last executing test programs: 4m47.537815675s ago: executing program 32 (id=23739): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r1, 0x1, {0x0, 0x1}, 0xff}, 0x18) 4m47.492742843s ago: executing program 33 (id=23741): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) write$sndseq(r1, &(0x7f0000000080)=[{0x23, 0x0, 0x0, 0xfd, @time, {}, {}, @result={0x0, 0x7a120}}], 0x1c) 4m47.414717683s ago: executing program 34 (id=23742): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=@base={0x12, 0x1, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r1, &(0x7f00000002c0), 0x0}, 0x20) 4m47.326034314s ago: executing program 35 (id=23743): r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002220207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000006000000850000000400000085000000d000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='tlb_flush\x00', r1}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 3m49.665427406s ago: executing program 4 (id=24330): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x9, 0x800, 0x0}) 3m49.443439641s ago: executing program 4 (id=24335): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) 3m49.304523287s ago: executing program 4 (id=24338): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000ddff00850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) getpriority(0x2, 0x0) 3m49.176662753s ago: executing program 4 (id=24341): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x1041, 0x0) umount2(&(0x7f0000000000)='./file0/../file0\x00', 0x1) 3m49.048055947s ago: executing program 4 (id=24345): r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x3f) ppoll(&(0x7f00000003c0)=[{r0, 0x8100}], 0x1, &(0x7f0000000440), 0x0, 0x0) 3m48.727457302s ago: executing program 4 (id=24351): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f00000003c0)={0x21, 0x0, r1, 0xb0b0b0b0}) 3m48.477041206s ago: executing program 36 (id=24351): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f00000003c0)={0x21, 0x0, r1, 0xb0b0b0b0}) 3m15.288475116s ago: executing program 8 (id=24779): kexec_load(0x0, 0x1, &(0x7f0000000700)=[{&(0x7f00000000c0)="ef9de2fc", 0x4, 0xd79, 0x9}], 0x0) syz_usb_connect$uac1(0x3, 0xa4, 0x0, 0x0) r0 = fsopen(&(0x7f0000000000)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='fd', &(0x7f00000000c0)='3', 0x0) 3m14.573671992s ago: executing program 8 (id=24788): write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="300200007d04000005ef000000000000000000000000000000000000000000000000000000000000000000000000000000001b00046e6f6465767b65766f6f7e0539c60005000037"], 0x230) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8) 3m14.377858242s ago: executing program 8 (id=24792): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x6e, &(0x7f0000000400)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[@routing={0x0, 0x0, 0xad7d01db0d0c025a, 0x81}], @dest_unreach={0x1, 0x5, 0x0, 0x0, '\x00', {0x0, 0x6, "0000e5", 0x0, 0x32, 0x0, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}}, 0x0) 3m14.054395451s ago: executing program 8 (id=24796): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 3m13.886395181s ago: executing program 8 (id=24799): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MPATH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002bbd7000fcdbdf251600000008000300", @ANYRES32=r2, @ANYBLOB="0a001a0008021100000000000a0006"], 0x64}, 0x1, 0x0, 0x0, 0x20000850}, 0x400c810) 3m13.228858569s ago: executing program 8 (id=24809): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x401, 0xfffd}, 0x8) close_range(r0, 0xffffffffffffffff, 0x0) 3m12.701171933s ago: executing program 37 (id=24809): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x401, 0xfffd}, 0x8) close_range(r0, 0xffffffffffffffff, 0x0) 3m5.634280121s ago: executing program 9 (id=24881): r0 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') read$eventfd(r1, &(0x7f0000000080), 0x51) 3m5.129366235s ago: executing program 9 (id=24888): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000280)={0x1, 0x0, [{0x7, 0x5, 0xfffffffe, 0x6, 0x1}]}) 3m4.720822002s ago: executing program 9 (id=24891): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x5, 0x2, 0x6, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 3m4.554160693s ago: executing program 9 (id=24894): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'veth1_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x1, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x1}}}}]}, 0x40}}, 0x0) 3m4.382070514s ago: executing program 9 (id=24897): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000300)={r1}, &(0x7f0000000340)=0x8) 3m4.20855949s ago: executing program 9 (id=24900): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='pmap_register\x00', r1, 0x0, 0xf69}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0) 2m54.109523699s ago: executing program 5 (id=25038): r0 = socket$kcm(0x10, 0x2, 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) recvmsg$kcm(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x2) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) 2m53.936738768s ago: executing program 5 (id=25041): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x10, 0x4c, [0xfac0f, 0xfac08, 0xfac04]}]]}, 0x38}}, 0x0) 2m53.833164739s ago: executing program 5 (id=25043): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@default, @bcast, @netrom, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@ieee802154={0x24, @short={0x2, 0x0, 0xaaa3}}, 0x80) 2m53.735628535s ago: executing program 5 (id=25044): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000004c0)={0x4, 0x0, [{0x1, 0x31, &(0x7f0000000000)=""/49}, {0x2000, 0x62, &(0x7f0000000200)=""/98}, {0x6000, 0x5f, &(0x7f0000000280)=""/95}, {0x0, 0x0, 0x0}]}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000040)) 2m53.641012776s ago: executing program 5 (id=25046): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b00)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2m53.524036321s ago: executing program 5 (id=25048): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000002500010324bd7002fddbdf2501"], 0x14}}, 0x0) 2m47.912096988s ago: executing program 38 (id=24900): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='pmap_register\x00', r1, 0x0, 0xf69}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0) 2m37.365506097s ago: executing program 39 (id=25048): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000002500010324bd7002fddbdf2501"], 0x14}}, 0x0) 44.923999894s ago: executing program 6 (id=26928): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0088471327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 44.822728984s ago: executing program 6 (id=26930): chdir(0x0) unshare(0x22020400) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0) 44.706444545s ago: executing program 6 (id=26932): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x4d, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)={0x20, 0xd, 0xa, 0xe01, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) 43.632787302s ago: executing program 6 (id=26943): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdir(&(0x7f0000000140)='./control\x00', 0x5) rmdir(&(0x7f0000000100)='./control\x00') 43.519516159s ago: executing program 6 (id=26946): bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512-generic\x00'}, 0x58) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) recvmmsg(r0, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x10040, 0x0) 42.900945286s ago: executing program 6 (id=26951): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae03, 0xbb) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/crypto\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x4000000000010042) 42.611734375s ago: executing program 40 (id=26951): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae03, 0xbb) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/crypto\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x4000000000010042) 2.529263043s ago: executing program 7 (id=27518): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x2c}}, 0x0) 2.438748039s ago: executing program 7 (id=27520): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f00000000c0), 0x10) sendto$l2tp(r0, &(0x7f0000000040)="e5786a0d000000000000c83b", 0x5d, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) recvfrom$l2tp(r0, 0x0, 0x0, 0x12060, 0x0, 0x0) 2.30491684s ago: executing program 7 (id=27522): r0 = socket(0x1e, 0x5, 0x0) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) recvmmsg(r0, &(0x7f0000001400)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000740)=""/245, 0xf5}], 0x1}, 0x3}], 0x1, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001440)="ff", 0x1}], 0x1}}], 0x1, 0x40480dc) 2.192077283s ago: executing program 7 (id=27524): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@host}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) 1.947738046s ago: executing program 7 (id=27529): r0 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) r1 = shmat(r0, &(0x7f0000ff7000/0x3000)=nil, 0x400c) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) shmdt(r1) 1.809392812s ago: executing program 7 (id=27531): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f00000000c0)=[{0x94, 0x7200, 0x0, 0x0}], 0x1}) 1.58512685s ago: executing program 0 (id=27535): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) r1 = epoll_create(0x5) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x80000000}) 1.478549126s ago: executing program 0 (id=27537): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0) 1.396780732s ago: executing program 0 (id=27538): r0 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) sendto$inet6(r0, &(0x7f00000002c0)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f0000002280)=""/4090, &(0x7f0000000040)=0xffa) 1.084255633s ago: executing program 1 (id=27541): r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="1b0204"], 0x18) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000140)=@fragment={0xb6, 0x0, 0x92, 0x0, 0x0, 0x1b, 0x65}, 0x8) sendto$inet6(r0, 0x0, 0x0, 0x400c0, &(0x7f0000000040)={0xa, 0xcaa1, 0xffffff7c, @empty, 0xd}, 0x1c) 1.065975022s ago: executing program 2 (id=27542): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'syz_tun\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}}, 0x0) 993.48149ms ago: executing program 1 (id=27543): mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_on}]}) 955.296339ms ago: executing program 3 (id=27544): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x10b942, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r1, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000080)={0x48, 0xa, r2}) 881.568596ms ago: executing program 1 (id=27545): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x6, 0x2, "e6fd8258ffffb70a000000e2ff0000ff7800"}) r1 = dup(r0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xff) 800.937906ms ago: executing program 2 (id=27546): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010100000001000000002b00000008000300", @ANYRES32=r2, @ANYBLOB="04004600050034006e000000080026006c0900002800518024000080050009"], 0x58}, 0x1, 0x0, 0x0, 0x8005}, 0x4800) 755.600346ms ago: executing program 3 (id=27547): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040), 0xc) 724.919024ms ago: executing program 1 (id=27548): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@bridge_delneigh={0x30, 0x1c, 0xcafe28741a3524c9, 0x70bd2b, 0x25dfdbfb, {0x7, 0x0, 0x0, r1, 0x80, 0x1e, 0xa}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}, @NDA_FLAGS_EXT={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0xc0041}, 0x0) 695.825628ms ago: executing program 2 (id=27549): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x28, r1, 0x1, 0x70bd24, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x8000}, @NL80211_ATTR_SCAN_SUPP_RATES={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512) 591.489106ms ago: executing program 3 (id=27550): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020007000c00040005c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 590.494478ms ago: executing program 1 (id=27551): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x28, 0x33, @action={{{}, {}, @device_b}, @channel_switch={0x0, 0x4, {{0x25, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0) 566.087627ms ago: executing program 2 (id=27552): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x39, 0x1a, r0, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) 440.879995ms ago: executing program 3 (id=27553): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$inet6(0xa, 0x80002, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280), &(0x7f0000000a80)=@udp6=r1}, 0x20) 384.182945ms ago: executing program 1 (id=27554): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10) poll(0x0, 0x0, 0x200) 376.261291ms ago: executing program 0 (id=27555): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0xff, &(0x7f0000000100)) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) inotify_rm_watch(r0, r1) 337.39594ms ago: executing program 3 (id=27556): r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x3) fcntl$notify(r0, 0x402, 0x8000003d) fcntl$setown(r0, 0x8, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) 337.225705ms ago: executing program 2 (id=27557): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x43) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r0, 0x0) r1 = socket$inet6(0xa, 0x3, 0xff) sendmsg$inet6(r1, &(0x7f0000000080)={&(0x7f00000000c0)={0xa, 0x0, 0x8, @dev={0xfe, 0x80, '\x00', 0x22}, 0x9}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000000)="daffc3fa80002cd21721a4af36a4a2ab00000000000000025a91f64b007f0c6a680f6c787f", 0x25}, {&(0x7f0000001480)="1c7b53", 0x3}], 0x2}, 0x4b00) 175.106883ms ago: executing program 0 (id=27558): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000340)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) statx(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4000, 0x0, &(0x7f0000000440)) 133.36036ms ago: executing program 3 (id=27559): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)='\x00', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000001c0)='}', 0x1}], 0x1}}], 0x2, 0x2400c042) 120.153642ms ago: executing program 2 (id=27560): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SEQ_ADJ_REPLY={0x4, 0xf}]}, 0x3c}}, 0x0) 0s ago: executing program 0 (id=27561): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b) kernel console output (not intermixed with test programs): pe=1400 audit(2000000102.388:2828209): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=14790 comm="syz.5.24915" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1441.562336][T14139] audit: audit_lost=351086 audit_rate_limit=0 audit_backlog_limit=64 [ 1441.582341][ T30] audit: type=1400 audit(2000000102.388:2828210): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=14790 comm="syz.5.24915" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1441.612057][T14139] audit: backlog limit exceeded [ 1441.617367][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1441.625061][T14139] audit: audit_lost=351087 audit_rate_limit=0 audit_backlog_limit=64 [ 1441.633281][T14139] audit: backlog limit exceeded [ 1441.638795][ T8954] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1441.947113][ T6593] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1442.130291][ T6593] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1442.141538][ T6593] usb 6-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 1442.151290][ T6593] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1442.163159][ T6593] usb 6-1: config 0 descriptor?? [ 1442.609717][ T6593] zydacron 0003:13EC:0006.0062: invalid report_size -1021686408 [ 1442.617419][ T6593] zydacron 0003:13EC:0006.0062: item 0 4 1 7 parsing failed [ 1442.627670][ T6593] zydacron 0003:13EC:0006.0062: parse failed [ 1442.633963][ T6593] zydacron 0003:13EC:0006.0062: probe with driver zydacron failed with error -22 [ 1442.831142][ T48] usb 6-1: USB disconnect, device number 13 [ 1443.476192][T14828] bond0: entered promiscuous mode [ 1443.481281][T14828] bond_slave_0: entered promiscuous mode [ 1443.499328][T14828] bond_slave_1: entered promiscuous mode [ 1443.511258][T14828] bond0: left promiscuous mode [ 1443.516089][T14828] bond_slave_0: left promiscuous mode [ 1443.522481][T14828] bond_slave_1: left promiscuous mode [ 1444.197952][T14866] netlink: 20 bytes leftover after parsing attributes in process `syz.5.24936'. [ 1445.082171][T14899] netlink: 'syz.6.24952': attribute type 2 has an invalid length. [ 1445.626752][T14928] netlink: 8 bytes leftover after parsing attributes in process `syz.5.24962'. [ 1446.270273][T14957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.24974'. [ 1446.680538][T14966] netem: change failed [ 1446.862865][ T30] kauditd_printk_skb: 7207 callbacks suppressed [ 1446.862883][ T30] audit: type=1400 audit(2000000107.383:2834675): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=8963 comm="syz-executor" path="/245/cgroup.net" dev="tmpfs" ino=1258 [ 1446.914985][T14971] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1446.922021][T14971] audit: audit_lost=351336 audit_rate_limit=0 audit_backlog_limit=64 [ 1446.925349][ T30] audit: type=1400 audit(2000000107.393:2834676): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=8963 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1446.931357][ T8954] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1446.959622][T14971] audit: backlog limit exceeded [ 1446.959799][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1446.971089][ C1] audit: audit_lost=351337 audit_rate_limit=0 audit_backlog_limit=64 [ 1446.979172][ C1] audit: backlog limit exceeded [ 1446.980958][ T30] audit: type=1400 audit(2000000107.393:2834677): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=8963 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1448.630725][T15035] tap0: tun_chr_ioctl cmd 1074025677 [ 1448.637671][T15035] tap0: linktype set to 804 [ 1448.860739][T15050] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 1449.048231][T15061] netlink: 277 bytes leftover after parsing attributes in process `syz.5.25016'. [ 1449.154305][T15067] netlink: 4 bytes leftover after parsing attributes in process `syz.5.25018'. [ 1449.155089][T15066] netlink: 44 bytes leftover after parsing attributes in process `syz.6.25019'. [ 1449.322620][T15073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25023'. [ 1449.336038][T15073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.25023'. [ 1450.068855][T15118] loop8: detected capacity change from 0 to 1 [ 1450.082650][T15118] Dev loop8: unable to read RDB block 1 [ 1450.088277][T15118] loop8: unable to read partition table [ 1450.102779][T15118] loop8: partition table beyond EOD, truncated [ 1450.115029][T15118] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1450.661865][T15148] netlink: 8 bytes leftover after parsing attributes in process `syz.7.25049'. [ 1450.992652][ T8960] Bluetooth: hci2: command tx timeout [ 1451.266271][T15179] netlink: 12 bytes leftover after parsing attributes in process `syz.7.25065'. [ 1451.969822][T15210] random: crng reseeded on system resumption [ 1451.991659][T15210] Restarting kernel threads ... [ 1451.999826][T15210] Done restarting kernel threads. [ 1452.162693][T15216] nvme_fabrics: missing parameter 'transport=%s' [ 1452.170976][T15216] nvme_fabrics: missing parameter 'nqn=%s' [ 1452.219100][ T30] kauditd_printk_skb: 11046 callbacks suppressed [ 1452.219117][ T30] audit: type=1400 audit(2000000112.406:2844951): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=8959 comm="syz-executor" path="/214/cgroup.cpu" dev="tmpfs" ino=1100 [ 1452.233348][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1452.253858][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1452.253880][ C1] audit: audit_lost=351596 audit_rate_limit=0 audit_backlog_limit=64 [ 1452.253897][ C1] audit: backlog limit exceeded [ 1452.254706][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1452.254721][ C1] audit: audit_lost=351597 audit_rate_limit=0 audit_backlog_limit=64 [ 1452.254736][ C1] audit: backlog limit exceeded [ 1452.254839][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1452.254855][ T8959] audit: audit_lost=351598 audit_rate_limit=0 audit_backlog_limit=64 [ 1453.460566][T15271] loop7: detected capacity change from 0 to 2 [ 1453.490455][T15271] Dev loop7: unable to read RDB block 2 [ 1453.504435][T15271] loop7: unable to read partition table [ 1453.522200][T15271] loop7: partition table beyond EOD, truncated [ 1453.540260][T15271] loop_reread_partitions: partition scan of loop7 (被xڬdƤݡ [ 1453.540260][T15271] ) failed (rc=-5) [ 1454.287977][T15314] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25119'. [ 1454.339161][T15316] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1454.347756][T15316] batadv_slave_1: entered promiscuous mode [ 1454.356881][T15316] netlink: 24 bytes leftover after parsing attributes in process `syz.6.25120'. [ 1454.556496][T15327] input: syz1 as /devices/virtual/input/input145 [ 1455.586829][ T48] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 1455.759277][ T48] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1455.770714][ T48] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1455.780630][ T48] usb 3-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 1455.789894][ T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1455.800081][ T48] usb 3-1: config 0 descriptor?? [ 1456.244056][ T48] cherry 0003:046A:0023.0063: unexpected long global item [ 1456.257396][ T48] cherry 0003:046A:0023.0063: probe with driver cherry failed with error -22 [ 1456.374776][ T7385] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1456.389097][ T7385] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1456.402854][ T7385] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1456.415933][ T7385] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1456.426088][ T7385] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1456.477662][T11523] usb 3-1: USB disconnect, device number 5 [ 1456.674227][T15393] chnl_net:caif_netlink_parms(): no params data found [ 1456.776878][T15393] bridge0: port 1(bridge_slave_0) entered blocking state [ 1456.784743][T15393] bridge0: port 1(bridge_slave_0) entered disabled state [ 1456.792008][T15393] bridge_slave_0: entered allmulticast mode [ 1456.800178][T15393] bridge_slave_0: entered promiscuous mode [ 1456.808948][T15393] bridge0: port 2(bridge_slave_1) entered blocking state [ 1456.816650][T15393] bridge0: port 2(bridge_slave_1) entered disabled state [ 1456.823828][T15393] bridge_slave_1: entered allmulticast mode [ 1456.830814][T15393] bridge_slave_1: entered promiscuous mode [ 1456.873941][T15393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1456.885710][T15393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1456.933277][T15393] team0: Port device team_slave_0 added [ 1456.943280][T15393] team0: Port device team_slave_1 added [ 1456.984930][T15393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1456.992591][T15393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1457.020878][T15393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1457.036404][T15393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1457.044032][T15393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1457.094123][T15393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1457.205552][T15393] hsr_slave_0: entered promiscuous mode [ 1457.212969][T15393] hsr_slave_1: entered promiscuous mode [ 1457.219420][T15393] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1457.227157][T15393] Cannot create hsr debugfs directory [ 1457.582484][ T30] kauditd_printk_skb: 8062 callbacks suppressed [ 1457.582502][ T30] audit: type=1400 audit(2000000117.420:2852750): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=8959 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1457.612124][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1457.612161][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1457.625904][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1457.631113][ T8959] audit: audit_lost=351687 audit_rate_limit=0 audit_backlog_limit=64 [ 1457.632450][ C1] audit: audit_lost=351688 audit_rate_limit=0 audit_backlog_limit=64 [ 1457.645376][ T8959] audit: backlog limit exceeded [ 1457.648509][ C1] audit: backlog limit exceeded [ 1457.653425][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1457.658671][ T30] audit: type=1400 audit(2000000117.420:2852751): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=8959 comm="syz-executor" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1457.748016][T15750] netlink: 'syz.2.25158': attribute type 10 has an invalid length. [ 1457.763692][T15750] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1457.966033][T15393] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1457.987383][T15393] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1457.999566][T15393] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1458.015814][T15393] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1458.117065][T15393] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1458.144581][T15393] 8021q: adding VLAN 0 to HW filter on device team0 [ 1458.158609][ T7205] bridge0: port 1(bridge_slave_0) entered blocking state [ 1458.165813][ T7205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1458.182691][ T7205] bridge0: port 2(bridge_slave_1) entered blocking state [ 1458.189886][ T7205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1458.238648][T10507] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 1458.419527][T10507] usb 3-1: Using ep0 maxpacket: 8 [ 1458.445801][T10507] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1458.464155][T10507] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1458.472224][T10507] usb 3-1: Product: syz [ 1458.478492][T15393] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1458.486355][T10507] usb 3-1: Manufacturer: syz [ 1458.490964][T10507] usb 3-1: SerialNumber: syz [ 1458.511626][T10507] usb 3-1: config 0 descriptor?? [ 1458.534449][T10507] gspca_main: se401-2.14.0 probing 047d:5003 [ 1458.545170][T15393] veth0_vlan: entered promiscuous mode [ 1458.557439][T15393] veth1_vlan: entered promiscuous mode [ 1458.589513][T15393] veth0_macvtap: entered promiscuous mode [ 1458.603590][T15393] veth1_macvtap: entered promiscuous mode [ 1458.612220][ T7385] Bluetooth: hci5: command tx timeout [ 1458.627332][T15393] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1458.642526][T15393] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1458.658446][T15393] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1458.669383][T15393] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1458.681492][T15393] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1458.691155][T15393] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1458.786694][ T7222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1458.805853][ T7222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1458.842201][ T7239] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1458.851260][ T7239] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1458.977697][T10507] gspca_se401: Frame size: 0x0 1/16th janggu [ 1458.986436][T10507] gspca_se401: Frame size: 0x0 1/16th janggu [ 1458.992762][T10507] gspca_se401: Frame size: 0x0 1/16th janggu [ 1459.001972][T10507] gspca_se401: Frame size: 17x0 bayer [ 1459.007493][T10507] gspca_se401: Frame size: 0x0 1/16th janggu [ 1459.013678][T10507] gspca_se401: Frame size: 0x0 1/16th janggu [ 1459.020968][T10507] gspca_se401: Frame size: 0x0 1/16th janggu [ 1459.027109][T10507] gspca_se401: Frame size: 0x0 1/16th janggu [ 1459.196097][T10507] input: se401 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input146 [ 1459.238404][T10507] usb 3-1: USB disconnect, device number 6 [ 1459.710745][T10507] kernel write not supported for file /input/mice (pid: 10507 comm: kworker/0:6) [ 1459.927940][T15862] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1460.494918][T15886] netlink: 36 bytes leftover after parsing attributes in process `syz.7.25187'. [ 1460.826432][ T7385] Bluetooth: hci5: command tx timeout [ 1461.320754][T15915] macvlan2: entered allmulticast mode [ 1461.338216][T15915] veth1_vlan: entered allmulticast mode [ 1461.346549][T15915] veth1_vlan: left allmulticast mode [ 1461.429436][T15919] netlink: 40 bytes leftover after parsing attributes in process `syz.2.25199'. [ 1461.601312][T15925] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 1461.978043][T15939] netlink: 'syz.6.25206': attribute type 9 has an invalid length. [ 1461.995455][T15939] netlink: 'syz.6.25206': attribute type 6 has an invalid length. [ 1462.095521][T15948] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1462.257539][T21899] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1462.418086][T21899] usb 3-1: Using ep0 maxpacket: 32 [ 1462.430476][T21899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1462.443019][T21899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1462.453285][T21899] usb 3-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00 [ 1462.463074][T21899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1462.474470][T21899] usb 3-1: config 0 descriptor?? [ 1462.934937][ T30] kauditd_printk_skb: 7720 callbacks suppressed [ 1462.934956][ T30] audit: type=1400 audit(2000000122.434:2859979): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=w pid=15940 comm="syz.2.25207" path="/dev/raw-gadget" dev="devtmpfs" ino=821 [ 1462.935958][T21899] macally 0003:060B:0001.0064: unknown main item tag 0x0 [ 1462.945456][ T30] audit: type=1400 audit(2000000122.434:2859980): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=8963 comm="syz-executor" path="/332/binderfs" dev="tmpfs" ino=1699 [ 1462.991282][T21899] macally 0003:060B:0001.0064: unknown main item tag 0x0 [ 1463.000128][T15990] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1463.000660][ T30] audit: type=1400 audit(2000000122.434:2859981): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15989 comm="kworker/u8:6" name="/" dev="sda1" ino=2 [ 1463.006826][T21899] macally 0003:060B:0001.0064: unknown main item tag 0x0 [ 1463.031171][ T30] audit: type=1400 audit(2000000122.462:2859982): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=8963 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1463.033495][T15990] audit: audit_lost=351854 audit_rate_limit=0 audit_backlog_limit=64 [ 1463.061708][ T7385] Bluetooth: hci5: command tx timeout [ 1463.067222][T21899] macally 0003:060B:0001.0064: unknown main item tag 0x0 [ 1463.074584][T15990] audit: backlog limit exceeded [ 1463.080159][ T30] audit: type=1400 audit(2000000122.462:2859983): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=8963 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1463.080207][ T30] audit: type=1400 audit(2000000122.462:2859984): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=8963 comm="syz-executor" name="332" dev="tmpfs" ino=1695 [ 1463.080248][ T30] audit: type=1400 audit(2000000122.462:2859985): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=8963 comm="syz-executor" name="332" dev="tmpfs" ino=1695 [ 1463.143548][T21899] macally 0003:060B:0001.0064: hidraw0: USB HID vff.ff Device [HID 060b:0001] on usb-dummy_hcd.2-1/input0 [ 1463.170158][T10507] usb 3-1: USB disconnect, device number 7 [ 1463.359720][T16013] netlink: 8 bytes leftover after parsing attributes in process `syz.6.25225'. [ 1463.514130][T16019] netlink: 8 bytes leftover after parsing attributes in process `syz.6.25228'. [ 1464.126672][T16040] netlink: 12 bytes leftover after parsing attributes in process `syz.2.25237'. [ 1465.272529][ T7385] Bluetooth: hci5: command tx timeout [ 1467.121461][T16157] netlink: 'syz.7.25279': attribute type 1 has an invalid length. [ 1467.287641][ T8960] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1467.298648][ T8960] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1467.315750][ T8960] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1467.343220][ T8960] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1467.358253][ T8960] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1467.582715][T26660] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1467.787915][T26660] usb 3-1: Using ep0 maxpacket: 16 [ 1467.806883][T26660] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1467.858822][T26660] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1467.937506][T26660] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1467.953983][T26660] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1467.990891][T26660] usb 3-1: Product: syz [ 1468.003363][T26660] usb 3-1: Manufacturer: syz [ 1468.023759][T26660] usb 3-1: SerialNumber: syz [ 1468.056206][T26660] usb 3-1: selecting invalid altsetting 1 [ 1468.069786][T16161] chnl_net:caif_netlink_parms(): no params data found [ 1468.290093][ T30] kauditd_printk_skb: 7697 callbacks suppressed [ 1468.290106][ T30] audit: type=1400 audit(2000000127.438:2867419): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=r pid=16166 comm="syz.2.25283" path="/dev/raw-gadget" dev="devtmpfs" ino=821 [ 1468.398297][ T30] audit: type=1400 audit(2000000127.438:2867420): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=w pid=16166 comm="syz.2.25283" path="/dev/raw-gadget" dev="devtmpfs" ino=821 [ 1468.460193][T16340] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1468.466999][T16342] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1468.481346][T16341] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1468.488068][T16341] audit: audit_lost=351943 audit_rate_limit=0 audit_backlog_limit=64 [ 1468.489155][T16344] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1468.500650][T16346] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1468.503488][T16345] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1468.509404][T16346] audit: audit_lost=351944 audit_rate_limit=0 audit_backlog_limit=64 [ 1468.531620][T16161] bridge0: port 1(bridge_slave_0) entered blocking state [ 1468.562390][T16161] bridge0: port 1(bridge_slave_0) entered disabled state [ 1468.583739][T16161] bridge_slave_0: entered allmulticast mode [ 1468.611636][T16161] bridge_slave_0: entered promiscuous mode [ 1468.633952][T16161] bridge0: port 2(bridge_slave_1) entered blocking state [ 1468.643454][T16161] bridge0: port 2(bridge_slave_1) entered disabled state [ 1468.655674][T16161] bridge_slave_1: entered allmulticast mode [ 1468.671521][T16161] bridge_slave_1: entered promiscuous mode [ 1468.755388][T26660] cdc_ncm 3-1:1.0: SET_CRC_MODE failed [ 1468.763520][T26660] cdc_ncm 3-1:1.0: SET_NTB_FORMAT failed [ 1468.807166][T26660] usb 3-1: selecting invalid altsetting 1 [ 1468.819657][T26660] cdc_ncm 3-1:1.0: bind() failure [ 1468.840153][T26660] usb 3-1: USB disconnect, device number 8 [ 1468.840931][T16161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1468.886343][T16161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1469.030466][T16161] team0: Port device team_slave_0 added [ 1469.049049][T16161] team0: Port device team_slave_1 added [ 1469.114165][T16415] macvlan2: entered allmulticast mode [ 1469.119607][T16415] veth1_vlan: entered allmulticast mode [ 1469.134184][T16415] veth1_vlan: left allmulticast mode [ 1469.252881][T16161] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1469.267332][T16161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1469.305902][T16161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1469.343490][T16161] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1469.350643][T16161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1469.391037][T16451] netlink: 'syz.7.25294': attribute type 1 has an invalid length. [ 1469.408537][T16451] netlink: 172 bytes leftover after parsing attributes in process `syz.7.25294'. [ 1469.415180][T16161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1469.549580][ T7385] Bluetooth: hci6: command tx timeout [ 1469.612031][T16161] hsr_slave_0: entered promiscuous mode [ 1469.627710][T16161] hsr_slave_1: entered promiscuous mode [ 1469.638825][T16161] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1469.660800][T16161] Cannot create hsr debugfs directory [ 1469.807996][T16504] netlink: 4 bytes leftover after parsing attributes in process `syz.7.25301'. [ 1469.885672][T16509] netlink: 'syz.2.25302': attribute type 1 has an invalid length. [ 1470.459025][T16571] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25307'. [ 1470.480176][T16571] netlink: 16 bytes leftover after parsing attributes in process `syz.2.25307'. [ 1470.983899][T16161] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1471.006890][T16161] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1471.042019][T16161] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1471.094531][T16161] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1471.373932][T16161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1471.460783][T16161] 8021q: adding VLAN 0 to HW filter on device team0 [ 1471.489827][ T7213] bridge0: port 1(bridge_slave_0) entered blocking state [ 1471.497054][ T7213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1471.547442][ T7213] bridge0: port 2(bridge_slave_1) entered blocking state [ 1471.554658][ T7213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1471.773007][ T7385] Bluetooth: hci6: command tx timeout [ 1472.606347][T16161] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1472.763576][T16161] veth0_vlan: entered promiscuous mode [ 1472.781842][T16161] veth1_vlan: entered promiscuous mode [ 1472.812162][T16669] netlink: 4 bytes leftover after parsing attributes in process `syz.6.25337'. [ 1472.895994][T16161] veth0_macvtap: entered promiscuous mode [ 1472.919508][T16161] veth1_macvtap: entered promiscuous mode [ 1472.955269][T16161] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1472.996585][T16161] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1473.037232][T16161] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1473.059328][T16161] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1473.086510][T16161] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1473.112815][T16161] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1473.343428][ T7201] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1473.352449][ T7201] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1473.421939][ T7212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1473.464585][ T7212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1473.648700][ T30] kauditd_printk_skb: 7008 callbacks suppressed [ 1473.648719][ T30] audit: type=1400 audit(2000000132.452:2874038): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=16700 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1473.658517][ T7385] Bluetooth: hci1: command 0x0406 tx timeout [ 1473.674965][ T8977] Bluetooth: hci4: command 0x0406 tx timeout [ 1473.729964][ T30] audit: type=1400 audit(2000000132.452:2874039): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=16700 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1473.750121][ T30] audit: type=1400 audit(2000000132.452:2874040): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=16700 comm="syz-executor" name="282" dev="tmpfs" ino=1447 [ 1473.775125][ T30] audit: type=1400 audit(2000000132.452:2874041): lsm=SMACK fn=smack_task_setpgid action=granted subject="_" object="_" requested=w pid=16700 comm="syz-executor" opid=16700 ocomm="syz-executor" [ 1473.794841][ T30] audit: type=1400 audit(2000000132.452:2874042): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=16700 comm="syz-executor" name="282" dev="tmpfs" ino=1447 [ 1473.816437][ T30] audit: type=1400 audit(2000000132.452:2874043): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=16700 comm="syz-executor" name="282" dev="tmpfs" ino=1447 [ 1473.837189][ T30] audit: type=1400 audit(2000000132.461:2874044): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=16700 comm="syz-executor" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1473.860307][ T30] audit: type=1400 audit(2000000132.480:2874045): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=16700 comm="syz-executor" name="282" dev="tmpfs" ino=1447 [ 1473.897382][T15393] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1473.904915][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1473.996619][ T8960] Bluetooth: hci6: command tx timeout [ 1474.071050][T16710] netlink: 28 bytes leftover after parsing attributes in process `syz.0.25347'. [ 1475.823226][T16784] netlink: 10 bytes leftover after parsing attributes in process `syz.1.25376'. [ 1476.231007][ T8960] Bluetooth: hci6: command tx timeout [ 1476.362865][T16801] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25383'. [ 1476.924048][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1476.934883][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 1479.001717][ T30] kauditd_printk_skb: 8020 callbacks suppressed [ 1479.001735][ T30] audit: type=1400 audit(2000000137.456:2881693): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=16899 comm="syz.1.25423" name="newroot" dev="tmpfs" ino=2 [ 1479.035793][ T30] audit: type=1400 audit(2000000137.456:2881694): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=16899 comm="syz.1.25423" name="/" dev="devtmpfs" ino=1 [ 1479.079205][ T30] audit: type=1400 audit(2000000137.456:2881695): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=16899 comm="syz.1.25423" name="ttynull" dev="devtmpfs" ino=620 [ 1479.085870][T16161] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1479.104729][ T30] audit: type=1400 audit(2000000137.456:2881696): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=16899 comm="syz.1.25423" path="/dev/ttynull" dev="devtmpfs" ino=620 [ 1479.116352][ T8963] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1479.133896][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1479.136367][ T30] audit: type=1400 audit(2000000137.466:2881697): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=16902 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1479.140479][ C1] audit: audit_lost=352201 audit_rate_limit=0 audit_backlog_limit=64 [ 1479.140497][ C1] audit: backlog limit exceeded [ 1479.243676][T16911] QAT: failed to copy from user cfg_data. [ 1479.654016][T11523] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1479.839891][T11523] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1479.863142][T11523] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1479.891788][T11523] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1479.910228][T11523] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1479.925506][T11523] usb 2-1: Product: syz [ 1479.951607][T11523] usb 2-1: Manufacturer: syz [ 1479.959865][T11523] usb 2-1: SerialNumber: syz [ 1479.983963][T11523] usb 2-1: config 0 descriptor?? [ 1480.005723][T11523] usb 2-1: selecting invalid altsetting 0 [ 1480.247516][ T6593] usb 2-1: USB disconnect, device number 8 [ 1480.800645][T17006] sp0: Synchronizing with TNC [ 1481.095814][T17018] o2cb: This node has not been configured. [ 1481.102625][T17018] o2cb: Cluster check failed. Fix errors before retrying. [ 1481.124994][T17018] (syz.0.25456,17018,0):user_dlm_register:674 ERROR: status = -22 [ 1481.168071][T17018] (syz.0.25456,17018,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 1481.188589][T17022] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.25458'. [ 1481.311302][T17027] netlink: 'syz.0.25461': attribute type 1 has an invalid length. [ 1481.327841][T17027] netlink: 172 bytes leftover after parsing attributes in process `syz.0.25461'. [ 1481.622925][T17043] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1481.906081][T17055] input: syz1 as /devices/virtual/input/input148 [ 1482.176523][T17069] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 1483.605979][T17109] netlink: 'syz.1.25491': attribute type 9 has an invalid length. [ 1483.614771][T17109] netlink: 146708 bytes leftover after parsing attributes in process `syz.1.25491'. [ 1484.364154][ T30] kauditd_printk_skb: 9234 callbacks suppressed [ 1484.364172][ T30] audit: type=1400 audit(2000000142.461:2889992): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=17143 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1484.397865][ T30] audit: type=1400 audit(2000000142.461:2889993): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=17143 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1484.417611][ T30] audit: type=1400 audit(2000000142.461:2889994): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=17143 comm="syz-executor" name="183" dev="tmpfs" ino=948 [ 1484.442053][ T8963] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1484.448737][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1484.448762][ C1] audit: audit_lost=352516 audit_rate_limit=0 audit_backlog_limit=64 [ 1484.448780][ C1] audit: backlog limit exceeded [ 1484.448949][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1484.448963][ C1] audit: audit_lost=352517 audit_rate_limit=0 audit_backlog_limit=64 [ 1484.448977][ C1] audit: backlog limit exceeded [ 1485.754094][T17195] netlink: 'syz.1.25528': attribute type 1 has an invalid length. [ 1485.762601][T17195] netlink: 144 bytes leftover after parsing attributes in process `syz.1.25528'. [ 1485.772559][T17195] netlink: 28 bytes leftover after parsing attributes in process `syz.1.25528'. [ 1486.386668][ T48] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1486.572435][ T48] usb 2-1: Using ep0 maxpacket: 32 [ 1486.588129][ T48] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1486.621492][ T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1486.645633][ T48] usb 2-1: config 0 descriptor?? [ 1486.673170][T17240] netlink: 27 bytes leftover after parsing attributes in process `syz.7.25543'. [ 1486.873645][ T48] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1486.908416][ T48] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1486.945688][ T48] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1486.958843][ T48] usb 2-1: media controller created [ 1486.999608][ T48] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1487.099080][ T48] az6027: usb out operation failed. (-71) [ 1487.099771][ T48] az6027: usb out operation failed. (-71) [ 1487.099786][ T48] stb0899_attach: Driver disabled by Kconfig [ 1487.099799][ T48] az6027: no front-end attached [ 1487.099799][ T48] [ 1487.100801][ T48] az6027: usb out operation failed. (-71) [ 1487.100816][ T48] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1487.103919][ T48] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input149 [ 1487.109096][ T48] dvb-usb: schedule remote query interval to 400 msecs. [ 1487.180354][ T48] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1487.212086][ T48] usb 2-1: USB disconnect, device number 9 [ 1487.344758][ T48] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1488.273781][T17323] macsec0: entered promiscuous mode [ 1488.289589][T17323] macvtap1: entered allmulticast mode [ 1488.295022][T17323] macsec0: entered allmulticast mode [ 1488.336186][T17323] veth1_macvtap: entered allmulticast mode [ 1489.712567][ T30] kauditd_printk_skb: 9990 callbacks suppressed [ 1489.712585][ T30] audit: type=1400 audit(2000000147.484:2899122): lsm=SMACK fn=smack_task_movememory action=granted subject="_" object="_" requested=w pid=17402 comm="syz.1.25601" opid=17402 ocomm="syz.1.25601" [ 1489.734337][T15393] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1489.742650][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1489.751102][ C1] audit: audit_lost=352806 audit_rate_limit=0 audit_backlog_limit=64 [ 1489.756022][T15393] audit: audit_lost=352807 audit_rate_limit=0 audit_backlog_limit=64 [ 1489.759249][ C1] audit: backlog limit exceeded [ 1489.767332][T15393] audit: backlog limit exceeded [ 1489.773836][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1489.783583][ C1] audit: audit_lost=352808 audit_rate_limit=0 audit_backlog_limit=64 [ 1489.791711][ C1] audit: backlog limit exceeded [ 1490.451613][T17425] netlink: 4 bytes leftover after parsing attributes in process `syz.7.25608'. [ 1491.952621][T11523] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 1492.116279][T11523] usb 3-1: Using ep0 maxpacket: 8 [ 1492.123281][T11523] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1492.137890][T11523] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1492.151688][T11523] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1492.163514][T11523] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 1492.177595][T11523] usb 3-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00 [ 1492.196306][T11523] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1492.210819][T11523] usb 3-1: config 0 descriptor?? [ 1492.269821][T17630] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.25640'. [ 1492.661125][T11523] redragon 0003:0C45:760B.0065: unknown main item tag 0x6 [ 1492.670692][T11523] redragon 0003:0C45:760B.0065: item fetching failed at offset 7/133 [ 1492.682264][T11523] redragon 0003:0C45:760B.0065: probe with driver redragon failed with error -22 [ 1492.750702][T17651] netlink: 8 bytes leftover after parsing attributes in process `syz.7.25647'. [ 1492.760483][T17651] IPVS: Error joining to the multicast group [ 1492.916776][T11523] usb 3-1: USB disconnect, device number 10 [ 1494.473048][T17721] xt_CT: No such helper "snmp" [ 1494.980693][T17751] netlink: 4 bytes leftover after parsing attributes in process `syz.6.25681'. [ 1495.071365][ T30] kauditd_printk_skb: 9082 callbacks suppressed [ 1495.071384][ T30] audit: type=1400 audit(2000000152.479:2908043): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=17754 comm="syz-executor" name="419" dev="tmpfs" ino=2140 [ 1495.091589][T16161] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1495.097679][T17754] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1495.110851][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1495.110973][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1495.117351][ C1] audit: audit_lost=352863 audit_rate_limit=0 audit_backlog_limit=64 [ 1495.131927][T16161] audit: audit_lost=352864 audit_rate_limit=0 audit_backlog_limit=64 [ 1495.131949][ C1] audit: backlog limit exceeded [ 1495.140272][T14139] audit: audit_lost=352865 audit_rate_limit=0 audit_backlog_limit=64 [ 1495.145633][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1495.275136][T17766] netlink: 40 bytes leftover after parsing attributes in process `syz.2.25685'. [ 1495.600947][T17778] veth0: entered promiscuous mode [ 1495.619508][T17778] veth0: left promiscuous mode [ 1496.534234][T17816] netlink: 28 bytes leftover after parsing attributes in process `syz.7.25705'. [ 1496.900295][T17825] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1498.294770][ T6593] kernel write not supported for file /bluetooth/6lowpan_control (pid: 6593 comm: kworker/0:4) [ 1498.398318][T17891] netlink: 'syz.0.25739': attribute type 1 has an invalid length. [ 1498.504317][T17897] input: syz1 as /devices/virtual/input/input150 [ 1498.523838][T17900] netlink: 1 bytes leftover after parsing attributes in process `syz.2.25741'. [ 1499.211426][T17936] xt_hashlimit: size too large, truncated to 1048576 [ 1499.257253][T17938] C: renamed from team_slave_0 (while UP) [ 1499.267575][T17938] netlink: 'syz.0.25758': attribute type 4 has an invalid length. [ 1499.279852][T17938] netlink: 152 bytes leftover after parsing attributes in process `syz.0.25758'. [ 1499.296443][T17938] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1499.326176][T17940] : renamed from vxcan1 (while UP) [ 1499.888707][T17967] bio_check_eod: 2 callbacks suppressed [ 1499.888727][T17967] syz.0.25768: attempt to access beyond end of device [ 1499.888727][T17967] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0 [ 1499.924666][T17967] syz.0.25768: attempt to access beyond end of device [ 1499.924666][T17967] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0 [ 1499.959142][T17967] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 1499.981728][T17967] syz.0.25768: attempt to access beyond end of device [ 1499.981728][T17967] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0 [ 1500.007440][T17967] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 1500.025691][T17967] syz.0.25768: attempt to access beyond end of device [ 1500.025691][T17967] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1500.056311][T17967] syz.0.25768: attempt to access beyond end of device [ 1500.056311][T17967] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1500.082951][T17967] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 1500.092943][T17967] syz.0.25768: attempt to access beyond end of device [ 1500.092943][T17967] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1500.106360][T17967] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 1500.129246][T17967] syz.0.25768: attempt to access beyond end of device [ 1500.129246][T17967] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1500.146224][T17967] syz.0.25768: attempt to access beyond end of device [ 1500.146224][T17967] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1500.163553][T17967] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 1500.176692][T17967] syz.0.25768: attempt to access beyond end of device [ 1500.176692][T17967] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1500.194584][T17967] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 1500.205037][T17967] syz.0.25768: attempt to access beyond end of device [ 1500.205037][T17967] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1500.218512][T17967] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 1500.228559][T17967] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 1500.239236][T17967] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1) [ 1500.424062][ T30] kauditd_printk_skb: 9884 callbacks suppressed [ 1500.424080][ T30] audit: type=1400 audit(2000000157.502:2917103): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=23 comm="ksoftirqd/1" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1500.455277][T15393] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1500.485373][ T30] audit: type=1400 audit(2000000157.521:2917104): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15393 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1500.490407][T15393] audit: audit_lost=353141 audit_rate_limit=0 audit_backlog_limit=64 [ 1500.511108][ T30] audit: type=1400 audit(2000000157.521:2917105): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15393 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1500.545077][ T30] audit: type=1400 audit(2000000157.521:2917106): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15393 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1500.564223][T15393] audit: backlog limit exceeded [ 1500.571587][ T30] audit: type=1400 audit(2000000157.521:2917107): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=15393 comm="syz-executor" name="120" dev="tmpfs" ino=624 [ 1500.619350][ T30] audit: type=1400 audit(2000000157.521:2917108): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=15393 comm="syz-executor" path="/120" dev="tmpfs" ino=624 [ 1500.657286][T17981] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1501.049948][T17997] tun0: tun_chr_ioctl cmd 1074812118 [ 1501.358140][T18014] tap0: tun_chr_ioctl cmd 35111 [ 1501.391158][T18018] loop6: detected capacity change from 0 to 524287999 [ 1501.898996][T18053] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25799'. [ 1502.214690][T18064] input: syz1 as /devices/virtual/input/input151 [ 1502.433338][T18080] netlink: 12 bytes leftover after parsing attributes in process `syz.7.25806'. [ 1502.444577][T18081] input: syz1 as /devices/virtual/input/input152 [ 1502.457717][T18080] netlink: 4 bytes leftover after parsing attributes in process `syz.7.25806'. [ 1503.284754][T18126] sp0: Synchronizing with TNC [ 1504.281494][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1505.086048][T18210] netlink: 24 bytes leftover after parsing attributes in process `syz.0.25856'. [ 1505.124117][T18210] netlink: 24 bytes leftover after parsing attributes in process `syz.0.25856'. [ 1505.778852][ T30] kauditd_printk_skb: 9848 callbacks suppressed [ 1505.778870][ T30] audit: type=1400 audit(2000000162.488:2925942): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15393 comm="syz-executor" name="143" dev="tmpfs" ino=740 [ 1505.833383][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1505.839947][T14139] audit: audit_lost=353481 audit_rate_limit=0 audit_backlog_limit=64 [ 1505.870990][T18228] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1505.878300][T14139] audit: backlog limit exceeded [ 1505.885512][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1505.892369][ T30] audit: type=1400 audit(2000000162.488:2925943): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15393 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1505.917907][T18228] audit: audit_lost=353482 audit_rate_limit=0 audit_backlog_limit=64 [ 1505.926031][T18228] audit: backlog limit exceeded [ 1505.929594][T18227] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1507.125719][T18276] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 1507.531428][T18293] input: syz0 as /devices/virtual/input/input153 [ 1507.996752][T18315] sctp: [Deprecated]: syz.2.25899 (pid 18315) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1507.996752][T18315] Use struct sctp_sack_info instead [ 1508.186438][T18321] netlink: 16215 bytes leftover after parsing attributes in process `syz.2.25901'. [ 1508.373687][T18325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25904'. [ 1508.408046][T18325] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25904'. [ 1509.789323][T18380] netlink: del zone limit has 4 unknown bytes [ 1510.066012][T18396] openvswitch: netlink: Multiple metadata blocks provided [ 1510.079207][T18397] veth0_to_bridge: entered promiscuous mode [ 1510.099351][T18394] veth0_to_bridge: left promiscuous mode [ 1511.156241][ T30] kauditd_printk_skb: 8942 callbacks suppressed [ 1511.156258][ T30] audit: type=1400 audit(2000000167.529:2933696): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1511.160455][T16161] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1511.167252][ T30] audit: type=1400 audit(2000000167.529:2933697): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1511.188366][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1511.219017][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1511.225591][ C1] audit: audit_lost=353880 audit_rate_limit=0 audit_backlog_limit=64 [ 1511.227341][ T30] audit: type=1400 audit(2000000167.529:2933698): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1511.233690][ C1] audit: backlog limit exceeded [ 1511.234612][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1511.260586][ T30] audit: type=1400 audit(2000000167.529:2933699): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1511.375749][T18432] netlink: 232 bytes leftover after parsing attributes in process `syz.1.25945'. [ 1511.391239][T18432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.25945'. [ 1512.011559][T26660] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 1512.179416][T26660] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 1512.203971][T26660] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1512.245137][T26660] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 1512.266522][T26660] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 1512.278038][T26660] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1512.301473][T26660] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1512.316730][T26660] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1512.326332][T26660] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1512.335055][T26660] usb 3-1: Product: syz [ 1512.339439][T26660] usb 3-1: Manufacturer: syz [ 1512.345202][T26660] usb 3-1: SerialNumber: syz [ 1512.353697][T26660] usb 3-1: config 0 descriptor?? [ 1512.359868][T18444] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1512.370057][T26660] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1512.392214][T26660] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1512.830620][T26660] usb 3-1: USB disconnect, device number 11 [ 1512.842848][T26660] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 1513.193030][T18515] pimreg: entered allmulticast mode [ 1513.264641][T18515] pimreg: left allmulticast mode [ 1514.675749][T18573] binder: 18570:18573 ioctl c018620c 200000000700 returned -1 [ 1515.046768][T18593] netlink: 'syz.0.26007': attribute type 11 has an invalid length. [ 1515.089798][T18593] netlink: 149476 bytes leftover after parsing attributes in process `syz.0.26007'. [ 1515.260548][T18590] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1515.751824][T18625] netlink: 'syz.1.26021': attribute type 11 has an invalid length. [ 1516.006623][T11523] IPVS: starting estimator thread 0... [ 1516.103914][T18642] bridge0: port 3(syz_tun) entered blocking state [ 1516.106434][T18637] IPVS: using max 30 ests per chain, 72000 per kthread [ 1516.155022][T18642] bridge0: port 3(syz_tun) entered disabled state [ 1516.170478][T18642] syz_tun: entered allmulticast mode [ 1516.185541][T18642] syz_tun: entered promiscuous mode [ 1516.207673][T18642] bridge0: port 3(syz_tun) entered blocking state [ 1516.217069][T18642] bridge0: port 3(syz_tun) entered forwarding state [ 1516.519317][ T30] kauditd_printk_skb: 10231 callbacks suppressed [ 1516.519335][ T30] audit: type=1400 audit(2000000172.553:2942593): lsm=SMACK fn=smack_task_setpgid action=granted subject="_" object="_" requested=w pid=18663 comm="syz-executor" opid=18663 ocomm="syz-executor" [ 1516.549259][ T8963] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1516.549288][T18663] audit: audit_backlog=66 > audit_backlog_limit=64 [ 1516.556422][ T8963] audit: audit_lost=354328 audit_rate_limit=0 audit_backlog_limit=64 [ 1516.562484][ C1] audit: audit_backlog=66 > audit_backlog_limit=64 [ 1516.577065][ C1] audit: audit_lost=354329 audit_rate_limit=0 audit_backlog_limit=64 [ 1516.585156][ C1] audit: backlog limit exceeded [ 1516.585931][ T8963] audit: backlog limit exceeded [ 1516.591359][ C1] audit: audit_backlog=66 > audit_backlog_limit=64 [ 1516.601946][ C1] audit: audit_lost=354330 audit_rate_limit=0 audit_backlog_limit=64 [ 1517.767909][T18721] netlink: 56 bytes leftover after parsing attributes in process `syz.2.26058'. [ 1517.778430][T18720] netlink: 40 bytes leftover after parsing attributes in process `syz.0.26060'. [ 1518.771950][T18764] netlink: 96 bytes leftover after parsing attributes in process `syz.2.26076'. [ 1521.744672][T18832] netlink: 'syz.2.26099': attribute type 83 has an invalid length. [ 1521.886274][ T30] kauditd_printk_skb: 6909 callbacks suppressed [ 1521.886292][ T30] audit: type=1400 audit(2000000177.566:2949023): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=18839 comm="syz.2.26102" name="339" dev="tmpfs" ino=1744 [ 1521.919130][T16161] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1521.927011][T18841] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1521.930909][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1521.934437][T16161] audit: audit_lost=354491 audit_rate_limit=0 audit_backlog_limit=64 [ 1521.940281][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1521.940301][ C1] audit: audit_lost=354492 audit_rate_limit=0 audit_backlog_limit=64 [ 1521.940321][ C1] audit: backlog limit exceeded [ 1521.955743][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1521.955766][ C1] audit: audit_lost=354493 audit_rate_limit=0 audit_backlog_limit=64 [ 1522.268229][ T7178] bond0: (slave bond_slave_0): interface is now down [ 1522.292482][ T7178] bond0: (slave bond_slave_1): interface is now down [ 1522.327841][ T7178] bond0: now running without any active interface! [ 1523.523583][T18916] tap0: tun_chr_ioctl cmd 1074025677 [ 1523.536309][T18916] tap0: linktype set to 6 [ 1523.771629][ T8960] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 1523.867714][T18934] tipc: Started in network mode [ 1523.872628][T18934] tipc: Node identity ac14140f, cluster identity 4711 [ 1523.929770][T18934] tipc: New replicast peer: 255.255.255.255 [ 1523.966472][T18934] tipc: Enabled bearer , priority 1 [ 1523.978097][T18937] netlink: 12 bytes leftover after parsing attributes in process `syz.0.26140'. [ 1524.028837][T18937] tipc: Disabling bearer [ 1524.908278][T18974] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1526.073092][T19023] openvswitch: netlink: nsh attribute has 2 unknown bytes. [ 1526.088013][T19023] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1526.164713][T19027] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26176'. [ 1526.248009][T19029] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1526.257230][T19029] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1526.266255][T19029] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1526.275009][T19029] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1526.737458][T19058] syzkaller0: tun_chr_ioctl cmd 1074025692 [ 1527.235349][ T30] kauditd_printk_skb: 10448 callbacks suppressed [ 1527.235366][ T30] audit: type=1400 audit(2000000182.571:2958875): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=8963 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1527.264114][T19105] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1527.271788][T19105] audit: audit_lost=354693 audit_rate_limit=0 audit_backlog_limit=64 [ 1527.282306][T19105] audit: backlog limit exceeded [ 1527.287490][T19105] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1527.294502][T19105] audit: audit_lost=354694 audit_rate_limit=0 audit_backlog_limit=64 [ 1527.307164][T19105] audit: backlog limit exceeded [ 1527.326812][T19106] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1527.328195][T19105] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1527.336313][T16161] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1528.396758][ T8960] Bluetooth: hci3: command 0x0406 tx timeout [ 1528.493679][T19151] netlink: 164 bytes leftover after parsing attributes in process `syz.1.26214'. [ 1528.632611][T19160] netlink: 20 bytes leftover after parsing attributes in process `syz.2.26216'. [ 1529.088618][T19176] batadv0: entered promiscuous mode [ 1529.110603][T19176] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1529.120321][T19176] batadv0: left promiscuous mode [ 1529.714809][T19199] netlink: 'syz.2.26231': attribute type 5 has an invalid length. [ 1529.981033][T19208] bpf: Bad value for 'uid' [ 1530.239419][T19215] netlink: 16 bytes leftover after parsing attributes in process `syz.2.26238'. [ 1530.621879][T19228] Bluetooth: hci0: load_link_keys: too big key_count value 2816 [ 1531.251591][T19256] netlink: 40 bytes leftover after parsing attributes in process `syz.0.26258'. [ 1531.622816][T19274] loop6: detected capacity change from 0 to 524287999 [ 1532.075987][T19300] vlan3: entered promiscuous mode [ 1532.086990][T19300] bridge0: entered promiscuous mode [ 1532.114610][T19300] vlan3: entered allmulticast mode [ 1532.119791][T19300] bridge0: entered allmulticast mode [ 1532.591148][ T30] kauditd_printk_skb: 9755 callbacks suppressed [ 1532.591167][ T30] audit: type=1400 audit(2000000187.575:2966960): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=8959 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1532.595988][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1532.605682][ T30] audit: type=1400 audit(2000000187.575:2966961): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=8959 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1532.616926][ C1] audit: audit_lost=355253 audit_rate_limit=0 audit_backlog_limit=64 [ 1532.616944][ C1] audit: backlog limit exceeded [ 1532.655320][ T8963] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1532.662668][ T8963] audit: audit_lost=355254 audit_rate_limit=0 audit_backlog_limit=64 [ 1532.664673][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1532.680384][T19321] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1532.684666][ T8959] audit: audit_lost=355255 audit_rate_limit=0 audit_backlog_limit=64 [ 1534.110144][T19366] netlink: 12 bytes leftover after parsing attributes in process `syz.0.26302'. [ 1534.188594][T19369] kernel read not supported for file /3sxt (pid: 19369 comm: syz.6.26304) [ 1535.232678][ T8960] Bluetooth: hci7: command 0xfc11 tx timeout [ 1535.233309][ T8981] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1535.376063][T19440] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26318'. [ 1535.833159][T19460] loop6: detected capacity change from 0 to 524287487 [ 1535.844888][T19460] buffer_io_error: 4 callbacks suppressed [ 1535.844906][T19460] Buffer I/O error on dev loop6, logical block 0, async page read [ 1535.894560][T19460] Buffer I/O error on dev loop6, logical block 0, async page read [ 1535.917307][T19460] Buffer I/O error on dev loop6, logical block 0, async page read [ 1535.925305][T19460] Buffer I/O error on dev loop6, logical block 0, async page read [ 1535.954175][T19460] Buffer I/O error on dev loop6, logical block 0, async page read [ 1536.022726][T19465] loop6: detected capacity change from 524287487 to 0 [ 1536.045379][T19460] Buffer I/O error on dev loop6, logical block 0, async page read [ 1536.057727][T19460] ldm_validate_partition_table(): Disk read failed. [ 1536.077222][T19460] Dev loop6: unable to read RDB block 0 [ 1536.093735][T19460] loop6: unable to read partition table [ 1536.125663][T19460] loop6: partition table beyond EOD, truncated [ 1536.170769][T19460] loop_reread_partitions: partition scan of loop6 (^L A;b@֔:Bw<gnf. -ӑ.i >^.dDd) failed (rc=-5) [ 1536.320061][T19486] netlink: 56 bytes leftover after parsing attributes in process `syz.7.26336'. [ 1536.331166][T19486] netlink: 576 bytes leftover after parsing attributes in process `syz.7.26336'. [ 1536.673235][T19505] netlink: 88 bytes leftover after parsing attributes in process `syz.7.26343'. [ 1537.962089][ T30] kauditd_printk_skb: 8062 callbacks suppressed [ 1537.962107][ T30] audit: type=1400 audit(2000000192.608:2974483): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1537.967929][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1537.974615][ T30] audit: type=1400 audit(2000000192.608:2974484): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1537.989122][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1538.000774][ T30] audit: type=1400 audit(2000000192.608:2974485): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1538.014343][ C1] audit: audit_lost=355436 audit_rate_limit=0 audit_backlog_limit=64 [ 1538.014363][ C1] audit: backlog limit exceeded [ 1538.049748][T14139] audit: audit_lost=355437 audit_rate_limit=0 audit_backlog_limit=64 [ 1538.054698][ T30] audit: type=1400 audit(2000000192.608:2974486): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1538.082346][T14139] audit: backlog limit exceeded [ 1538.566119][T15393] bridge0: port 3(syz_tun) entered disabled state [ 1538.649964][T15393] syz_tun (unregistering): left allmulticast mode [ 1538.673552][T15393] syz_tun (unregistering): left promiscuous mode [ 1538.680924][T15393] bridge0: port 3(syz_tun) entered disabled state [ 1538.905107][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1539.042579][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1539.174275][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1539.275767][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1539.284120][ T8977] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1539.298672][ T8977] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1539.308266][ T8977] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1539.320684][ T8977] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1539.328677][ T8977] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1539.520853][ T36] bridge_slave_1: left allmulticast mode [ 1539.535904][ T36] bridge_slave_1: left promiscuous mode [ 1539.543490][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1539.569265][ T36] bridge_slave_0: left allmulticast mode [ 1539.578685][ T36] bridge_slave_0: left promiscuous mode [ 1539.584625][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1540.113202][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1540.124274][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1540.135246][ T36] bond0 (unregistering): Released all slaves [ 1540.336106][T19631] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1540.383076][ T36] tipc: Left network mode [ 1540.530950][T19692] kvm_intel: kvm [19691]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1 [ 1540.551730][T19631] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1540.748771][T19631] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1540.840799][T19586] chnl_net:caif_netlink_parms(): no params data found [ 1540.887535][T19631] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1540.963087][ T8981] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1541.002984][ T36] hsr_slave_0: left promiscuous mode [ 1541.053167][ T36] hsr_slave_1: left promiscuous mode [ 1541.060264][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1541.069613][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1541.081213][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1541.090317][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1541.143971][ T36] macsec0: left allmulticast mode [ 1541.153831][ T36] veth1_macvtap: left allmulticast mode [ 1541.165314][ T36] veth1_macvtap: left promiscuous mode [ 1541.170899][ T36] veth0_macvtap: left promiscuous mode [ 1541.186423][ T36] veth1_vlan: left promiscuous mode [ 1541.191931][ T36] veth0_vlan: left promiscuous mode [ 1541.579617][ T8981] Bluetooth: hci7: command tx timeout [ 1542.279572][ T6593] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 1542.328532][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1542.433046][ T36] team0 (unregistering): Port device C removed [ 1542.480106][ T6593] usb 3-1: Using ep0 maxpacket: 16 [ 1542.484893][T19790] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1542.494388][ T6593] usb 3-1: config 0 has no interfaces? [ 1542.497597][ T6593] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1542.518084][ T6593] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1542.526427][ T6593] usb 3-1: Product: syz [ 1542.530703][ T6593] usb 3-1: Manufacturer: syz [ 1542.543535][ T6593] usb 3-1: SerialNumber: syz [ 1542.566223][ T6593] usb 3-1: config 0 descriptor?? [ 1542.810443][ T6593] usb 3-1: USB disconnect, device number 12 [ 1543.265598][T19586] bridge0: port 1(bridge_slave_0) entered blocking state [ 1543.274450][T19586] bridge0: port 1(bridge_slave_0) entered disabled state [ 1543.282243][T19586] bridge_slave_0: entered allmulticast mode [ 1543.290257][T19586] bridge_slave_0: entered promiscuous mode [ 1543.316994][T19586] bridge0: port 2(bridge_slave_1) entered blocking state [ 1543.340763][T19586] bridge0: port 2(bridge_slave_1) entered disabled state [ 1543.349281][T19586] bridge_slave_1: entered allmulticast mode [ 1543.367332][ T30] kauditd_printk_skb: 4594 callbacks suppressed [ 1543.367352][ T30] audit: type=1400 audit(2000000197.649:2978937): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=19852 comm="kworker/u8:13" name="/" dev="sda1" ino=2 [ 1543.369217][T19586] bridge_slave_1: entered promiscuous mode [ 1543.409324][ T30] audit: type=1400 audit(2000000197.696:2978938): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=19853 comm="kworker/u8:13" name="/" dev="sda1" ino=2 [ 1543.412306][T19631] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.456022][T19631] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.483144][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1543.486634][T19864] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1543.494812][T19863] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1543.501117][T19866] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1543.503269][T19865] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1543.511392][ T30] audit: type=1400 audit(2000000197.734:2978939): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=19854 comm="kworker/u8:13" name="/" dev="sda1" ino=2 [ 1543.536023][T14139] audit: audit_lost=355486 audit_rate_limit=0 audit_backlog_limit=64 [ 1543.546050][T19867] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1543.629380][T19631] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.657222][T19586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1543.694045][T19631] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.719105][T19586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1543.784616][ T8981] Bluetooth: hci7: command tx timeout [ 1544.011508][T19586] team0: Port device team_slave_0 added [ 1544.046088][T19586] team0: Port device team_slave_1 added [ 1544.163055][T19586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1544.185399][T19586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1544.231834][T19586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1544.247206][T19586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1544.254187][T19586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1544.291708][T19586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1544.449744][T19586] hsr_slave_0: entered promiscuous mode [ 1544.465765][T19586] hsr_slave_1: entered promiscuous mode [ 1544.486292][T19586] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1544.498029][T19586] Cannot create hsr debugfs directory [ 1544.520514][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 1545.800849][T20129] netlink: 87 bytes leftover after parsing attributes in process `syz.1.26429'. [ 1545.995653][T19586] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1546.007787][ T8981] Bluetooth: hci7: command tx timeout [ 1546.023499][T19586] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1546.103702][T19586] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1546.155325][T19586] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1546.433513][T20159] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 1546.446455][T19586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1546.547543][T19586] 8021q: adding VLAN 0 to HW filter on device team0 [ 1546.607905][ T7199] bridge0: port 1(bridge_slave_0) entered blocking state [ 1546.615086][ T7199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1546.693205][ T7199] bridge0: port 2(bridge_slave_1) entered blocking state [ 1546.700421][ T7199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1547.042545][T20177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.26442'. [ 1547.609896][T19586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1547.628578][T20198] netlink: 'syz.2.26448': attribute type 1 has an invalid length. [ 1547.648706][T20198] netlink: 224 bytes leftover after parsing attributes in process `syz.2.26448'. [ 1547.777698][T19586] veth0_vlan: entered promiscuous mode [ 1547.833139][T19586] veth1_vlan: entered promiscuous mode [ 1547.898250][T19586] veth0_macvtap: entered promiscuous mode [ 1547.921035][T19586] veth1_macvtap: entered promiscuous mode [ 1548.038494][T19586] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1548.074216][T19586] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1548.088150][T19586] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1548.098152][T19586] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1548.107213][T19586] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1548.116213][T19586] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1548.210210][ T6593] kernel read not supported for file /dsp (pid: 6593 comm: kworker/0:4) [ 1548.233852][ T8981] Bluetooth: hci7: command tx timeout [ 1548.336150][T20238] tap0: tun_chr_ioctl cmd 35108 [ 1548.408170][T31381] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1548.435500][T31381] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1548.498478][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1548.515535][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1548.578428][T20264] bridge0: entered promiscuous mode [ 1548.583773][T20264] macvlan2: entered promiscuous mode [ 1548.731166][ T30] kauditd_printk_skb: 7224 callbacks suppressed [ 1548.731184][ T30] audit: type=1400 audit(2000000202.682:2985718): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=20272 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1548.813152][T20275] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1548.815066][ T30] audit: type=1400 audit(2000000202.710:2985719): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=11523 comm="kworker/1:7" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1548.841497][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1548.849217][ C1] audit: audit_lost=355637 audit_rate_limit=0 audit_backlog_limit=64 [ 1548.849298][ T30] audit: type=1400 audit(2000000202.710:2985720): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=11523 comm="kworker/1:7" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1548.857312][ C1] audit: backlog limit exceeded [ 1548.869319][T19586] audit: audit_backlog=66 > audit_backlog_limit=64 [ 1548.892314][T20275] audit: audit_lost=355638 audit_rate_limit=0 audit_backlog_limit=64 [ 1548.900446][ T30] audit: type=1400 audit(2000000202.710:2985721): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=11523 comm="kworker/1:7" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1549.159199][T20288] netlink: 24 bytes leftover after parsing attributes in process `syz.1.26463'. [ 1549.607841][T20307] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 1549.669290][T10529] kernel write not supported for file /dsp (pid: 10529 comm: kworker/1:5) [ 1549.692494][T10529] kernel write not supported for file /dsp (pid: 10529 comm: kworker/1:5) [ 1550.048337][T20332] netlink: 48 bytes leftover after parsing attributes in process `syz.2.26481'. [ 1551.747599][T20419] vivid-000: disconnect [ 1551.783101][T20418] vivid-000: reconnect [ 1553.786094][T20496] netlink: 16 bytes leftover after parsing attributes in process `syz.7.26546'. [ 1554.090118][ T30] kauditd_printk_skb: 10267 callbacks suppressed [ 1554.090144][ T30] audit: type=1400 audit(2000000207.696:2994630): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=20502 comm="kworker/u8:13" name="/" dev="sda1" ino=2 [ 1554.164315][ T30] audit: type=1400 audit(2000000207.761:2994631): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=20503 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1554.183221][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1554.194425][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1554.201020][ C1] audit: audit_lost=356092 audit_rate_limit=0 audit_backlog_limit=64 [ 1554.209193][ C1] audit: backlog limit exceeded [ 1554.209444][T20503] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1554.214759][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1554.227094][ C1] audit: audit_lost=356093 audit_rate_limit=0 audit_backlog_limit=64 [ 1554.235234][ C1] audit: backlog limit exceeded [ 1554.315409][T20505] sctp: [Deprecated]: syz.6.26548 (pid 20505) Use of int in maxseg socket option. [ 1554.315409][T20505] Use struct sctp_assoc_value instead [ 1556.207737][T20591] netlink: 44 bytes leftover after parsing attributes in process `syz.0.26583'. [ 1556.374456][T20599] netlink: 252 bytes leftover after parsing attributes in process `syz.0.26587'. [ 1556.748291][T20615] netlink: 8 bytes leftover after parsing attributes in process `syz.7.26595'. [ 1556.808853][T20610] block nbd0: shutting down sockets [ 1556.917995][T20622] netlink: 16 bytes leftover after parsing attributes in process `syz.7.26597'. [ 1557.102270][T20626] Falling back ldisc for ptm0. [ 1557.943608][T20672] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26616'. [ 1558.342396][T20688] netlink: 16 bytes leftover after parsing attributes in process `syz.6.26623'. [ 1558.353580][T20688] netlink: 16 bytes leftover after parsing attributes in process `syz.6.26623'. [ 1558.736227][T20702] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26628'. [ 1559.453160][ T30] kauditd_printk_skb: 10386 callbacks suppressed [ 1559.453179][ T30] audit: type=1400 audit(2000000212.709:3004444): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=20742 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1559.495176][T20746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1559.499012][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1559.502423][T20746] audit: audit_lost=356286 audit_rate_limit=0 audit_backlog_limit=64 [ 1559.517639][ T30] audit: type=1400 audit(2000000212.709:3004445): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=20742 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1559.544491][ T8959] audit: audit_lost=356287 audit_rate_limit=0 audit_backlog_limit=64 [ 1559.545884][T20746] audit: backlog limit exceeded [ 1559.558032][T20746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1559.558060][ T8963] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1559.565101][ T30] audit: type=1400 audit(2000000212.709:3004446): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=20742 comm="syz-executor" name="621" dev="tmpfs" ino=3163 [ 1560.152988][T20778] netlink: 12 bytes leftover after parsing attributes in process `syz.6.26658'. [ 1560.471982][T20794] openvswitch: netlink: Multiple metadata blocks provided [ 1561.552827][T20829] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.26679'. [ 1561.782426][T20837] netlink: 16 bytes leftover after parsing attributes in process `syz.0.26683'. [ 1562.330786][T20862] random: crng reseeded on system resumption [ 1562.398229][T20862] Restarting kernel threads ... [ 1562.412562][T20862] Done restarting kernel threads. [ 1562.567549][T20867] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26695'. [ 1562.610068][T20868] loop6: detected capacity change from 0 to 524287999 [ 1563.281966][T20897] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26706'. [ 1563.302231][T20897] netlink: 'syz.0.26706': attribute type 2 has an invalid length. [ 1563.864826][T20921] netlink: 'syz.2.26714': attribute type 4 has an invalid length. [ 1564.822264][ T30] kauditd_printk_skb: 9679 callbacks suppressed [ 1564.822282][ T30] audit: type=1400 audit(2000000217.732:3013470): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1564.839709][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1564.858707][ T30] audit: type=1400 audit(2000000217.732:3013471): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=20966 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1564.866861][T20967] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1564.878735][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1564.878755][ C1] audit: audit_lost=356507 audit_rate_limit=0 audit_backlog_limit=64 [ 1564.878771][ C1] audit: backlog limit exceeded [ 1564.878940][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1564.878955][ C1] audit: audit_lost=356508 audit_rate_limit=0 audit_backlog_limit=64 [ 1564.878969][ C1] audit: backlog limit exceeded [ 1565.014538][T20974] netlink: 'syz.6.26734': attribute type 25 has an invalid length. [ 1565.022854][T20974] netlink: 'syz.6.26734': attribute type 1 has an invalid length. [ 1565.032640][T20974] bridge0: port 1(bridge_slave_0) entered learning state [ 1565.684390][T21004] netlink: 'syz.6.26748': attribute type 21 has an invalid length. [ 1565.698102][T21004] netlink: 156 bytes leftover after parsing attributes in process `syz.6.26748'. [ 1565.715093][T21004] netlink: 'syz.6.26748': attribute type 21 has an invalid length. [ 1565.726002][T21004] netlink: 156 bytes leftover after parsing attributes in process `syz.6.26748'. [ 1566.212945][ T10] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 1566.384601][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 1566.405928][ T10] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1566.437104][ T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1566.455053][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1566.468870][ T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1566.481183][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1566.489228][ T10] usb 3-1: Product: syz [ 1566.493770][ T10] usb 3-1: Manufacturer: syz [ 1566.498388][ T10] usb 3-1: SerialNumber: syz [ 1566.631078][T21044] vivid-002: disconnect [ 1566.636200][T21043] vivid-002: reconnect [ 1566.675494][T21046] netlink: 136 bytes leftover after parsing attributes in process `syz.7.26764'. [ 1566.705620][ T8977] Bluetooth: hci2: command 0x0406 tx timeout [ 1566.896922][T21057] sock: sock_set_timeout: `syz.7.26768' (pid 21057) tries to set negative timeout [ 1566.960669][ T10] usb 3-1: 0:2 : does not exist [ 1567.403008][ T10] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1) [ 1567.428985][ T10] usb 3-1: USB disconnect, device number 13 [ 1567.513556][T21105] netlink: 'syz.7.26778': attribute type 1 has an invalid length. [ 1567.522984][T21105] netlink: 'syz.7.26778': attribute type 3 has an invalid length. [ 1567.531160][T21105] netlink: 216 bytes leftover after parsing attributes in process `syz.7.26778'. [ 1567.541529][T21105] NCSI netlink: No device for ifindex 813332851 [ 1567.609512][T21109] netlink: 4 bytes leftover after parsing attributes in process `syz.6.26779'. [ 1567.920612][T21127] netlink: 8 bytes leftover after parsing attributes in process `syz.6.26785'. [ 1568.543744][ T10] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1568.714758][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 1568.726685][ T10] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1568.738195][ T10] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1568.748056][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1568.754892][ T10] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 1568.764153][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1568.774537][ T10] usb 3-1: config 0 descriptor?? [ 1569.222378][ T10] hid (null): unknown global tag 0xc [ 1569.236190][ T10] hid (null): report_id 0 is invalid [ 1569.243769][ T10] hid (null): unknown global tag 0xe [ 1569.459622][T10507] usb 3-1: USB disconnect, device number 14 [ 1570.059484][T21178] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26799'. [ 1570.073690][T21178] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26799'. [ 1570.170889][ T30] kauditd_printk_skb: 7681 callbacks suppressed [ 1570.170909][ T30] audit: type=1400 audit(2000000222.727:3020588): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=21181 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1570.199252][ T30] audit: type=1400 audit(2000000222.727:3020589): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=21181 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1570.250202][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1570.258966][ T30] audit: type=1400 audit(2000000222.727:3020590): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=21181 comm="syz-executor" name="507" dev="tmpfs" ino=2601 [ 1570.280124][T14139] audit: audit_lost=356698 audit_rate_limit=0 audit_backlog_limit=64 [ 1570.281219][T19586] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1570.288440][T14139] audit: backlog limit exceeded [ 1570.288463][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1570.288476][T14139] audit: audit_lost=356699 audit_rate_limit=0 audit_backlog_limit=64 [ 1570.315005][T21184] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1572.573989][T10507] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1572.745009][T10507] usb 3-1: Using ep0 maxpacket: 16 [ 1572.754094][T10507] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1572.766453][T10507] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1572.802001][T21307] netlink: 'syz.6.26849': attribute type 9 has an invalid length. [ 1572.803191][T10507] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1572.814975][T21307] netlink: 8 bytes leftover after parsing attributes in process `syz.6.26849'. [ 1572.835243][T10507] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1572.845710][T21307] macvlan2: entered promiscuous mode [ 1572.851448][T21307] macvlan2: entered allmulticast mode [ 1572.852558][T10507] usb 3-1: Product: syz [ 1572.861060][T10507] usb 3-1: Manufacturer: syz [ 1572.863427][T21307] hsr0: entered allmulticast mode [ 1572.871546][T10507] usb 3-1: SerialNumber: syz [ 1572.874262][T21307] hsr_slave_0: entered allmulticast mode [ 1572.892277][T10507] usb 3-1: config 0 descriptor?? [ 1572.893905][T21307] hsr_slave_1: entered allmulticast mode [ 1572.902584][T10507] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1572.922533][T10507] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 1573.562584][T10507] em28xx 3-1:0.0: unknown em28xx chip ID (47) [ 1573.779448][T10507] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 1573.808058][T10507] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 1573.815234][T10507] em28xx 3-1:0.0: No AC97 audio processor [ 1573.840981][T10507] usb 3-1: USB disconnect, device number 15 [ 1573.858070][T10507] em28xx 3-1:0.0: Disconnecting em28xx [ 1573.877132][T10507] em28xx 3-1:0.0: Freeing device [ 1574.130164][T21357] netlink: 16 bytes leftover after parsing attributes in process `syz.1.26862'. [ 1574.870254][T21378] sp0: Synchronizing with TNC [ 1574.938112][T21378] sp0: Synchronizing with TNC [ 1575.526979][ T30] kauditd_printk_skb: 8363 callbacks suppressed [ 1575.526998][ T30] audit: type=1400 audit(2000000227.750:3028292): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=21407 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1575.555238][ T8963] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1575.555363][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1575.568409][ C1] audit: audit_lost=356921 audit_rate_limit=0 audit_backlog_limit=64 [ 1575.576487][ C1] audit: backlog limit exceeded [ 1575.582501][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1575.588749][ T8963] audit: audit_lost=356922 audit_rate_limit=0 audit_backlog_limit=64 [ 1575.589033][ C1] audit: audit_lost=356923 audit_rate_limit=0 audit_backlog_limit=64 [ 1575.597052][ T8963] audit: backlog limit exceeded [ 1575.605113][ C1] audit: backlog limit exceeded [ 1576.745047][T21444] netlink: 'syz.2.26890': attribute type 34 has an invalid length. [ 1578.733118][T21523] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26919'. [ 1578.742793][T21523] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1578.774689][T10529] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 1578.948353][T10529] usb 3-1: Using ep0 maxpacket: 32 [ 1578.964240][T10529] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1578.975839][T10529] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1579.005050][T10529] usb 3-1: config 0 descriptor?? [ 1579.256782][T10529] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1579.270420][T10529] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1579.295433][T10529] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1579.306950][T10529] usb 3-1: media controller created [ 1579.356286][T10529] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1579.479147][T10529] az6027: usb out operation failed. (-71) [ 1579.495700][T10529] az6027: usb out operation failed. (-71) [ 1579.504788][T10529] stb0899_attach: Driver disabled by Kconfig [ 1579.511226][T10529] az6027: no front-end attached [ 1579.511226][T10529] [ 1579.522494][T10529] az6027: usb out operation failed. (-71) [ 1579.532813][T10529] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1579.555671][T10529] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input157 [ 1579.581169][T10529] dvb-usb: schedule remote query interval to 400 msecs. [ 1579.594342][T10529] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1579.608070][T10529] usb 3-1: USB disconnect, device number 16 [ 1579.717970][T10529] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1579.909518][T21589] netlink: 1041 bytes leftover after parsing attributes in process `syz.7.26935'. [ 1580.404928][T21601] program syz.7.26941 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1580.932813][ T30] kauditd_printk_skb: 8607 callbacks suppressed [ 1580.932831][ T30] audit: type=1400 audit(2000000232.802:3036264): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1580.941928][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1580.971841][T21620] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1580.986236][T21621] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1580.993000][T21620] audit: audit_lost=357136 audit_rate_limit=0 audit_backlog_limit=64 [ 1581.002829][T14139] audit: audit_lost=357137 audit_rate_limit=0 audit_backlog_limit=64 [ 1581.003853][T21621] audit: audit_lost=357138 audit_rate_limit=0 audit_backlog_limit=64 [ 1581.020497][T21620] audit: backlog limit exceeded [ 1581.024616][ T30] audit: type=1400 audit(2000000232.802:3036265): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1581.025408][T14139] audit: backlog limit exceeded [ 1581.208899][ T7201] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1581.234003][ T7201] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1581.365017][ T7201] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1581.382928][ T7201] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1581.517048][ T7201] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1581.543454][ T7201] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1581.704168][ T7201] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1581.719212][ T7201] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1582.019104][T21646] IPv6: NLM_F_CREATE should be specified when creating new route [ 1582.091505][ T7201] bridge_slave_1: left allmulticast mode [ 1582.097238][ T7201] bridge_slave_1: left promiscuous mode [ 1582.139672][ T7201] bridge0: port 2(bridge_slave_1) entered disabled state [ 1582.162438][ T8977] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1582.188778][ T8977] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1582.206375][ T8977] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1582.237711][ T8977] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1582.252030][ T8977] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1582.263301][ T7201] bridge_slave_0: left allmulticast mode [ 1582.268989][ T7201] bridge_slave_0: left promiscuous mode [ 1582.287682][ T7201] bridge0: port 1(bridge_slave_0) entered disabled state [ 1582.363629][T21677] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1582.596710][T21681] netlink: 20 bytes leftover after parsing attributes in process `syz.1.26966'. [ 1582.730472][T21685] sctp: [Deprecated]: syz.0.26969 (pid 21685) Use of int in max_burst socket option deprecated. [ 1582.730472][T21685] Use struct sctp_assoc_value instead [ 1583.268552][ T7201] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1583.286355][ T7201] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1583.306632][ T7201] bond0 (unregistering): Released all slaves [ 1583.328018][ T7201] bond1 (unregistering): Released all slaves [ 1583.925819][ T7201] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1583.953240][ T7201] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1583.982669][ T7201] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1584.044281][ T7201] hsr0: left allmulticast mode [ 1584.051626][ T7201] veth1_macvtap: left promiscuous mode [ 1584.063369][ T7201] veth0_macvtap: left promiscuous mode [ 1584.069576][ T7201] veth1_vlan: left promiscuous mode [ 1584.075152][ T7201] veth0_vlan: left promiscuous mode [ 1584.494324][ T8981] Bluetooth: hci4: command tx timeout [ 1585.280452][ T7201] team0 (unregistering): Port device team_slave_1 removed [ 1585.366354][ T7201] team0 (unregistering): Port device team_slave_0 removed [ 1585.441861][T21801] netlink: 'syz.1.26996': attribute type 10 has an invalid length. [ 1586.028364][T21817] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26997'. [ 1586.092621][T21817] netlink: 'syz.0.26997': attribute type 20 has an invalid length. [ 1586.147040][T21817] netlink: 'syz.0.26997': attribute type 21 has an invalid length. [ 1586.284498][T21881] audit_log_start: 5535 callbacks suppressed [ 1586.284514][T21881] audit: audit_backlog=66 > audit_backlog_limit=64 [ 1586.284580][T14139] audit: audit_backlog=66 > audit_backlog_limit=64 [ 1586.290583][ T30] audit: type=1400 audit(2000000237.797:3041389): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1586.290629][ T30] audit: type=1400 audit(2000000237.797:3041390): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1586.290669][ T30] audit: type=1400 audit(2000000237.797:3041391): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1586.290709][ T30] audit: type=1400 audit(2000000237.797:3041392): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1586.290747][ T30] audit: type=1400 audit(2000000237.797:3041393): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=14139 comm="syz-executor" name="559" dev="tmpfs" ino=2865 [ 1586.290785][ T30] audit: type=1400 audit(2000000237.797:3041394): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=14139 comm="syz-executor" path="/559" dev="tmpfs" ino=2865 [ 1586.290821][ T30] audit: type=1400 audit(2000000237.806:3041395): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=14139 comm="syz-executor" path="/559" dev="tmpfs" ino=2865 [ 1586.370513][T14139] audit: audit_lost=357276 audit_rate_limit=0 audit_backlog_limit=64 [ 1586.468045][T21660] chnl_net:caif_netlink_parms(): no params data found [ 1586.721013][ T8981] Bluetooth: hci4: command tx timeout [ 1587.073102][T21660] bridge0: port 1(bridge_slave_0) entered blocking state [ 1587.081674][T21660] bridge0: port 1(bridge_slave_0) entered disabled state [ 1587.104006][T21660] bridge_slave_0: entered allmulticast mode [ 1587.121449][T21660] bridge_slave_0: entered promiscuous mode [ 1587.137229][T21660] bridge0: port 2(bridge_slave_1) entered blocking state [ 1587.153939][T21660] bridge0: port 2(bridge_slave_1) entered disabled state [ 1587.164310][T21660] bridge_slave_1: entered allmulticast mode [ 1587.181213][T21660] bridge_slave_1: entered promiscuous mode [ 1587.302660][T21660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1587.321635][T21660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1587.463992][T21660] team0: Port device team_slave_0 added [ 1587.485005][T21660] team0: Port device team_slave_1 added [ 1587.586825][T21660] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1587.597792][T21660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1587.638166][T21660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1587.742586][T21660] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1587.775179][T21660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1587.838876][T21660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1588.024229][T21660] hsr_slave_0: entered promiscuous mode [ 1588.046334][T21660] hsr_slave_1: entered promiscuous mode [ 1588.052804][T21660] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1588.061650][T21660] Cannot create hsr debugfs directory [ 1588.574992][T10529] IPVS: starting estimator thread 0... [ 1588.695841][T22167] IPVS: using max 28 ests per chain, 67200 per kthread [ 1588.927116][T21660] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1588.941391][ T8981] Bluetooth: hci4: command tx timeout [ 1588.957073][T21660] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1588.970949][T21660] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1589.011947][T21660] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1589.210561][T21660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1589.266466][T21660] 8021q: adding VLAN 0 to HW filter on device team0 [ 1589.308353][ T7193] bridge0: port 1(bridge_slave_0) entered blocking state [ 1589.315585][ T7193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1589.363534][ T7193] bridge0: port 2(bridge_slave_1) entered blocking state [ 1589.370780][ T7193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1589.517245][T22226] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1589.604326][T22226] F2FS-fs (loop15): Can't find valid F2FS filesystem in 1th superblock [ 1589.622184][T22226] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1589.651939][T22226] F2FS-fs (loop15): Can't find valid F2FS filesystem in 2th superblock [ 1589.689319][T22228] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1589.700439][T22228] F2FS-fs (loop15): Can't find valid F2FS filesystem in 1th superblock [ 1589.708738][T22228] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1589.772958][T22228] F2FS-fs (loop15): Can't find valid F2FS filesystem in 2th superblock [ 1590.178999][T21660] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1590.301463][T21660] veth0_vlan: entered promiscuous mode [ 1590.343375][T21660] veth1_vlan: entered promiscuous mode [ 1590.442631][T21660] veth0_macvtap: entered promiscuous mode [ 1590.466365][T21660] veth1_macvtap: entered promiscuous mode [ 1590.496717][T21660] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1590.524389][T21660] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1590.540657][T21660] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.555351][T21660] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.571622][T21660] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.582183][T21660] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.786488][ T7214] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1590.809115][ T7214] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1590.878545][ T7201] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1590.894120][ T7201] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1591.165380][ T8981] Bluetooth: hci4: command tx timeout [ 1591.224048][T22292] netlink: 2 bytes leftover after parsing attributes in process `syz.0.27052'. [ 1591.400398][ T977] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1591.494802][T22318] netlink: 4 bytes leftover after parsing attributes in process `syz.1.27056'. [ 1591.593291][ T977] usb 4-1: Using ep0 maxpacket: 16 [ 1591.621908][ T977] usb 4-1: config 0 has no interfaces? [ 1591.629465][ T977] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1591.639698][ T30] kauditd_printk_skb: 7981 callbacks suppressed [ 1591.639715][ T30] audit: type=1400 audit(2000000242.820:3048387): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1591.649608][ T977] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1591.690397][T22325] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1591.696955][T22325] audit: audit_lost=357607 audit_rate_limit=0 audit_backlog_limit=64 [ 1591.716222][T22325] audit: backlog limit exceeded [ 1591.721670][ T977] usb 4-1: Manufacturer: syz [ 1591.727114][T22327] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1591.734483][ T30] audit: type=1400 audit(2000000242.820:3048388): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=14139 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1591.739625][T22328] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1591.754260][T22327] audit: audit_lost=357608 audit_rate_limit=0 audit_backlog_limit=64 [ 1591.780154][ T26] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1591.783559][T22330] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1591.794775][ T977] usb 4-1: config 0 descriptor?? [ 1592.194927][T11523] usb 4-1: USB disconnect, device number 21 [ 1593.159593][T22389] futex_wake_op: syz.7.27080 tries to shift op by 36; fix this program [ 1593.216775][T22394] netlink: 32 bytes leftover after parsing attributes in process `syz.1.27083'. [ 1593.258107][T22394] tipc: Invalid UDP bearer configuration [ 1593.258169][T22394] tipc: Enabling of bearer rejected, failed to enable media [ 1593.391554][T22399] netlink: 40 bytes leftover after parsing attributes in process `syz.7.27084'. [ 1593.407741][T22399] sch_fq: defrate 0 ignored. [ 1593.886130][T22426] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1595.245985][T22471] program syz.3.27116 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1595.257271][T22469] netlink: 4 bytes leftover after parsing attributes in process `syz.0.27115'. [ 1595.797387][T22490] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1595.805646][T11523] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1595.975763][T11523] usb 4-1: Using ep0 maxpacket: 16 [ 1595.987199][T11523] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1595.995728][T11523] usb 4-1: config 0 has no interface number 0 [ 1596.002109][T11523] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1596.015703][T11523] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1596.025934][T11523] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 1596.039753][T11523] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1596.053840][T11523] usb 4-1: config 0 descriptor?? [ 1596.138063][ T10] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 1596.319343][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1596.346013][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 1596.357521][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 1596.374540][ T10] usb 3-1: New USB device found, idVendor=1e71, idProduct=200f, bcdDevice= 0.00 [ 1596.387552][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1596.402796][ T10] usb 3-1: config 0 descriptor?? [ 1596.411267][T22497] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1596.425154][T22497] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1596.662340][T22527] netlink: 28 bytes leftover after parsing attributes in process `syz.7.27136'. [ 1596.672387][T22527] netlink: 28 bytes leftover after parsing attributes in process `syz.7.27136'. [ 1596.716827][T11523] uclogic 0003:28BD:0071.0067: pen parameters not found [ 1596.735112][T11523] uclogic 0003:28BD:0071.0067: interface is invalid, ignoring [ 1596.906250][ T10] nzxt-smart2 0003:1E71:200F.0068: hidraw0: USB HID v0.00 Device [HID 1e71:200f] on usb-dummy_hcd.2-1/input0 [ 1596.952255][T11523] usb 4-1: USB disconnect, device number 22 [ 1597.001983][ T30] kauditd_printk_skb: 8532 callbacks suppressed [ 1597.002001][ T30] audit: type=1400 audit(2000000247.815:3056749): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=22551 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1597.033089][ T30] audit: type=1400 audit(2000000247.815:3056750): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=22551 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1597.056395][ T30] audit: type=1400 audit(2000000247.815:3056751): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=22551 comm="syz-executor" name="126" dev="tmpfs" ino=650 [ 1597.075604][ C0] vkms_vblank_simulate: vblank timer overrun [ 1597.094359][ T30] audit: type=1400 audit(2000000247.815:3056752): lsm=SMACK fn=smack_task_setpgid action=granted subject="_" object="_" requested=w pid=22551 comm="syz-executor" opid=22551 ocomm="syz-executor" [ 1597.117113][T19586] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1597.121148][ T977] usb 3-1: USB disconnect, device number 17 [ 1597.130914][T22560] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1597.135934][T22561] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1597.137428][T22560] audit: audit_lost=357667 audit_rate_limit=0 audit_backlog_limit=64 [ 1597.144118][T22559] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1597.163397][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1597.385560][T22582] bio_check_eod: 2 callbacks suppressed [ 1597.385581][T22582] syz.1.27147: attempt to access beyond end of device [ 1597.385581][T22582] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1598.318714][T22619] cgroup: fork rejected by pids controller in /syz1 [ 1598.697508][T23216] netlink: 28 bytes leftover after parsing attributes in process `syz.3.27168'. [ 1598.741416][T23216] netlink: 'syz.3.27168': attribute type 7 has an invalid length. [ 1598.764502][T23216] netlink: 'syz.3.27168': attribute type 8 has an invalid length. [ 1598.794230][T23216] netlink: 4 bytes leftover after parsing attributes in process `syz.3.27168'. [ 1599.268457][T11523] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1599.457818][T11523] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1599.525552][T11523] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1599.550755][T11523] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1599.573633][T11523] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1599.615253][T11523] usb 4-1: SerialNumber: syz [ 1599.862859][T11523] usb 4-1: 0:2 : does not exist [ 1599.885426][T23875] netlink: 12 bytes leftover after parsing attributes in process `syz.0.27182'. [ 1599.891039][T11523] usb 4-1: USB disconnect, device number 23 [ 1600.384742][T23904] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 1600.413810][T23904] team0: Port device batadv2 added [ 1600.648876][T23922] loop9: detected capacity change from 0 to 7 [ 1600.660239][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.679996][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.694211][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.705903][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.725882][T23928] netlink: 92 bytes leftover after parsing attributes in process `syz.7.27201'. [ 1600.730629][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.735465][T23928] netem: unknown loss type 0 [ 1600.749319][T23928] netem: change failed [ 1600.755210][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.790182][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.820977][T23922] ldm_validate_partition_table(): Disk read failed. [ 1600.842014][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.858910][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.881461][T23922] Buffer I/O error on dev loop9, logical block 0, async page read [ 1600.903012][T23922] Dev loop9: unable to read RDB block 0 [ 1600.926903][T23922] loop9: unable to read partition table [ 1600.939843][T23922] loop9: partition table beyond EOD, truncated [ 1600.955463][T23922] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 1600.955463][T23922] ) failed (rc=-5) [ 1601.812790][ T977] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1601.984299][ T977] usb 3-1: Using ep0 maxpacket: 16 [ 1602.007486][ T977] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 1602.029032][ T977] usb 3-1: config 1 has no interface number 0 [ 1602.037747][ T977] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1602.047706][ T977] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1602.058488][ T977] usb 3-1: config 1 interface 105 has no altsetting 0 [ 1602.071496][ T977] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1602.092236][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1602.110425][ T977] usb 3-1: Product: syz [ 1602.117729][ T977] usb 3-1: Manufacturer: syz [ 1602.126502][ T977] usb 3-1: SerialNumber: syz [ 1602.149126][T23950] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1602.175052][T23950] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1602.202948][T23978] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 1602.297306][T23986] netlink: 'syz.3.27220': attribute type 1 has an invalid length. [ 1602.307723][T23986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.27220'. [ 1602.359593][ T30] kauditd_printk_skb: 8581 callbacks suppressed [ 1602.359610][ T30] audit: type=1400 audit(2000000252.847:3064666): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=7178 comm="kworker/u8:12" saddr=10.128.0.169 src=30008 daddr=10.128.10.1 dest=57370 netif=eth0 [ 1602.429417][T23989] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1602.432980][T23950] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1602.438160][T23989] audit: audit_lost=357892 audit_rate_limit=0 audit_backlog_limit=64 [ 1602.450825][T23989] audit: backlog limit exceeded [ 1602.455932][T23950] audit: audit_lost=357893 audit_rate_limit=0 audit_backlog_limit=64 [ 1602.463026][ T30] audit: type=1400 audit(2000000252.838:3064665): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=21660 comm="syz-executor" name="18" dev="tmpfs" ino=103 [ 1602.464129][T23950] audit: backlog limit exceeded [ 1602.492742][T23990] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1602.495325][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1602.797266][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1602.810162][T23950] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1602.822467][T23950] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1603.276205][ T977] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 1603.300678][ T977] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 1603.312903][ T977] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 1603.335704][ T977] aqc111 3-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41 [ 1603.361023][ T977] usb 3-1: USB disconnect, device number 18 [ 1603.388045][ T977] aqc111 3-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 1603.460010][ T977] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 1603.484570][ T977] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 1603.505258][ T977] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 1603.554554][T24043] netlink: 32 bytes leftover after parsing attributes in process `syz.3.27239'. [ 1603.727197][T24051] netlink: 'syz.3.27243': attribute type 1 has an invalid length. [ 1603.744700][T24051] netlink: 172 bytes leftover after parsing attributes in process `syz.3.27243'. [ 1603.953735][T24061] netlink: 27 bytes leftover after parsing attributes in process `syz.2.27247'. [ 1604.454540][T24201] netlink: 16 bytes leftover after parsing attributes in process `syz.0.27253'. [ 1605.089605][T24217] ipvlan2: entered promiscuous mode [ 1605.110357][T24217] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 1605.133004][T24217] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1605.173622][T24223] program syz.3.27262 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1605.484368][T24241] random: crng reseeded on system resumption [ 1605.636890][T24249] netlink: 'syz.3.27272': attribute type 1 has an invalid length. [ 1605.968803][T24262] netlink: 'syz.3.27277': attribute type 3 has an invalid length. [ 1605.979017][T24262] netlink: 'syz.3.27277': attribute type 3 has an invalid length. [ 1606.169045][T24268] netlink: 104 bytes leftover after parsing attributes in process `syz.0.27281'. [ 1606.295468][T24273] netlink: 32 bytes leftover after parsing attributes in process `syz.3.27282'. [ 1606.315108][T24273] sch_tbf: peakrate 4 is lower than or equals to rate 5 ! [ 1607.718140][ T30] kauditd_printk_skb: 9331 callbacks suppressed [ 1607.718158][ T30] audit: type=1400 audit(2000000257.861:3073394): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=24331 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1607.771186][ T30] audit: type=1400 audit(2000000257.861:3073395): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=24331 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1607.774506][T14139] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1607.797694][ T30] audit: type=1400 audit(2000000257.861:3073396): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=24331 comm="syz-executor" name="613" dev="tmpfs" ino=3136 [ 1607.802692][T24333] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1607.823973][T14139] audit: audit_lost=358096 audit_rate_limit=0 audit_backlog_limit=64 [ 1607.834685][ T30] audit: type=1400 audit(2000000257.861:3073397): lsm=SMACK fn=smack_task_setpgid action=granted subject="_" object="_" requested=w pid=24331 comm="syz-executor" opid=24331 ocomm="syz-executor" [ 1607.835331][T24334] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1607.860370][T14139] audit: backlog limit exceeded [ 1607.860411][ T30] audit: type=1400 audit(2000000257.861:3073398): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=24331 comm="syz-executor" name="613" dev="tmpfs" ino=3136 [ 1608.209505][T24350] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1608.225737][T24350] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1) [ 1608.239721][T24350] bridge_slave_0: default FDB implementation only supports local addresses [ 1609.762562][T24398] bridge0: port 2(bridge_slave_1) entered disabled state [ 1611.317064][T24460] netlink: 'syz.2.27360': attribute type 5 has an invalid length. [ 1613.070927][ T30] kauditd_printk_skb: 9019 callbacks suppressed [ 1613.070946][ T30] audit: type=1400 audit(2000000262.856:3081598): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=21660 comm="syz-executor" name="68" dev="tmpfs" ino=356 [ 1613.092358][T24526] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1613.103738][T21660] audit: audit_backlog=66 > audit_backlog_limit=64 [ 1613.110270][T21660] audit: audit_lost=358371 audit_rate_limit=0 audit_backlog_limit=64 [ 1613.119595][T24528] audit: audit_backlog=66 > audit_backlog_limit=64 [ 1613.120954][ T30] audit: type=1400 audit(2000000262.856:3081599): lsm=SMACK fn=smack_inode_unlink action=granted subject="_" object="_" requested=w pid=21660 comm="syz-executor" name="file1" dev="tmpfs" ino=361 [ 1613.134381][T24528] audit: audit_lost=358372 audit_rate_limit=0 audit_backlog_limit=64 [ 1613.153902][T24526] audit: audit_lost=358373 audit_rate_limit=0 audit_backlog_limit=64 [ 1613.164171][T21660] audit: backlog limit exceeded [ 1613.172975][T24526] audit: backlog limit exceeded [ 1613.488156][T24546] netlink: 'syz.3.27395': attribute type 58 has an invalid length. [ 1613.507670][T24546] netlink: 20 bytes leftover after parsing attributes in process `syz.3.27395'. [ 1613.581636][T24550] Falling back ldisc for ptm0. [ 1613.673798][T24559] netlink: 4 bytes leftover after parsing attributes in process `syz.0.27398'. [ 1613.736065][T24559] bond1 (unregistering): Released all slaves [ 1613.850379][ T977] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1614.021379][ T977] usb 3-1: Using ep0 maxpacket: 32 [ 1614.032338][ T977] usb 3-1: config 0 has no interfaces? [ 1614.048790][ T977] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1614.094516][T24634] cgroup: fork rejected by pids controller in /syz0 [ 1614.301328][ T977] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1614.354362][ T977] usb 3-1: config 0 descriptor?? [ 1614.620725][T10529] usb 3-1: USB disconnect, device number 19 [ 1614.889754][T25728] input: syz0 as /devices/virtual/input/input158 [ 1615.039943][T25868] gretap0: entered promiscuous mode [ 1615.083420][T25868] netlink: 31 bytes leftover after parsing attributes in process `syz.3.27409'. [ 1615.678628][T10529] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 1615.776002][T25902] netlink: 12 bytes leftover after parsing attributes in process `syz.0.27420'. [ 1615.785399][T25902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.27420'. [ 1615.863755][T10529] usb 3-1: config 7 has an invalid interface number: 101 but max is 0 [ 1615.885045][T10529] usb 3-1: config 7 has no interface number 0 [ 1615.908490][T10529] usb 3-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 1615.928605][T10529] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1615.950227][T10529] usb 3-1: Product: syz [ 1615.954446][T10529] usb 3-1: Manufacturer: syz [ 1615.969773][T10529] usb 3-1: SerialNumber: syz [ 1616.829624][T10529] as10x_usb: device has been detected [ 1616.838043][T10529] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 1616.872030][T10529] usb 3-1: DVB: registering adapter 2 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 1617.015635][T10529] as10x_usb: error during firmware upload part1 [ 1617.026141][T10529] Registered device Elgato EyeTV DTT Deluxe [ 1617.062067][ T10] usb 3-1: USB disconnect, device number 20 [ 1617.105032][ T10] Unregistered device Elgato EyeTV DTT Deluxe [ 1617.109702][ T10] as10x_usb: device has been disconnected [ 1617.522795][T25979] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27442'. [ 1617.531932][T25979] netlink: 'syz.1.27442': attribute type 30 has an invalid length. [ 1617.540174][T25979] netlink: 12 bytes leftover after parsing attributes in process `syz.1.27442'. [ 1617.826042][T25994] netlink: 12 bytes leftover after parsing attributes in process `syz.3.27447'. [ 1618.167343][T26008] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1618.175887][T26008] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1618.184474][T26008] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1618.192960][T26008] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1618.427770][ T30] kauditd_printk_skb: 7514 callbacks suppressed [ 1618.427789][ T30] audit: type=1400 audit(2000000267.870:3088657): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=19586 comm="syz-executor" path="/219/cgroup.net" dev="tmpfs" ino=1121 [ 1618.469513][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1618.471677][T26025] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1618.476041][ T8959] audit: audit_lost=358526 audit_rate_limit=0 audit_backlog_limit=64 [ 1618.476057][ T8959] audit: backlog limit exceeded [ 1618.476073][ T8959] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1618.486517][T26025] audit: audit_lost=358527 audit_rate_limit=0 audit_backlog_limit=64 [ 1618.501265][T21660] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1618.503537][T19586] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1618.510538][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1619.022788][T26054] openvswitch: netlink: IP tunnel TTL not specified. [ 1619.164234][T10507] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1619.340172][T10507] usb 3-1: Using ep0 maxpacket: 32 [ 1619.363845][T10507] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 1619.400165][T10507] usb 3-1: config 0 has no interface number 0 [ 1619.406550][T10507] usb 3-1: config 0 interface 12 has no altsetting 0 [ 1619.449497][T10507] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1619.467985][T10507] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1619.483575][T10507] usb 3-1: Product: syz [ 1619.491893][T10507] usb 3-1: Manufacturer: syz [ 1619.496687][T10507] usb 3-1: SerialNumber: syz [ 1619.517277][T10507] usb 3-1: config 0 descriptor?? [ 1619.807409][T26081] serio: Serial port ptm0 [ 1620.332713][T26110] netlink: 24 bytes leftover after parsing attributes in process `syz.1.27494'. [ 1620.437408][T10507] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 1620.445674][T10507] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 1620.462645][T10507] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1620.474752][T10507] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 1620.504411][T10507] usb 3-1: USB disconnect, device number 21 [ 1621.709503][T10507] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1621.812485][T26187] netlink: 4 bytes leftover after parsing attributes in process `syz.3.27523'. [ 1621.882844][T10507] usb 3-1: Using ep0 maxpacket: 8 [ 1621.894316][T10507] usb 3-1: config 1 has an invalid interface number: 4 but max is 1 [ 1621.911960][T10507] usb 3-1: config 1 has no interface number 1 [ 1621.918147][T10507] usb 3-1: config 1 interface 4 has no altsetting 0 [ 1621.949704][T10507] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1621.978430][T26190] pimreg: entered allmulticast mode [ 1621.998692][T10507] usb 3-1: New USB device found, idVendor=0471, idProduct=0322, bcdDevice=b1.55 [ 1622.022400][T26189] pimreg: left allmulticast mode [ 1622.030971][T10507] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1622.047221][T10507] usb 3-1: Product: syz [ 1622.060995][T10507] usb 3-1: Manufacturer: syz [ 1622.070026][T10507] usb 3-1: SerialNumber: syz [ 1622.377043][T10507] gspca_main: sunplus-2.14.0 probing 0471:0322 [ 1622.384911][T10507] gspca_sunplus: reg_w_riv err -71 [ 1622.390231][T10507] sunplus 3-1:1.0: probe with driver sunplus failed with error -71 [ 1622.410572][T10507] usb 3-1: USB disconnect, device number 22 [ 1622.867272][T26241] tun0: tun_chr_ioctl cmd 1074025678 [ 1622.872648][T26241] tun0: group set to 0 [ 1623.051665][T26251] syz_tun: entered promiscuous mode [ 1623.064714][T26251] syz_tun: left promiscuous mode [ 1623.220722][T26259] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1623.299488][T26267] netlink: 24 bytes leftover after parsing attributes in process `syz.2.27546'. [ 1623.415809][T26271] bridge_slave_0: invalid flags given to default FDB implementation [ 1623.791086][ T30] kauditd_printk_skb: 10336 callbacks suppressed [ 1623.791104][ T30] audit: type=1400 audit(2000000272.893:3098319): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=26286 comm="syz.2.27557" name="647" dev="tmpfs" ino=3310 [ 1623.816857][ C1] vkms_vblank_simulate: vblank timer overrun [ 1623.841670][T19586] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1623.849829][T19586] audit: audit_lost=358754 audit_rate_limit=0 audit_backlog_limit=64 [ 1623.858252][ T30] audit: type=1400 audit(2000000272.893:3098320): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=26286 comm="syz.2.27557" name="647" dev="tmpfs" ino=3310 [ 1623.878456][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1623.885002][ C1] audit: audit_lost=358755 audit_rate_limit=0 audit_backlog_limit=64 [ 1623.886240][T21660] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1623.893175][ C1] audit: backlog limit exceeded [ 1623.893435][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1623.911185][ C1] audit: audit_lost=358756 audit_rate_limit=0 audit_backlog_limit=64 [ 1624.007711][ T31] INFO: task syz.5.25048:15144 blocked for more than 143 seconds. [ 1624.015587][ T31] Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 [ 1624.042537][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1624.063684][ T31] task:syz.5.25048 state:D stack:25352 pid:15144 tgid:15140 ppid:8954 task_flags:0x400140 flags:0x00004004 [ 1624.099401][ T31] Call Trace: [ 1624.102910][ T31] [ 1624.105864][ T31] __schedule+0x16a2/0x4cb0 [ 1624.110405][ T31] ? __pfx_preempt_schedule_notrace+0x10/0x10 [ 1624.119361][ T31] ? schedule+0x165/0x360 [ 1624.123736][ T31] ? __pfx___schedule+0x10/0x10 [ 1624.128634][ T31] ? schedule+0x91/0x360 [ 1624.132879][ T31] schedule+0x165/0x360 [ 1624.137577][ T31] schedule_preempt_disabled+0x13/0x30 [ 1624.143065][ T31] __mutex_lock+0x724/0xe80 [ 1624.147717][ T31] ? __mutex_lock+0x51b/0xe80 [ 1624.152400][ T31] ? nfsd_nl_rpc_status_get_dumpit+0xd9/0x1280 [ 1624.159094][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1624.164171][ T31] ? stack_trace_save+0x9c/0xe0 [ 1624.169086][ T31] nfsd_nl_rpc_status_get_dumpit+0xd9/0x1280 [ 1624.175117][ T31] ? kasan_save_track+0x4f/0x80 [ 1624.180705][ T31] ? kasan_save_track+0x3e/0x80 [ 1624.185575][ T31] ? __kasan_kmalloc+0x93/0xb0 [ 1624.190386][ T31] ? __kmalloc_node_track_caller_noprof+0x271/0x4e0 [ 1624.196973][ T31] ? kmalloc_reserve+0x136/0x290 [ 1624.202386][ T31] ? __alloc_skb+0x142/0x2d0 [ 1624.206992][ T31] ? netlink_dump+0x22b/0xe20 [ 1624.211809][ T31] ? genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 1624.217749][ T31] ? genl_rcv_msg+0x5da/0x790 [ 1624.222841][ T31] ? netlink_rcv_skb+0x205/0x470 [ 1624.227809][ T31] ? __pfx_nfsd_nl_rpc_status_get_dumpit+0x10/0x10 [ 1624.234357][ T31] ? __sock_sendmsg+0x21c/0x270 [ 1624.239205][ T31] ? ____sys_sendmsg+0x505/0x830 [ 1624.244517][ T31] ? ___sys_sendmsg+0x21f/0x2a0 [ 1624.249385][ T31] ? __x64_sys_sendmsg+0x19b/0x260 [ 1624.254799][ T31] ? do_syscall_64+0xfa/0x3b0 [ 1624.259499][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1624.265737][ T31] ? __alloc_skb+0x142/0x2d0 [ 1624.270324][ T31] ? rcu_is_watching+0x15/0xb0 [ 1624.275168][ T31] ? trace_kmalloc+0x1f/0xd0 [ 1624.279772][ T31] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 1624.286733][ T31] ? __build_skb_around+0x257/0x3e0 [ 1624.291957][ T31] genl_dumpit+0x108/0x1b0 [ 1624.296408][ T31] netlink_dump+0x62d/0xe20 [ 1624.300913][ T31] ? __pfx_netlink_dump+0x10/0x10 [ 1624.306283][ T31] ? genl_start+0x499/0x6c0 [ 1624.310830][ T31] __netlink_dump_start+0x5cb/0x7e0 [ 1624.316075][ T31] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 1624.321894][ T31] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 1624.328491][ T31] ? genl_get_cmd+0x496/0x910 [ 1624.333321][ T31] ? __pfx_genl_start+0x10/0x10 [ 1624.338254][ T31] ? __pfx_genl_dumpit+0x10/0x10 [ 1624.343215][ T31] ? __pfx_genl_done+0x10/0x10 [ 1624.348043][ T31] genl_rcv_msg+0x5da/0x790 [ 1624.353058][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1624.358109][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 1624.363196][ T31] ? __pfx_nfsd_nl_rpc_status_get_dumpit+0x10/0x10 [ 1624.369737][ T31] ? __pfx_ref_tracker_free+0x10/0x10 [ 1624.375739][ T31] netlink_rcv_skb+0x205/0x470 [ 1624.380584][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1624.385642][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1624.390983][ T31] ? down_read+0x1ad/0x2e0 [ 1624.395588][ T31] genl_rcv+0x28/0x40 [ 1624.399567][ T31] netlink_unicast+0x758/0x8d0 [ 1624.404396][ T31] netlink_sendmsg+0x805/0xb30 [ 1624.409167][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1624.414802][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1624.420106][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1624.425438][ T31] __sock_sendmsg+0x21c/0x270 [ 1624.430123][ T31] ____sys_sendmsg+0x505/0x830 [ 1624.435403][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1624.440838][ T31] ? import_iovec+0x74/0xa0 [ 1624.445499][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 1624.450331][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 1624.455909][ T31] ? __fget_files+0x2a/0x420 [ 1624.460526][ T31] ? __fget_files+0x3a0/0x420 [ 1624.465231][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 1624.470283][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1624.475771][ T31] ? rcu_is_watching+0x15/0xb0 [ 1624.480866][ T31] ? do_syscall_64+0xbe/0x3b0 [ 1624.485565][ T31] do_syscall_64+0xfa/0x3b0 [ 1624.490239][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1624.495435][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1624.501872][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1624.506563][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1624.512487][ T31] RIP: 0033:0x7f625978e929 [ 1624.516893][ T31] RSP: 002b:00007f625a53f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1624.525688][ T31] RAX: ffffffffffffffda RBX: 00007f62599b5fa0 RCX: 00007f625978e929 [ 1624.533744][ T31] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000005 [ 1624.542103][ T31] RBP: 00007f6259810b39 R08: 0000000000000000 R09: 0000000000000000 [ 1624.550208][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1624.558224][ T31] R13: 0000000000000000 R14: 00007f62599b5fa0 R15: 00007fff560948b8 [ 1624.566566][ T31] [ 1624.569644][ T31] [ 1624.569644][ T31] Showing all locks held in the system: [ 1624.577658][ T31] 1 lock held by khungtaskd/31: [ 1624.582524][ T31] #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1624.592792][ T31] 2 locks held by getty/5583: [ 1624.615768][ T31] #0: ffff888033e080a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1624.625607][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 1624.637795][ T31] 2 locks held by kworker/u8:12/7178: [ 1624.643235][ T31] 2 locks held by kworker/u8:13/7179: [ 1624.652808][ T31] #0: ffff8881472f2148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1624.664198][ T31] #1: ffffc9000521fbc0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1624.676699][ T31] 3 locks held by kworker/u8:41/7212: [ 1624.682152][ T31] 2 locks held by syz.9.24900/14713: [ 1624.687457][ T31] #0: ffffffff8f5641b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1624.698889][ T31] #1: ffffffff8e41b488 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x12a/0x1650 [ 1624.709214][ T31] 3 locks held by syz.5.25048/15144: [ 1624.714855][ T31] #0: ffffffff8f5641b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1624.723376][ T31] #1: ffff88804621a6d0 (nlk_cb_mutex-GENERIC){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 [ 1624.734161][ T31] #2: ffffffff8e41b488 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_rpc_status_get_dumpit+0xd9/0x1280 [ 1624.744750][ T31] [ 1624.747110][ T31] ============================================= [ 1624.747110][ T31] [ 1624.758098][ T31] NMI backtrace for cpu 0 [ 1624.758111][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 1624.758124][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1624.758130][ T31] Call Trace: [ 1624.758135][ T31] [ 1624.758140][ T31] dump_stack_lvl+0x189/0x250 [ 1624.758158][ T31] ? __wake_up_klogd+0xd9/0x110 [ 1624.758172][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1624.758186][ T31] ? __pfx__printk+0x10/0x10 [ 1624.758202][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 1624.758217][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1624.758228][ T31] ? _printk+0xcf/0x120 [ 1624.758239][ T31] ? __pfx__printk+0x10/0x10 [ 1624.758250][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1624.758264][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1624.758278][ T31] watchdog+0xfee/0x1030 [ 1624.758298][ T31] ? watchdog+0x1de/0x1030 [ 1624.758314][ T31] kthread+0x70e/0x8a0 [ 1624.758326][ T31] ? __pfx_watchdog+0x10/0x10 [ 1624.758338][ T31] ? __pfx_kthread+0x10/0x10 [ 1624.758349][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1624.758363][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1624.758377][ T31] ? __pfx_kthread+0x10/0x10 [ 1624.758387][ T31] ret_from_fork+0x3f9/0x770 [ 1624.758402][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1624.758426][ T31] ? __switch_to_asm+0x39/0x70 [ 1624.758442][ T31] ? __switch_to_asm+0x33/0x70 [ 1624.758457][ T31] ? __pfx_kthread+0x10/0x10 [ 1624.758477][ T31] ret_from_fork_asm+0x1a/0x30 [ 1624.758508][ T31] [ 1624.758515][ T31] Sending NMI from CPU 0 to CPUs 1: [ 1624.917760][ C1] NMI backtrace for cpu 1 [ 1624.917778][ C1] CPU: 1 UID: 0 PID: 7178 Comm: kworker/u8:12 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 1624.917798][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1624.917810][ C1] Workqueue: bat_events batadv_nc_worker [ 1624.917836][ C1] RIP: 0010:__lock_acquire+0x50c/0xd20 [ 1624.917859][ C1] Code: 49 83 c7 28 41 89 c4 48 39 cb 0f 8d d6 00 00 00 48 83 fb 31 0f 83 92 00 00 00 41 8b 07 25 ff 1f 00 00 48 0f a3 05 34 3a 03 12 <73> 10 48 69 c0 c8 00 00 00 48 8d 88 30 73 42 93 eb 40 83 3d 7b c9 [ 1624.917874][ C1] RSP: 0018:ffffc900053778f0 EFLAGS: 00000007 [ 1624.917888][ C1] RAX: 00000000000008b4 RBX: 0000000000000000 RCX: 00000000ffffffff [ 1624.917900][ C1] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88804deb1e00 [ 1624.917911][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8b2d0342 [ 1624.917921][ C1] R10: dffffc0000000000 R11: ffffffff8b2d0270 R12: ffffffffffffff05 [ 1624.917934][ C1] R13: 0000000000000001 R14: ffff88804deb2940 R15: ffff88804deb2910 [ 1624.917946][ C1] FS: 0000000000000000(0000) GS:ffff888125d85000(0000) knlGS:0000000000000000 [ 1624.917960][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1624.917971][ C1] CR2: 00007fe5fd77e2d8 CR3: 000000007ca38000 CR4: 00000000003526f0 [ 1624.917986][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1624.917996][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1624.918005][ C1] Call Trace: [ 1624.918013][ C1] [ 1624.918025][ C1] ? batadv_nc_worker+0xd2/0x610 [ 1624.918045][ C1] lock_acquire+0x120/0x360 [ 1624.918064][ C1] ? batadv_nc_worker+0xd2/0x610 [ 1624.918087][ C1] ? batadv_nc_worker+0xd2/0x610 [ 1624.918107][ C1] ? batadv_nc_worker+0xd2/0x610 [ 1624.918126][ C1] batadv_nc_worker+0xef/0x610 [ 1624.918146][ C1] ? batadv_nc_worker+0xd2/0x610 [ 1624.918166][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 1624.918190][ C1] process_scheduled_works+0xade/0x17b0 [ 1624.918224][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1624.918260][ C1] worker_thread+0x8a0/0xda0 [ 1624.918292][ C1] kthread+0x70e/0x8a0 [ 1624.918310][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1624.918331][ C1] ? __pfx_kthread+0x10/0x10 [ 1624.918348][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1624.918369][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 1624.918390][ C1] ? __pfx_kthread+0x10/0x10 [ 1624.918407][ C1] ret_from_fork+0x3f9/0x770 [ 1624.918429][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 1624.918452][ C1] ? __switch_to_asm+0x39/0x70 [ 1624.918471][ C1] ? __switch_to_asm+0x33/0x70 [ 1624.918485][ C1] ? __pfx_kthread+0x10/0x10 [ 1624.918502][ C1] ret_from_fork_asm+0x1a/0x30 [ 1624.918524][ C1] [ 1624.919762][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1625.190552][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 1625.202350][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1625.212404][ T31] Call Trace: [ 1625.215682][ T31] [ 1625.218610][ T31] dump_stack_lvl+0x99/0x250 [ 1625.223208][ T31] ? __asan_memcpy+0x40/0x70 [ 1625.227796][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1625.232996][ T31] ? __pfx__printk+0x10/0x10 [ 1625.237595][ T31] panic+0x2db/0x790 [ 1625.241498][ T31] ? __pfx_panic+0x10/0x10 [ 1625.245920][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 1625.251732][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1625.257104][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 1625.263272][ T31] watchdog+0x102d/0x1030 [ 1625.267606][ T31] ? watchdog+0x1de/0x1030 [ 1625.272030][ T31] kthread+0x70e/0x8a0 [ 1625.276099][ T31] ? __pfx_watchdog+0x10/0x10 [ 1625.280772][ T31] ? __pfx_kthread+0x10/0x10 [ 1625.285358][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1625.290560][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1625.295760][ T31] ? __pfx_kthread+0x10/0x10 [ 1625.300347][ T31] ret_from_fork+0x3f9/0x770 [ 1625.304946][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1625.310062][ T31] ? __switch_to_asm+0x39/0x70 [ 1625.314820][ T31] ? __switch_to_asm+0x33/0x70 [ 1625.319584][ T31] ? __pfx_kthread+0x10/0x10 [ 1625.324177][ T31] ret_from_fork_asm+0x1a/0x30 [ 1625.328948][ T31] [ 1625.332188][ T31] Kernel Offset: disabled [ 1625.336504][ T31] Rebooting in 86400 seconds..