][ C1] #0: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: do_ip_setsockopt+0x127d/0x3cd0 [ 391.089932][ C1] 1 lock held by syz.3.1730/10312: [ 391.095093][ C1] #0: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: arp_ioctl+0x371/0x530 [ 391.103825][ C1] 1 lock held by syz.1.1751/10365: [ 391.108988][ C1] #0: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 391.118241][ C1] [ 391.120566][ C1] ============================================= [ 391.120566][ C1] [ 391.214757][T10375] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 391.227768][T10375] ip6t_srh: unknown srh match flags 4020 [ 392.196023][ C1] DEBUG: holding rtnl_mutex for 819 jiffies. [ 392.202096][ C1] task:kworker/u8:0 state:R running task stack:20856 pid:11 tgid:11 ppid:2 flags:0x00004000 [ 392.213967][ C1] Workqueue: netns cleanup_net [ 392.218861][ C1] Call Trace: [ 392.222177][ C1] [ 392.225208][ C1] __schedule+0x17e8/0x4a20 [ 392.229769][ C1] ? mark_lock+0x9a/0x360 [ 392.234148][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 392.240232][ C1] ? synchronize_rcu_expedited+0x451/0x830 [ 392.246134][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 392.252371][ C1] ? __pfx___might_resched+0x10/0x10 [ 392.257749][ C1] lockdep_hardirqs_on_prepare+0x43d/0x780 [ 392.263703][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 392.270231][ C1] synchronize_rcu+0x11b/0x360 [ 392.275072][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 392.280373][ C1] ? __phys_addr+0x105/0x170 [ 392.285030][ C1] lockdep_unregister_key+0x4b7/0x540 [ 392.290443][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 392.295734][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 392.301661][ C1] ? rcu_is_watching+0x15/0xb0 [ 392.306491][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 392.311092][ C1] __qdisc_destroy+0x165/0x410 [ 392.315919][ C1] dev_shutdown+0x357/0x440 [ 392.320493][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 392.327028][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 392.333976][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 392.340027][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 392.346377][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 392.352590][ C1] default_device_exit_batch+0xa0f/0xa90 [ 392.358346][ C1] ? __pfx___might_resched+0x10/0x10 [ 392.363766][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 392.369999][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 392.375350][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 392.381562][ C1] cleanup_net+0x89d/0xcc0 [ 392.386068][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 392.391062][ C1] ? process_scheduled_works+0x945/0x1830 [ 392.396857][ C1] process_scheduled_works+0xa2c/0x1830 [ 392.402440][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 392.408489][ C1] ? assign_work+0x364/0x3d0 [ 392.413269][ C1] worker_thread+0x86d/0xd40 [ 392.417939][ C1] ? __kthread_parkme+0x169/0x1d0 [ 392.422996][ C1] ? __pfx_worker_thread+0x10/0x10 [ 392.428191][ C1] kthread+0x2f0/0x390 [ 392.432291][ C1] ? __pfx_worker_thread+0x10/0x10 [ 392.437458][ C1] ? __pfx_kthread+0x10/0x10 [ 392.442059][ C1] ret_from_fork+0x4b/0x80 [ 392.446537][ C1] ? __pfx_kthread+0x10/0x10 [ 392.451172][ C1] ret_from_fork_asm+0x1a/0x30 [ 392.456046][ C1] [ 392.459083][ C1] DEBUG: waiting rtnl_mutex for 845 jiffies. [ 392.465103][ C1] task:syz-executor state:D stack:21024 pid:10107 tgid:10107 ppid:10091 flags:0x00004002 [ 392.475458][ C1] Call Trace: [ 392.478766][ C1] [ 392.481733][ C1] __schedule+0x17e8/0x4a20 [ 392.486435][ C1] ? __pfx___schedule+0x10/0x10 [ 392.491330][ C1] ? __pfx_lock_release+0x10/0x10 [ 392.496409][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 392.501889][ C1] ? schedule+0x90/0x320 [ 392.506195][ C1] schedule+0x14b/0x320 [ 392.510395][ C1] schedule_preempt_disabled+0x13/0x30 [ 392.515933][ C1] __mutex_lock+0x6a4/0xd70 [ 392.520491][ C1] ? __mutex_lock+0x527/0xd70 [ 392.525264][ C1] ? unregister_netdevice_notifier_net+0x89/0x3a0 [ 392.531829][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 392.536946][ C1] ? rtnl_lock+0xe7/0x130 [ 392.541291][ C1] unregister_netdevice_notifier_net+0x89/0x3a0 [ 392.547608][ C1] ? _raw_spin_unlock+0x28/0x50 [ 392.552491][ C1] ? mntput_no_expire+0x2da/0x850 [ 392.557621][ C1] ? __pfx_unregister_netdevice_notifier_net+0x10/0x10 [ 392.564533][ C1] ? __pfx_mntput_no_expire+0x10/0x10 [ 392.569977][ C1] ? _raw_spin_unlock+0x28/0x50 [ 392.574885][ C1] ? simple_release_fs+0x9c/0xd0 [ 392.579870][ C1] nsim_dev_hwstats_exit+0x81/0x290 [ 392.585171][ C1] ? kfree+0x149/0x360 [ 392.589279][ C1] nsim_dev_reload_destroy+0x2ad/0x490 [ 392.594758][ C1] ? __pfx_nsim_bus_remove+0x10/0x10 [ 392.600149][ C1] nsim_drv_remove+0x58/0x160 [ 392.604929][ C1] device_release_driver_internal+0x4a9/0x7c0 [ 392.611054][ C1] bus_remove_device+0x34f/0x420 [ 392.616101][ C1] device_del+0x57a/0x9b0 [ 392.620490][ C1] ? __pfx_device_del+0x10/0x10 [ 392.625422][ C1] device_unregister+0x20/0xc0 [ 392.630226][ C1] del_device_store+0x363/0x480 [ 392.635170][ C1] ? __pfx_del_device_store+0x10/0x10 [ 392.640593][ C1] ? sysfs_kf_write+0x182/0x2a0 [ 392.645511][ C1] ? bus_attr_store+0x4f/0xa0 [ 392.650223][ C1] ? __pfx_sysfs_kf_write+0x10/0x10 [ 392.655489][ C1] kernfs_fop_write_iter+0x3a1/0x500 [ 392.660822][ C1] vfs_write+0xa72/0xc90 [ 392.665137][ C1] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 392.670985][ C1] ? __pfx_vfs_write+0x10/0x10 [ 392.675845][ C1] ksys_write+0x1a0/0x2c0 [ 392.680213][ C1] ? __pfx_ksys_write+0x10/0x10 [ 392.685123][ C1] ? do_syscall_64+0x100/0x230 [ 392.690016][ C1] ? do_syscall_64+0xb6/0x230 [ 392.694703][ C1] do_syscall_64+0xf3/0x230 [ 392.699278][ C1] ? clear_bhb_loop+0x35/0x90 [ 392.703993][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.709929][ C1] RIP: 0033:0x7fac9937469f [ 392.714356][ C1] RSP: 002b:00007fffc0c6fc20 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 392.722817][ C1] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fac9937469f [ 392.730855][ C1] RDX: 0000000000000001 RSI: 00007fffc0c6fc70 RDI: 0000000000000005 [ 392.738906][ C1] RBP: 00007fac993e44d1 R08: 0000000000000000 R09: 00007fffc0c6fa77 [ 392.746964][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 392.755004][ C1] R13: 00007fffc0c6fc70 R14: 00007fac9a034620 R15: 0000000000000003 [ 392.763015][ C1] [ 392.766065][ C1] DEBUG: waiting rtnl_mutex for 865 jiffies. [ 392.772039][ C1] task:kworker/1:2 state:D stack:21816 pid:5105 tgid:5105 ppid:2 flags:0x00004000 [ 392.782247][ C1] Workqueue: events linkwatch_event [ 392.787530][ C1] Call Trace: [ 392.790835][ C1] [ 392.793781][ C1] __schedule+0x17e8/0x4a20 [ 392.798380][ C1] ? __pfx___schedule+0x10/0x10 [ 392.803260][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 392.809289][ C1] ? __pfx_lock_release+0x10/0x10 [ 392.814325][ C1] ? kick_pool+0x45c/0x620 [ 392.818818][ C1] ? preempt_schedule_thunk+0x1a/0x30 [ 392.824241][ C1] ? schedule+0x90/0x320 [ 392.828597][ C1] schedule+0x14b/0x320 [ 392.832798][ C1] schedule_preempt_disabled+0x13/0x30 [ 392.838316][ C1] __mutex_lock+0x6a4/0xd70 [ 392.842865][ C1] ? __mutex_lock+0x527/0xd70 [ 392.847631][ C1] ? linkwatch_event+0xe/0x60 [ 392.852374][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 392.857564][ C1] ? process_scheduled_works+0x945/0x1830 [ 392.863292][ C1] ? rtnl_lock+0xe7/0x130 [ 392.867689][ C1] ? process_scheduled_works+0x945/0x1830 [ 392.873440][ C1] linkwatch_event+0xe/0x60 [ 392.878006][ C1] process_scheduled_works+0xa2c/0x1830 [ 392.883627][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 392.889687][ C1] ? assign_work+0x364/0x3d0 [ 392.894291][ C1] worker_thread+0x86d/0xd40 [ 392.898926][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 392.904874][ C1] ? __kthread_parkme+0x169/0x1d0 [ 392.909948][ C1] ? __pfx_worker_thread+0x10/0x10 [ 392.915146][ C1] kthread+0x2f0/0x390 [ 392.919248][ C1] ? __pfx_worker_thread+0x10/0x10 [ 392.924366][ C1] ? __pfx_kthread+0x10/0x10 [ 392.929094][ C1] ret_from_fork+0x4b/0x80 [ 392.933525][ C1] ? __pfx_kthread+0x10/0x10 [ 392.938192][ C1] ret_from_fork_asm+0x1a/0x30 [ 392.943022][ C1] [ 392.946113][ C1] DEBUG: waiting rtnl_mutex for 874 jiffies. [ 392.952110][ C1] task:kworker/1:7 state:D stack:19824 pid:5180 tgid:5180 ppid:2 flags:0x00004000 [ 392.962317][ C1] Workqueue: events switchdev_deferred_process_work [ 392.968978][ C1] Call Trace: [ 392.972273][ C1] [ 392.975257][ C1] __schedule+0x17e8/0x4a20 [ 392.979811][ C1] ? __pfx___schedule+0x10/0x10 [ 392.984671][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 392.990697][ C1] ? __pfx_lock_release+0x10/0x10 [ 392.995786][ C1] ? kick_pool+0x45c/0x620 [ 393.000254][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 393.005511][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 393.010759][ C1] ? schedule+0x90/0x320 [ 393.015077][ C1] schedule+0x14b/0x320 [ 393.019360][ C1] schedule_preempt_disabled+0x13/0x30 [ 393.024876][ C1] __mutex_lock+0x6a4/0xd70 [ 393.029440][ C1] ? __mutex_lock+0x527/0xd70 [ 393.034179][ C1] ? switchdev_deferred_process_work+0xe/0x20 [ 393.040336][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 393.045430][ C1] ? process_scheduled_works+0x945/0x1830 [ 393.051159][ C1] ? rtnl_lock+0xe7/0x130 [ 393.055551][ C1] ? process_scheduled_works+0x945/0x1830 [ 393.061298][ C1] switchdev_deferred_process_work+0xe/0x20 [ 393.067253][ C1] process_scheduled_works+0xa2c/0x1830 [ 393.072937][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 393.078963][ C1] ? assign_work+0x364/0x3d0 [ 393.083565][ C1] worker_thread+0x86d/0xd40 [ 393.088232][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 393.094159][ C1] ? __kthread_parkme+0x169/0x1d0 [ 393.099249][ C1] ? __pfx_worker_thread+0x10/0x10 [ 393.104377][ C1] kthread+0x2f0/0x390 [ 393.108494][ C1] ? __pfx_worker_thread+0x10/0x10 [ 393.113623][ C1] ? __pfx_kthread+0x10/0x10 [ 393.118304][ C1] ret_from_fork+0x4b/0x80 [ 393.123024][ C1] ? __pfx_kthread+0x10/0x10 [ 393.127684][ C1] ret_from_fork_asm+0x1a/0x30 [ 393.132475][ C1] [ 393.135546][ C1] DEBUG: waiting rtnl_mutex for 891 jiffies. [ 393.141556][ C1] task:kworker/u8:10 state:D stack:20312 pid:2857 tgid:2857 ppid:2 flags:0x00004000 [ 393.151812][ C1] Workqueue: ipv6_addrconf addrconf_verify_work [ 393.158245][ C1] Call Trace: [ 393.161548][ C1] [ 393.164497][ C1] __schedule+0x17e8/0x4a20 [ 393.169124][ C1] ? __pfx___schedule+0x10/0x10 [ 393.174011][ C1] ? __pfx_lock_release+0x10/0x10 [ 393.179115][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 393.184720][ C1] ? kthread_data+0x52/0xd0 [ 393.189299][ C1] ? schedule+0x90/0x320 [ 393.193577][ C1] ? wq_worker_sleeping+0x66/0x240 [ 393.198756][ C1] ? schedule+0x90/0x320 [ 393.203011][ C1] schedule+0x14b/0x320 [ 393.207239][ C1] schedule_preempt_disabled+0x13/0x30 [ 393.212993][ C1] __mutex_lock+0x6a4/0xd70 [ 393.217573][ C1] ? __mutex_lock+0x527/0xd70 [ 393.222288][ C1] ? addrconf_verify_work+0x19/0x30 [ 393.227530][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 393.232570][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 393.238627][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 393.245066][ C1] ? process_scheduled_works+0x945/0x1830 [ 393.250850][ C1] ? rtnl_lock+0xe7/0x130 [ 393.255283][ C1] ? process_scheduled_works+0x945/0x1830 [ 393.261041][ C1] addrconf_verify_work+0x19/0x30 [ 393.266138][ C1] process_scheduled_works+0xa2c/0x1830 [ 393.271750][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 393.277818][ C1] ? assign_work+0x364/0x3d0 [ 393.282447][ C1] worker_thread+0x86d/0xd40 [ 393.287163][ C1] ? __kthread_parkme+0x169/0x1d0 [ 393.292237][ C1] ? __pfx_worker_thread+0x10/0x10 [ 393.297433][ C1] kthread+0x2f0/0x390 [ 393.301558][ C1] ? __pfx_worker_thread+0x10/0x10 [ 393.306747][ C1] ? __pfx_kthread+0x10/0x10 [ 393.311405][ C1] ret_from_fork+0x4b/0x80 [ 393.315892][ C1] ? __pfx_kthread+0x10/0x10 [ 393.320514][ C1] ret_from_fork_asm+0x1a/0x30 [ 393.325354][ C1] [ 393.328412][ C1] DEBUG: waiting rtnl_mutex for 726 jiffies. [ 393.334432][ C1] task:syz.4.1725 state:D stack:22800 pid:10296 tgid:10295 ppid:9544 flags:0x00004004 [ 393.344706][ C1] Call Trace: [ 393.348060][ C1] [ 393.351127][ C1] __schedule+0x17e8/0x4a20 [ 393.355774][ C1] ? __pfx___schedule+0x10/0x10 [ 393.360739][ C1] ? __pfx_lock_release+0x10/0x10 [ 393.365845][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 393.371452][ C1] ? schedule+0x90/0x320 [ 393.375770][ C1] schedule+0x14b/0x320 [ 393.379973][ C1] schedule_preempt_disabled+0x13/0x30 [ 393.385607][ C1] __mutex_lock+0x6a4/0xd70 [ 393.390149][ C1] ? __mutex_lock+0x527/0xd70 [ 393.394886][ C1] ? do_ip_setsockopt+0x127d/0x3cd0 [ 393.400127][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 393.405266][ C1] ? rtnl_lock+0xe7/0x130 [ 393.409655][ C1] do_ip_setsockopt+0x127d/0x3cd0 [ 393.414688][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 393.420715][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 393.427108][ C1] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 393.432522][ C1] ? irqentry_exit+0x63/0x90 [ 393.437191][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 393.442423][ C1] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 393.448397][ C1] ? sock_common_setsockopt+0x82/0xc0 [ 393.453802][ C1] ip_setsockopt+0x63/0x100 [ 393.458375][ C1] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 393.464299][ C1] do_sock_setsockopt+0x3af/0x720 [ 393.469377][ C1] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 393.475003][ C1] __sys_setsockopt+0x1ae/0x250 [ 393.479927][ C1] __x64_sys_setsockopt+0xb5/0xd0 [ 393.485035][ C1] do_syscall_64+0xf3/0x230 [ 393.489592][ C1] ? clear_bhb_loop+0x35/0x90 [ 393.494320][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.500302][ C1] RIP: 0033:0x7f5dae175ae9 [ 393.504750][ C1] RSP: 002b:00007f5daeee2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 393.513234][ C1] RAX: ffffffffffffffda RBX: 00007f5dae303fa0 RCX: 00007f5dae175ae9 [ 393.521265][ C1] RDX: 0000000000000027 RSI: 0000000000000000 RDI: 0000000000000009 [ 393.529275][ C1] RBP: 00007f5dae1f6746 R08: 000000000000000c R09: 0000000000000000 [ 393.537305][ C1] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 [ 393.545359][ C1] R13: 000000000000000b R14: 00007f5dae303fa0 R15: 00007ffe092f0728 [ 393.553376][ C1] [ 393.556446][ C1] DEBUG: waiting rtnl_mutex for 661 jiffies. [ 393.562424][ C1] task:syz.3.1730 state:D stack:27392 pid:10312 tgid:10311 ppid:7569 flags:0x00004004 [ 393.572742][ C1] Call Trace: [ 393.576120][ C1] [ 393.579072][ C1] __schedule+0x17e8/0x4a20 [ 393.583609][ C1] ? __pfx___schedule+0x10/0x10 [ 393.588538][ C1] ? __pfx_lock_release+0x10/0x10 [ 393.593605][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 393.599142][ C1] ? schedule+0x90/0x320 [ 393.603482][ C1] schedule+0x14b/0x320 [ 393.607726][ C1] schedule_preempt_disabled+0x13/0x30 [ 393.613243][ C1] __mutex_lock+0x6a4/0xd70 [ 393.617843][ C1] ? __mutex_lock+0x527/0xd70 [ 393.622575][ C1] ? arp_ioctl+0x371/0x530 [ 393.627055][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 393.632107][ C1] ? rtnl_lock+0xe7/0x130 [ 393.636508][ C1] arp_ioctl+0x371/0x530 [ 393.640779][ C1] ? __pfx_arp_ioctl+0x10/0x10 [ 393.645634][ C1] inet_ioctl+0x2b5/0x4f0 [ 393.650002][ C1] ? tomoyo_path_number_perm+0x208/0x880 [ 393.655723][ C1] ? __pfx_inet_ioctl+0x10/0x10 [ 393.660624][ C1] sock_do_ioctl+0x158/0x460 [ 393.665281][ C1] ? __pfx_sock_do_ioctl+0x10/0x10 [ 393.670461][ C1] sock_ioctl+0x629/0x8e0 [ 393.674940][ C1] ? __pfx_sock_ioctl+0x10/0x10 [ 393.679837][ C1] ? __fget_files+0x29/0x470 [ 393.684470][ C1] ? __fget_files+0x3f6/0x470 [ 393.689194][ C1] ? __fget_files+0x29/0x470 [ 393.693799][ C1] ? bpf_lsm_file_ioctl+0x9/0x10 [ 393.698805][ C1] ? security_file_ioctl+0x87/0xb0 [ 393.704029][ C1] ? __pfx_sock_ioctl+0x10/0x10 [ 393.708957][ C1] __se_sys_ioctl+0xfc/0x170 [ 393.713596][ C1] do_syscall_64+0xf3/0x230 [ 393.718191][ C1] ? clear_bhb_loop+0x35/0x90 [ 393.722901][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.728839][ C1] RIP: 0033:0x7f99fd175ae9 [ 393.733258][ C1] RSP: 002b:00007f99fdf24048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 393.741742][ C1] RAX: ffffffffffffffda RBX: 00007f99fd303fa0 RCX: 00007f99fd175ae9 [ 393.749794][ C1] RDX: 00000000200004c0 RSI: 0000000000008953 RDI: 0000000000000003 [ 393.757836][ C1] RBP: 00007f99fd1f6746 R08: 0000000000000000 R09: 0000000000000000 [ 393.765872][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 393.775676][ C1] R13: 000000000000000b R14: 00007f99fd303fa0 R15: 00007ffd9f564808 [ 393.783688][ C1] [ 393.786765][ C1] [ 393.786765][ C1] Showing all locks held in the system: [ 393.794484][ C1] 5 locks held by kworker/u8:0/11: [ 393.799652][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 393.810675][ C1] #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 393.821343][ C1] #2: ffffffff8f5ec210 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 393.830845][ C1] #3: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 393.841040][ C1] #4: ffffffff8e33a9f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 393.852091][ C1] 3 locks held by kworker/u8:10/2857: [ 393.857560][ C1] #0: ffff888029eb2148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 393.869295][ C1] #1: ffffc90009ac7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 393.883097][ C1] #2: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 393.892668][ C1] 2 locks held by getty/4848: [ 393.897415][ C1] #0: ffff88802f1080a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 393.907306][ C1] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 393.917518][ C1] 3 locks held by kworker/1:2/5105: [ 393.922717][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 393.933764][ C1] #1: ffffc900038afd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 393.944863][ C1] #2: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 393.954011][ C1] 2 locks held by kworker/1:5/5148: [ 393.959276][ C1] 4 locks held by kworker/0:4/5150: [ 393.964510][ C1] #0: ffff8880b943e898 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 393.974555][ C1] #1: ffff8880b9428948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770 [ 393.986064][ C1] #2: ffff8880b942a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 [ 393.995448][ C1] #3: ffffffff94a3fa60 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x16d/0x510 [ 394.005919][ C1] 3 locks held by kworker/1:7/5180: [ 394.011111][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 394.022129][ C1] #1: ffffc90004197d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 394.033173][ C1] #2: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 394.043643][ C1] 7 locks held by syz-executor/10107: [ 394.049080][ C1] #0: ffff88802a2a8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 394.058098][ C1] #1: ffff888023699c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 394.067952][ C1] #2: ffff888022c235a8 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 394.078053][ C1] #3: ffffffff8ef04e28 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 [ 394.088449][ C1] #4: ffff888015f290e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 394.099072][ C1] #5: ffff888015f2a250 (&devlink->lock_key#9){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 [ 394.109170][ C1] #6: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdevice_notifier_net+0x89/0x3a0 [ 394.120024][ C1] 1 lock held by syz.4.1725/10296: [ 394.125207][ C1] #0: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: do_ip_setsockopt+0x127d/0x3cd0 [ 394.134844][ C1] 1 lock held by syz.3.1730/10312: [ 394.139996][ C1] #0: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: arp_ioctl+0x371/0x530 [ 394.148816][ C1] 1 lock held by syz.1.1751/10365: [ 394.153924][ C1] #0: ffffffff8f5f8ac8 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 394.163131][ C1] 2 locks held by syz.2.1753/10376: [ 394.168381][ C1] #0: ffff88807a55a008 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240 [ 394.178680][ C1] #1: ffffffff8e33a9f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 394.189624][ C1] 4 locks held by syz.2.1753/10378: [ 394.194861][ C1] #0: ffff888025027580 (&u->iolock){+.+.}-{3:3}, at: __unix_dgram_recvmsg+0x246/0x12f0 [ 394.204697][ C1] #1: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 394.214937][ C1] #2: ffffffff8e335620 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 394.224707][ C1] #3: ffffffff8e335620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 394.234644][ C1] [ 394.237015][ C1] ============================================= [ 394.237015][ C1] [ 394.741042][T10107] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 394.836796][T10107] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 394.929185][T10397] ip6t_srh: unknown srh match flags 4020 [ 394.935291][T10107] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 394.995692][T10107] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 395.123956][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 395.123988][ T29] audit: type=1800 audit(1719333724.809:812): pid=10405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1761" name="file1" dev="sda1" ino=1976 res=0 errno=0 [ 396.434443][T10410] netlink: 'syz.3.1767': attribute type 4 has an invalid length. [ 396.452239][T10410] netlink: 128636 bytes leftover after parsing attributes in process `syz.3.1767'. [ 396.951153][T10429] program syz.3.1771 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 397.222583][T10438] loop3: detected capacity change from 0 to 256 [ 399.345632][ T29] audit: type=1800 audit(1719333727.789:813): pid=10449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1779" name="file1" dev="sda1" ino=2005 res=0 errno=0 [ 399.716993][T10107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 399.794347][T10107] 8021q: adding VLAN 0 to HW filter on device team0 [ 399.908564][ T5150] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.915889][ T5150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.059244][ T5150] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.066524][ T5150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.262491][ T29] audit: type=1800 audit(1719333729.959:814): pid=10482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1792" name="file1" dev="sda1" ino=2003 res=0 errno=0 [ 401.893292][T10483] loop2: detected capacity change from 0 to 1024 [ 402.894368][ T1095] ================================================================== [ 402.902596][ T1095] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330 [ 402.910882][ T1095] Read of size 8 at addr ffff888065fd50b8 by task kworker/u8:6/1095 [ 402.918894][ T1095] [ 402.921247][ T1095] CPU: 0 UID: 0 PID: 1095 Comm: kworker/u8:6 Not tainted 6.10.0-rc5-next-20240624-syzkaller #0 [ 402.931705][ T1095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 402.941792][ T1095] Workqueue: l2tp l2tp_tunnel_del_work [ 402.947303][ T1095] Call Trace: [ 402.950609][ T1095] [ 402.953566][ T1095] dump_stack_lvl+0x241/0x360 [ 402.958292][ T1095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 402.963515][ T1095] ? __pfx__printk+0x10/0x10 [ 402.968114][ T1095] ? _printk+0xd5/0x120 [ 402.972285][ T1095] ? __virt_addr_valid+0x183/0x520 [ 402.977417][ T1095] ? __virt_addr_valid+0x183/0x520 [ 402.982565][ T1095] print_report+0x169/0x550 [ 402.987101][ T1095] ? __virt_addr_valid+0x183/0x520 [ 402.992251][ T1095] ? __virt_addr_valid+0x183/0x520 [ 402.997384][ T1095] ? __virt_addr_valid+0x44e/0x520 [ 403.002513][ T1095] ? __phys_addr+0xba/0x170 [ 403.007038][ T1095] ? l2tp_tunnel_del_work+0xe5/0x330 [ 403.012394][ T1095] kasan_report+0x143/0x180 [ 403.016912][ T1095] ? l2tp_tunnel_del_work+0xe5/0x330 [ 403.022211][ T1095] l2tp_tunnel_del_work+0xe5/0x330 [ 403.027337][ T1095] ? process_scheduled_works+0x945/0x1830 [ 403.033066][ T1095] process_scheduled_works+0xa2c/0x1830 [ 403.038635][ T1095] ? __pfx_process_scheduled_works+0x10/0x10 [ 403.044627][ T1095] ? assign_work+0x364/0x3d0 [ 403.049234][ T1095] worker_thread+0x86d/0xd40 [ 403.053842][ T1095] ? __kthread_parkme+0x169/0x1d0 [ 403.058881][ T1095] ? __pfx_worker_thread+0x10/0x10 [ 403.064006][ T1095] kthread+0x2f0/0x390 [ 403.068124][ T1095] ? __pfx_worker_thread+0x10/0x10 [ 403.073257][ T1095] ? __pfx_kthread+0x10/0x10 [ 403.077866][ T1095] ret_from_fork+0x4b/0x80 [ 403.082404][ T1095] ? __pfx_kthread+0x10/0x10 [ 403.087009][ T1095] ret_from_fork_asm+0x1a/0x30 [ 403.091885][ T1095] [ 403.094910][ T1095] [ 403.097240][ T1095] Allocated by task 10499: [ 403.101669][ T1095] kasan_save_track+0x3f/0x80 [ 403.106358][ T1095] __kasan_kmalloc+0x98/0xb0 [ 403.110952][ T1095] __kmalloc_noprof+0x1f9/0x400 [ 403.115813][ T1095] l2tp_session_create+0x3b/0xc20 [ 403.120878][ T1095] pppol2tp_connect+0xca3/0x17a0 [ 403.125826][ T1095] __sys_connect+0x2df/0x310 [ 403.130427][ T1095] __x64_sys_connect+0x7a/0x90 [ 403.135200][ T1095] do_syscall_64+0xf3/0x230 [ 403.139714][ T1095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.145622][ T1095] [ 403.147945][ T1095] Freed by task 7569: [ 403.151925][ T1095] kasan_save_track+0x3f/0x80 [ 403.156608][ T1095] kasan_save_free_info+0x40/0x50 [ 403.161663][ T1095] poison_slab_object+0xe0/0x150 [ 403.166695][ T1095] __kasan_slab_free+0x37/0x60 [ 403.171468][ T1095] kfree+0x149/0x360 [ 403.175371][ T1095] __sk_destruct+0x58/0x5f0 [ 403.179879][ T1095] rcu_core+0xaaa/0x17a0 [ 403.184306][ T1095] handle_softirqs+0x2c4/0x970 [ 403.189076][ T1095] __irq_exit_rcu+0xf4/0x1c0 [ 403.193679][ T1095] irq_exit_rcu+0x9/0x30 [ 403.197927][ T1095] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 403.203577][ T1095] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 403.209571][ T1095] [ 403.211899][ T1095] Last potentially related work creation: [ 403.217621][ T1095] kasan_save_stack+0x3f/0x60 [ 403.222313][ T1095] __kasan_record_aux_stack+0xac/0xc0 [ 403.227700][ T1095] call_rcu+0x167/0xa70 [ 403.231864][ T1095] pppol2tp_release+0x24b/0x350 [ 403.236725][ T1095] sock_close+0xbc/0x240 [ 403.240974][ T1095] __fput+0x24a/0x8a0 [ 403.244958][ T1095] task_work_run+0x24f/0x310 [ 403.249560][ T1095] syscall_exit_to_user_mode+0x168/0x370 [ 403.255198][ T1095] do_syscall_64+0x100/0x230 [ 403.259798][ T1095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.265803][ T1095] [ 403.268141][ T1095] The buggy address belongs to the object at ffff888065fd5000 [ 403.268141][ T1095] which belongs to the cache kmalloc-1k of size 1024 [ 403.282243][ T1095] The buggy address is located 184 bytes inside of [ 403.282243][ T1095] freed 1024-byte region [ffff888065fd5000, ffff888065fd5400) [ 403.296134][ T1095] [ 403.298463][ T1095] The buggy address belongs to the physical page: [ 403.304889][ T1095] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x65fd0 [ 403.313653][ T1095] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 403.322165][ T1095] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 403.329729][ T1095] page_type: 0xffffefff(slab) [ 403.334429][ T1095] raw: 00fff00000000040 ffff888015041dc0 ffffea0001456e00 dead000000000002 [ 403.343036][ T1095] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 403.351633][ T1095] head: 00fff00000000040 ffff888015041dc0 ffffea0001456e00 dead000000000002 [ 403.360309][ T1095] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 403.368991][ T1095] head: 00fff00000000003 ffffea000197f401 ffffffffffffffff 0000000000000000 [ 403.377668][ T1095] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 403.386339][ T1095] page dumped because: kasan: bad access detected [ 403.392765][ T1095] page_owner tracks the page as allocated [ 403.398560][ T1095] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 35, tgid 35 (kworker/u8:2), ts 243083521927, free_ts 242999126672 [ 403.419126][ T1095] post_alloc_hook+0x1f3/0x230 [ 403.423922][ T1095] get_page_from_freelist+0x2ccb/0x2d80 [ 403.429482][ T1095] __alloc_pages_noprof+0x256/0x6c0 [ 403.434699][ T1095] alloc_slab_page+0x5f/0x120 [ 403.439383][ T1095] allocate_slab+0x5a/0x2f0 [ 403.443890][ T1095] ___slab_alloc+0xcd1/0x14b0 [ 403.448567][ T1095] __slab_alloc+0x58/0xa0 [ 403.452895][ T1095] __kmalloc_noprof+0x257/0x400 [ 403.457775][ T1095] ieee802_11_parse_elems_full+0xdb/0x2880 [ 403.463600][ T1095] ieee80211_inform_bss+0x15f/0x1080 [ 403.468906][ T1095] cfg80211_inform_single_bss_data+0xe93/0x2030 [ 403.475246][ T1095] cfg80211_inform_bss_data+0x3dd/0x5a70 [ 403.480889][ T1095] cfg80211_inform_bss_frame_data+0x3bc/0x720 [ 403.486968][ T1095] ieee80211_bss_info_update+0x8a7/0xbc0 [ 403.492615][ T1095] ieee80211_ibss_rx_queued_mgmt+0x1962/0x2d70 [ 403.498782][ T1095] ieee80211_iface_work+0x8a5/0xf20 [ 403.503985][ T1095] page last free pid 7494 tgid 7494 stack trace: [ 403.510314][ T1095] free_unref_page+0xd22/0xea0 [ 403.515086][ T1095] __put_partials+0xeb/0x130 [ 403.519680][ T1095] put_cpu_partial+0x17c/0x250 [ 403.524450][ T1095] __slab_free+0x2ea/0x3d0 [ 403.528887][ T1095] qlist_free_all+0x9e/0x140 [ 403.533504][ T1095] kasan_quarantine_reduce+0x14f/0x170 [ 403.539006][ T1095] __kasan_slab_alloc+0x23/0x80 [ 403.543937][ T1095] kmem_cache_alloc_noprof+0x135/0x2a0 [ 403.549413][ T1095] jbd2__journal_start+0x14d/0x5d0 [ 403.554539][ T1095] __ext4_journal_start_sb+0x239/0x600 [ 403.560030][ T1095] ext4_dirty_inode+0x92/0x110 [ 403.564830][ T1095] __mark_inode_dirty+0x325/0xe20 [ 403.569884][ T1095] file_update_time+0x3ad/0x430 [ 403.574752][ T1095] ext4_page_mkwrite+0x207/0xdf0 [ 403.579794][ T1095] do_page_mkwrite+0x19b/0x480 [ 403.584560][ T1095] handle_pte_fault+0x124a/0x6eb0 [ 403.589594][ T1095] [ 403.591921][ T1095] Memory state around the buggy address: [ 403.597553][ T1095] ffff888065fd4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 403.605708][ T1095] ffff888065fd5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 403.613777][ T1095] >ffff888065fd5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 403.621839][ T1095] ^ [ 403.627734][ T1095] ffff888065fd5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 403.635808][ T1095] ffff888065fd5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 403.643881][ T1095] ================================================================== [ 403.652086][ T1095] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 403.659316][ T1095] CPU: 0 UID: 0 PID: 1095 Comm: kworker/u8:6 Not tainted 6.10.0-rc5-next-20240624-syzkaller #0 [ 403.669677][ T1095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 403.679778][ T1095] Workqueue: l2tp l2tp_tunnel_del_work [ 403.685290][ T1095] Call Trace: [ 403.688589][ T1095] [ 403.691542][ T1095] dump_stack_lvl+0x241/0x360 [ 403.696255][ T1095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 403.701492][ T1095] ? __pfx__printk+0x10/0x10 [ 403.706135][ T1095] ? vscnprintf+0x5d/0x90 [ 403.710480][ T1095] panic+0x349/0x870 [ 403.714394][ T1095] ? check_panic_on_warn+0x21/0xb0 [ 403.719526][ T1095] ? __pfx_panic+0x10/0x10 [ 403.723966][ T1095] ? mark_lock+0x9a/0x360 [ 403.728322][ T1095] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 403.734234][ T1095] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 403.740145][ T1095] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 403.746488][ T1095] ? print_report+0x502/0x550 [ 403.751202][ T1095] check_panic_on_warn+0x86/0xb0 [ 403.756167][ T1095] ? l2tp_tunnel_del_work+0xe5/0x330 [ 403.761464][ T1095] end_report+0x77/0x160 [ 403.765751][ T1095] kasan_report+0x154/0x180 [ 403.770267][ T1095] ? l2tp_tunnel_del_work+0xe5/0x330 [ 403.775566][ T1095] l2tp_tunnel_del_work+0xe5/0x330 [ 403.780692][ T1095] ? process_scheduled_works+0x945/0x1830 [ 403.786514][ T1095] process_scheduled_works+0xa2c/0x1830 [ 403.792083][ T1095] ? __pfx_process_scheduled_works+0x10/0x10 [ 403.798077][ T1095] ? assign_work+0x364/0x3d0 [ 403.802682][ T1095] worker_thread+0x86d/0xd40 [ 403.807294][ T1095] ? __kthread_parkme+0x169/0x1d0 [ 403.812339][ T1095] ? __pfx_worker_thread+0x10/0x10 [ 403.817463][ T1095] kthread+0x2f0/0x390 [ 403.821551][ T1095] ? __pfx_worker_thread+0x10/0x10 [ 403.826672][ T1095] ? __pfx_kthread+0x10/0x10 [ 403.831279][ T1095] ret_from_fork+0x4b/0x80 [ 403.835711][ T1095] ? __pfx_kthread+0x10/0x10 [ 403.840314][ T1095] ret_from_fork_asm+0x1a/0x30 [ 403.845100][ T1095] [ 403.848424][ T1095] Kernel Offset: disabled [ 403.852753][ T1095] Rebooting in 86400 seconds..