last executing test programs: 30m22.597107443s ago: executing program 1 (id=87): unshare(0x26020480) sched_setaffinity(0x0, 0x0, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x40086602, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000180)=0x6}) 30m21.186112602s ago: executing program 1 (id=91): socket$inet6(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) syz_clone(0x21000011, 0x0, 0x0, 0x0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60"], 0x0) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e1f0a00c9000201"], 0x22) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) socket$alg(0x26, 0x5, 0x0) write$bt_hci(0xffffffffffffffff, &(0x7f0000000200)={0x1, @accept_phy_link={{0x436, 0x12}, {0xc8, 0xf, 0x8, "eb9ce886abb00cd9ab2f9dca79fd0a"}}}, 0x16) socket(0x9, 0x4, 0x3) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0xfffffffc, 0xf}, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 30m18.709531746s ago: executing program 1 (id=93): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$kcm(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000006c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x34}}, 0x800) 30m17.44096498s ago: executing program 1 (id=95): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000000)={0x30, 0x1412, 0x1, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0xffffffff}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x40084}, 0x810) 30m16.787110285s ago: executing program 1 (id=97): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000000500)='ramfs\x00', 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file1/file0/file0\x00', 0x0, 0x18}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007a00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000080)=r6, 0x4) sendmmsg$inet6(r5, &(0x7f0000000580)=[{{&(0x7f00000001c0)={0xa, 0x4e21, 0x0, @local, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918"], 0x590}}], 0x1, 0x8008801) sendmmsg$inet6(r5, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000000680)}}], 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x141000, 0x0) fcntl$getown(r8, 0x9) 30m14.894634181s ago: executing program 1 (id=100): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000000000000085000000"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000000)=@newtaction={0x18, 0x30, 0x9, 0x1000000, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xf0}, 0x0) 29m59.320082944s ago: executing program 32 (id=100): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000000000000085000000"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000000)=@newtaction={0x18, 0x30, 0x9, 0x1000000, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xf0}, 0x0) 31.598373131s ago: executing program 0 (id=3373): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x8000, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x3, 0x3, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94) 31.380397063s ago: executing program 0 (id=3374): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) close(r1) close(0x4) 23.80828228s ago: executing program 2 (id=3381): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet(0xa, 0x801, 0x84) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x18) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x4}, 0x0, &(0x7f0000000240)={0x3ff, 0x5, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) 23.685444692s ago: executing program 0 (id=3383): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x8000, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x3, 0x3, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94) 23.497516841s ago: executing program 0 (id=3386): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0xf, 0x0, 0x4}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 23.391059942s ago: executing program 4 (id=3387): socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() unshare(0x28000600) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000003ac0)=""/102392, 0x18ff8) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) request_key(0x0, 0x0, &(0x7f0000000340)='\xec\xbe\xd6\xe7\x10c\xbd\x9b\xffr\x1e\x10\'\x83eq\x00\xe3\xde\xa6\x9d\x12\xc9./`\x04Uj<\xa9\xf1\x8d\xab\xba\xc6\xf2l\xc3\x14\x139\xa4Dfh;\xb7\x94\xf8\x02\xf6\xdc\xc5\xef+#\xd6\xd7%F\x9e\x93\x1c\x91\x01ml\xbdR\xbb\xeb\au\b\x0f0\xb6\xaf\xa8u@1NI\xde\x1d\x145\xeee\x8c>\xe2J\xefw\x19\xf4N$\xfe2\x8370\xb9\xb3\xbb\xf6\xcew\x14;\x85\xca\x96\xe6\xc5J\xd0\x1c\xd4\xaf\xa5\xc1\x05\xd5VO\xe9g\xad\t\xd2)\xee)\xe7\xa9\x1e\xf2U\xb0\xc0:\x1f)\xfbR\xd7C\xde\xcf\xd7\x87\xb4\xfd_\x92i\xe5\xc2\xc2uHP\x18hR\xd6\xf1\x97\xdfX\xf8\x90\xd2J\xe2\xe6V(\x11C\xed\xe2\xbaC\x89[\xaa\x06\v\xfd\x1b\xb0', 0xffffffffffffffff) fallocate(0xffffffffffffffff, 0x0, 0x400000002000000, 0x2) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000040)={0x0, 0x2c, 0x0, 0x6, 0x0, 0x63, 0x3, 0x2, 0x1}) 21.53438441s ago: executing program 4 (id=3388): socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() unshare(0x28000600) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000003ac0)=""/102392, 0x18ff8) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) request_key(0x0, 0x0, &(0x7f0000000340)='\xec\xbe\xd6\xe7\x10c\xbd\x9b\xffr\x1e\x10\'\x83eq\x00\xe3\xde\xa6\x9d\x12\xc9./`\x04Uj<\xa9\xf1\x8d\xab\xba\xc6\xf2l\xc3\x14\x139\xa4Dfh;\xb7\x94\xf8\x02\xf6\xdc\xc5\xef+#\xd6\xd7%F\x9e\x93\x1c\x91\x01ml\xbdR\xbb\xeb\au\b\x0f0\xb6\xaf\xa8u@1NI\xde\x1d\x145\xeee\x8c>\xe2J\xefw\x19\xf4N$\xfe2\x8370\xb9\xb3\xbb\xf6\xcew\x14;\x85\xca\x96\xe6\xc5J\xd0\x1c\xd4\xaf\xa5\xc1\x05\xd5VO\xe9g\xad\t\xd2)\xee)\xe7\xa9\x1e\xf2U\xb0\xc0:\x1f)\xfbR\xd7C\xde\xcf\xd7\x87\xb4\xfd_\x92i\xe5\xc2\xc2uHP\x18hR\xd6\xf1\x97\xdfX\xf8\x90\xd2J\xe2\xe6V(\x11C\xed\xe2\xbaC\x89[\xaa\x06\v\xfd\x1b\xb0', 0xffffffffffffffff) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) 21.460557177s ago: executing program 2 (id=3390): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000400), 0xffffffffffffffff, 0x0, 0x3, 0x1}}, 0x20) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0) r3 = socket(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0x310, 0x5002004a, 0xb, 0x310, 0xea13, 0x3a8, 0x3c8, 0x3c8, 0x3a8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}, {0x4}, {}, {}, {0x0, 0x0, 0x5e}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {0x4, 0x8}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4}, {}, {}, {}, {0xfffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}]}}, @common=@inet=@socket3={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0), 0x0, 0x0}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0xc0145401, &(0x7f0000000000)={{0x3, 0x2, 0x1, 0x0, 0x7}, 0x0, 0x40003, 'id0\x00', 'timer0\x00'}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x2c, 0x0, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x4}]}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffff00000000000008004500001c0000000000679078ac1414aae000000110009078fff20006ce8502c30e3652657ca15d5c6c28354f43ec85d20000010000000000d9bf2625858e63a9fc522a54d4177f092f3a8de49d"], 0x0) 21.257711228s ago: executing program 0 (id=3391): socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() unshare(0x28000600) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000003ac0)=""/102392, 0x18ff8) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) request_key(0x0, 0x0, &(0x7f0000000340)='\xec\xbe\xd6\xe7\x10c\xbd\x9b\xffr\x1e\x10\'\x83eq\x00\xe3\xde\xa6\x9d\x12\xc9./`\x04Uj<\xa9\xf1\x8d\xab\xba\xc6\xf2l\xc3\x14\x139\xa4Dfh;\xb7\x94\xf8\x02\xf6\xdc\xc5\xef+#\xd6\xd7%F\x9e\x93\x1c\x91\x01ml\xbdR\xbb\xeb\au\b\x0f0\xb6\xaf\xa8u@1NI\xde\x1d\x145\xeee\x8c>\xe2J\xefw\x19\xf4N$\xfe2\x8370\xb9\xb3\xbb\xf6\xcew\x14;\x85\xca\x96\xe6\xc5J\xd0\x1c\xd4\xaf\xa5\xc1\x05\xd5VO\xe9g\xad\t\xd2)\xee)\xe7\xa9\x1e\xf2U\xb0\xc0:\x1f)\xfbR\xd7C\xde\xcf\xd7\x87\xb4\xfd_\x92i\xe5\xc2\xc2uHP\x18hR\xd6\xf1\x97\xdfX\xf8\x90\xd2J\xe2\xe6V(\x11C\xed\xe2\xbaC\x89[\xaa\x06\v\xfd\x1b\xb0', 0xffffffffffffffff) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) 19.45535568s ago: executing program 0 (id=3392): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) close(r1) close(0x4) 16.476061062s ago: executing program 4 (id=3395): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x8000, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x3, 0x3, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94) 16.383741261s ago: executing program 2 (id=3396): socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() unshare(0x28000600) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000003ac0)=""/102392, 0x18ff8) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) ioctl$RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000040)={0x0, 0x2c, 0x0, 0x6, 0x0, 0x63, 0x3, 0x2, 0x1}) 14.527199879s ago: executing program 2 (id=3397): socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() unshare(0x28000600) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000003ac0)=""/102392, 0x18ff8) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) request_key(0x0, 0x0, &(0x7f0000000340)='\xec\xbe\xd6\xe7\x10c\xbd\x9b\xffr\x1e\x10\'\x83eq\x00\xe3\xde\xa6\x9d\x12\xc9./`\x04Uj<\xa9\xf1\x8d\xab\xba\xc6\xf2l\xc3\x14\x139\xa4Dfh;\xb7\x94\xf8\x02\xf6\xdc\xc5\xef+#\xd6\xd7%F\x9e\x93\x1c\x91\x01ml\xbdR\xbb\xeb\au\b\x0f0\xb6\xaf\xa8u@1NI\xde\x1d\x145\xeee\x8c>\xe2J\xefw\x19\xf4N$\xfe2\x8370\xb9\xb3\xbb\xf6\xcew\x14;\x85\xca\x96\xe6\xc5J\xd0\x1c\xd4\xaf\xa5\xc1\x05\xd5VO\xe9g\xad\t\xd2)\xee)\xe7\xa9\x1e\xf2U\xb0\xc0:\x1f)\xfbR\xd7C\xde\xcf\xd7\x87\xb4\xfd_\x92i\xe5\xc2\xc2uHP\x18hR\xd6\xf1\x97\xdfX\xf8\x90\xd2J\xe2\xe6V(\x11C\xed\xe2\xbaC\x89[\xaa\x06\v\xfd\x1b\xb0', 0xffffffffffffffff) fallocate(0xffffffffffffffff, 0x0, 0x400000002000000, 0x2) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000040)={0x0, 0x2c, 0x0, 0x6, 0x0, 0x63, 0x3, 0x2, 0x1}) 13.03772591s ago: executing program 4 (id=3399): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x4, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r3, 0x1) syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000500)=ANY=[], 0x9, 0x201, &(0x7f0000000f40)="$eJzsVUtrU0EU/s7NJLfRLAru3BpsN9rmFsS1G7vXH2BIr7WY+OhENKFgdNONgvgnCv4JXQi6dyEiuNGFgi4qrioSOTNnJpMH9ra+NvPB5XznPY87M1f0TZ0C+LG71cI8DAg1vCWCArBA1rZXsfKryKHgo7J6Q+xPRH4QqXv9Vw8s7V9tttv5pu79mqQgYJ+YcTJtOvf04bHi+RPk5f1xC6FIFqnD9Po90i3ZlZ12PRqzpLNiJBeTlRsX/vEsDk+qU4N35FsNCC2f/mD3Mq9mGTNjiA70r88gXMAQwLu+16a3aZK8eWw7z4wpSXoV48uyL+FT/L93mQnfRYYkB0rXkP3Q5+8l+EJAGa93t1psvSS3GLvX7OeOhMli5XkQc1wBA4BKGJqiXEdJ7AKApW7nxpLu9U9tdJrr+Xp+LctWziy/OCpHdHgX2Gjny2SGYdMTJgoefE6rgZ//tHcj/wABKBgaeF4jsy/pLufFE0FIFUiC3KCGFHjm+6diu6U7uIiTmANwe8DuTBaoDq6mcJmntgpCSZSGCgeEPSSYM47TrevttW0QyKXtQPkajfcoeyUThRvlK2f99LdF1kWuitwZ9TNwb5d7k5Sp8Fm0xQFQwZ1mt7tpHi/L2FbxFYwtm/edE+nqXkPXrJ6iII4UDYyIiIiIiIiI+Ev4GQAA//8sQT03") r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x48) timer_settime(0x0, 0x5, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x10012, r4, 0x1000) prlimit64(r0, 0xa, &(0x7f0000000300)={0x9, 0x2}, &(0x7f0000000340)) bpf$ENABLE_STATS(0x20, &(0x7f0000000000), 0x4) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 11.274439548s ago: executing program 2 (id=3400): socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() unshare(0x28000600) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000003ac0)=""/102392, 0x18ff8) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) ioctl$RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000040)={0x0, 0x2c, 0x0, 0x6, 0x0, 0x63, 0x3, 0x2, 0x1}) 10.258365091s ago: executing program 4 (id=3402): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x4, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r3, 0x1) syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000500)=ANY=[], 0x9, 0x201, &(0x7f0000000f40)="$eJzsVUtrU0EU/s7NJLfRLAru3BpsN9rmFsS1G7vXH2BIr7WY+OhENKFgdNONgvgnCv4JXQi6dyEiuNGFgi4qrioSOTNnJpMH9ra+NvPB5XznPY87M1f0TZ0C+LG71cI8DAg1vCWCArBA1rZXsfKryKHgo7J6Q+xPRH4QqXv9Vw8s7V9tttv5pu79mqQgYJ+YcTJtOvf04bHi+RPk5f1xC6FIFqnD9Po90i3ZlZ12PRqzpLNiJBeTlRsX/vEsDk+qU4N35FsNCC2f/mD3Mq9mGTNjiA70r88gXMAQwLu+16a3aZK8eWw7z4wpSXoV48uyL+FT/L93mQnfRYYkB0rXkP3Q5+8l+EJAGa93t1psvSS3GLvX7OeOhMli5XkQc1wBA4BKGJqiXEdJ7AKApW7nxpLu9U9tdJrr+Xp+LctWziy/OCpHdHgX2Gjny2SGYdMTJgoefE6rgZ//tHcj/wABKBgaeF4jsy/pLufFE0FIFUiC3KCGFHjm+6diu6U7uIiTmANwe8DuTBaoDq6mcJmntgpCSZSGCgeEPSSYM47TrevttW0QyKXtQPkajfcoeyUThRvlK2f99LdF1kWuitwZ9TNwb5d7k5Sp8Fm0xQFQwZ1mt7tpHi/L2FbxFYwtm/edE+nqXkPXrJ6iII4UDYyIiIiIiIiI+Ev4GQAA//8sQT03") r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x48) timer_settime(0x0, 0x5, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x10012, r4, 0x1000) prlimit64(r0, 0xa, &(0x7f0000000300)={0x9, 0x2}, &(0x7f0000000340)) bpf$ENABLE_STATS(0x20, &(0x7f0000000000), 0x4) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 7.258771485s ago: executing program 4 (id=3405): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000003f40)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) r1 = open(0x0, 0x200, 0x9) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r3, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe) listen(r3, 0xffffffff) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x3f0, 0x0, 0x11, 0x148, 0x0, 0x0, 0x358, 0x2a8, 0x2a8, 0x358, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1f0, 0x250, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'vlan1\x00', {0x40000000e, 0xfb, 0x45, 0xfffffffb, 0x9, 0x100, 0x1, 0x3ff, 0x78, 0x20}, {0x3}}}, @common=@unspec=@state={{0x28}, {0x400}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x2, 0x1, 0x6, 0x1, 0x1], 0x2, 0x2}, {0x0, [0x5, 0x3, 0x4, 0x2, 0x6], 0x1, 0x1}}}}, {{@ip={@multicast2, @loopback, 0xff, 0x0, 'veth0_vlan\x00', 'veth1_virt_wifi\x00', {}, {}, 0x8, 0x0, 0x58}, 0x0, 0xc0, 0x108, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x3}}, @inet=@rpfilter={{0x28}, {0xb}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, 'lo\x00', {0x2}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x450) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000, 0x4, &(0x7f0000ffb000/0x2000)=nil) r5 = openat$cgroup_ro(r1, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) vmsplice(r5, &(0x7f0000000040), 0x0, 0x8) syz_emit_ethernet(0x36, &(0x7f0000001800)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa08004500ea38754e415c4376627800000000e0000002119078e000000200e600010000"], 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.478289825s ago: executing program 2 (id=3406): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000003f40)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) r2 = open(0x0, 0x200, 0x9) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r4, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe) listen(r4, 0xffffffff) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x3f0, 0x0, 0x11, 0x148, 0x0, 0x0, 0x358, 0x2a8, 0x2a8, 0x358, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1f0, 0x250, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'vlan1\x00', {0x40000000e, 0xfb, 0x45, 0xfffffffb, 0x9, 0x100, 0x1, 0x3ff, 0x78, 0x20}, {0x3}}}, @common=@unspec=@state={{0x28}, {0x400}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x2, 0x1, 0x6, 0x1, 0x1], 0x2, 0x2}, {0x0, [0x5, 0x3, 0x4, 0x2, 0x6], 0x1, 0x1}}}}, {{@ip={@multicast2, @loopback, 0xff, 0x0, 'veth0_vlan\x00', 'veth1_virt_wifi\x00', {}, {}, 0x8, 0x0, 0x58}, 0x0, 0xc0, 0x108, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x3}}, @inet=@rpfilter={{0x28}, {0xb}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, 'lo\x00', {0x2}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x450) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000, 0x4, &(0x7f0000ffb000/0x2000)=nil) r6 = openat$cgroup_ro(r2, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) vmsplice(r6, &(0x7f0000000040), 0x0, 0x8) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.003571834s ago: executing program 33 (id=3392): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) close(r1) close(0x4) 3.924198762s ago: executing program 3 (id=3408): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x4, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r3, 0x1) syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000500)=ANY=[], 0x9, 0x201, &(0x7f0000000f40)="$eJzsVUtrU0EU/s7NJLfRLAru3BpsN9rmFsS1G7vXH2BIr7WY+OhENKFgdNONgvgnCv4JXQi6dyEiuNGFgi4qrioSOTNnJpMH9ra+NvPB5XznPY87M1f0TZ0C+LG71cI8DAg1vCWCArBA1rZXsfKryKHgo7J6Q+xPRH4QqXv9Vw8s7V9tttv5pu79mqQgYJ+YcTJtOvf04bHi+RPk5f1xC6FIFqnD9Po90i3ZlZ12PRqzpLNiJBeTlRsX/vEsDk+qU4N35FsNCC2f/mD3Mq9mGTNjiA70r88gXMAQwLu+16a3aZK8eWw7z4wpSXoV48uyL+FT/L93mQnfRYYkB0rXkP3Q5+8l+EJAGa93t1psvSS3GLvX7OeOhMli5XkQc1wBA4BKGJqiXEdJ7AKApW7nxpLu9U9tdJrr+Xp+LctWziy/OCpHdHgX2Gjny2SGYdMTJgoefE6rgZ//tHcj/wABKBgaeF4jsy/pLufFE0FIFUiC3KCGFHjm+6diu6U7uIiTmANwe8DuTBaoDq6mcJmntgpCSZSGCgeEPSSYM47TrevttW0QyKXtQPkajfcoeyUThRvlK2f99LdF1kWuitwZ9TNwb5d7k5Sp8Fm0xQFQwZ1mt7tpHi/L2FbxFYwtm/edE+nqXkPXrJ6iII4UDYyIiIiIiIiI+Ev4GQAA//8sQT03") r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x48) timer_settime(0x0, 0x5, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x10012, r4, 0x1000) prlimit64(r0, 0xa, &(0x7f0000000300)={0x9, 0x2}, &(0x7f0000000340)) bpf$ENABLE_STATS(0x20, &(0x7f0000000000), 0x4) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 2.85959744s ago: executing program 3 (id=3409): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet(0xa, 0x801, 0x84) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x18) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x4}, 0x0, &(0x7f0000000240)={0x3ff, 0x5, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) 1.724451665s ago: executing program 3 (id=3410): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000840)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef", 0x11) 1.622209565s ago: executing program 3 (id=3411): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x8000, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x3, 0x3, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94) 1.516505786s ago: executing program 3 (id=3412): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffa, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r2 = syz_io_uring_setup(0x3ac6, &(0x7f00000001c0)={0x0, 0xfffffffd, 0x10100, 0x4, 0x37c}, &(0x7f0000000080)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[], 0xc48}, 0x0, 0xe3d08660d3cd4684}) io_uring_enter(r2, 0x92, 0x0, 0x0, 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc}) add_key$keyring(&(0x7f0000000400), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="d80000001b0001000000000000000000fc00000000000000", @ANYRES32=0x0], 0xd8}, 0x1, 0x0, 0x0, 0x4044001}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000000002010100000000000100"], 0x14}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r9 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='0..:\x00', 0x0) 0s ago: executing program 3 (id=3413): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000003f40)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) r2 = open(0x0, 0x200, 0x9) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r4, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe) listen(r4, 0xffffffff) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x3f0, 0x0, 0x11, 0x148, 0x0, 0x0, 0x358, 0x2a8, 0x2a8, 0x358, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1f0, 0x250, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'vlan1\x00', {0x40000000e, 0xfb, 0x45, 0xfffffffb, 0x9, 0x100, 0x1, 0x3ff, 0x78, 0x20}, {0x3}}}, @common=@unspec=@state={{0x28}, {0x400}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x2, 0x1, 0x6, 0x1, 0x1], 0x2, 0x2}, {0x0, [0x5, 0x3, 0x4, 0x2, 0x6], 0x1, 0x1}}}}, {{@ip={@multicast2, @loopback, 0xff, 0x0, 'veth0_vlan\x00', 'veth1_virt_wifi\x00', {}, {}, 0x8, 0x0, 0x58}, 0x0, 0xc0, 0x108, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x3}}, @inet=@rpfilter={{0x28}, {0xb}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, 'lo\x00', {0x2}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x450) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000, 0x4, &(0x7f0000ffb000/0x2000)=nil) openat$cgroup_ro(r2, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) kernel console output (not intermixed with test programs): n invalid descriptor of length 0, skipping remainder of the config [ 1544.594266][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1544.627998][T13619] usb 5-1: config 0 has no interfaces? [ 1544.636686][T13619] usb 5-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 1544.646362][T13619] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1544.792176][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1544.798986][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1545.304264][T17214] loop3: detected capacity change from 0 to 1024 [ 1545.343658][T17214] EXT4-fs: Ignoring removed i_version option [ 1545.349807][T17214] EXT4-fs: inline encryption not supported [ 1545.408000][T13619] usb 5-1: Product: syz [ 1545.412703][T13619] usb 5-1: Manufacturer: syz [ 1545.422531][T13619] usb 5-1: SerialNumber: syz [ 1545.430953][T13619] usb 5-1: config 0 descriptor?? [ 1545.449837][T17214] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1545.492379][T17214] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1545.501247][T17216] loop2: detected capacity change from 0 to 512 [ 1545.534909][T17216] ext4: Unknown parameter 'pcr' [ 1547.598564][T17226] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2236'. [ 1549.220975][T17227] loop4: detected capacity change from 0 to 512 [ 1551.194436][T17227] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1552.038158][T17227] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR [ 1552.038673][T17227] EXT4-fs: failed to create workqueue [ 1552.053682][T17227] EXT4-fs (loop4): mount failed [ 1552.272779][ T9] usb 5-1: USB disconnect, device number 3 [ 1552.428067][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1552.583826][T17239] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2241'. [ 1552.662684][T17241] loop0: detected capacity change from 0 to 512 [ 1552.686408][T17241] ext4: Unknown parameter 'pcr' [ 1552.754267][ T6011] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1552.862989][T17243] hub 9-0:1.0: USB hub found [ 1552.869368][T17243] hub 9-0:1.0: 1 port detected [ 1554.638522][T17247] loop2: detected capacity change from 0 to 1024 [ 1554.694247][T17247] EXT4-fs: Ignoring removed i_version option [ 1554.761896][T17247] EXT4-fs: inline encryption not supported [ 1554.820689][T17247] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1554.889538][T17250] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2243'. [ 1554.912351][T17247] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1555.182957][T17256] loop3: detected capacity change from 0 to 512 [ 1555.211224][T17256] ext4: Unknown parameter 'pcr' [ 1556.563530][T17150] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1557.074369][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1557.166683][T17269] loop4: detected capacity change from 0 to 512 [ 1557.189379][T17269] ext4: Unknown parameter 'pcr' [ 1557.199243][T17150] usb 1-1: Using ep0 maxpacket: 8 [ 1557.246189][T17272] netlink: 'syz.2.2250': attribute type 1 has an invalid length. [ 1557.339703][T17150] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1557.367365][T17150] usb 1-1: config 0 has no interfaces? [ 1557.386173][T17150] usb 1-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 1557.406008][T17150] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1557.444704][T17272] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1557.486147][T17150] usb 1-1: Product: syz [ 1557.493863][T17150] usb 1-1: Manufacturer: syz [ 1557.499623][T17150] usb 1-1: SerialNumber: syz [ 1557.514237][T17150] usb 1-1: config 0 descriptor?? [ 1557.550229][T17274] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1557.816195][T17274] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1558.341884][ T9] usb 1-1: USB disconnect, device number 2 [ 1558.353173][T17274] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 1558.467175][T17276] macvlan2: entered promiscuous mode [ 1558.520612][T17276] bond2: entered promiscuous mode [ 1558.538568][T17276] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1558.556667][T17276] bond2: left promiscuous mode [ 1558.908887][T11131] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1559.165698][T11131] usb 4-1: Using ep0 maxpacket: 8 [ 1559.690542][T11131] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1559.776928][T17286] ceph: No mds server is up or the cluster is laggy [ 1559.903412][T11131] usb 4-1: config 0 has no interfaces? [ 1559.927958][T11131] usb 4-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 1559.937477][T11131] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1559.946300][T11131] usb 4-1: Product: syz [ 1559.950653][T11131] usb 4-1: Manufacturer: syz [ 1559.955546][T11131] usb 4-1: SerialNumber: syz [ 1559.989181][T11131] usb 4-1: config 0 descriptor?? [ 1560.274754][T17297] hub 9-0:1.0: USB hub found [ 1560.378813][T17297] hub 9-0:1.0: 1 port detected [ 1560.386656][T17282] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2252'. [ 1560.424150][T17282] loop3: detected capacity change from 0 to 512 [ 1560.432369][T17282] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1560.524995][T17302] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2256'. [ 1560.534151][T17302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2256'. [ 1561.321450][T17282] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e02c, mo2=0002] [ 1561.330671][T17282] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1561.504446][T17282] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.2252: bg 0: block 361: padding at end of block bitmap is not set [ 1561.550332][T17282] EXT4-fs (loop3): Remounting filesystem read-only [ 1561.557558][T17282] EXT4-fs (loop3): 1 truncate cleaned up [ 1561.564893][T17282] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1561.616099][T17150] usb 4-1: USB disconnect, device number 4 [ 1561.724892][T17303] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2255'. [ 1561.883691][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1562.025454][T17307] loop3: detected capacity change from 0 to 512 [ 1562.089412][T17307] ext4: Unknown parameter 'pcr' [ 1563.942887][T17314] hub 9-0:1.0: USB hub found [ 1563.948971][T17314] hub 9-0:1.0: 1 port detected [ 1564.852533][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1564.882061][T13619] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1565.048138][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 1565.060353][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1565.075984][ T9] usb 1-1: config 0 has no interfaces? [ 1565.081995][T13619] usb 4-1: Using ep0 maxpacket: 8 [ 1565.092109][T13619] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1565.108659][ T9] usb 1-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 1565.127944][T13619] usb 4-1: config 0 has no interfaces? [ 1565.139613][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1565.162482][T13619] usb 4-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 1565.181319][ T9] usb 1-1: Product: syz [ 1565.191153][T13619] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1565.203996][ T9] usb 1-1: Manufacturer: syz [ 1565.217539][ T9] usb 1-1: SerialNumber: syz [ 1565.256156][T13619] usb 4-1: Product: syz [ 1565.269493][ T9] usb 1-1: config 0 descriptor?? [ 1565.275692][T13619] usb 4-1: Manufacturer: syz [ 1565.284519][T13619] usb 4-1: SerialNumber: syz [ 1565.302111][T13619] usb 4-1: config 0 descriptor?? [ 1565.413496][T17322] hub 9-0:1.0: USB hub found [ 1565.419825][T17322] hub 9-0:1.0: 1 port detected [ 1566.578078][T17329] loop0: detected capacity change from 0 to 512 [ 1566.653102][T17329] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1568.258055][T17331] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2260'. [ 1568.416328][T17332] loop3: detected capacity change from 0 to 512 [ 1576.858916][T11131] usb 1-1: USB disconnect, device number 3 [ 1576.906269][T17329] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR [ 1576.910637][T17329] EXT4-fs: failed to create workqueue [ 1576.926422][T17329] EXT4-fs (loop0): mount failed [ 1577.038467][T17332] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1577.049227][T17332] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR [ 1577.049649][T17332] EXT4-fs: failed to create workqueue [ 1577.064979][T17332] EXT4-fs (loop3): mount failed [ 1577.400805][T12466] usb 4-1: USB disconnect, device number 5 [ 1577.799687][T17341] netlink: 'syz.0.2265': attribute type 1 has an invalid length. [ 1577.886553][T17345] hub 9-0:1.0: USB hub found [ 1577.892717][T17345] hub 9-0:1.0: 1 port detected [ 1579.570884][T17341] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1579.626187][T17348] netlink: 'syz.4.2267': attribute type 1 has an invalid length. [ 1579.704033][T17348] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1579.815776][T17349] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1579.851278][T17349] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1579.902587][T17349] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 1579.975011][T17351] ip6erspan0: entered promiscuous mode [ 1579.996305][T17351] bond1: (slave ip6erspan0): making interface the new active one [ 1580.011527][T17351] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 1580.068696][T17352] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1580.084367][T17352] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1580.102222][T17352] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 1580.174665][T17353] ip6erspan0: entered promiscuous mode [ 1580.177576][T17360] hub 9-0:1.0: USB hub found [ 1580.185744][T17360] hub 9-0:1.0: 1 port detected [ 1580.207027][T17353] bond1: (slave ip6erspan0): making interface the new active one [ 1580.222726][T17353] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 1580.469746][T17363] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2269'. [ 1581.178811][T17371] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2272'. [ 1581.554261][T17376] hub 9-0:1.0: USB hub found [ 1581.560613][T17376] hub 9-0:1.0: 1 port detected [ 1582.783796][T17378] loop0: detected capacity change from 0 to 512 [ 1582.809876][T17378] ext4: Unknown parameter 'pcr' [ 1583.030423][ T6011] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1583.329205][T17382] hub 9-0:1.0: USB hub found [ 1583.334962][T17382] hub 9-0:1.0: 1 port detected [ 1585.218367][T17386] netlink: 'syz.0.2275': attribute type 1 has an invalid length. [ 1585.275600][T17386] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1585.366320][T17388] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1585.378349][T17388] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1585.401924][T17388] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 1585.574436][T17386] macvlan2: entered promiscuous mode [ 1585.582611][T17386] bond2: entered promiscuous mode [ 1585.589387][T17386] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1585.605540][T17386] bond2: left promiscuous mode [ 1585.810531][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 1585.996820][T17396] hub 9-0:1.0: USB hub found [ 1586.002769][T17396] hub 9-0:1.0: 1 port detected [ 1586.867464][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 1586.886846][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1586.902925][ T9] usb 5-1: config 0 has no interfaces? [ 1586.922817][ T9] usb 5-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 1586.951718][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1586.965424][ T9] usb 5-1: Product: syz [ 1586.970201][ T9] usb 5-1: Manufacturer: syz [ 1586.985025][ T9] usb 5-1: SerialNumber: syz [ 1587.006380][ T9] usb 5-1: config 0 descriptor?? [ 1587.137410][T17404] netlink: 'syz.0.2282': attribute type 1 has an invalid length. [ 1587.230234][T17404] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1587.799505][T17411] loop4: detected capacity change from 0 to 512 [ 1587.834124][T17412] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1587.854385][T17411] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1587.880077][T17412] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1587.892312][T17412] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1587.905833][T17412] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1587.919099][T17412] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1587.929102][T17412] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1587.974515][T17411] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e02c, mo2=0002] [ 1587.984219][T17411] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1588.181499][T17411] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.2277: bg 0: block 361: padding at end of block bitmap is not set [ 1588.209821][T17411] EXT4-fs (loop4): Remounting filesystem read-only [ 1588.220807][T17411] EXT4-fs (loop4): 1 truncate cleaned up [ 1588.244081][T17411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1589.241394][T17404] macvlan2: entered promiscuous mode [ 1589.355245][T17404] bond3: entered promiscuous mode [ 1589.360893][T17404] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1589.458871][T17404] bond3: left promiscuous mode [ 1589.562939][T17410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2277'. [ 1589.656765][T17415] netlink: 'syz.3.2283': attribute type 1 has an invalid length. [ 1589.863776][T17415] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1589.960876][ T3473] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1590.021559][T17416] macvlan2: entered promiscuous mode [ 1590.042026][T17416] bond1: entered promiscuous mode [ 1590.067812][T17416] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1590.099307][T17416] bond1: left promiscuous mode [ 1590.111457][T17412] Bluetooth: hci1: command tx timeout [ 1590.164473][T17420] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2284'. [ 1590.179352][T17420] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2284'. [ 1590.192787][ T5877] usb 5-1: USB disconnect, device number 4 [ 1590.299974][ T6406] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1590.402747][ T3473] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1590.869322][T17429] hub 9-0:1.0: USB hub found [ 1590.880084][T17429] hub 9-0:1.0: 1 port detected [ 1592.162858][T17427] hub 9-0:1.0: USB hub found [ 1592.170692][T17427] hub 9-0:1.0: 1 port detected [ 1592.210604][T17412] Bluetooth: hci1: command tx timeout [ 1592.740176][ T3473] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1592.879057][T17436] syz.0.2288[17436] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1592.879409][T17436] syz.0.2288[17436] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1592.935016][ T3473] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1593.202427][T17408] chnl_net:caif_netlink_parms(): no params data found [ 1593.530173][T17408] bridge0: port 1(bridge_slave_0) entered blocking state [ 1593.560848][T17408] bridge0: port 1(bridge_slave_0) entered disabled state [ 1593.578647][T17408] bridge_slave_0: entered allmulticast mode [ 1593.588113][T17408] bridge_slave_0: entered promiscuous mode [ 1593.680626][T17408] bridge0: port 2(bridge_slave_1) entered blocking state [ 1593.692700][T17408] bridge0: port 2(bridge_slave_1) entered disabled state [ 1593.700247][T17408] bridge_slave_1: entered allmulticast mode [ 1593.726748][T17408] bridge_slave_1: entered promiscuous mode [ 1594.104963][T17408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1594.172965][T17408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1594.255158][T17412] Bluetooth: hci1: command tx timeout [ 1594.291950][T17457] tipc: Started in network mode [ 1594.313260][T17457] tipc: Node identity 521a7fa07d34, cluster identity 4711 [ 1594.324952][T17457] tipc: Enabled bearer , priority 0 [ 1594.349407][T17458] syzkaller0: entered promiscuous mode [ 1594.403735][T17458] syzkaller0: entered allmulticast mode [ 1594.480228][T17408] team0: Port device team_slave_0 added [ 1594.629443][T17408] team0: Port device team_slave_1 added [ 1594.664168][T17456] tipc: Resetting bearer [ 1594.771112][T17456] tipc: Disabling bearer [ 1595.166601][T17408] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1595.193471][T17408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1595.236171][T17408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1595.249852][T17408] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1595.277424][T17408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1595.354395][T17408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1595.621148][T17493] netlink: 'syz.4.2304': attribute type 1 has an invalid length. [ 1595.747373][T17493] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1595.938921][T17498] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1595.952084][T17498] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1595.964432][T17498] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 1595.991784][T17502] netlink: 'syz.3.2305': attribute type 1 has an invalid length. [ 1596.032558][T17502] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1596.061224][T17493] macvlan2: entered promiscuous mode [ 1596.070649][T17493] bond2: entered promiscuous mode [ 1596.076986][T17493] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1596.088880][T17493] bond2: left promiscuous mode [ 1596.175414][T17503] veth3: entered promiscuous mode [ 1596.221790][T17503] bond2: (slave veth3): Enslaving as an active interface with a down link [ 1596.248232][T17408] hsr_slave_0: entered promiscuous mode [ 1596.269221][T17408] hsr_slave_1: entered promiscuous mode [ 1596.276156][T17408] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1596.291231][T17408] Cannot create hsr debugfs directory [ 1596.306754][T17504] bond2: entered allmulticast mode [ 1596.322713][T17412] Bluetooth: hci1: command tx timeout [ 1596.416692][T17511] veth3: entered promiscuous mode [ 1596.473899][T17508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2306'. [ 1596.503617][T17516] block nbd3: NBD_DISCONNECT [ 1596.511834][T17509] veth3: entered promiscuous mode [ 1596.566334][T17512] netlink: 'syz.4.2307': attribute type 1 has an invalid length. [ 1596.671261][ T3473] hsr_slave_0: left promiscuous mode [ 1596.681932][ T3473] hsr_slave_1: left promiscuous mode [ 1596.688369][ T3473] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1596.696313][ T3473] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1596.709384][ T3473] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1596.717016][ T3473] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1596.725520][ T3473] bridge_slave_1: left allmulticast mode [ 1596.731359][ T3473] bridge_slave_1: left promiscuous mode [ 1596.737370][ T3473] bridge0: port 2(bridge_slave_1) entered disabled state [ 1596.750740][ T3473] bridge_slave_0: left allmulticast mode [ 1596.756474][ T3473] bridge_slave_0: left promiscuous mode [ 1596.762619][ T3473] bridge0: port 1(bridge_slave_0) entered disabled state [ 1596.800196][ T3473] veth1_macvtap: left promiscuous mode [ 1596.805916][ T3473] veth0_macvtap: left promiscuous mode [ 1596.811843][ T3473] veth1_vlan: left promiscuous mode [ 1596.819067][ T3473] veth0_vlan: left promiscuous mode [ 1597.196357][ T3473] bond2 (unregistering): Released all slaves [ 1597.601164][ T3473] bond1 (unregistering): Released all slaves [ 1598.292808][ T3473] team0 (unregistering): Port device team_slave_1 removed [ 1598.366076][ T3473] team0 (unregistering): Port device team_slave_0 removed [ 1598.436040][ T3473] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1598.515201][ T3473] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1599.362410][ T3473] smc: removing net device bond0 with user defined pnetid SYZ2 [ 1599.370552][ T3473] bond0 (unregistering): Released all slaves [ 1599.476799][T17513] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1599.653815][T17521] veth5: entered promiscuous mode [ 1599.707015][T17522] veth5: entered promiscuous mode [ 1599.712747][T17527] nbd: must specify an index to disconnect [ 1599.749190][T17523] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1599.897911][T17525] netlink: 'syz.0.2310': attribute type 1 has an invalid length. [ 1599.978111][T17528] bond4: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 1599.990413][T17529] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1599.991982][ T1078] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 1600.027453][T17535] netlink: 'syz.3.2313': attribute type 1 has an invalid length. [ 1600.169385][ T6329] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 1600.201029][T17535] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1600.277448][T17538] veth5: entered promiscuous mode [ 1600.329048][T17538] bond3: (slave veth5): Enslaving as an active interface with a down link [ 1600.344104][T17536] syzkaller0: entered promiscuous mode [ 1600.350005][T17536] syzkaller0: entered allmulticast mode [ 1600.443986][T17542] veth7: entered promiscuous mode [ 1600.512896][T17545] netlink: 'syz.0.2314': attribute type 1 has an invalid length. [ 1600.560002][T17535] bond3: entered allmulticast mode [ 1600.672667][T17549] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1600.977424][T17558] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1601.116110][T17560] veth9: entered promiscuous mode [ 1601.140840][T17560] bond4: (slave veth9): Enslaving as an active interface with an up link [ 1601.191609][T17564] veth11: entered promiscuous mode [ 1601.201672][T17564] bond4: (slave veth11): Enslaving as an active interface with an up link [ 1601.224392][T17570] bond4: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1601.266539][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 1601.284539][T17577] tipc: Enabling of bearer rejected, failed to enable media [ 1601.311449][T17575] syzkaller0: entered promiscuous mode [ 1601.321385][T17575] syzkaller0: entered allmulticast mode [ 1601.358789][ T3473] IPVS: stop unused estimator thread 0... [ 1601.490701][T17581] netlink: 'syz.3.2321': attribute type 1 has an invalid length. [ 1601.495652][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 1601.512047][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1601.525127][ T9] usb 5-1: config 0 has no interfaces? [ 1601.536403][ T9] usb 5-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 1601.550034][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1601.565651][T17583] bond5: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 1601.580074][ T9] usb 5-1: Product: syz [ 1601.595855][ T9] usb 5-1: Manufacturer: syz [ 1601.600729][ T9] usb 5-1: SerialNumber: syz [ 1601.651760][ T9] usb 5-1: config 0 descriptor?? [ 1601.742560][T17181] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 1601.765057][T17581] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1601.879552][T17588] netlink: 'syz.0.2322': attribute type 9 has an invalid length. [ 1601.888136][ T6329] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 1601.924075][T17588] netlink: 'syz.0.2322': attribute type 6 has an invalid length. [ 1602.013153][T17590] syzkaller0: entered promiscuous mode [ 1602.018950][T17590] syzkaller0: entered allmulticast mode [ 1602.424989][T17597] loop4: detected capacity change from 0 to 512 [ 1602.499556][T17597] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1602.578144][T17597] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e02c, mo2=0002] [ 1602.588397][T17597] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1602.604271][T17597] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.2317: bg 0: block 361: padding at end of block bitmap is not set [ 1602.623290][T17597] EXT4-fs (loop4): Remounting filesystem read-only [ 1602.633243][T17597] EXT4-fs (loop4): 1 truncate cleaned up [ 1602.647048][T17597] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1603.173528][T17595] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2317'. [ 1603.422307][T17599] syzkaller0: entered promiscuous mode [ 1603.724193][T17599] syzkaller0: entered allmulticast mode [ 1604.760772][T17605] syzkaller0: entered promiscuous mode [ 1604.780726][T17605] syzkaller0: entered allmulticast mode [ 1604.881017][T17408] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1604.955797][T17408] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1604.987113][T12466] usb 5-1: USB disconnect, device number 5 [ 1604.997837][ T6406] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1605.011434][T17408] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1605.115183][T17408] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1605.144997][T17612] tipc: Started in network mode [ 1605.152170][T17612] tipc: Node identity d208c4f581c1, cluster identity 4711 [ 1605.160268][T17612] tipc: Enabled bearer , priority 0 [ 1605.205740][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1605.213258][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1605.237903][T17609] tipc: Started in network mode [ 1605.249041][T17609] tipc: Node identity 7a7f805477ea, cluster identity 4711 [ 1605.268435][T17609] tipc: Enabled bearer , priority 0 [ 1605.283411][T17611] syzkaller0: entered promiscuous mode [ 1605.290178][T17611] syzkaller0: entered allmulticast mode [ 1605.337958][T17609] syzkaller0: entered promiscuous mode [ 1605.343932][T17609] syzkaller0: entered allmulticast mode [ 1605.375299][T17611] tipc: Resetting bearer [ 1605.385512][T17622] syzkaller0: entered promiscuous mode [ 1605.394331][T17622] syzkaller0: entered allmulticast mode [ 1605.406578][T17622] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487 [ 1605.435023][T17610] tipc: Resetting bearer [ 1605.465150][T17610] tipc: Disabling bearer [ 1605.521798][T17609] tipc: Resetting bearer [ 1605.565752][T17608] tipc: Resetting bearer [ 1605.682333][T17608] tipc: Disabling bearer [ 1605.750160][T17626] tipc: Enabled bearer , priority 0 [ 1605.771869][T17626] syzkaller0: entered promiscuous mode [ 1605.785310][T17626] syzkaller0: entered allmulticast mode [ 1605.804823][T17630] syzkaller0: entered promiscuous mode [ 1605.826149][T17630] syzkaller0: entered allmulticast mode [ 1605.966641][T17626] tipc: Resetting bearer [ 1605.988008][T17408] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1606.029932][T17625] tipc: Resetting bearer [ 1606.093587][T17625] tipc: Disabling bearer [ 1606.218288][T17408] 8021q: adding VLAN 0 to HW filter on device team0 [ 1606.285160][T17181] bridge0: port 1(bridge_slave_0) entered blocking state [ 1606.294008][T17181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1606.316152][T17181] bridge0: port 2(bridge_slave_1) entered blocking state [ 1606.323548][T17181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1606.350490][T17643] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2332'. [ 1606.495026][T17646] veth3: entered promiscuous mode [ 1606.601579][T17647] veth3: entered promiscuous mode [ 1606.686888][T17652] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1606.828755][T17653] syzkaller0: entered promiscuous mode [ 1606.837345][T17653] syzkaller0: entered allmulticast mode [ 1606.857965][T17635] loop0: detected capacity change from 0 to 32768 [ 1606.999882][T17635] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1607.146803][T17671] netlink: 'syz.4.2334': attribute type 1 has an invalid length. [ 1607.221470][T17671] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1607.350817][T17676] veth3: entered promiscuous mode [ 1607.371349][T17676] bond4: (slave veth3): Enslaving as an active interface with a down link [ 1607.387736][T17680] tipc: Enabled bearer , priority 0 [ 1607.455543][T17635] XFS (loop0): Ending clean mount [ 1607.464153][T17671] veth5: entered promiscuous mode [ 1607.471886][T17635] XFS (loop0): Quotacheck needed: Please wait. [ 1607.494382][T17671] bond4: (slave veth5): Enslaving as an active interface with a down link [ 1607.519304][T17675] syzkaller0: entered promiscuous mode [ 1607.553667][T17675] syzkaller0: entered allmulticast mode [ 1607.565299][T17635] XFS (loop0): Quotacheck: Done. [ 1607.618351][T17680] tipc: Resetting bearer [ 1607.683004][T17674] tipc: Resetting bearer [ 1607.872949][T17674] tipc: Disabling bearer [ 1608.239149][T17688] ceph: No mds server is up or the cluster is laggy [ 1608.658831][ T5791] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1608.691680][T17693] veth7: entered promiscuous mode [ 1608.971567][T17695] veth7: entered promiscuous mode [ 1609.096330][T17698] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1609.184720][T17408] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1609.321031][T17704] syzkaller0: entered promiscuous mode [ 1609.326624][T17704] syzkaller0: entered allmulticast mode [ 1609.578419][T17408] veth0_vlan: entered promiscuous mode [ 1609.643974][T17408] veth1_vlan: entered promiscuous mode [ 1609.763419][T17408] veth0_macvtap: entered promiscuous mode [ 1609.783934][T17408] veth1_macvtap: entered promiscuous mode [ 1609.833997][T17726] dummy0: entered promiscuous mode [ 1609.842699][T17726] vlan2: entered promiscuous mode [ 1610.026038][T17408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1610.060538][T17408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.085436][T17408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1610.109844][T17408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.137086][T17408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1610.168495][T17408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.208046][T17408] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1610.220735][T17732] syz_tun: entered allmulticast mode [ 1610.274827][T17408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1610.332223][T17408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.350557][T17408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1610.378130][T17408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.407091][T17408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1610.417723][T17408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.437408][T17408] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1610.491319][T17408] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1610.500112][T17408] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1610.519799][T17408] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1610.529594][T17408] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1610.588539][T17746] tipc: Enabled bearer , priority 0 [ 1610.605254][T17746] syzkaller0: entered promiscuous mode [ 1610.620953][T17746] syzkaller0: entered allmulticast mode [ 1610.654553][T17746] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2349'. [ 1610.737817][T17746] tipc: Resetting bearer [ 1610.769039][T17745] tipc: Resetting bearer [ 1610.802743][T17745] tipc: Disabling bearer [ 1610.833499][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1610.858466][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1610.981786][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1611.020058][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1611.301916][T17759] syzkaller0: entered promiscuous mode [ 1611.321534][T17759] syzkaller0: entered allmulticast mode [ 1611.978776][T17412] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1611.990715][T17412] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1612.014929][T17412] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1612.039569][T17412] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1612.055120][T17412] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1612.074898][T17412] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1614.205837][T17412] Bluetooth: hci4: command tx timeout [ 1616.272936][T17412] Bluetooth: hci4: command tx timeout [ 1616.416303][T17769] tipc: Enabling of bearer rejected, failed to enable media [ 1617.510636][T17801] loop4: detected capacity change from 0 to 512 [ 1618.356119][T17412] Bluetooth: hci4: command tx timeout [ 1620.427126][T17412] Bluetooth: hci4: command tx timeout [ 1621.403357][T17811] team_slave_0: entered promiscuous mode [ 1621.409705][T17811] team_slave_1: entered promiscuous mode [ 1621.416766][T17811] vlan2: entered promiscuous mode [ 1621.421885][T17811] team0: entered promiscuous mode [ 1621.651786][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1621.830377][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1621.920846][T17822] pim6reg: entered allmulticast mode [ 1621.947888][T17824] team_slave_0: entered promiscuous mode [ 1621.953802][T17824] team_slave_1: entered promiscuous mode [ 1621.960927][T17824] vlan2: entered promiscuous mode [ 1621.972653][T17824] team0: entered promiscuous mode [ 1622.080210][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1622.287695][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1622.473159][T17840] tipc: Started in network mode [ 1622.480731][T17840] tipc: Node identity c2dff714f2fa, cluster identity 4711 [ 1622.490768][T17840] tipc: Enabled bearer , priority 0 [ 1622.561137][T17841] syzkaller0: entered promiscuous mode [ 1622.576654][T17841] syzkaller0: entered allmulticast mode [ 1622.587791][T17840] syzkaller0: entered promiscuous mode [ 1622.598933][T17840] syzkaller0: entered allmulticast mode [ 1622.776585][T17840] tipc: Resetting bearer [ 1622.841061][T17836] tipc: Resetting bearer [ 1622.870430][T17836] tipc: Disabling bearer [ 1622.898169][T17852] vlan2: entered promiscuous mode [ 1623.056645][T17780] chnl_net:caif_netlink_parms(): no params data found [ 1623.139943][ T11] tipc: Left network mode [ 1623.567039][ T11] bond5: (slave ip6gretap1): Removing an active aggregator [ 1623.590683][ T11] bond5: (slave ip6gretap1): Releasing backup interface [ 1623.616558][T17863] tipc: Enabled bearer , priority 0 [ 1623.646961][T17868] syzkaller0: entered promiscuous mode [ 1623.662717][T17868] syzkaller0: entered allmulticast mode [ 1623.710886][T17865] loop2: detected capacity change from 0 to 32768 [ 1623.737669][T17871] tipc: Resetting bearer [ 1623.812205][T17865] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 1623.849397][ T28] audit: type=1800 audit(1767391406.782:85): pid=17865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2383" name="file1" dev="loop2" ino=17058 res=0 errno=0 [ 1623.912186][T17860] tipc: Resetting bearer [ 1624.175704][T17860] tipc: Disabling bearer [ 1624.254445][T17780] bridge0: port 1(bridge_slave_0) entered blocking state [ 1624.845587][T17780] bridge0: port 1(bridge_slave_0) entered disabled state [ 1624.855898][T17780] bridge_slave_0: entered allmulticast mode [ 1624.879477][T17780] bridge_slave_0: entered promiscuous mode [ 1625.104247][T17780] bridge0: port 2(bridge_slave_1) entered blocking state [ 1625.112816][T17408] ocfs2: Unmounting device (7,2) on (node local) [ 1625.156618][T17780] bridge0: port 2(bridge_slave_1) entered disabled state [ 1625.181153][T17780] bridge_slave_1: entered allmulticast mode [ 1625.217897][T17780] bridge_slave_1: entered promiscuous mode [ 1625.470613][T17780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1625.599606][T17780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1625.858242][T17780] team0: Port device team_slave_0 added [ 1625.948442][T17897] syzkaller0: entered promiscuous mode [ 1625.974950][T17897] syzkaller0: entered allmulticast mode [ 1625.988368][T17780] team0: Port device team_slave_1 added [ 1626.126263][T17905] tipc: Enabled bearer , priority 0 [ 1626.144857][T17903] syzkaller0: entered promiscuous mode [ 1626.150406][T17903] syzkaller0: entered allmulticast mode [ 1626.427861][T17907] tipc: Resetting bearer [ 1627.165825][ T5853] tipc: Node number set to 807794452 [ 1629.641446][T17780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1629.662890][T17780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1629.690244][T17780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1629.710517][T17901] tipc: Resetting bearer [ 1629.753453][T17901] tipc: Disabling bearer [ 1629.769781][T17916] tipc: Enabled bearer , priority 0 [ 1629.777199][T17917] syzkaller0: entered promiscuous mode [ 1629.784444][T17917] syzkaller0: entered allmulticast mode [ 1629.793482][T17925] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2391'. [ 1629.814875][T17921] tipc: Resetting bearer [ 1629.875052][T17780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1629.885893][T17780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1629.920222][T17780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1629.935722][T17930] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2393'. [ 1629.953715][T17930] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2393'. [ 1629.965589][T17931] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2393'. [ 1629.975583][T17931] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2393'. [ 1629.986687][T17921] tipc: Resetting bearer [ 1630.018922][T17921] tipc: Disabling bearer [ 1630.102843][ T11] bond0: (slave wlan1): Releasing backup interface [ 1630.196464][T17934] tipc: Enabled bearer , priority 0 [ 1630.326661][T17934] tipc: Resetting bearer [ 1630.343753][T17938] syzkaller0: entered promiscuous mode [ 1630.352059][T17938] syzkaller0: entered allmulticast mode [ 1630.369845][T17780] hsr_slave_0: entered promiscuous mode [ 1630.376561][T17780] hsr_slave_1: entered promiscuous mode [ 1630.383658][T17780] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1630.392481][T17780] Cannot create hsr debugfs directory [ 1630.429121][T17932] tipc: Resetting bearer [ 1630.494954][T17932] tipc: Disabling bearer [ 1630.527732][T17946] tipc: Enabled bearer , priority 0 [ 1630.646084][ T11] hsr_slave_0: left promiscuous mode [ 1630.710170][ T11] hsr_slave_1: left promiscuous mode [ 1630.742196][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1630.760176][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1630.777315][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1630.794389][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1630.803600][ T11] bridge_slave_1: left allmulticast mode [ 1630.809842][ T11] bridge_slave_1: left promiscuous mode [ 1630.815960][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1630.830297][ T11] bridge_slave_0: left allmulticast mode [ 1630.836803][ T11] bridge_slave_0: left promiscuous mode [ 1630.842643][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1630.919950][ T11] veth1_macvtap: left promiscuous mode [ 1630.937031][ T11] veth0_macvtap: left promiscuous mode [ 1630.942938][ T11] veth1_vlan: left promiscuous mode [ 1630.967117][ T11] veth0_vlan: left promiscuous mode [ 1631.555607][ T9] tipc: Node number set to 1405732085 [ 1631.769400][ T11] bond5 (unregistering): Released all slaves [ 1631.811193][ T11] bond4 (unregistering): (slave veth11): Releasing backup interface [ 1631.860284][ T11] bond4 (unregistering): (slave veth9): Releasing backup interface [ 1632.117730][ T11] bond4 (unregistering): Released all slaves [ 1632.176556][ T11] bond3 (unregistering): (slave veth5): Releasing active interface [ 1632.414972][ T11] bond3 (unregistering): Released all slaves [ 1632.461502][ T11] bond2 (unregistering): (slave veth3): Releasing active interface [ 1632.700902][ T11] bond2 (unregistering): Released all slaves [ 1632.939793][ T11] bond1 (unregistering): Released all slaves [ 1634.030387][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1634.105727][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1634.176408][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1634.250205][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1635.087812][ T11] smc: removing net device bond0 with user defined pnetid SYZ2 [ 1635.096378][ T11] bond0 (unregistering): Released all slaves [ 1635.208290][T17946] syzkaller0: entered promiscuous mode [ 1635.214041][T17946] syzkaller0: entered allmulticast mode [ 1635.249178][T17952] tipc: Resetting bearer [ 1635.326490][T17944] tipc: Resetting bearer [ 1635.357439][T17944] tipc: Disabling bearer [ 1635.398100][T17989] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2403'. [ 1635.419510][T17989] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2403'. [ 1635.449602][T17990] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2403'. [ 1635.475743][T17990] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2403'. [ 1635.938171][ T11] IPVS: stop unused estimator thread 0... [ 1636.745962][T18016] pim6reg: entered allmulticast mode [ 1636.806138][T18018] pim6reg: left allmulticast mode [ 1637.471630][T17780] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1637.520881][T17780] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1637.550990][T17780] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1637.588267][T17780] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1638.000755][T18036] syzkaller0: entered promiscuous mode [ 1638.024428][T18036] syzkaller0: entered allmulticast mode [ 1638.048563][T17780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1638.211614][T17780] 8021q: adding VLAN 0 to HW filter on device team0 [ 1638.269729][ T2884] bridge0: port 1(bridge_slave_0) entered blocking state [ 1638.277047][ T2884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1638.328022][ T2884] bridge0: port 2(bridge_slave_1) entered blocking state [ 1638.335235][ T2884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1638.425879][T18045] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2413'. [ 1638.435036][T18045] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2413'. [ 1638.457243][T18045] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2413'. [ 1638.489099][T18045] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2413'. [ 1638.585208][T17780] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1638.828094][T18054] tipc: Enabled bearer , priority 0 [ 1638.847835][T18054] syzkaller0: entered promiscuous mode [ 1638.853492][T18054] syzkaller0: entered allmulticast mode [ 1638.919402][T18054] tipc: Resetting bearer [ 1638.957497][T18050] tipc: Resetting bearer [ 1639.068026][T18050] tipc: Disabling bearer [ 1639.212530][T17780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1639.391690][T17780] veth0_vlan: entered promiscuous mode [ 1639.433588][T17780] veth1_vlan: entered promiscuous mode [ 1639.569914][T17780] veth0_macvtap: entered promiscuous mode [ 1639.601304][T17780] veth1_macvtap: entered promiscuous mode [ 1639.650992][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1639.700242][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1639.724339][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1639.754401][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1639.775638][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1639.817512][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1639.836315][T17780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1639.851164][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1639.862078][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1639.878291][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1639.891069][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1639.905302][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1639.941060][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1640.001325][T17780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1640.062981][T17780] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1640.101483][T17780] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1640.133871][T17780] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1640.142762][T17780] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1640.351967][T18080] syzkaller0: entered promiscuous mode [ 1640.373950][T18080] syzkaller0: entered allmulticast mode [ 1640.683944][T17181] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1640.691854][T17181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1640.910842][T17181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1640.937655][T17181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1642.914084][T18111] loop3: detected capacity change from 0 to 32768 [ 1643.091405][T18111] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1643.097748][T18135] loop2: detected capacity change from 0 to 512 [ 1643.427267][T18111] XFS (loop3): Ending clean mount [ 1643.464693][T18111] XFS (loop3): Quotacheck needed: Please wait. [ 1643.611494][T18111] XFS (loop3): Quotacheck: Done. [ 1644.304188][T18144] ceph: No mds server is up or the cluster is laggy [ 1644.472994][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 1644.519763][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 1644.774828][T17780] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1646.531951][T18165] syzkaller0: entered promiscuous mode [ 1646.553175][T18165] syzkaller0: entered allmulticast mode [ 1647.029377][T18168] dvmrp12: entered allmulticast mode [ 1647.117520][T18168] dvmrp12: left allmulticast mode [ 1649.883094][ T5791] syz_tun (unregistering): left allmulticast mode [ 1649.914032][ T5794] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1649.932516][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1649.945435][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1649.958026][ T5794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1649.966201][ T5794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1649.973730][ T5794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1650.057691][T18187] syzkaller0: entered promiscuous mode [ 1650.063355][T18187] syzkaller0: entered allmulticast mode [ 1650.170408][T17181] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1650.193179][T17181] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1652.061298][ T5794] Bluetooth: hci2: command tx timeout [ 1654.131601][ T5794] Bluetooth: hci2: command tx timeout [ 1654.641842][T17181] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1654.653172][T17181] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1654.777896][T17181] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1654.789777][T17181] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1654.873837][T18209] syzkaller0: entered promiscuous mode [ 1654.879673][T18209] syzkaller0: entered allmulticast mode [ 1654.960590][T17181] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1654.973586][T17181] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1654.994634][T18209] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 1655.078931][T18214] tipc: Enabled bearer , priority 0 [ 1655.132685][T18214] syzkaller0: entered promiscuous mode [ 1655.138360][T18214] syzkaller0: entered allmulticast mode [ 1655.194216][T18214] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2447'. [ 1655.284233][T18214] tipc: Resetting bearer [ 1655.415696][T18213] tipc: Resetting bearer [ 1655.460021][T18213] tipc: Disabling bearer [ 1655.631588][T17181] tipc: Left network mode [ 1655.865194][T17181] bond1: (slave ip6erspan0): Releasing active interface [ 1655.951608][T17181] bond4: (slave ip6gretap1): Removing an active aggregator [ 1655.970561][ T58] bond4: Warning: Found an uninitialized port [ 1655.979929][T17181] bond4: (slave ip6gretap1): Releasing backup interface [ 1656.052644][T18226] dvmrp12: entered allmulticast mode [ 1656.136635][T18194] chnl_net:caif_netlink_parms(): no params data found [ 1656.184770][T18225] dvmrp12: left allmulticast mode [ 1656.210473][ T5794] Bluetooth: hci2: command tx timeout [ 1657.006199][T18240] syzkaller0: entered promiscuous mode [ 1657.017995][T18240] syzkaller0: entered allmulticast mode [ 1657.093686][T18194] bridge0: port 1(bridge_slave_0) entered blocking state [ 1657.118040][T18194] bridge0: port 1(bridge_slave_0) entered disabled state [ 1657.138439][T18194] bridge_slave_0: entered allmulticast mode [ 1657.150368][T18194] bridge_slave_0: entered promiscuous mode [ 1657.280273][T18194] bridge0: port 2(bridge_slave_1) entered blocking state [ 1657.287612][T18194] bridge0: port 2(bridge_slave_1) entered disabled state [ 1657.295987][T18194] bridge_slave_1: entered allmulticast mode [ 1657.304600][T18194] bridge_slave_1: entered promiscuous mode [ 1657.442603][T18194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1658.308738][ T5794] Bluetooth: hci2: command tx timeout [ 1662.110641][T18271] loop2: detected capacity change from 0 to 512 [ 1664.172774][T18194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1664.570656][T18194] team0: Port device team_slave_0 added [ 1664.681525][T18194] team0: Port device team_slave_1 added [ 1665.006480][T18194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1665.020748][T18194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1665.072583][T18194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1665.171117][T17181] hsr_slave_0: left promiscuous mode [ 1665.207499][T17181] hsr_slave_1: left promiscuous mode [ 1665.235942][T17181] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1665.284210][T17181] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1665.320185][T17181] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1665.328226][T17181] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1665.345007][T17181] bridge_slave_1: left allmulticast mode [ 1665.350820][T17181] bridge_slave_1: left promiscuous mode [ 1665.363212][T17181] bridge0: port 2(bridge_slave_1) entered disabled state [ 1665.383010][T17181] bridge_slave_0: left allmulticast mode [ 1665.396357][T17181] bridge_slave_0: left promiscuous mode [ 1665.403128][T17181] bridge0: port 1(bridge_slave_0) entered disabled state [ 1665.530578][T17181] veth1_macvtap: left promiscuous mode [ 1665.544035][T17181] veth0_macvtap: left promiscuous mode [ 1665.549886][T17181] veth1_vlan: left promiscuous mode [ 1665.560512][T17181] veth0_vlan: left promiscuous mode [ 1666.413027][T17181] bond5 (unregistering): Released all slaves [ 1666.553683][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1666.560369][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1666.896039][T17181] bond4 (unregistering): Released all slaves [ 1667.363131][T17181] bond3 (unregistering): Released all slaves [ 1667.673177][T17181] bond2 (unregistering): Released all slaves [ 1667.959274][T17181] bond1 (unregistering): Released all slaves [ 1668.937462][T17181] team_slave_1 (unregistering): left promiscuous mode [ 1668.955103][T17181] team0 (unregistering): Port device team_slave_1 removed [ 1669.055167][T17181] team_slave_0 (unregistering): left promiscuous mode [ 1669.073483][T17181] team0 (unregistering): Port device team_slave_0 removed [ 1669.174052][T17181] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1669.274745][T17181] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1670.505849][T17181] smc: removing net device bond0 with user defined pnetid SYZ2 [ 1670.516455][T17181] bond0 (unregistering): Released all slaves [ 1670.661669][T18194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1670.668925][T18194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1670.781491][T18194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1671.138017][T18194] hsr_slave_0: entered promiscuous mode [ 1671.168427][T18194] hsr_slave_1: entered promiscuous mode [ 1671.192574][T18194] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1671.201523][T18194] Cannot create hsr debugfs directory [ 1671.975629][T17181] IPVS: stop unused estimator thread 0... [ 1680.881944][T18381] loop3: detected capacity change from 0 to 512 [ 1685.306658][T18194] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1685.417188][T18194] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1685.485173][T18194] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1685.545250][T18194] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1685.663955][T18411] loop4: detected capacity change from 0 to 164 [ 1685.696725][T18411] Unable to read rock-ridge attributes [ 1685.744569][T18411] Unable to read rock-ridge attributes [ 1685.801349][T18411] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 1686.169404][T18194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1686.314609][T18425] syzkaller0: create flow: hash 2257322119 index 1 [ 1686.580834][ T1078] syzkaller0: tun_net_xmit 76 [ 1686.593398][ T1078] syzkaller0: tun_net_xmit 48 [ 1686.602314][T13619] syzkaller0: tun_net_xmit 76 [ 1686.616690][T18194] 8021q: adding VLAN 0 to HW filter on device team0 [ 1686.686841][ T1078] bridge0: port 1(bridge_slave_0) entered blocking state [ 1686.694219][ T1078] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1686.767845][T18419] syzkaller0: delete flow: hash 2257322119 index 1 [ 1690.952484][ T1078] bridge0: port 2(bridge_slave_1) entered blocking state [ 1690.959735][ T1078] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1691.156161][T18194] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1691.873116][T18194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1692.064835][T18194] veth0_vlan: entered promiscuous mode [ 1692.175057][T18194] veth1_vlan: entered promiscuous mode [ 1692.415798][T18194] veth0_macvtap: entered promiscuous mode [ 1692.452310][T18194] veth1_macvtap: entered promiscuous mode [ 1692.483967][T18487] tipc: Enabled bearer , priority 0 [ 1692.506519][T18487] syzkaller0: entered promiscuous mode [ 1692.523611][T18487] syzkaller0: entered allmulticast mode [ 1692.623319][T18487] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2500'. [ 1692.656560][T18487] tipc: Resetting bearer [ 1692.674824][T18486] tipc: Resetting bearer [ 1692.745480][T18486] tipc: Disabling bearer [ 1692.782903][T18194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1692.838674][T18194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1692.864002][T18194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1692.903820][T18194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1692.915124][T18194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1692.926752][T18194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1692.940360][T18194] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1692.955847][T18194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1692.997570][T18194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1693.023892][T18194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1693.068856][T18194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1693.098698][T18194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1693.138656][T18194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1693.167214][T18194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1693.270050][T18194] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1693.301403][T18194] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1693.325455][T18194] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1693.352672][T18194] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1693.694905][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1693.744370][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1693.915701][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1693.935120][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1694.319037][T18531] dvmrp12: entered allmulticast mode [ 1694.325292][T18529] tipc: Started in network mode [ 1694.338344][T18529] tipc: Node identity ae19b0ca0436, cluster identity 4711 [ 1694.357307][T18529] tipc: Enabled bearer , priority 0 [ 1694.444022][T18531] dvmrp12: left allmulticast mode [ 1694.638856][T18532] syzkaller0: entered promiscuous mode [ 1694.644436][T18532] syzkaller0: entered allmulticast mode [ 1694.708677][T18537] tipc: Resetting bearer [ 1694.743366][T18528] tipc: Resetting bearer [ 1694.821381][T18528] tipc: Disabling bearer [ 1695.562625][T18562] ptrace attach of "./syz-executor exec"[18563] was attempted by "./syz-executor exec"[18562] [ 1695.612862][T18562] ptrace attach of "./syz-executor exec"[18563] was attempted by "./syz-executor exec"[18562] [ 1697.274649][T18581] loop0: detected capacity change from 0 to 32768 [ 1697.392498][T18581] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1697.422236][ T28] audit: type=1800 audit(1767391480.425:86): pid=18581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2521" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 1698.681082][T18194] ocfs2: Unmounting device (7,0) on (node local) [ 1699.516979][T18626] ptrace attach of "./syz-executor exec"[18630] was attempted by "./syz-executor exec"[18626] [ 1699.533678][T18626] ptrace attach of "./syz-executor exec"[18630] was attempted by "./syz-executor exec"[18626] [ 1699.943524][ T3473] syzkaller0: tun_net_xmit 76 [ 1699.955296][ T3473] syzkaller0: tun_net_xmit 48 [ 1699.965400][T18443] syzkaller0: tun_net_xmit 76 [ 1700.015272][T18443] syzkaller0: tun_net_xmit 76 [ 1700.867676][T18638] loop0: detected capacity change from 0 to 32768 [ 1700.963841][T18638] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1701.031357][ T28] audit: type=1800 audit(1767391484.027:87): pid=18638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2538" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 1703.030538][T18194] ocfs2: Unmounting device (7,0) on (node local) [ 1705.911296][T18650] tipc: Enabling of bearer rejected, failed to enable media [ 1706.565064][T18691] tipc: Enabled bearer , priority 0 [ 1706.590317][T18691] tipc: Resetting bearer [ 1706.649213][T18689] tipc: Disabling bearer [ 1707.529638][T18712] tipc: Enabled bearer , priority 0 [ 1707.568598][T18712] tipc: Resetting bearer [ 1707.683002][T18711] tipc: Disabling bearer [ 1707.753752][T18716] loop0: detected capacity change from 0 to 164 [ 1707.783558][T18716] Unable to read rock-ridge attributes [ 1707.810125][T18716] Unable to read rock-ridge attributes [ 1707.985131][T18720] syzkaller0: entered promiscuous mode [ 1707.990692][T18720] syzkaller0: entered allmulticast mode [ 1708.894705][T18738] tipc: Enabled bearer , priority 0 [ 1708.932382][T18738] syzkaller0: entered promiscuous mode [ 1708.937986][T18738] syzkaller0: entered allmulticast mode [ 1708.975200][T18740] tipc: Enabled bearer , priority 0 [ 1709.002422][T18738] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2569'. [ 1709.054174][T18740] tipc: Resetting bearer [ 1709.068465][T18738] tipc: Resetting bearer [ 1709.099973][T18742] loop3: detected capacity change from 0 to 164 [ 1709.140907][T18742] Unable to read rock-ridge attributes [ 1709.172691][T18742] Unable to read rock-ridge attributes [ 1709.214731][T18739] tipc: Disabling bearer [ 1709.260555][T18737] tipc: Resetting bearer [ 1709.425683][T18737] tipc: Disabling bearer [ 1709.673121][T17412] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1709.709681][T17412] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1709.720131][T17412] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1709.755374][T17412] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1709.765441][T17412] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1709.777401][T17412] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1710.044161][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1710.209321][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1710.387929][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1710.455050][T18772] loop3: detected capacity change from 0 to 512 [ 1710.888923][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.635583][T18780] loop0: detected capacity change from 0 to 256 [ 1711.862564][ T5794] Bluetooth: hci0: command tx timeout [ 1712.198766][ T11] tipc: Left network mode [ 1712.226415][T18787] loop2: detected capacity change from 0 to 256 [ 1712.238651][T18752] chnl_net:caif_netlink_parms(): no params data found [ 1712.752385][ T11] bond1: (slave ip6erspan0): Releasing active interface [ 1713.517784][T18752] bridge0: port 1(bridge_slave_0) entered blocking state [ 1713.536057][T18752] bridge0: port 1(bridge_slave_0) entered disabled state [ 1713.543692][T18752] bridge_slave_0: entered allmulticast mode [ 1713.551316][T18752] bridge_slave_0: entered promiscuous mode [ 1713.668966][T18752] bridge0: port 2(bridge_slave_1) entered blocking state [ 1713.676287][T18752] bridge0: port 2(bridge_slave_1) entered disabled state [ 1713.701685][T18752] bridge_slave_1: entered allmulticast mode [ 1713.712574][T18752] bridge_slave_1: entered promiscuous mode [ 1713.938182][T17412] Bluetooth: hci0: command tx timeout [ 1714.051620][T18752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1714.090908][T18752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1714.434259][T18752] team0: Port device team_slave_0 added [ 1714.604830][T18752] team0: Port device team_slave_1 added [ 1714.666992][T17412] Bluetooth: hci1: command 0x0406 tx timeout [ 1714.978940][T18854] ptrace attach of "./syz-executor exec"[18862] was attempted by "./syz-executor exec"[18854] [ 1715.158188][T18752] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1715.165219][T18752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1715.219056][T18752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1715.284618][T18752] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1715.296762][T18752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1715.351381][T18867] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.2594' sets config #0 [ 1715.387503][T18752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1715.882446][T18752] hsr_slave_0: entered promiscuous mode [ 1715.957444][T18752] hsr_slave_1: entered promiscuous mode [ 1715.992206][T18752] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1716.001584][T18752] Cannot create hsr debugfs directory [ 1716.017140][ T5794] Bluetooth: hci0: command tx timeout [ 1716.158663][ T11] hsr_slave_0: left promiscuous mode [ 1716.164940][ T11] hsr_slave_1: left promiscuous mode [ 1716.180470][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1716.196937][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1716.219749][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1716.234480][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1716.247160][ T11] bridge_slave_1: left allmulticast mode [ 1716.252967][ T11] bridge_slave_1: left promiscuous mode [ 1716.267044][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1716.284866][ T11] bridge_slave_0: left allmulticast mode [ 1716.292069][ T11] bridge_slave_0: left promiscuous mode [ 1716.302654][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1716.358104][ T11] veth1_macvtap: left promiscuous mode [ 1716.363847][ T11] veth0_macvtap: left promiscuous mode [ 1716.369691][ T11] veth1_vlan: left promiscuous mode [ 1716.375129][ T11] veth0_vlan: left promiscuous mode [ 1716.631862][ T11] bond4 (unregistering): (slave veth5): Releasing active interface [ 1716.714908][ T11] bond4 (unregistering): (slave veth3): Releasing active interface [ 1717.059639][ T11] bond4 (unregistering): Released all slaves [ 1717.141827][ T11] bond3 (unregistering): Released all slaves [ 1717.411887][ T11] bond2 (unregistering): Released all slaves [ 1717.724890][ T11] bond1 (unregistering): Released all slaves [ 1718.112053][ T5794] Bluetooth: hci0: command tx timeout [ 1718.508479][ T11] team_slave_1 (unregistering): left promiscuous mode [ 1718.524171][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1718.600837][ T11] team_slave_0 (unregistering): left promiscuous mode [ 1718.609568][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1718.686350][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1718.761845][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1719.663773][ T11] smc: removing net device bond0 with user defined pnetid SYZ2 [ 1719.671941][ T11] bond0 (unregistering): Released all slaves [ 1723.678209][T18893] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2601'. [ 1723.777657][T18895] tipc: Started in network mode [ 1723.787235][T18895] tipc: Node identity 9a5cff62a9e1, cluster identity 4711 [ 1723.797723][T18895] tipc: Enabled bearer , priority 0 [ 1723.893269][T18895] syzkaller0: entered promiscuous mode [ 1723.898968][T18895] syzkaller0: entered allmulticast mode [ 1724.100221][T18894] tipc: Resetting bearer [ 1724.164812][T18894] tipc: Disabling bearer [ 1724.685429][ T11] IPVS: stop unused estimator thread 0... [ 1725.894743][T18752] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1725.918476][T18752] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1725.983068][T18752] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1726.008937][T18752] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1726.520982][T18752] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1726.641170][T18752] 8021q: adding VLAN 0 to HW filter on device team0 [ 1726.857312][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 1726.864794][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1727.009235][ T3473] bridge0: port 2(bridge_slave_1) entered blocking state [ 1727.016686][ T3473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1727.756127][T18975] tipc: Enabled bearer , priority 0 [ 1727.769852][T18977] fuse: Bad value for 'fd' [ 1727.782373][T18975] syzkaller0: entered promiscuous mode [ 1727.810796][T18975] syzkaller0: entered allmulticast mode [ 1727.935840][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1727.942406][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1727.967611][T18974] tipc: Resetting bearer [ 1728.019520][T18974] tipc: Disabling bearer [ 1728.103656][T18752] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1729.377737][T18752] veth0_vlan: entered promiscuous mode [ 1729.455416][T18752] veth1_vlan: entered promiscuous mode [ 1729.604641][T18752] veth0_macvtap: entered promiscuous mode [ 1729.636898][T18752] veth1_macvtap: entered promiscuous mode [ 1729.710749][T18752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1729.758193][T18752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1729.785627][T18752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1729.801191][T18752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1729.811801][T18752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1729.828583][T18752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1729.843259][T18752] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1729.892110][T18752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1729.923304][T18752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1729.969896][T18752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1729.997655][T18752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1730.013328][T18752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1730.034193][T18752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1730.057997][T18752] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1730.130883][T18752] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1730.170310][T18752] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1730.213522][T18752] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1730.245023][T18752] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1730.730784][ T2166] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1730.745024][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1730.790057][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1730.929600][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1730.950266][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1730.959887][ T2166] usb 4-1: Using ep0 maxpacket: 32 [ 1730.999023][ T2166] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 1731.029323][ T2166] usb 4-1: config 0 has no interface number 0 [ 1731.053018][ T2166] usb 4-1: config 0 interface 12 has no altsetting 0 [ 1731.091962][ T2166] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1731.106353][ T2166] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1731.128015][ T2166] usb 4-1: Product: syz [ 1731.154615][ T2166] usb 4-1: Manufacturer: syz [ 1731.162425][ T2166] usb 4-1: SerialNumber: syz [ 1731.192932][ T2166] usb 4-1: config 0 descriptor?? [ 1731.205110][ T2166] f81534 4-1:0.12: required endpoints missing [ 1731.409210][ T2166] usb 1-1: new low-speed USB device number 4 using dummy_hcd [ 1731.612271][ T2166] usb 1-1: config 65 has an invalid interface number: 95 but max is 0 [ 1731.651473][ T2166] usb 1-1: config 65 has no interface number 0 [ 1731.701867][ T2166] usb 1-1: string descriptor 0 read error: -22 [ 1731.709698][ T2166] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6f.b6 [ 1731.725281][ T2166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1731.747858][ T2166] usbtest 1-1:65.95: Linux gadget zero [ 1731.772917][ T2166] usbtest 1-1:65.95: low-speed {control in/out} tests (+alt) [ 1732.078150][ T28] audit: type=1326 audit(1767391515.092:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19068 comm="syz.0.2632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9f058eec9 code=0x7ffc0000 [ 1732.137263][ T28] audit: type=1326 audit(1767391515.092:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19068 comm="syz.0.2632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9f058eec9 code=0x7ffc0000 [ 1732.372556][ T5872] usb 1-1: USB disconnect, device number 4 [ 1732.627547][T11131] usb 4-1: USB disconnect, device number 6 [ 1734.062301][T19151] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1735.141119][ T5794] Bluetooth: hci4: command 0x0406 tx timeout [ 1737.496923][T19140] tipc: Enabling of bearer rejected, failed to enable media [ 1737.549737][T19160] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2652'. [ 1737.917655][T19179] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2657'. [ 1737.955025][T19179] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2657'. [ 1738.199265][T19188] dvmrp12: entered allmulticast mode [ 1738.212046][T19184] kvm: pic: non byte write [ 1738.238206][T19188] dvmrp12: left allmulticast mode [ 1738.712732][T19205] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2669'. [ 1738.723174][T19205] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2669'. [ 1738.795459][T13706] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1738.985318][T13706] usb 4-1: Using ep0 maxpacket: 32 [ 1739.010962][T13706] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 1739.035428][T13706] usb 4-1: config 0 has no interface number 0 [ 1739.051629][T13706] usb 4-1: config 0 interface 12 has no altsetting 0 [ 1739.075789][T13706] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1739.095393][T13706] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1739.103562][T13706] usb 4-1: Product: syz [ 1739.115514][T13706] usb 4-1: Manufacturer: syz [ 1739.125526][T13706] usb 4-1: SerialNumber: syz [ 1739.157649][T13706] usb 4-1: config 0 descriptor?? [ 1739.163530][T19213] dvmrp12: entered allmulticast mode [ 1739.187706][T13706] f81534 4-1:0.12: required endpoints missing [ 1739.210961][T19213] dvmrp12: left allmulticast mode [ 1739.339450][T19218] ptrace attach of "./syz-executor exec"[19220] was attempted by "./syz-executor exec"[19218] [ 1739.356987][T19218] ptrace attach of "./syz-executor exec"[19220] was attempted by "./syz-executor exec"[19218] [ 1739.765870][T19230] tipc: Enabling of bearer rejected, failed to enable media [ 1740.488537][ T2166] usb 4-1: USB disconnect, device number 7 [ 1740.638307][T19249] dvmrp12: entered allmulticast mode [ 1740.686096][T19249] dvmrp12: left allmulticast mode [ 1740.936992][T19263] tipc: Enabling of bearer rejected, failed to enable media [ 1741.268483][T19274] dvmrp12: entered allmulticast mode [ 1741.386295][T19274] dvmrp12: left allmulticast mode [ 1742.003117][T19293] dvmrp12: entered allmulticast mode [ 1742.048989][T19297] tipc: Enabling of bearer rejected, failed to enable media [ 1742.062253][T19293] dvmrp12: left allmulticast mode [ 1742.553672][ T5872] usb 3-1: new low-speed USB device number 8 using dummy_hcd [ 1742.617717][T19317] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2707'. [ 1742.648142][T19321] fuse: Unknown parameter 'user00000000000000000000' [ 1742.815008][ T5872] usb 3-1: config 65 has an invalid interface number: 95 but max is 0 [ 1742.824770][ T5872] usb 3-1: config 65 has no interface number 0 [ 1742.844467][ T5872] usb 3-1: string descriptor 0 read error: -22 [ 1742.850823][ T5872] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6f.b6 [ 1742.872880][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1742.885815][ T5872] usbtest 3-1:65.95: Linux gadget zero [ 1742.891614][ T5872] usbtest 3-1:65.95: low-speed {control in/out} tests (+alt) [ 1743.053452][T13706] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 1743.237884][ T28] audit: type=1326 audit(1767391526.258:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1743.282796][ T28] audit: type=1326 audit(1767391526.258:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f40de78db2a code=0x7ffc0000 [ 1743.282912][T13706] usb 5-1: config 0 has no interfaces? [ 1743.321760][T13706] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1743.331654][ T28] audit: type=1326 audit(1767391526.258:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f40de7c1785 code=0x7ffc0000 [ 1743.343244][T13706] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1743.368807][T13706] usb 5-1: Product: syz [ 1743.374787][T13706] usb 5-1: Manufacturer: syz [ 1743.379710][T13706] usb 5-1: SerialNumber: syz [ 1743.404531][T13706] usb 5-1: config 0 descriptor?? [ 1743.433423][ T28] audit: type=1326 audit(1767391526.448:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f40de72af79 code=0x7ffc0000 [ 1743.525289][ T5872] usb 3-1: USB disconnect, device number 8 [ 1743.578207][ T28] audit: type=1326 audit(1767391526.448:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1743.640370][ T28] audit: type=1326 audit(1767391526.448:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1743.692089][ T28] audit: type=1326 audit(1767391526.448:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1743.896382][ T28] audit: type=1326 audit(1767391526.448:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1744.171414][ T28] audit: type=1326 audit(1767391526.448:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1744.268939][ T28] audit: type=1326 audit(1767391526.448:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19306 comm="syz.2.2706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1745.042652][T19344] dvmrp12: entered allmulticast mode [ 1745.124219][T19344] dvmrp12: left allmulticast mode [ 1745.646415][T19348] tipc: Enabling of bearer rejected, failed to enable media [ 1745.947339][T19360] syzkaller0: entered promiscuous mode [ 1745.974064][T19360] syzkaller0: entered allmulticast mode [ 1746.149460][T19361] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2720'. [ 1746.181422][ T2166] usb 5-1: USB disconnect, device number 6 [ 1747.247115][T19387] fuse: Bad value for 'fd' [ 1747.540861][T19393] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2733'. [ 1747.571475][T19391] tipc: Enabling of bearer rejected, failed to enable media [ 1748.957993][T19431] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2744'. [ 1750.849420][T11131] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1750.987037][T19477] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1751.040269][T11131] usb 4-1: Using ep0 maxpacket: 32 [ 1751.052695][T11131] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 1751.069250][T11131] usb 4-1: config 0 has no interface number 0 [ 1751.077183][T11131] usb 4-1: config 0 interface 12 has no altsetting 0 [ 1751.099565][T15522] usb 3-1: new low-speed USB device number 9 using dummy_hcd [ 1751.129873][T11131] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1751.159444][T11131] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1751.167523][T11131] usb 4-1: Product: syz [ 1751.175235][T11131] usb 4-1: Manufacturer: syz [ 1751.182402][T11131] usb 4-1: SerialNumber: syz [ 1751.195952][T11131] usb 4-1: config 0 descriptor?? [ 1751.206711][T11131] f81534 4-1:0.12: required endpoints missing [ 1751.221893][T19481] tipc: Enabled bearer , priority 0 [ 1751.232209][T19481] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2768'. [ 1751.258092][T19481] tipc: Resetting bearer [ 1751.296032][T19480] tipc: Disabling bearer [ 1751.323700][T15522] usb 3-1: config 65 has an invalid interface number: 95 but max is 0 [ 1751.332363][T15522] usb 3-1: config 65 has no interface number 0 [ 1751.343489][T15522] usb 3-1: string descriptor 0 read error: -22 [ 1751.351288][T15522] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6f.b6 [ 1751.361362][T15522] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1751.383141][T15522] usbtest 3-1:65.95: Linux gadget zero [ 1751.388715][T15522] usbtest 3-1:65.95: low-speed {control in/out} tests (+alt) [ 1751.697892][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 1751.697907][ T28] audit: type=1326 audit(1767391534.722:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1751.718052][T12466] usb 3-1: USB disconnect, device number 9 [ 1751.737358][ T28] audit: type=1326 audit(1767391534.722:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1751.802184][ T28] audit: type=1326 audit(1767391534.722:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1751.872735][ T28] audit: type=1326 audit(1767391534.722:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1751.906024][ T28] audit: type=1326 audit(1767391534.722:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1751.942717][ T28] audit: type=1326 audit(1767391534.722:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1752.003597][ T28] audit: type=1326 audit(1767391534.722:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1752.035041][ T28] audit: type=1326 audit(1767391534.722:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1752.063955][ T28] audit: type=1326 audit(1767391534.722:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1752.104096][ T28] audit: type=1326 audit(1767391534.722:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1753.627164][T15522] usb 4-1: USB disconnect, device number 8 [ 1755.303661][T19567] loop2: detected capacity change from 0 to 512 [ 1757.693586][T19594] tipc: Enabled bearer , priority 0 [ 1757.725151][T19594] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2807'. [ 1757.764281][T19594] tipc: Resetting bearer [ 1757.857485][T19593] tipc: Disabling bearer [ 1759.075824][T19605] dvmrp12: entered allmulticast mode [ 1759.143824][T19605] dvmrp12: left allmulticast mode [ 1759.286586][T19601] loop3: detected capacity change from 0 to 32768 [ 1759.323885][T19601] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1759.532503][T19601] XFS (loop3): Ending clean mount [ 1759.550666][T19601] XFS (loop3): Quotacheck needed: Please wait. [ 1759.636475][T19601] XFS (loop3): Quotacheck: Done. [ 1759.824286][T19620] syzkaller0: entered promiscuous mode [ 1759.859364][T19620] syzkaller0: entered allmulticast mode [ 1760.257750][T19622] ceph: No mds server is up or the cluster is laggy [ 1760.358122][T12466] libceph: connect (1)[c::]:6789 error -101 [ 1760.366737][T12466] libceph: mon0 (1)[c::]:6789 connect error [ 1760.789154][T17780] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1760.864226][T19629] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2817'. [ 1761.522537][T19645] tipc: Enabling of bearer rejected, failed to enable media [ 1761.670217][T19654] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2824'. [ 1761.782933][T19647] 8021q: VLANs not supported on caif0 [ 1762.270342][T19664] syzkaller0: entered promiscuous mode [ 1762.276602][T19664] syzkaller0: entered allmulticast mode [ 1762.358670][T19660] loop2: detected capacity change from 0 to 32768 [ 1762.457339][T19660] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1762.758551][T19660] XFS (loop2): Ending clean mount [ 1762.781496][T19660] XFS (loop2): Quotacheck needed: Please wait. [ 1763.000093][T19660] XFS (loop2): Quotacheck: Done. [ 1763.073289][T19687] loop9: detected capacity change from 0 to 7 [ 1763.199638][T19687] Dev loop9: unable to read RDB block 7 [ 1763.233269][T19687] loop9: AHDI p3 p4 [ 1763.241646][T19687] loop9: partition table partially beyond EOD, truncated [ 1763.270248][T19687] loop9: p3 size 4227858431 extends beyond EOD, truncated [ 1763.443322][T18443] libceph: connect (1)[c::]:6789 error -101 [ 1763.450282][T18443] libceph: mon0 (1)[c::]:6789 connect error [ 1763.508971][T19692] ceph: No mds server is up or the cluster is laggy [ 1764.026165][T19502] udevd[19502]: inotify_add_watch(7, /dev/loop9p3, 10) failed: No such file or directory [ 1764.119985][T17408] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1764.285939][T19700] tipc: Enabling of bearer rejected, failed to enable media [ 1764.372642][T19703] syzkaller0: entered promiscuous mode [ 1764.378204][T19703] syzkaller0: entered allmulticast mode [ 1764.682935][T19711] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2837'. [ 1765.202940][T18443] usb 3-1: new low-speed USB device number 10 using dummy_hcd [ 1765.415058][T18443] usb 3-1: config 65 has an invalid interface number: 95 but max is 0 [ 1765.432043][T18443] usb 3-1: config 65 has no interface number 0 [ 1765.455714][T18443] usb 3-1: string descriptor 0 read error: -22 [ 1765.470420][T18443] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6f.b6 [ 1765.510925][T18443] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1765.575912][T18443] usbtest 3-1:65.95: Linux gadget zero [ 1765.601957][T18443] usbtest 3-1:65.95: low-speed {control in/out} tests (+alt) [ 1765.943231][ T28] kauditd_printk_skb: 28 callbacks suppressed [ 1765.943249][ T28] audit: type=1326 audit(1767391548.979:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19720 comm="syz.2.2839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1766.090392][ T28] audit: type=1326 audit(1767391548.979:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19720 comm="syz.2.2839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40de78eec9 code=0x7ffc0000 [ 1766.275391][ T5872] usb 3-1: USB disconnect, device number 10 [ 1766.682340][T19751] syzkaller0: entered promiscuous mode [ 1766.688034][T19751] syzkaller0: entered allmulticast mode [ 1767.914839][T19774] libceph: resolve '0..' (ret=-3): failed [ 1768.383711][T19793] syzkaller0: entered promiscuous mode [ 1768.393307][T19793] syzkaller0: entered allmulticast mode [ 1770.562618][T19818] syzkaller0: entered promiscuous mode [ 1770.568370][T19818] syzkaller0: entered allmulticast mode [ 1770.979869][T19825] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1771.244883][T19832] syzkaller0: entered promiscuous mode [ 1771.253078][T19832] syzkaller0: entered allmulticast mode [ 1771.950099][T19846] syzkaller0: entered promiscuous mode [ 1771.966013][T19846] syzkaller0: entered allmulticast mode [ 1772.613695][T19859] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1772.642305][T19861] syzkaller0: entered promiscuous mode [ 1772.648037][T19861] syzkaller0: entered allmulticast mode [ 1772.916308][T19867] libceph: resolve '0..' (ret=-3): failed [ 1772.955630][T19871] syzkaller0: entered promiscuous mode [ 1772.971313][T19871] syzkaller0: entered allmulticast mode [ 1773.995581][T19893] syzkaller0: entered promiscuous mode [ 1774.020032][T19893] syzkaller0: entered allmulticast mode [ 1774.634372][T19903] syzkaller0: entered promiscuous mode [ 1774.683398][T19903] syzkaller0: entered allmulticast mode [ 1775.456109][T19933] dvmrp12: entered allmulticast mode [ 1775.474525][T19933] dvmrp12: left allmulticast mode [ 1775.619367][T19935] syzkaller0: entered promiscuous mode [ 1775.632559][T19935] syzkaller0: entered allmulticast mode [ 1775.899610][T19941] syzkaller0: entered promiscuous mode [ 1775.905400][T19941] syzkaller0: entered allmulticast mode [ 1776.070868][T17412] Bluetooth: hci2: command 0x0406 tx timeout [ 1776.293325][T19953] dvmrp12: entered allmulticast mode [ 1776.314156][T19953] dvmrp12: left allmulticast mode [ 1776.412857][T19958] syzkaller0: entered promiscuous mode [ 1776.419460][T19958] syzkaller0: entered allmulticast mode [ 1777.404312][T19980] dvmrp12: entered allmulticast mode [ 1777.429577][T19980] dvmrp12: left allmulticast mode [ 1777.535261][T19982] syzkaller0: entered promiscuous mode [ 1777.550263][T19982] syzkaller0: entered allmulticast mode [ 1778.926960][T20012] syzkaller0: entered promiscuous mode [ 1778.932576][T20012] syzkaller0: entered allmulticast mode [ 1779.530620][T20030] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2959'. [ 1779.691663][T20035] syzkaller0: entered promiscuous mode [ 1779.707278][T20035] syzkaller0: entered allmulticast mode [ 1780.092826][T20047] netlink: 'syz.4.2967': attribute type 1 has an invalid length. [ 1780.464946][T20060] syzkaller0: entered promiscuous mode [ 1780.470816][T20060] syzkaller0: entered allmulticast mode [ 1780.578758][T20062] syzkaller0: entered promiscuous mode [ 1780.584361][T20062] syzkaller0: entered allmulticast mode [ 1780.743319][T20067] dvmrp12: entered allmulticast mode [ 1780.764036][T20067] dvmrp12: left allmulticast mode [ 1780.910316][T20071] dvmrp12: entered allmulticast mode [ 1780.916193][T20069] tipc: Enabled bearer , priority 0 [ 1780.934686][T20069] syzkaller0: entered promiscuous mode [ 1780.940354][T20069] syzkaller0: entered allmulticast mode [ 1780.948587][T20071] dvmrp12: left allmulticast mode [ 1781.068014][T20068] tipc: Resetting bearer [ 1781.113863][T20068] tipc: Disabling bearer [ 1781.604142][T20089] syzkaller0: entered promiscuous mode [ 1781.610187][T20089] syzkaller0: entered allmulticast mode [ 1782.702466][T20098] syzkaller0: entered promiscuous mode [ 1782.730810][T20098] syzkaller0: entered allmulticast mode [ 1783.134754][T20111] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2992'. [ 1783.190262][T20111] bridge0: port 2(bridge_slave_1) entered disabled state [ 1783.260474][T20112] syzkaller0: entered promiscuous mode [ 1783.270815][T20112] syzkaller0: entered allmulticast mode [ 1783.420573][T20121] syzkaller0: entered promiscuous mode [ 1783.427228][T20121] syzkaller0: entered allmulticast mode [ 1784.632963][T20140] tipc: Enabled bearer , priority 0 [ 1784.654514][T20140] syzkaller0: entered promiscuous mode [ 1784.680858][T20140] syzkaller0: entered allmulticast mode [ 1784.910163][T20145] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1784.938858][T20146] tipc: Resetting bearer [ 1784.973580][T20138] tipc: Resetting bearer [ 1785.095724][T20138] tipc: Disabling bearer [ 1785.453706][T20157] loop4: detected capacity change from 0 to 512 [ 1786.988173][T20180] Failed to get privilege flags for destination (handle=0x2:0x0) [ 1787.180509][T20184] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1787.754188][T20195] dvmrp12: entered allmulticast mode [ 1787.804104][T20194] dvmrp12: left allmulticast mode [ 1788.321393][T20200] syzkaller0: entered promiscuous mode [ 1788.327042][T20200] syzkaller0: entered allmulticast mode [ 1788.819710][T20206] dvmrp12: entered allmulticast mode [ 1788.848479][T20206] dvmrp12: left allmulticast mode [ 1789.282235][T20215] gretap0: entered promiscuous mode [ 1789.310934][T20215] vlan2: entered promiscuous mode [ 1789.348630][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1789.355774][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1789.608524][T20221] tipc: Enabling of bearer rejected, failed to enable media [ 1789.718272][T20224] dvmrp12: entered allmulticast mode [ 1789.777635][T20224] dvmrp12: left allmulticast mode [ 1790.454976][T20241] tipc: Started in network mode [ 1790.475037][T20241] tipc: Node identity aac00cd9fb7b, cluster identity 4711 [ 1790.482802][T20241] tipc: Enabled bearer , priority 0 [ 1790.501503][T20241] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3040'. [ 1790.531673][T20241] tipc: Resetting bearer [ 1790.596189][T20240] tipc: Disabling bearer [ 1790.848699][T20253] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3043'. [ 1790.936812][T20253] libceph: resolve '0..' (ret=-3): failed [ 1790.995193][T20257] tipc: Enabling of bearer rejected, failed to enable media [ 1791.848658][T20272] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1791.882745][T20274] bond1: entered allmulticast mode [ 1792.623767][T20292] tipc: Enabling of bearer rejected, failed to enable media [ 1793.158371][T20307] ptrace attach of "./syz-executor exec"[20308] was attempted by "./syz-executor exec"[20307] [ 1794.452207][T20326] syzkaller0: entered promiscuous mode [ 1794.460795][T20326] syzkaller0: entered allmulticast mode [ 1794.570194][T20331] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3065'. [ 1794.605806][T20334] tipc: Enabling of bearer rejected, failed to enable media [ 1795.278486][T20355] Failed to get privilege flags for destination (handle=0x2:0x0) [ 1796.039097][T20366] syzkaller0: entered promiscuous mode [ 1796.053268][T20366] syzkaller0: entered allmulticast mode [ 1796.219520][T20370] syzkaller0: entered promiscuous mode [ 1796.225080][T20370] syzkaller0: entered allmulticast mode [ 1796.386364][T20370] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3078'. [ 1796.886683][T20374] tipc: Enabling of bearer rejected, failed to enable media [ 1797.561890][T20399] fuse: Unknown parameter 'group_i00000000000000000000' [ 1797.765626][T20408] libceph: resolve '0..' (ret=-3): failed [ 1798.066205][T20410] Failed to get privilege flags for destination (handle=0x2:0x0) [ 1798.263226][T20417] dvmrp12: entered allmulticast mode [ 1798.320122][T20417] dvmrp12: left allmulticast mode [ 1798.572784][T20419] tipc: Enabling of bearer rejected, failed to enable media [ 1799.115463][T20433] fuse: Unknown parameter 'group_id00000000000000000000' [ 1799.769002][T20444] syzkaller0: entered promiscuous mode [ 1799.800734][T20444] syzkaller0: entered allmulticast mode [ 1799.834191][T20451] dvmrp12: entered allmulticast mode [ 1799.899179][T20452] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3102'. [ 1799.915984][T20451] dvmrp12: left allmulticast mode [ 1799.969854][ C0] vkms_vblank_simulate: vblank timer overrun [ 1800.276120][T20459] fuse: Unknown parameter 'group_id00000000000000000000' [ 1800.817224][T20468] loop0: detected capacity change from 0 to 512 [ 1802.364446][T20482] syzkaller0: entered promiscuous mode [ 1802.386325][T20485] fuse: Unknown parameter 'group_id00000000000000000000' [ 1802.389041][T20477] Failed to get privilege flags for destination (handle=0x2:0x0) [ 1802.404698][T20482] syzkaller0: entered allmulticast mode [ 1802.496708][T20487] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3115'. [ 1802.670153][T20486] xt_CT: No such helper "pptp" [ 1804.934201][T20518] loop2: detected capacity change from 0 to 512 [ 1806.413404][T20522] syzkaller0: entered promiscuous mode [ 1806.426267][T20522] syzkaller0: entered allmulticast mode [ 1806.809351][T20533] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3128'. [ 1806.850138][T20532] xt_CT: No such helper "pptp" [ 1806.900807][T20533] libceph: resolve '0..' (ret=-3): failed [ 1807.133240][T20545] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3131'. [ 1807.223351][T20545] libceph: resolve '0..' (ret=-3): failed [ 1809.840205][T20564] loop3: detected capacity change from 0 to 32768 [ 1809.890725][T20564] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1810.365982][T20564] XFS (loop3): Ending clean mount [ 1810.386427][T20564] XFS (loop3): Quotacheck needed: Please wait. [ 1810.501821][T20564] XFS (loop3): Quotacheck: Done. [ 1810.898054][T17150] libceph: connect (1)[c::]:6789 error -101 [ 1810.907342][T20578] ceph: No mds server is up or the cluster is laggy [ 1810.965799][T17150] libceph: mon0 (1)[c::]:6789 connect error [ 1811.232925][T17150] libceph: connect (1)[c::]:6789 error -101 [ 1811.239301][T17150] libceph: mon0 (1)[c::]:6789 connect error [ 1811.768673][T17150] libceph: connect (1)[c::]:6789 error -101 [ 1811.777429][T17150] libceph: mon0 (1)[c::]:6789 connect error [ 1812.472370][T17780] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1812.514467][T20597] kvm: pic: non byte write [ 1812.833503][T20602] xt_CT: No such helper "pptp" [ 1814.412047][T20619] dvmrp12: entered allmulticast mode [ 1814.445254][T20619] dvmrp12: left allmulticast mode [ 1817.957628][T20651] xt_CT: No such helper "pptp" [ 1818.125509][T20655] tipc: Enabled bearer , priority 0 [ 1818.191191][T20650] tipc: Resetting bearer [ 1819.195251][T18443] tipc: Node number set to 2855252170 [ 1820.718935][T20667] xt_CT: No such helper "pptp" [ 1822.671271][T20683] loop4: detected capacity change from 0 to 32768 [ 1822.761540][T20683] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1822.932239][T20683] XFS (loop4): Ending clean mount [ 1822.963066][T20683] XFS (loop4): Quotacheck needed: Please wait. [ 1823.328034][T20683] XFS (loop4): Quotacheck: Done. [ 1823.669849][T20683] ceph: No mds server is up or the cluster is laggy [ 1823.677880][T17150] libceph: connect (1)[c::]:6789 error -101 [ 1823.684907][T17150] libceph: mon0 (1)[c::]:6789 connect error [ 1823.881203][T18752] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1825.476899][T20650] tipc: Disabling bearer [ 1825.515395][T20679] macsec1: entered promiscuous mode [ 1825.520792][T20679] macvlan0: entered promiscuous mode [ 1825.536333][T20679] macvlan0: left promiscuous mode [ 1825.783011][T20706] syzkaller0: entered promiscuous mode [ 1825.788616][T20706] syzkaller0: entered allmulticast mode [ 1825.984161][T20710] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3173'. [ 1827.178999][T20732] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3180'. [ 1828.282447][T20748] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3185'. [ 1828.475756][T20755] libceph: resolve '0..' (ret=-3): failed [ 1829.696513][T20760] loop3: detected capacity change from 0 to 32768 [ 1829.767162][T20760] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1830.138312][T20760] XFS (loop3): Ending clean mount [ 1830.168456][T20760] XFS (loop3): Quotacheck needed: Please wait. [ 1830.318216][T20760] XFS (loop3): Quotacheck: Done. [ 1830.503138][T11131] libceph: connect (1)[c::]:6789 error -101 [ 1830.509293][T11131] libceph: mon0 (1)[c::]:6789 connect error [ 1830.547030][T20800] ceph: No mds server is up or the cluster is laggy [ 1830.716287][T17780] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1833.362458][T20856] xt_CT: No such helper "pptp" [ 1837.980399][T20895] dvmrp12: entered allmulticast mode [ 1838.000607][T20895] dvmrp12: left allmulticast mode [ 1838.130054][T20897] kvm: pic: non byte write [ 1838.175971][T20899] tipc: Enabled bearer , priority 0 [ 1839.185506][ T2166] tipc: Node number set to 868089698 [ 1842.448205][ T11] tipc: Resetting bearer [ 1842.458384][T20890] tipc: Resetting bearer [ 1846.186745][T20890] tipc: Disabling bearer [ 1846.963140][T20965] Failed to get privilege flags for destination (handle=0x2:0x0) [ 1847.382721][T20969] loop0: detected capacity change from 0 to 8 [ 1847.531025][T20969] SQUASHFS error: Failed to read block 0x4de: -5 [ 1847.545154][T20969] SQUASHFS error: Failed to read block 0x4de: -5 [ 1847.612998][ T28] audit: type=1800 audit(1767391630.630:166): pid=20969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3256" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 1849.081401][T20977] kvm: pic: non byte write [ 1849.114996][T20977] kvm: vcpu 0: requested 106496 ns lapic timer period limited to 200000 ns [ 1849.127859][T20977] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1210971276 (77502161664 ns) > initial count (200000 ns). Using initial count to start timer. [ 1850.583050][T21006] xt_CT: No such helper "pptp" [ 1850.753928][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1850.788550][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1853.217295][T21015] tipc: Enabled bearer , priority 0 [ 1853.292622][T21013] tipc: Resetting bearer [ 1853.383391][T21012] tipc: Disabling bearer [ 1853.596495][T21030] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3268'. [ 1853.654337][T21030] libceph: resolve '0..' (ret=-3): failed [ 1853.712111][T21033] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3270'. [ 1853.757897][T17150] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1853.777405][T21033] libceph: resolve '0..' (ret=-3): failed [ 1853.957885][T17150] usb 5-1: Using ep0 maxpacket: 16 [ 1853.972666][T17150] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1853.986675][T17150] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1854.022434][T17150] usb 5-1: Product: syz [ 1854.032559][T17150] usb 5-1: Manufacturer: syz [ 1854.045033][T17150] usb 5-1: SerialNumber: syz [ 1854.061892][T17150] r8152-cfgselector 5-1: config 0 descriptor?? [ 1854.883484][T17150] r8152-cfgselector 5-1: Unknown version 0x0000 [ 1854.901558][T17150] r8152-cfgselector 5-1: USB disconnect, device number 7 [ 1855.483816][T21042] loop3: detected capacity change from 0 to 8 [ 1855.546687][T21042] SQUASHFS error: Failed to read block 0x4de: -5 [ 1855.556009][T21042] SQUASHFS error: Failed to read block 0x4de: -5 [ 1855.577619][ T28] audit: type=1800 audit(1767391638.644:167): pid=21042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3272" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 1855.597279][ C0] vkms_vblank_simulate: vblank timer overrun [ 1856.682371][T21057] syzkaller0: entered promiscuous mode [ 1856.688196][T21057] syzkaller0: entered allmulticast mode [ 1862.785649][T21086] loop2: detected capacity change from 0 to 8 [ 1862.856693][T21086] SQUASHFS error: Failed to read block 0x4de: -5 [ 1862.865994][T21086] SQUASHFS error: Failed to read block 0x4de: -5 [ 1862.892730][T21086] SQUASHFS error: Failed to read block 0x4de: -5 [ 1862.907249][T21086] SQUASHFS error: Failed to read block 0x4de: -5 [ 1862.916257][T21086] SQUASHFS error: Failed to read block 0x4de: -5 [ 1862.924244][T21086] SQUASHFS error: Failed to read block 0x4de: -5 [ 1862.938048][T21086] SQUASHFS error: Failed to read block 0x4de: -5 [ 1862.945710][T21086] SQUASHFS error: Failed to read block 0x4de: -5 [ 1862.954582][ T28] audit: type=1800 audit(1767391645.958:168): pid=21086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3283" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 1866.316130][T21071] tipc: Enabling of bearer rejected, failed to enable media [ 1866.890225][T21112] loop3: detected capacity change from 0 to 8 [ 1866.970481][T21112] SQUASHFS error: Failed to read block 0x4de: -5 [ 1866.979635][T21112] SQUASHFS error: Failed to read block 0x4de: -5 [ 1867.001498][T21112] SQUASHFS error: Failed to read block 0x4de: -5 [ 1867.009809][T21112] SQUASHFS error: Failed to read block 0x4de: -5 [ 1867.019021][T21112] SQUASHFS error: Failed to read block 0x4de: -5 [ 1867.026690][T21112] SQUASHFS error: Failed to read block 0x4de: -5 [ 1867.038675][T21112] SQUASHFS error: Failed to read block 0x4de: -5 [ 1867.046225][T21112] SQUASHFS error: Failed to read block 0x4de: -5 [ 1867.065895][ T28] audit: type=1800 audit(1767391650.070:169): pid=21112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3288" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 1871.808932][T17150] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1872.346888][T17150] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1872.380770][T17150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1872.443846][T17150] usb 4-1: config 0 descriptor?? [ 1874.879881][T17150] pegasus: probe of 4-1:0.0 failed with error -32 [ 1875.586503][T13706] usb 4-1: USB disconnect, device number 9 [ 1876.317571][T21170] fuse: Bad value for 'fd' [ 1880.837170][T21196] loop0: detected capacity change from 0 to 8 [ 1880.944111][T21196] SQUASHFS error: Failed to read block 0x4de: -5 [ 1880.952948][T21196] SQUASHFS error: Failed to read block 0x4de: -5 [ 1880.972228][T21196] SQUASHFS error: Failed to read block 0x4de: -5 [ 1880.979688][T21196] SQUASHFS error: Failed to read block 0x4de: -5 [ 1880.987404][T21196] SQUASHFS error: Failed to read block 0x4de: -5 [ 1880.996392][T21196] SQUASHFS error: Failed to read block 0x4de: -5 [ 1881.064331][ T28] audit: type=1800 audit(1767391664.047:170): pid=21196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3309" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 1882.651610][T21145] tipc: Enabling of bearer rejected, failed to enable media [ 1882.753488][T21156] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3300'. [ 1885.037404][T21207] binder: 21206:21207 ioctl c0306201 200000000180 returned -14 [ 1885.492752][T21229] loop2: detected capacity change from 0 to 8 [ 1885.555982][T21229] SQUASHFS error: Failed to read block 0x4de: -5 [ 1885.564950][T21229] SQUASHFS error: Failed to read block 0x4de: -5 [ 1885.583852][T21229] SQUASHFS error: Failed to read block 0x4de: -5 [ 1885.591386][T21229] SQUASHFS error: Failed to read block 0x4de: -5 [ 1885.599104][T21229] SQUASHFS error: Failed to read block 0x4de: -5 [ 1885.606842][T21229] SQUASHFS error: Failed to read block 0x4de: -5 [ 1885.814048][ T28] audit: type=1800 audit(1767391668.669:171): pid=21229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3319" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 1887.027854][T21249] loop0: detected capacity change from 0 to 8 [ 1887.134236][T21249] SQUASHFS error: Failed to read block 0x4de: -5 [ 1887.143519][T21249] SQUASHFS error: Failed to read block 0x4de: -5 [ 1887.163176][T21249] SQUASHFS error: Failed to read block 0x4de: -5 [ 1887.171494][T21249] SQUASHFS error: Failed to read block 0x4de: -5 [ 1887.179210][T21249] SQUASHFS error: Failed to read block 0x4de: -5 [ 1887.186594][T21249] SQUASHFS error: Failed to read block 0x4de: -5 [ 1887.206869][ T28] audit: type=1800 audit(1767391670.240:172): pid=21249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3318" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 1888.157745][T21242] loop3: detected capacity change from 0 to 32768 [ 1888.280452][T21242] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1888.451026][T21242] XFS (loop3): Ending clean mount [ 1888.491181][T21242] XFS (loop3): Quotacheck needed: Please wait. [ 1888.667584][T21242] XFS (loop3): Quotacheck: Done. [ 1889.066535][T21277] xt_hashlimit: size too large, truncated to 1048576 [ 1889.892756][T21281] ceph: No mds server is up or the cluster is laggy [ 1889.902744][T18443] libceph: connect (1)[c::]:6789 error -101 [ 1889.970199][T18443] libceph: mon0 (1)[c::]:6789 connect error [ 1890.288519][T17780] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1895.156748][T21295] loop3: detected capacity change from 0 to 8 [ 1895.220955][ T5794] Bluetooth: hci0: link tx timeout [ 1895.235045][ T5794] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 1895.500473][T21295] SQUASHFS error: Failed to read block 0x4de: -5 [ 1895.509422][T21295] SQUASHFS error: Failed to read block 0x4de: -5 [ 1895.597064][ T28] audit: type=1800 audit(1767391678.614:173): pid=21295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3330" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 1895.887986][T21239] tipc: Enabling of bearer rejected, failed to enable media [ 1895.927712][T21251] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3323'. [ 1896.127149][T21302] loop4: detected capacity change from 0 to 1024 [ 1896.134831][T21302] EXT4-fs: Ignoring removed nobh option [ 1896.156198][T21302] EXT4-fs: inline encryption not supported [ 1896.176350][T21302] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1897.914786][T17412] Bluetooth: hci0: command 0x0406 tx timeout [ 1898.000615][T21302] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1900.164823][T21302] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5902: Out of memory [ 1900.215953][T21302] EXT4-fs error (device loop4): __ext4_unlink:3328: inode #2: comm syz.4.3333: mark_inode_dirty error [ 1900.373909][T18752] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5902: Out of memory [ 1900.398284][T18752] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #15: comm syz-executor: mark_inode_dirty error [ 1900.442047][T18752] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1901.062809][T21333] loop4: detected capacity change from 0 to 8 [ 1901.123077][T21333] SQUASHFS error: Failed to read block 0x4de: -5 [ 1901.132748][T21333] SQUASHFS error: Failed to read block 0x4de: -5 [ 1901.151602][T21333] SQUASHFS error: Failed to read block 0x4de: -5 [ 1901.159049][T21333] SQUASHFS error: Failed to read block 0x4de: -5 [ 1901.302802][ T28] audit: type=1800 audit(1767391684.237:174): pid=21333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3342" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 1907.430353][T21374] xt_hashlimit: size too large, truncated to 1048576 [ 1912.165862][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1912.172452][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1912.581930][T21342] tipc: Enabling of bearer rejected, failed to enable media [ 1912.593608][T21353] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3343'. [ 1914.557680][T21398] binder: 21397:21398 ioctl c0306201 200000000180 returned -14 [ 1914.623543][T21403] syzkaller0: entered promiscuous mode [ 1914.639431][T21403] syzkaller0: entered allmulticast mode [ 1918.723000][T21419] loop0: detected capacity change from 0 to 1024 [ 1918.736713][T21419] EXT4-fs: Ignoring removed nobh option [ 1918.742569][T21419] EXT4-fs: inline encryption not supported [ 1918.846256][T21419] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1918.937884][T21419] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1919.517968][T21419] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Out of memory [ 1919.560198][T21419] EXT4-fs error (device loop0): __ext4_unlink:3328: inode #2: comm syz.0.3361: mark_inode_dirty error [ 1919.750350][T18194] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Out of memory [ 1919.809053][T18194] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #15: comm syz-executor: mark_inode_dirty error [ 1919.830782][T18194] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1920.154912][T13706] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1920.385751][T13706] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1920.395268][T13706] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1920.423394][T13706] usb 4-1: config 0 descriptor?? [ 1921.527410][T13706] pegasus: probe of 4-1:0.0 failed with error -32 [ 1922.772085][ T8461] usb 4-1: USB disconnect, device number 10 [ 1924.553840][T21460] tipc: Enabling of bearer rejected, failed to enable media [ 1924.564960][T21468] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3365'. [ 1925.669555][T21484] loop4: detected capacity change from 0 to 8 [ 1925.717449][T21480] loop3: detected capacity change from 0 to 8 [ 1927.537209][T21481] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.545418][T21481] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.552847][ T28] audit: type=1800 audit(1767391710.670:175): pid=21481 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3366" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 1927.597318][T21480] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.604739][T21480] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.617416][T21480] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.624144][T21480] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.630752][T21480] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.637489][T21480] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.646549][T21480] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.653970][T21480] SQUASHFS error: Failed to read block 0x4de: -5 [ 1927.699119][ T28] audit: type=1800 audit(1767391710.730:176): pid=21480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3367" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 1928.053271][T21493] syz.0.3373[21493] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1928.053530][T21493] syz.0.3373[21493] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1928.411737][T21501] tipc: Enabling of bearer rejected, failed to enable media [ 1928.537610][T21503] syzkaller0: entered promiscuous mode [ 1928.548593][T21503] syzkaller0: entered allmulticast mode [ 1928.559667][T21501] syzkaller0: entered promiscuous mode [ 1928.572375][T21501] syzkaller0: entered allmulticast mode [ 1928.633567][T21508] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3375'. [ 1928.884736][T21510] fuse: Bad value for 'fd' [ 1931.462116][T21515] xt_hashlimit: size too large, truncated to 1048576 [ 1933.498064][T21532] xt_hashlimit: size too large, truncated to 1048576 [ 1936.013048][T21542] syz.0.3383[21542] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1936.013312][T21542] syz.0.3383[21542] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1936.238437][T21549] tipc: Enabled bearer , priority 0 [ 1938.007084][T21549] syzkaller0: entered promiscuous mode [ 1938.012645][T21549] syzkaller0: entered allmulticast mode [ 1938.056649][T21549] tipc: Resetting bearer [ 1938.104831][T21548] tipc: Resetting bearer [ 1938.212788][T21548] tipc: Disabling bearer [ 1938.394683][T21559] Failed to get privilege flags for destination (handle=0x2:0x0) [ 1940.415138][T21561] xt_CT: No such helper "pptp" [ 1941.223078][T21573] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3394'. [ 1941.370148][T21574] libceph: resolve '0..' (ret=-3): failed [ 1946.432075][T21593] syz.4.3395[21593] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1946.433593][T21593] syz.4.3395[21593] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1948.716381][T21603] loop4: detected capacity change from 0 to 8 [ 1948.786404][T21603] SQUASHFS error: Failed to read block 0x4de: -5 [ 1948.795668][T21603] SQUASHFS error: Failed to read block 0x4de: -5 [ 1948.815840][T21603] SQUASHFS error: Failed to read block 0x4de: -5 [ 1948.823627][T21603] SQUASHFS error: Failed to read block 0x4de: -5 [ 1948.831109][T21603] SQUASHFS error: Failed to read block 0x4de: -5 [ 1948.838538][T21603] SQUASHFS error: Failed to read block 0x4de: -5 [ 1948.849543][T21603] SQUASHFS error: Failed to read block 0x4de: -5 [ 1948.857793][T21603] SQUASHFS error: Failed to read block 0x4de: -5 [ 1948.894256][ T28] audit: type=1800 audit(1767391731.931:177): pid=21603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3399" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 1949.238282][T21604] syz.3.3401[21604] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1949.238540][T21604] syz.3.3401[21604] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1950.085227][T21611] loop4: detected capacity change from 0 to 8 [ 1951.936376][T21609] SQUASHFS error: Failed to read block 0x4de: -5 [ 1951.943668][T21609] SQUASHFS error: Failed to read block 0x4de: -5 [ 1951.950692][ T28] audit: type=1800 audit(1767391735.082:178): pid=21609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3402" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 1951.988345][T21609] SQUASHFS error: Failed to read block 0x4de: -5 [ 1951.995074][T21609] SQUASHFS error: Failed to read block 0x4de: -5 [ 1952.001794][T21609] SQUASHFS error: Failed to read block 0x4de: -5 [ 1952.008468][T21609] SQUASHFS error: Failed to read block 0x4de: -5 [ 1952.031502][T21609] SQUASHFS error: Failed to read block 0x4de: -5 [ 1952.038902][T21609] SQUASHFS error: Failed to read block 0x4de: -5 [ 1955.200907][T21622] xt_hashlimit: size too large, truncated to 1048576 [ 1956.098133][T21637] loop3: detected capacity change from 0 to 8 [ 1956.270682][T21636] SQUASHFS error: Failed to read block 0x4de: -5 [ 1956.309026][T21636] SQUASHFS error: Failed to read block 0x4de: -5 [ 1956.446466][ T28] audit: type=1800 audit(1767391739.464:179): pid=21636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3408" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 1957.081204][T21640] xt_hashlimit: size too large, truncated to 1048576 [ 1957.489598][T21296] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1957.520773][T21296] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1957.553763][T21296] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1957.586581][T21296] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1957.597875][T21296] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1957.606404][T21296] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1958.011522][T21650] syz.3.3411[21650] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1958.011784][T21650] syz.3.3411[21650] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1958.258006][T21654] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3412'. [ 1958.341644][T21654] libceph: resolve '0..' (ret=-3): failed [ 1959.739282][ T5794] Bluetooth: hci3: command tx timeout [ 1959.948955][T21660] xt_hashlimit: size too large, truncated to 1048576 [ 1962.872325][T12466] general protection fault, probably for non-canonical address 0xdffffc0000000026: 0000 [#1] PREEMPT SMP KASAN [ 1962.876309][ T5794] Bluetooth: hci3: command tx timeout [ 1962.884103][T12466] KASAN: null-ptr-deref in range [0x0000000000000130-0x0000000000000137] [ 1962.884132][T12466] CPU: 0 PID: 12466 Comm: kworker/0:2 Not tainted syzkaller #0 [ 1962.884152][T12466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1962.884165][T12466] Workqueue: events l2cap_info_timeout [ 1962.922082][T12466] RIP: 0010:__lock_acquire+0xeb/0x7c80 [ 1962.927600][T12466] Code: 85 dc 66 00 00 83 3d 2f be e3 0c 00 48 89 9c 24 f0 00 00 00 0f 84 11 10 00 00 83 3d fe d5 58 0b 00 74 36 48 89 f8 48 c1 e8 03 <42> 80 3c 00 00 74 1f 48 8b bc 24 88 00 00 00 e8 61 e8 75 00 48 8b [ 1962.947712][T12466] RSP: 0018:ffffc90004ef7600 EFLAGS: 00010002 [ 1962.954691][T12466] RAX: 0000000000000026 RBX: 1ffff920009deee4 RCX: 0000000000000000 [ 1962.962723][T12466] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000130 [ 1962.970741][T12466] RBP: ffffc90004ef7848 R08: dffffc0000000000 R09: 0000000000000000 [ 1962.979053][T12466] R10: dffffc0000000000 R11: fffffbfff1c9506e R12: 0000000000000001 [ 1962.987116][T12466] R13: 0000000000000000 R14: ffff888028a19e00 R15: 0000000000000000 [ 1962.995141][T12466] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1963.004115][T12466] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1963.011015][T12466] CR2: 000000110c437fc3 CR3: 0000000076219000 CR4: 00000000003506f0 [ 1963.019389][T12466] Call Trace: [ 1963.022717][T12466] [ 1963.025676][T12466] ? __lock_acquire+0x7c80/0x7c80 [ 1963.030743][T12466] ? __rwlock_init+0x150/0x150 [ 1963.035631][T12466] ? do_raw_spin_unlock+0x121/0x230 [ 1963.040982][T12466] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 1963.047002][T12466] ? _raw_spin_unlock+0x40/0x40 [ 1963.051922][T12466] ? verify_lock_unused+0x140/0x140 [ 1963.057256][T12466] ? debug_object_assert_init+0x1f1/0x2f0 [ 1963.063030][T12466] ? __timer_delete+0x6b/0x290 [ 1963.067836][T12466] lock_acquire+0x197/0x410 [ 1963.072633][T12466] ? l2cap_sock_ready_cb+0x45/0x130 [ 1963.078009][T12466] ? read_lock_is_recursive+0x20/0x20 [ 1963.083401][T12466] ? __cancel_work+0x1f8/0x2d0 [ 1963.088323][T12466] ? lockdep_hardirqs_on+0x98/0x150 [ 1963.093581][T12466] ? __cancel_work+0x273/0x2d0 [ 1963.098431][T12466] lock_sock_nested+0x48/0x100 [ 1963.103302][T12466] ? l2cap_sock_ready_cb+0x45/0x130 [ 1963.108565][T12466] l2cap_sock_ready_cb+0x45/0x130 [ 1963.113620][T12466] l2cap_conn_start+0x753/0xe40 [ 1963.118503][T12466] ? l2cap_conn_update_id_addr+0x250/0x250 [ 1963.124452][T12466] ? l2cap_info_timeout+0x60/0xa0 [ 1963.129698][T12466] ? mutex_lock_nested+0x20/0x20 [ 1963.134676][T12466] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1963.140861][T12466] ? read_lock_is_recursive+0x20/0x20 [ 1963.146359][T12466] l2cap_info_timeout+0x68/0xa0 [ 1963.151254][T12466] ? process_scheduled_works+0x957/0x15b0 [ 1963.157204][T12466] process_scheduled_works+0xa45/0x15b0 [ 1963.162804][T12466] ? assign_work+0x400/0x400 [ 1963.167599][T12466] ? assign_work+0x39e/0x400 [ 1963.172225][T12466] worker_thread+0xa55/0xfc0 [ 1963.177008][T12466] kthread+0x2fa/0x390 [ 1963.181195][T12466] ? pr_cont_work+0x560/0x560 [ 1963.185997][T12466] ? kthread_blkcg+0xd0/0xd0 [ 1963.190986][T12466] ret_from_fork+0x48/0x80 [ 1963.195439][T12466] ? kthread_blkcg+0xd0/0xd0 [ 1963.200091][T12466] ret_from_fork_asm+0x11/0x20 [ 1963.204890][T12466] [ 1963.208023][T12466] Modules linked in: [ 1963.211947][T12466] ---[ end trace 0000000000000000 ]--- [ 1963.217435][T12466] RIP: 0010:__lock_acquire+0xeb/0x7c80 [ 1963.223025][T12466] Code: 85 dc 66 00 00 83 3d 2f be e3 0c 00 48 89 9c 24 f0 00 00 00 0f 84 11 10 00 00 83 3d fe d5 58 0b 00 74 36 48 89 f8 48 c1 e8 03 <42> 80 3c 00 00 74 1f 48 8b bc 24 88 00 00 00 e8 61 e8 75 00 48 8b [ 1963.242756][T12466] RSP: 0018:ffffc90004ef7600 EFLAGS: 00010002 [ 1963.248940][T12466] RAX: 0000000000000026 RBX: 1ffff920009deee4 RCX: 0000000000000000 [ 1963.256951][T12466] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000130 [ 1963.264943][T12466] RBP: ffffc90004ef7848 R08: dffffc0000000000 R09: 0000000000000000 [ 1963.273406][T12466] R10: dffffc0000000000 R11: fffffbfff1c9506e R12: 0000000000000001 [ 1963.281575][T12466] R13: 0000000000000000 R14: ffff888028a19e00 R15: 0000000000000000 [ 1963.290026][T12466] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1963.299438][T12466] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1963.306486][T12466] CR2: 000000110c437fc3 CR3: 0000000076219000 CR4: 00000000003506f0 [ 1963.314577][T12466] Kernel panic - not syncing: Fatal exception [ 1963.321001][T12466] Kernel Offset: disabled [ 1963.325343][T12466] Rebooting in 86400 seconds..