last executing test programs: 10.734646816s ago: executing program 1 (id=1395): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa90d]}, 0x45c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) ioprio_get$uid(0x3, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) set_mempolicy(0x6002, &(0x7f0000000080), 0x4) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000540)=@nullb, &(0x7f0000000040)='./file0\x00', &(0x7f00000005c0)='vxfs\x00', 0x0, 0x0) 9.534086578s ago: executing program 1 (id=1397): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000002c0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) setsockopt$sock_linger(r2, 0x1, 0x3d, &(0x7f0000000080), 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 9.230370148s ago: executing program 1 (id=1404): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$bt_BT_SECURITY(r4, 0x12, 0x4, 0x0, 0x9e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000d40)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c0, 0x0, 0x1170, 0x1398, 0xd0, 0x1170, 0x1f0, 0x1398, 0x1398, 0x1f0, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'sit0\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@loopback, @local, [], [], 'veth1_vlan\x00', 'veth1_to_bridge\x00', {}, {}, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@frag={{0x30}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320) r6 = fsmount(0xffffffffffffffff, 0x1, 0x70) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY(r7, 0x300, 0x1, 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x7, 0x1) socket(0x0, 0x3, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r8, 0x6, 0x14, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4) 8.116891763s ago: executing program 0 (id=1406): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) socket$kcm(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) process_vm_readv(0x0, &(0x7f0000001600)=[{0x0}, {&(0x7f0000000100)=""/160, 0xa0}, {&(0x7f0000001880)=""/83, 0x53}, {&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/236, 0xec}, {&(0x7f0000001340)=""/132, 0x84}, {0x0}, {&(0x7f00000014c0)=""/25, 0x19}, {&(0x7f0000001980)=""/251, 0xfb}], 0x9, &(0x7f0000001840)=[{&(0x7f00000016c0)=""/153, 0x99}, {&(0x7f0000001780)=""/133, 0x85}], 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x268, 0xffffffff, 0xffffffff, 0x268, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast1, @local, [], [], 'gretap0\x00', 'nr0\x00'}, 0x0, 0xa8, 0xf0, 0x60030000, {0x0, 0xff000000}}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@loopback, 'macvlan1\x00'}}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0xfffffe00}}, @common=@hbh={{0x48}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x398) eventfd(0x3) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000001900)="e79469c454c44d2315aa", 0xfffffffffffffcb6, 0x4008055, &(0x7f0000001940)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}, 0xfffffffd}, 0x1c) getpid() ioctl$BINDER_FREEZE(0xffffffffffffffff, 0x400c620e, 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, 0x0, 0x48001) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000040)={0xfe, 0x2, 0x0, 0x4, 0x0, 0x0, 0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe) dup(0xffffffffffffffff) socket$tipc(0x1e, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) close(r1) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r4, 0xc02064cc, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xfff}) ioctl$SNDCTL_SEQ_GETOUTCOUNT(r3, 0x80045104, &(0x7f0000000040)) 8.034185853s ago: executing program 1 (id=1407): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c"], 0x48}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff0802110000010569ea7fa08e8df3d0edd086922799ded6", @ANYRES64], 0x398}}, 0x0) 7.732280373s ago: executing program 1 (id=1410): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000002c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000500)=0x304000000) r1 = landlock_create_ruleset(&(0x7f0000000140)={0x1000}, 0x10, 0x0) landlock_restrict_self(r1, 0x0) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xfa, 0xcf, 0x1, 0x40, 0x56e, 0x4010, 0x201c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x91, 0x55, 0xe7}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x1, 'w'}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0xfffffdb4) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 5.848942028s ago: executing program 4 (id=1413): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) listen(r0, 0xffff8000) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) getsockopt$inet_int(r1, 0x10d, 0xa8, &(0x7f00000002c0), &(0x7f0000000080)=0x4) 5.523154479s ago: executing program 0 (id=1414): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sync_file_range(r2, 0x0, 0x0, 0x3) 4.758589439s ago: executing program 4 (id=1415): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000002c0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) setsockopt$sock_linger(r2, 0x1, 0x3d, &(0x7f0000000080), 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 4.649409182s ago: executing program 3 (id=1416): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)={0x20, r4, 0x1, 0x0, 0x0, {0x1b, 0x0, 0x6}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x20}}, 0x0) 4.646624438s ago: executing program 0 (id=1417): bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x5f}, './file0\x00'}) 4.605278023s ago: executing program 2 (id=1418): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, 0x2a, 0x9, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@typed={0x14, 0x16, 0x0, 0x0, @ipv6=@mcast2}, @typed={0x8, 0xc, 0x0, 0x0, @fd=r0}]}, 0x30}, 0x1, 0x3000000}, 0x0) 4.451618031s ago: executing program 2 (id=1419): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$bt_BT_SECURITY(r4, 0x12, 0x4, 0x0, 0x9e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000d40)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c0, 0x0, 0x1170, 0x1398, 0xd0, 0x1170, 0x1f0, 0x1398, 0x1398, 0x1f0, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'sit0\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@loopback, @local, [], [], 'veth1_vlan\x00', 'veth1_to_bridge\x00', {}, {}, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@frag={{0x30}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320) r6 = fsmount(0xffffffffffffffff, 0x1, 0x70) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY(r7, 0x300, 0x1, 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x7, 0x1) socket(0x0, 0x3, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r8, 0x6, 0x14, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4) 4.450588329s ago: executing program 0 (id=1420): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='rtc_irq_set_state\x00', r0}, 0x10) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) dup3(r1, r2, 0x0) 4.435291536s ago: executing program 3 (id=1421): mmap(&(0x7f0000400000/0x1000)=nil, 0x1000, 0x0, 0x4d032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000402000/0x1000)=nil, &(0x7f0000400000/0x4000)=nil, 0x1000}) 4.368869603s ago: executing program 4 (id=1422): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8}, @NFTA_EXTHDR_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}}, 0x0) 3.515959458s ago: executing program 3 (id=1423): socket$nl_netfilter(0x10, 0x3, 0xc) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) connect$l2tp6(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/mcfilter\x00') r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5a, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000b40), 0x2b842ac, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, 0x0, 0x0) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x4, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x9c) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) 3.501711297s ago: executing program 2 (id=1424): r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05640, &(0x7f0000000340)={0x1, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfeedcafe, 0x0, 0x0, 0x0, 0x5}}) 3.356971923s ago: executing program 2 (id=1425): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) listen(r0, 0xffff8000) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) getsockopt$inet_int(r1, 0x10d, 0xa8, &(0x7f00000002c0), &(0x7f0000000080)=0x4) 3.310523935s ago: executing program 0 (id=1426): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd) io_setup(0x5, &(0x7f0000000200)=0x0) io_submit(r2, 0x3, &(0x7f0000000780)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 3.247965412s ago: executing program 4 (id=1427): r0 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x0, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000240)={0x1, 0x0, '\x00', 0x1, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, @link_id}, 0x20) fsmount(0xffffffffffffffff, 0x0, 0x2) r1 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(r1, 0x107, 0x0, &(0x7f00000000c0), 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f00000039c0), 0x6000) r5 = syz_open_procfs(0x0, &(0x7f00000020c0)='net/wireless\x00') ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000002c0)={0xc, 0x4, 0x2, 0x1ff, 0x1}) preadv(r5, &(0x7f0000001540)=[{0x0}, {&(0x7f0000000140)=""/88, 0x58}], 0x2, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r6, 0x40047451, &(0x7f0000001880)=0x5) ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r6, &(0x7f0000000080)=[{&(0x7f00000004c0)="00214717a70700000000030600710a5e31163ceb9d0471200000000500000000000000ffff03425d4d50e7182ce0ab6d000041a15be2d9d13cd1cb0c238e61cfd6a5d7cd0eaa50e027db032ddbfe85e53b87eb950a45", 0x56}], 0x1, 0x0, 0x0) 404.806024ms ago: executing program 2 (id=1428): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000000100)={0x38, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x38}}, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x2}) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0xc0c041) unshare(0x2a060400) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000280)='hash:ip,port,net\x00', &(0x7f00000002c0)='/dev/iommu\x00', 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='romfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='configfs\x00', 0x0, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000001, 0x2052, r3, 0x4b000) r4 = openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000040)=@t={0x81, 0x5, 0x0, 0x0, @generic}) 396.746672ms ago: executing program 3 (id=1429): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, 0x2a, 0x9, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@typed={0x14, 0x16, 0x0, 0x0, @ipv6=@mcast2}, @typed={0x8, 0xc, 0x0, 0x0, @fd=r0}]}, 0x30}, 0x1, 0x3000000}, 0x0) 362.300646ms ago: executing program 1 (id=1430): unshare(0x22020400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000000000000d00000003000000030000000000000000ecffffff00000000000000000000000000000000000000070000000000000000000000ff0600"/88]) socket$inet6_dccp(0xa, 0x6, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x200000) syz_io_uring_setup(0x2235, &(0x7f0000000240)={0x0, 0x696e, 0x400, 0x2, 0x22b}, &(0x7f00000002c0), &(0x7f0000000340)) syz_io_uring_setup(0x407a, &(0x7f0000000380)={0x0, 0xfffffffd, 0x2, 0x0, 0x172}, &(0x7f00000000c0), &(0x7f0000000200)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x1, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}}) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r6, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0}}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r7) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000769a5c4ff1a968c000000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10) r9 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000f51100018a000000000000000007020000a266c59823b61e0be172531b94bf4e32b3a0bd95bed8c335bb074eec8ecc45a70446d68685161a0748c3004df87f333cb1c10f939f61e3b364992a23e37266d5d758f26437e99b0e4fb759dd71e92e28b08e1a9cd78022ef175eba37c24539e68971aabca61905b3a83329a9aa92160ebe08e9e23226b28d000000000000000000"], 0x14}}, 0x0) ioctl$IOC_PR_RELEASE(r3, 0x401870c8, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r4, 0x891c, &(0x7f0000000400)={'veth1_to_hsr\x00', {0x2, 0x4e1e, @loopback}}) membarrier(0x0, 0x0) membarrier(0x0, 0x0) openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x567, 0x0, 0x0, 0x0, 0x0) r10 = socket(0x11, 0x80a, 0x0) setsockopt$inet_tcp_int(r10, 0x6, 0x0, 0x0, 0x0) 248.41891ms ago: executing program 4 (id=1431): bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x5f}, './file0\x00'}) 147.13116ms ago: executing program 0 (id=1432): ioprio_set$pid(0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) setpgid(0x0, r1) listxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x149a82, 0x0) sendfile(r2, r2, 0x0, 0x1) 145.736958ms ago: executing program 2 (id=1433): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c"], 0x48}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff0802110000010569ea7fa08e8df3d0edd086922799ded6", @ANYRES64], 0x398}}, 0x0) 134.521443ms ago: executing program 3 (id=1434): mmap(&(0x7f0000400000/0x1000)=nil, 0x1000, 0x0, 0x4d032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000402000/0x1000)=nil, &(0x7f0000400000/0x4000)=nil, 0x1000}) 52.846854ms ago: executing program 4 (id=1435): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x454e, 0x4) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000f53400000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x400, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x56, 0x4) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 0s ago: executing program 3 (id=1436): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='rtc_irq_set_state\x00', r0}, 0x10) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) dup3(r1, r2, 0x0) kernel console output (not intermixed with test programs): =3 [ 107.065939][ T58] usb 1-1: Product: 《 [ 107.070745][ T58] usb 1-1: Manufacturer: à°Œ [ 107.078325][ T5848] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 107.101430][ T58] usb 1-1: SerialNumber: syz [ 107.126989][ T46] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 107.163876][ T46] usb 3-1: USB disconnect, device number 4 [ 107.421914][ T58] usbhid 1-1:1.0: can't add hid device: -71 [ 107.444464][ T58] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 107.472760][ T58] usb 1-1: USB disconnect, device number 6 [ 108.560620][ T5883] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 109.835841][ T5905] netlink: 'syz.0.239': attribute type 2 has an invalid length. [ 109.843717][ T5905] netlink: 46 bytes leftover after parsing attributes in process `syz.0.239'. [ 114.920212][ T5906] fuse: Unknown parameter '00000000000000000000vèˆ%íD300000000000000000000' [ 116.923380][ T5910] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 117.780773][ T5923] input: syz0 as /devices/virtual/input/input7 [ 117.926133][ T5107] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 117.936740][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 117.960078][ T5107] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 117.978968][ T5107] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 117.993804][ T5107] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 118.005195][ T5107] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 118.041594][ T5107] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 118.113450][ T5107] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 118.123503][ T5107] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 118.149580][ T5107] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 118.160276][ T5107] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 118.168624][ T5107] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 118.390316][ T2432] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.592076][ T2432] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.797932][ T2432] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.975580][ T2432] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.073245][ T1148] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 119.273546][ T1148] usb 4-1: Using ep0 maxpacket: 8 [ 119.317921][ T1148] usb 4-1: config 1 interface 0 altsetting 119 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 119.402094][ T1148] usb 4-1: config 1 interface 0 altsetting 119 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 119.433557][ T1148] usb 4-1: config 1 interface 0 has no altsetting 0 [ 119.472856][ T1148] usb 4-1: New USB device found, idVendor=046d, idProduct=c091, bcdDevice= 0.40 [ 119.510229][ T1148] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.553134][ T1148] usb 4-1: Product: 《 [ 119.557363][ T1148] usb 4-1: Manufacturer: à°Œ [ 119.609658][ T1148] usb 4-1: SerialNumber: syz [ 119.728629][ T5950] Illegal XDP return value 5950 on prog (id 79) dev N/A, expect packet loss! [ 119.973996][ T1148] usbhid 4-1:1.0: can't add hid device: -71 [ 119.981576][ T1148] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 120.048430][ T1148] usb 4-1: USB disconnect, device number 3 [ 120.104363][ T5101] Bluetooth: hci0: command tx timeout [ 120.183780][ T5101] Bluetooth: hci5: command tx timeout [ 121.473662][ T2432] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 121.504056][ T2432] bond_slave_0: left promiscuous mode [ 121.539592][ T2432] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 121.559338][ T2432] bond_slave_1: left promiscuous mode [ 121.581608][ T2432] bond0 (unregistering): Released all slaves [ 121.627475][ T5929] chnl_net:caif_netlink_parms(): no params data found [ 121.673808][ T5144] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 121.875746][ T5144] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.929788][ T5144] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 121.979901][ T5144] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.012573][ T5144] usb 3-1: config 0 descriptor?? [ 122.183991][ T5101] Bluetooth: hci0: command tx timeout [ 122.264130][ T5101] Bluetooth: hci5: command tx timeout [ 122.278133][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.314669][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.324265][ T5929] bridge_slave_0: entered allmulticast mode [ 122.331879][ T5929] bridge_slave_0: entered promiscuous mode [ 122.459972][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.476179][ T5144] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 122.499765][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.523315][ T5929] bridge_slave_1: entered allmulticast mode [ 122.530589][ T5929] bridge_slave_1: entered promiscuous mode [ 122.544328][ T5144] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0002/input/input8 [ 122.837415][ T5144] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 123.004530][ T5929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 123.039848][ T5144] usb 3-1: USB disconnect, device number 5 [ 123.229734][ T5929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.374877][ T2432] hsr_slave_0: left promiscuous mode [ 123.420994][ T2432] hsr_slave_1: left promiscuous mode [ 123.448099][ T2432] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.463417][ T2432] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.480062][ T2432] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.490120][ T2432] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.544078][ T2432] veth1_macvtap: left promiscuous mode [ 123.550117][ T2432] veth0_macvtap: left promiscuous mode [ 123.580336][ T2432] veth1_vlan: left promiscuous mode [ 123.586529][ T2432] veth0_vlan: left promiscuous mode [ 123.930529][ T6042] mmap: syz.2.272 (6042) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 124.339221][ T5101] Bluetooth: hci0: command tx timeout [ 124.347605][ T5107] Bluetooth: hci5: command tx timeout [ 124.439313][ T2432] infiniband syz2: set down [ 125.192266][ T2432] team_slave_1 (unregistering): left promiscuous mode [ 125.203807][ T2432] team0 (unregistering): Port device team_slave_1 removed [ 125.227546][ T2460] smc: removing ib device syz2 [ 125.242728][ T2432] team_slave_0 (unregistering): left promiscuous mode [ 125.252159][ T2432] team0 (unregistering): Port device team_slave_0 removed [ 125.646901][ T5929] team0: Port device team_slave_0 added [ 125.736138][ T5929] team0: Port device team_slave_1 added [ 126.434209][ T5107] Bluetooth: hci5: command tx timeout [ 126.440815][ T5101] Bluetooth: hci0: command tx timeout [ 126.768029][ T6069] netlink: 4 bytes leftover after parsing attributes in process `syz.3.276'. [ 126.986608][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 127.011830][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.056498][ T5929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 127.206761][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.230255][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.310893][ T5929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 127.816402][ T5929] hsr_slave_0: entered promiscuous mode [ 127.937036][ T5929] hsr_slave_1: entered promiscuous mode [ 128.018231][ T5929] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 128.042514][ T5929] Cannot create hsr debugfs directory [ 128.092095][ T5925] chnl_net:caif_netlink_parms(): no params data found [ 128.482048][ T6115] hpfs: Bad magic ... probably not HPFS [ 128.916821][ T6122] netlink: 4 bytes leftover after parsing attributes in process `syz.3.293'. [ 129.520558][ T5925] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.526740][ T6150] capability: warning: `syz.3.302' uses 32-bit capabilities (legacy support in use) [ 129.549783][ T5925] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.559228][ T5925] bridge_slave_0: entered allmulticast mode [ 129.572083][ T5925] bridge_slave_0: entered promiscuous mode [ 129.615126][ T5925] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.622305][ T5925] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.638123][ T5925] bridge_slave_1: entered allmulticast mode [ 129.705446][ T5925] bridge_slave_1: entered promiscuous mode [ 129.712450][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.304'. [ 130.718176][ T5929] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.042396][ T5929] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.130952][ T5925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.325595][ T5929] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.358837][ T6185] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 41657 - 0 [ 131.370752][ T6185] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 41657 - 0 [ 131.379709][ T6185] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 41657 - 0 [ 131.893375][ T6185] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 41657 - 0 [ 131.949954][ T6185] netdevsim netdevsim0 netdevsim0: set [1, 2] type 2 family 0 port 36399 - 0 [ 132.146460][ T6185] netdevsim netdevsim0 netdevsim1: set [1, 2] type 2 family 0 port 36399 - 0 [ 132.183304][ T6185] netdevsim netdevsim0 netdevsim2: set [1, 2] type 2 family 0 port 36399 - 0 [ 132.224675][ T6185] netdevsim netdevsim0 netdevsim3: set [1, 2] type 2 family 0 port 36399 - 0 [ 132.260582][ T5925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 132.551863][ T5929] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.708708][ T5925] team0: Port device team_slave_0 added [ 132.736528][ T5925] team0: Port device team_slave_1 added [ 132.921391][ T2432] bridge_slave_1: left allmulticast mode [ 132.964017][ T2432] bridge_slave_1: left promiscuous mode [ 132.971715][ T2432] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.992212][ T2432] bridge_slave_0: left allmulticast mode [ 133.002469][ T2432] bridge_slave_0: left promiscuous mode [ 133.017513][ T2432] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.116048][ T6221] netlink: 'syz.3.322': attribute type 3 has an invalid length. [ 133.342479][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.372880][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.972224][ T6230] netlink: 'syz.0.328': attribute type 2 has an invalid length. [ 133.982545][ T6230] netlink: 244 bytes leftover after parsing attributes in process `syz.0.328'. [ 134.028218][ T29] audit: type=1326 audit(1721766014.705:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6225 comm="syz.3.326" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x0 [ 134.178438][ T2432] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 134.189218][ T2432] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 134.200225][ T2432] bond0 (unregistering): Released all slaves [ 134.212340][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.220421][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.246823][ T5925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.264412][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.280012][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.325479][ T5925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 134.347328][ T25] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 134.527639][ T5929] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 134.552356][ T25] usb 1-1: config 0 has an invalid interface number: 14 but max is 0 [ 134.582432][ T5929] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 134.592409][ T25] usb 1-1: config 0 has no interface number 0 [ 134.605059][ T25] usb 1-1: config 0 interface 14 altsetting 0 endpoint 0x7 has an invalid bInterval 145, changing to 7 [ 134.630949][ T25] usb 1-1: config 0 interface 14 altsetting 0 has a duplicate endpoint with address 0x6, skipping [ 134.690909][ T25] usb 1-1: New USB device found, idVendor=10c4, idProduct=f003, bcdDevice= 7.10 [ 134.724286][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.778380][ T25] usb 1-1: Product: syz [ 134.782579][ T25] usb 1-1: Manufacturer: syz [ 134.857799][ T25] usb 1-1: SerialNumber: syz [ 134.865609][ T5925] hsr_slave_0: entered promiscuous mode [ 134.880508][ T5925] hsr_slave_1: entered promiscuous mode [ 134.926492][ T5925] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 135.306009][ T5925] Cannot create hsr debugfs directory [ 135.516635][ T25] usb 1-1: config 0 descriptor?? [ 135.528500][ T25] cp210x 1-1:0.14: cp210x converter detected [ 135.669904][ T5929] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 135.698241][ T5929] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 135.760706][ T25] usb 1-1: cp210x converter now attached to ttyUSB0 [ 135.945043][ T2432] hsr_slave_0: left promiscuous mode [ 135.969844][ T2432] hsr_slave_1: left promiscuous mode [ 135.990727][ T2432] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 136.002948][ T2432] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 136.021567][ T2432] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 136.032694][ T2432] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 136.072782][ T2432] veth1_macvtap: left promiscuous mode [ 136.086729][ T2432] veth0_macvtap: left promiscuous mode [ 136.092477][ T2432] veth1_vlan: left promiscuous mode [ 136.098623][ T2432] veth0_vlan: left promiscuous mode [ 136.225814][ T6259] netlink: 'syz.3.335': attribute type 3 has an invalid length. [ 136.853204][ T6261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.893467][ T6261] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.061210][ T6267] netlink: 8 bytes leftover after parsing attributes in process `syz.0.329'. [ 137.091254][ T6261] Zero length message leads to an empty skb [ 137.472792][ T6277] netlink: 12 bytes leftover after parsing attributes in process `syz.2.336'. [ 137.543542][ T29] audit: type=1326 audit(1721766018.135:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.2.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2689575f19 code=0x7ffc0000 [ 137.851954][ T29] audit: type=1326 audit(1721766018.135:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.2.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2689575f19 code=0x7ffc0000 [ 137.876235][ T29] audit: type=1326 audit(1721766018.135:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.2.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f2689575f19 code=0x7ffc0000 [ 137.897808][ T29] audit: type=1326 audit(1721766018.145:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.2.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2689575f19 code=0x7ffc0000 [ 137.920743][ T29] audit: type=1326 audit(1721766018.145:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.2.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2689575f19 code=0x7ffc0000 [ 137.942950][ T29] audit: type=1326 audit(1721766018.155:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.2.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2689575f19 code=0x7ffc0000 [ 137.972506][ T29] audit: type=1326 audit(1721766018.155:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.2.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2689575f19 code=0x7ffc0000 [ 137.995083][ T29] audit: type=1326 audit(1721766018.155:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.2.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2689575f19 code=0x7ffc0000 [ 138.016586][ T29] audit: type=1326 audit(1721766018.155:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.2.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2689575f19 code=0x7ffc0000 [ 138.190988][ T5186] usb 1-1: USB disconnect, device number 7 [ 138.233825][ T5186] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 138.264036][ T5186] cp210x 1-1:0.14: device disconnected [ 138.470415][ T2432] team0 (unregistering): Port device team_slave_1 removed [ 138.591192][ T2432] team0 (unregistering): Port device team_slave_0 removed [ 138.904794][ T6292] ======================================================= [ 138.904794][ T6292] WARNING: The mand mount option has been deprecated and [ 138.904794][ T6292] and is ignored by this kernel. Remove the mand [ 138.904794][ T6292] option from the mount to silence this warning. [ 138.904794][ T6292] ======================================================= [ 139.701075][ T5929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.775195][ T5929] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.897498][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.904735][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.612429][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.620487][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.982927][ T5929] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 142.045435][ T5107] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 142.069658][ T5107] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 142.096359][ T5107] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 142.127114][ T5107] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 142.309879][ T5107] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 142.317969][ T5107] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 142.339028][ T6342] NILFS (nullb0): couldn't find nilfs on the device [ 142.441757][ T6347] netlink: 16 bytes leftover after parsing attributes in process `syz.2.360'. [ 142.526227][ T6349] netlink: 12 bytes leftover after parsing attributes in process `syz.3.357'. [ 142.549170][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 142.549187][ T29] audit: type=1326 audit(1721766023.205:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 142.760403][ T29] audit: type=1326 audit(1721766023.205:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 142.786889][ T29] audit: type=1326 audit(1721766023.205:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 142.830652][ T29] audit: type=1326 audit(1721766023.205:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 142.854349][ T29] audit: type=1326 audit(1721766023.205:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 142.883169][ T29] audit: type=1326 audit(1721766023.215:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 142.908865][ T29] audit: type=1326 audit(1721766023.215:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 143.855129][ T29] audit: type=1326 audit(1721766023.215:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 143.999494][ T29] audit: type=1326 audit(1721766023.215:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 144.084659][ T29] audit: type=1326 audit(1721766023.215:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x7ffc0000 [ 144.178521][ T2432] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.191747][ T2432] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 41657 - 0 [ 144.203596][ T2432] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 36399 - 0 [ 144.355451][ T2432] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.372254][ T2432] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 41657 - 0 [ 144.395882][ T2432] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 36399 - 0 [ 144.425820][ T5101] Bluetooth: hci1: command tx timeout [ 144.433638][ T5929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.499745][ T6369] netlink: 16 bytes leftover after parsing attributes in process `syz.2.368'. [ 144.521305][ T2432] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.533224][ C1] eth0: bad gso: type: 1, size: 1408 [ 144.541627][ T2432] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 41657 - 0 [ 144.552371][ T2432] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 36399 - 0 [ 146.175357][ T2432] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.235710][ T2432] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 41657 - 0 [ 146.283343][ T2432] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 36399 - 0 [ 146.513269][ T5101] Bluetooth: hci1: command tx timeout [ 146.519604][ T5925] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 146.570823][ T5925] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 146.582193][ T6382] (syz.2.371,6382,0):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 146.599930][ T5925] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 146.600561][ T6382] (syz.2.371,6382,0):ocfs2_fill_super:1178 ERROR: status = -22 [ 146.657581][ T5925] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 146.766725][ T5929] veth0_vlan: entered promiscuous mode [ 146.834557][ T5929] veth1_vlan: entered promiscuous mode [ 146.835670][ T6384] netlink: 4 bytes leftover after parsing attributes in process `syz.3.372'. [ 146.865712][ T6331] chnl_net:caif_netlink_parms(): no params data found [ 146.899227][ T2432] bridge_slave_1: left allmulticast mode [ 146.905319][ T2432] bridge_slave_1: left promiscuous mode [ 146.911125][ T2432] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.930907][ T2432] bridge_slave_0: left allmulticast mode [ 146.953343][ T2432] bridge_slave_0: left promiscuous mode [ 146.959147][ T2432] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.906722][ T6410] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 148.186429][ T6424] overlayfs: statfs failed on './file0' [ 148.574869][ T2432] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 148.583833][ T5101] Bluetooth: hci1: command tx timeout [ 148.600179][ T2432] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 148.632288][ T2432] bond0 (unregistering): Released all slaves [ 149.969330][ T5925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.198160][ T6331] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.214906][ T6331] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.225139][ T6331] bridge_slave_0: entered allmulticast mode [ 150.244736][ T6331] bridge_slave_0: entered promiscuous mode [ 150.264808][ T5929] veth0_macvtap: entered promiscuous mode [ 150.383725][ T6331] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.391604][ T6331] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.399849][ T6331] bridge_slave_1: entered allmulticast mode [ 150.407733][ T6331] bridge_slave_1: entered promiscuous mode [ 150.459145][ T5929] veth1_macvtap: entered promiscuous mode [ 150.495659][ T5925] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.519211][ T5929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.540194][ T5929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.584108][ T5929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.601749][ T5929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.612673][ T5929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.624150][ T5929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.645016][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 150.663310][ T5101] Bluetooth: hci1: command tx timeout [ 150.734207][ T6331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 150.758741][ T5929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.783975][ T5929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.823577][ T5929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.859778][ T5929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.883108][ T5929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.903018][ T5929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.936840][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 150.983557][ T2432] hsr_slave_0: left promiscuous mode [ 151.001056][ T2432] hsr_slave_1: left promiscuous mode [ 151.026142][ T2432] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 151.043126][ T2432] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 151.061206][ T2432] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 151.077936][ T2432] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 151.246716][ T2432] veth1_macvtap: left promiscuous mode [ 151.252628][ T2432] veth0_macvtap: left promiscuous mode [ 151.259017][ T2432] veth1_vlan: left promiscuous mode [ 151.264684][ T2432] veth0_vlan: left promiscuous mode [ 152.410261][ T5101] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 152.429791][ T6517] xt_addrtype: ipv6 does not support BROADCAST matching [ 152.913939][ T2432] team0 (unregistering): Port device team_slave_1 removed [ 153.008898][ T2432] team0 (unregistering): Port device team_slave_0 removed [ 153.440402][ T6331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.481485][ T5929] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.491240][ T5929] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.500453][ T5929] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.509524][ T5929] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.596199][ T5193] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.603511][ T5193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.629031][ T6331] team0: Port device team_slave_0 added [ 153.675207][ T6331] team0: Port device team_slave_1 added [ 153.710198][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.717449][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.874295][ T6331] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.891592][ T6331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.944310][ T6331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.979437][ T6331] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.993123][ T6331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.050419][ T6331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.324127][ T6331] hsr_slave_0: entered promiscuous mode [ 154.335601][ T6331] hsr_slave_1: entered promiscuous mode [ 154.369985][ T5925] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 154.571371][ T2432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.596423][ T2432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.765556][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.793123][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.027609][ T6592] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted [ 155.125653][ T5925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.691678][ T6605] syzkaller1: entered promiscuous mode [ 155.710167][ T6605] syzkaller1: entered allmulticast mode [ 156.048434][ T6331] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 156.118412][ T6331] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 156.176646][ T6331] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 156.253358][ T6331] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 156.366181][ T5925] veth0_vlan: entered promiscuous mode [ 156.408671][ T5925] veth1_vlan: entered promiscuous mode [ 156.604750][ T5925] veth0_macvtap: entered promiscuous mode [ 156.637559][ T5925] veth1_macvtap: entered promiscuous mode [ 156.650594][ T6640] netlink: 12 bytes leftover after parsing attributes in process `syz.1.406'. [ 156.698255][ T5925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.711679][ T5925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.722297][ T5925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.732967][ T5925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.743268][ T5925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.754826][ T5925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.767298][ T5925] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.808447][ T6644] overlayfs: statfs failed on './file0' [ 156.810014][ T6331] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.834770][ T5925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.864080][ T5925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.881924][ T5925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.901545][ T5925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.918311][ T5925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.929094][ T5925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.945708][ T5925] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.973628][ T9] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 156.978100][ T5925] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.007647][ T5925] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.027768][ T5925] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.041280][ T5925] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.078140][ T6331] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.119722][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.126983][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.295701][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 157.323812][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 157.334030][ T5144] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.341773][ T5144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.656215][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 157.673137][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 157.690547][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 157.767373][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 158.096784][ T9] usb 3-1: SerialNumber: syz [ 158.176439][ T6642] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 158.223372][ T6642] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 158.278965][ T6331] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 158.291092][ T9] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 158.359669][ T6331] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.628132][ T987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.740474][ T6642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.990865][ T987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.008009][ T6642] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.246637][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 159.246655][ T29] audit: type=1800 audit(1721766039.935:35): pid=6642 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.407" name="file2" dev="overlay" ino=589 res=0 errno=0 [ 159.433495][ T6642] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 159.466017][ T9] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 159.482032][ T2474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.490698][ T9] usb 3-1: USB disconnect, device number 6 [ 159.514427][ T2474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.640902][ T6331] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.804026][ T6331] veth0_vlan: entered promiscuous mode [ 159.829740][ T6331] veth1_vlan: entered promiscuous mode [ 159.895088][ T6331] veth0_macvtap: entered promiscuous mode [ 159.929416][ T6331] veth1_macvtap: entered promiscuous mode [ 159.972763][ T6331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.997195][ T6331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.016100][ T6331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.040765][ T6331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.059839][ T6331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.071587][ T6331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.082614][ T6331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.100042][ T6331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.127961][ T6331] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 160.155752][ T6331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.181718][ T6331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.207292][ T6331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.243942][ T6331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.253112][ T29] audit: type=1800 audit(1721766040.925:36): pid=6696 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.417" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 160.283173][ T6331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.315734][ T6331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.340419][ T6331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.370636][ T6331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.398369][ T6331] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 160.443297][ T6331] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.465986][ T6331] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.483737][ T6331] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.498852][ T6331] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.717751][ T987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.742030][ T987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.949516][ T6704] syzkaller1: entered promiscuous mode [ 160.975164][ T6704] syzkaller1: entered allmulticast mode [ 161.296492][ T987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.338571][ T987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.370688][ T6720] netlink: 632 bytes leftover after parsing attributes in process `syz.1.425'. [ 162.409031][ T6730] GUP no longer grows the stack in syz.3.428 (6730): 20004000-2000a000 (20002000) [ 162.445594][ T6730] CPU: 1 UID: 0 PID: 6730 Comm: syz.3.428 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 162.455911][ T6730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 162.466015][ T6730] Call Trace: [ 162.469316][ T6730] [ 162.472291][ T6730] dump_stack_lvl+0x241/0x360 [ 162.477034][ T6730] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.482267][ T6730] ? __pfx__printk+0x10/0x10 [ 162.486887][ T6730] ? find_vma+0xf9/0x170 [ 162.491174][ T6730] __get_user_pages+0x114d/0x16a0 [ 162.496234][ T6730] ? __pfx___get_user_pages+0x10/0x10 [ 162.501629][ T6730] get_user_pages_remote+0x31e/0xb60 [ 162.506940][ T6730] ? __pfx_get_user_pages_remote+0x10/0x10 [ 162.512783][ T6730] ? __access_remote_vm+0x34e/0x830 [ 162.517988][ T6730] __access_remote_vm+0x257/0x830 [ 162.523019][ T6730] ? __pfx___access_remote_vm+0x10/0x10 [ 162.528563][ T6730] ? do_raw_spin_unlock+0x13c/0x8b0 [ 162.533758][ T6730] ? alloc_pages_noprof+0xef/0x170 [ 162.538881][ T6730] proc_pid_cmdline_read+0x5b2/0x860 [ 162.544199][ T6730] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 162.550010][ T6730] ? rw_verify_area+0x520/0x6b0 [ 162.554865][ T6730] vfs_readv+0x6c2/0xa90 [ 162.559125][ T6730] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 162.564935][ T6730] ? __pfx_vfs_readv+0x10/0x10 [ 162.569712][ T6730] ? __fget_files+0x29/0x470 [ 162.574314][ T6730] __x64_sys_preadv+0x1c7/0x2d0 [ 162.579167][ T6730] ? __pfx___x64_sys_preadv+0x10/0x10 [ 162.584621][ T6730] ? do_syscall_64+0x100/0x230 [ 162.589384][ T6730] ? do_syscall_64+0xb6/0x230 [ 162.594060][ T6730] do_syscall_64+0xf3/0x230 [ 162.598648][ T6730] ? clear_bhb_loop+0x35/0x90 [ 162.603330][ T6730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.609244][ T6730] RIP: 0033:0x7faad8b75f19 [ 162.613661][ T6730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.633289][ T6730] RSP: 002b:00007faad99aa048 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 162.641721][ T6730] RAX: ffffffffffffffda RBX: 00007faad8d05f60 RCX: 00007faad8b75f19 [ 162.649689][ T6730] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000005 [ 162.657661][ T6730] RBP: 00007faad8be4e68 R08: 0000000000000000 R09: 0000000000000000 [ 162.665626][ T6730] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000 [ 162.673770][ T6730] R13: 000000000000000b R14: 00007faad8d05f60 R15: 00007ffda4c2c5d8 [ 162.681748][ T6730] [ 162.866081][ T6734] sp0: Synchronizing with TNC [ 162.866156][ T6744] netlink: 9 bytes leftover after parsing attributes in process `syz.4.430'. [ 162.868469][ T6744] 0·: renamed from hsr0 (while UP) [ 162.921639][ T6744] 0·: entered promiscuous mode [ 162.929381][ T6744] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 162.970593][ T6743] veth1_macvtap: left promiscuous mode [ 163.448008][ T6756] netlink: 'syz.0.434': attribute type 1 has an invalid length. [ 163.493219][ T6756] netlink: 19 bytes leftover after parsing attributes in process `syz.0.434'. [ 163.863216][ T5107] Bluetooth: hci5: command tx timeout [ 164.728017][ T6766] netlink: 632 bytes leftover after parsing attributes in process `syz.4.437'. [ 165.853945][ T6781] syzkaller1: entered promiscuous mode [ 165.864784][ T6781] syzkaller1: entered allmulticast mode [ 165.985248][ T6790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.445'. [ 166.040146][ T6791] netlink: 9 bytes leftover after parsing attributes in process `syz.1.444'. [ 166.054114][ T6791] 0·: renamed from hsr0 (while UP) [ 166.098706][ T6791] 0·: entered promiscuous mode [ 166.131380][ T6791] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 166.183941][ T6793] netlink: 'syz.2.446': attribute type 10 has an invalid length. [ 166.270125][ T6793] team0: Port device netdevsim0 added [ 166.288129][ T6800] netlink: 'syz.2.446': attribute type 10 has an invalid length. [ 166.372072][ T6800] team0: Port device netdevsim0 removed [ 166.416192][ T6800] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 167.822951][ T6819] netlink: 8 bytes leftover after parsing attributes in process `syz.0.456'. [ 168.231190][ T6841] vxcan1: tx address claim with dest, not broadcast [ 168.343884][ T5107] Bluetooth: hci2: command tx timeout [ 168.495953][ T5107] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection [ 169.365375][ T6862] netlink: 8 bytes leftover after parsing attributes in process `syz.3.473'. [ 170.088948][ T29] audit: type=1800 audit(1721766050.775:37): pid=6873 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.478" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 170.398359][ T6886] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.482'. [ 170.407661][ T6886] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.482'. [ 172.443171][ T58] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 173.443361][ T6913] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.492'. [ 175.393158][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 175.542074][ T6952] netlink: 'syz.1.505': attribute type 1 has an invalid length. [ 175.561683][ T6952] netlink: 157116 bytes leftover after parsing attributes in process `syz.1.505'. [ 175.613644][ T9] usb 4-1: no configurations [ 175.622436][ T9] usb 4-1: can't read configurations, error -22 [ 175.731904][ T6960] sp0: Synchronizing with TNC [ 175.804577][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 176.901079][ T9] usb 4-1: no configurations [ 176.923144][ T9] usb 4-1: can't read configurations, error -22 [ 176.941493][ T9] usb usb4-port1: attempt power cycle [ 177.171765][ T6979] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.513'. [ 177.869388][ T6996] netlink: 'syz.3.522': attribute type 1 has an invalid length. [ 177.881295][ T6996] netlink: 157116 bytes leftover after parsing attributes in process `syz.3.522'. [ 178.183291][ T5101] Bluetooth: hci1: command tx timeout [ 181.500380][ T7064] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 181.609941][ T9] IPVS: starting estimator thread 0... [ 182.024400][ T7075] IPVS: using max 20 ests per chain, 48000 per kthread [ 182.469591][ T7088] netlink: 16 bytes leftover after parsing attributes in process `syz.4.552'. [ 182.961447][ T7098] kvm: emulating exchange as write [ 183.997367][ T7120] netlink: 16 bytes leftover after parsing attributes in process `syz.3.565'. [ 184.066754][ T7113] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 184.930055][ T7135] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 186.954065][ T5107] Bluetooth: hci2: command 0x0406 tx timeout [ 186.987066][ T5107] Bluetooth: hci4: command 0x0406 tx timeout [ 187.193358][ T7144] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.570'. [ 187.237463][ T7149] mkiss: ax0: crc mode is auto. [ 188.512401][ T5143] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 188.730413][ T5143] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 188.747507][ T5143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.747803][ T7175] netlink: 'syz.1.580': attribute type 12 has an invalid length. [ 188.773884][ T7175] netlink: 'syz.1.580': attribute type 11 has an invalid length. [ 188.782752][ T7175] netlink: 'syz.1.580': attribute type 11 has an invalid length. [ 188.794127][ T7175] netlink: 'syz.1.580': attribute type 11 has an invalid length. [ 188.802477][ T7175] netlink: 'syz.1.580': attribute type 11 has an invalid length. [ 188.811653][ T7175] netlink: 'syz.1.580': attribute type 11 has an invalid length. [ 188.816305][ T5143] usb 4-1: config 0 descriptor?? [ 188.819993][ T7175] netlink: 'syz.1.580': attribute type 11 has an invalid length. [ 188.844794][ T5143] cp210x 4-1:0.0: cp210x converter detected [ 188.866005][ T7175] netlink: 'syz.1.580': attribute type 4 has an invalid length. [ 188.877722][ T7171] kvm: kvm [7170]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x82001091270000 [ 188.888273][ T7177] xt_ipcomp: unknown flags 12 [ 188.893404][ T7175] netlink: 'syz.1.580': attribute type 5 has an invalid length. [ 188.914295][ T7175] netlink: 195936 bytes leftover after parsing attributes in process `syz.1.580'. [ 189.361263][ T5143] usb 4-1: cp210x converter now attached to ttyUSB0 [ 190.361955][ T7203] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.591'. [ 190.752148][ T5143] usb 4-1: USB disconnect, device number 7 [ 190.773335][ T5143] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 190.842866][ T5143] cp210x 4-1:0.0: device disconnected [ 191.003454][ T7224] netlink: 'syz.3.596': attribute type 12 has an invalid length. [ 191.012013][ T7224] netlink: 'syz.3.596': attribute type 11 has an invalid length. [ 191.032169][ T7224] netlink: 'syz.3.596': attribute type 11 has an invalid length. [ 191.046047][ T7224] netlink: 'syz.3.596': attribute type 11 has an invalid length. [ 191.057841][ T7224] netlink: 'syz.3.596': attribute type 11 has an invalid length. [ 191.065934][ T7224] netlink: 'syz.3.596': attribute type 4 has an invalid length. [ 191.079493][ T7224] netlink: 'syz.3.596': attribute type 5 has an invalid length. [ 191.080015][ T7226] xt_ipcomp: unknown flags 12 [ 191.091973][ T7224] netlink: 195936 bytes leftover after parsing attributes in process `syz.3.596'. [ 191.397974][ T7234] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 192.747655][ T7252] mkiss: ax0: crc mode is auto. [ 193.312067][ T7259] netlink: 'syz.2.609': attribute type 12 has an invalid length. [ 193.338380][ T7259] netlink: 'syz.2.609': attribute type 4 has an invalid length. [ 193.357107][ T7259] netlink: 'syz.2.609': attribute type 5 has an invalid length. [ 193.367444][ T7259] netlink: 195936 bytes leftover after parsing attributes in process `syz.2.609'. [ 193.546671][ T7268] netlink: 4 bytes leftover after parsing attributes in process `syz.2.610'. [ 193.615843][ T25] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 193.763869][ T7277] netlink: 'syz.0.611': attribute type 2 has an invalid length. [ 193.784239][ T7277] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.611'. [ 193.822632][ T25] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 193.853712][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.918093][ T25] usb 4-1: config 0 descriptor?? [ 193.949836][ T25] cp210x 4-1:0.0: cp210x converter detected [ 194.046303][ T7286] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 194.214152][ T7288] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 194.411099][ T25] usb 4-1: cp210x converter now attached to ttyUSB0 [ 194.791231][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.797834][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.905657][ T7304] netlink: 'syz.4.620': attribute type 12 has an invalid length. [ 194.922417][ T7304] nla_validate_range_unsigned: 8 callbacks suppressed [ 194.922430][ T7304] netlink: 'syz.4.620': attribute type 11 has an invalid length. [ 194.945629][ T7304] netlink: 'syz.4.620': attribute type 11 has an invalid length. [ 194.982451][ T7304] netlink: 'syz.4.620': attribute type 11 has an invalid length. [ 194.998433][ T7304] netlink: 'syz.4.620': attribute type 11 has an invalid length. [ 195.010542][ T7304] netlink: 'syz.4.620': attribute type 11 has an invalid length. [ 195.020507][ T7304] netlink: 'syz.4.620': attribute type 11 has an invalid length. [ 195.031550][ T7304] netlink: 'syz.4.620': attribute type 4 has an invalid length. [ 195.053506][ T7304] netlink: 'syz.4.620': attribute type 5 has an invalid length. [ 195.065077][ T7304] netlink: 195936 bytes leftover after parsing attributes in process `syz.4.620'. [ 196.475550][ T7329] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 196.503576][ T25] usb 4-1: USB disconnect, device number 8 [ 196.512335][ T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 196.549231][ T25] cp210x 4-1:0.0: device disconnected [ 196.690410][ T7336] netlink: 'syz.2.633': attribute type 12 has an invalid length. [ 196.710930][ T7336] netlink: 'syz.2.633': attribute type 11 has an invalid length. [ 196.725115][ T7333] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 196.725476][ T7336] netlink: 'syz.2.633': attribute type 11 has an invalid length. [ 196.825585][ T7336] netlink: 'syz.2.633': attribute type 11 has an invalid length. [ 196.870814][ T7336] netlink: 'syz.2.633': attribute type 11 has an invalid length. [ 196.897630][ T7336] netlink: 'syz.2.633': attribute type 4 has an invalid length. [ 196.921527][ T7336] netlink: 'syz.2.633': attribute type 5 has an invalid length. [ 196.928775][ T29] audit: type=1800 audit(1721766077.547:38): pid=7341 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.636" name="/" dev="9p" ino=2 res=0 errno=0 [ 196.968764][ T7336] netlink: 195936 bytes leftover after parsing attributes in process `syz.2.633'. [ 197.339390][ T7353] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 197.548192][ T7360] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.643'. [ 197.849614][ T5098] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 197.858242][ T5098] Bluetooth: hci1: Injecting HCI hardware error event [ 197.866717][ T54] Bluetooth: hci1: hardware error 0x00 [ 198.197955][ T7375] netlink: 1212 bytes leftover after parsing attributes in process `syz.0.649'. [ 199.800761][ T7393] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 199.947518][ T54] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 200.609870][ T7390] [U] [ 200.612799][ T7390] [U] [ 200.615480][ T7390] [U] [ 200.618154][ T7390] [U] [ 200.621493][ T7390] [U] [ 200.624209][ T7390] [U] [ 200.626912][ T7390] [U] [ 200.629605][ T7390] [U] [ 200.649990][ T7390] [U] [ 200.652724][ T7390] [U] [ 200.655426][ T7390] [U] [ 200.793564][ T7383] [U] [ 201.024293][ T7411] netlink: 4 bytes leftover after parsing attributes in process `syz.2.658'. [ 201.077576][ T7406] netlink: 4 bytes leftover after parsing attributes in process `syz.1.661'. [ 201.327855][ T7423] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 201.642639][ T7424] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 201.835880][ T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 202.069055][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 202.088975][ T9] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 202.138035][ T5143] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 202.157301][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.217898][ T9] usb 4-1: Product: syz [ 202.221186][ T7432] netlink: 1212 bytes leftover after parsing attributes in process `syz.4.672'. [ 202.228049][ T9] usb 4-1: Manufacturer: syz [ 202.252254][ T9] usb 4-1: SerialNumber: syz [ 202.262265][ T9] usb 4-1: config 0 descriptor?? [ 202.296748][ T9] gspca_main: sq905-2.14.0 probing 2770:9120 [ 202.380783][ T5143] usb 1-1: no configurations [ 202.385609][ T5143] usb 1-1: can't read configurations, error -22 [ 202.501160][ T9] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 202.532425][ T9] sq905 4-1:0.0: probe with driver sq905 failed with error -71 [ 202.579302][ T9] usb 4-1: USB disconnect, device number 9 [ 202.586304][ T5143] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 202.711046][ T5098] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 202.723592][ T5098] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 202.731989][ T5098] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 202.741879][ T5098] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 202.751430][ T5098] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 202.759008][ T5098] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 202.793394][ T5143] usb 1-1: no configurations [ 202.798047][ T5143] usb 1-1: can't read configurations, error -22 [ 202.805039][ T5143] usb usb1-port1: attempt power cycle [ 202.991598][ T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.109857][ T7456] mkiss: ax0: crc mode is auto. [ 203.209344][ T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.279901][ T5143] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 203.365331][ T5143] usb 1-1: no configurations [ 203.392707][ T5143] usb 1-1: can't read configurations, error -22 [ 203.418230][ T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.547803][ T58] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 203.578121][ T5143] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 203.602906][ T35] bond0: (slave netdevsim0): Releasing backup interface [ 203.631457][ T5143] usb 1-1: no configurations [ 203.637859][ T5143] usb 1-1: can't read configurations, error -22 [ 203.639833][ T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.644850][ T5143] usb usb1-port1: unable to enumerate USB device [ 203.795032][ T58] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 203.830867][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.876093][ T58] usb 2-1: config 0 descriptor?? [ 203.922985][ T58] cp210x 2-1:0.0: cp210x converter detected [ 204.006911][ T7444] chnl_net:caif_netlink_parms(): no params data found [ 204.369948][ T58] usb 2-1: cp210x converter now attached to ttyUSB0 [ 204.499978][ T29] audit: type=1326 audit(1721766085.071:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7484 comm="syz.3.691" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x0 [ 204.611543][ T35] bridge_slave_1: left allmulticast mode [ 204.630886][ T35] bridge_slave_1: left promiscuous mode [ 204.638581][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.652419][ T35] bridge_slave_0: left allmulticast mode [ 204.662283][ T35] bridge_slave_0: left promiscuous mode [ 204.669604][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.753493][ T7501] [U] [ 204.756281][ T7501] [U] [ 204.758948][ T7501] [U] [ 204.761612][ T7501] [U] [ 204.771238][ T7501] [U] [ 204.773960][ T7501] [U] [ 204.776663][ T7501] [U] [ 204.779376][ T7501] [U] [ 204.791264][ T7501] [U] [ 204.793999][ T7501] [U] [ 204.796699][ T7501] [U] [ 204.857085][ T54] Bluetooth: hci2: command tx timeout [ 205.235435][ T7486] [U] [ 205.464638][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 205.494466][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 205.518203][ T35] bond0 (unregistering): Released all slaves [ 205.664600][ T7505] netlink: 8 bytes leftover after parsing attributes in process `syz.3.696'. [ 205.731642][ T7444] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.755466][ T7444] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.756895][ T7505] netlink: 24 bytes leftover after parsing attributes in process `syz.3.696'. [ 205.779296][ T7444] bridge_slave_0: entered allmulticast mode [ 205.788251][ T7444] bridge_slave_0: entered promiscuous mode [ 205.808148][ T7444] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.832290][ T7444] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.840996][ T7444] bridge_slave_1: entered allmulticast mode [ 205.848780][ T7444] bridge_slave_1: entered promiscuous mode [ 206.004972][ T7512] xt_CHECKSUM: unsupported CHECKSUM operation 2 [ 206.021800][ T7512] netlink: 166 bytes leftover after parsing attributes in process `syz.4.700'. [ 206.746326][ T5147] usb 2-1: USB disconnect, device number 3 [ 206.795288][ T5147] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 206.817585][ T7444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.833479][ T5147] cp210x 2-1:0.0: device disconnected [ 206.951928][ T54] Bluetooth: hci2: command tx timeout [ 206.958160][ T7444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.004947][ T7519] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 208.362809][ T7536] Invalid ELF header magic: != ELF [ 208.381678][ T35] hsr_slave_0: left promiscuous mode [ 208.428283][ T35] hsr_slave_1: left promiscuous mode [ 208.507118][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.532107][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.578037][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.620324][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.712725][ T7550] netlink: 8 bytes leftover after parsing attributes in process `syz.1.711'. [ 208.737909][ T35] veth0_macvtap: left promiscuous mode [ 208.746108][ T35] veth1_vlan: left promiscuous mode [ 208.751702][ T35] veth0_vlan: left promiscuous mode [ 208.751924][ T7550] netlink: 24 bytes leftover after parsing attributes in process `syz.1.711'. [ 209.049838][ T54] Bluetooth: hci2: command tx timeout [ 209.954094][ T35] team0 (unregistering): Port device team_slave_1 removed [ 209.997333][ T35] team0 (unregistering): Port device team_slave_0 removed [ 210.404280][ T7444] team0: Port device team_slave_0 added [ 210.429866][ T7444] team0: Port device team_slave_1 added [ 210.628767][ T7577] netlink: 'syz.4.718': attribute type 1 has an invalid length. [ 210.639756][ T7444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.647745][ T7577] netlink: 4 bytes leftover after parsing attributes in process `syz.4.718'. [ 210.657594][ T7444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.705699][ T7444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.763557][ T7444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.817444][ T7585] netlink: 'syz.4.724': attribute type 3 has an invalid length. [ 210.818642][ T7444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.877701][ T7444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.001696][ T5147] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 211.059475][ T7444] hsr_slave_0: entered promiscuous mode [ 211.084847][ T7444] hsr_slave_1: entered promiscuous mode [ 211.116345][ T7444] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.139278][ T7444] Cannot create hsr debugfs directory [ 211.147669][ T54] Bluetooth: hci2: command tx timeout [ 211.213463][ T5147] usb 2-1: Using ep0 maxpacket: 32 [ 211.220721][ T5147] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 211.241291][ T5147] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 211.283732][ T5147] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 211.315483][ T5147] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.351063][ T5147] usb 2-1: config 0 descriptor?? [ 211.367289][ T7579] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 211.384118][ T5147] hub 2-1:0.0: USB hub found [ 211.492589][ C1] eth0: bad gso: type: 1, size: 1408 [ 211.610895][ T5147] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 211.918513][ T7614] netlink: 8 bytes leftover after parsing attributes in process `syz.0.733'. [ 212.422786][ T5147] usbhid 2-1:0.0: can't add hid device: -71 [ 212.428471][ T7618] netlink: 'syz.4.736': attribute type 3 has an invalid length. [ 212.443611][ T5147] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 212.539563][ T5147] usb 2-1: USB disconnect, device number 4 [ 212.581931][ T7444] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 212.608193][ T7444] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 212.639430][ T7444] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 212.678003][ T7444] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 212.792699][ T7629] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 213.046810][ T7638] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 213.074341][ T7444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.119124][ T7444] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.174842][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.182198][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.234715][ T5144] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.241886][ T5144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.284974][ T7647] netlink: 'syz.3.749': attribute type 3 has an invalid length. [ 213.768307][ T7650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.750'. [ 213.882415][ C1] eth0: bad gso: type: 1, size: 1408 [ 214.270395][ T7444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.438127][ T7444] veth0_vlan: entered promiscuous mode [ 214.483578][ T7679] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 214.507896][ T7444] veth1_vlan: entered promiscuous mode [ 214.792437][ T7444] veth0_macvtap: entered promiscuous mode [ 214.804264][ T7444] veth1_macvtap: entered promiscuous mode [ 214.991747][ T7688] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 215.132801][ T7687] netlink: 8 bytes leftover after parsing attributes in process `syz.4.764'. [ 215.203157][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.256976][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.288492][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.319614][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.341706][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.374635][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.388043][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.402210][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.447231][ T7444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 215.506363][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.547108][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.578083][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.613178][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.642755][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.669225][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.691168][ T7444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.717223][ T7444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.756807][ T7444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 215.809957][ T7444] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.851146][ T7444] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.909848][ T7444] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.928261][ T7444] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.183304][ T2460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.222639][ T2460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.287538][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.296907][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.897988][ T25] libceph: connect (1)[c::]:6789 error -101 [ 218.909134][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 218.929467][ T25] libceph: connect (1)[c::]:6789 error -101 [ 218.943073][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 218.959321][ T54] Bluetooth: hci4: unexpected event for opcode 0x0c46 [ 218.971038][ T29] audit: type=1326 audit(1721766099.438:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7778 comm="syz.3.795" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x0 [ 219.208400][ T5144] libceph: connect (1)[c::]:6789 error -101 [ 219.216133][ T5144] libceph: mon0 (1)[c::]:6789 connect error [ 219.661719][ T7779] ceph: No mds server is up or the cluster is laggy [ 219.753841][ T5144] libceph: connect (1)[c::]:6789 error -101 [ 219.787074][ T5144] libceph: mon0 (1)[c::]:6789 connect error [ 219.923528][ T5143] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 220.156742][ T5143] usb 2-1: Using ep0 maxpacket: 32 [ 220.167568][ T5143] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 220.221252][ T5143] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 220.274529][ T5143] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.316866][ T5143] usb 2-1: Product: syz [ 220.321341][ T5143] usb 2-1: Manufacturer: syz [ 220.351295][ T5143] usb 2-1: SerialNumber: syz [ 220.416500][ T5143] usb 2-1: config 0 descriptor?? [ 220.828963][ T7792] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 220.892039][ T5143] hub 2-1:0.0: bad descriptor, ignoring hub [ 220.898538][ T5143] hub 2-1:0.0: probe with driver hub failed with error -5 [ 220.920183][ T5143] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input11 [ 221.191216][ T5147] usb 2-1: USB disconnect, device number 5 [ 221.191230][ C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 222.377615][ T5147] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 222.578095][ T5147] usb 3-1: Using ep0 maxpacket: 32 [ 222.606068][ T5147] usb 3-1: New USB device found, idVendor=0421, idProduct=04d8, bcdDevice=6a.33 [ 222.616715][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.630305][ T5147] usb 3-1: config 0 descriptor?? [ 222.643786][ T5147] usb 3-1: bad CDC descriptors [ 222.663538][ T5147] cdc_acm 3-1:0.0: Zero length descriptor references [ 222.681097][ T5147] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22 [ 222.956839][ T5147] usb 3-1: USB disconnect, device number 8 [ 223.595248][ T7855] xt_ipvs: protocol family 7 not supported [ 225.328093][ T7881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.824'. [ 225.796948][ T6682] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 226.831369][ T6682] usb 1-1: config 1 has an invalid descriptor of length 92, skipping remainder of the config [ 226.894339][ T6682] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 226.943784][ T6682] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.966975][ T29] audit: type=1800 audit(1721766107.390:41): pid=7892 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.829" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 226.971935][ T6682] usb 1-1: Product: syz [ 226.996172][ T6682] usb 1-1: Manufacturer: syz [ 227.192614][ T6682] usb 1-1: SerialNumber: syz [ 227.977320][ T6682] usb 1-1: bad CDC descriptors [ 228.025439][ T6682] usb 1-1: USB disconnect, device number 12 [ 228.976955][ T7912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.838'. [ 229.225963][ T29] audit: type=1800 audit(1721766109.628:42): pid=7932 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.842" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 229.342716][ T7941] netlink: 172 bytes leftover after parsing attributes in process `syz.1.846'. [ 229.474605][ T7919] xt_ipvs: protocol family 7 not supported [ 229.798841][ T58] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 230.012733][ T58] usb 4-1: config 1 has an invalid descriptor of length 92, skipping remainder of the config [ 230.042746][ T58] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 230.075431][ T58] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.118578][ T58] usb 4-1: Product: syz [ 230.143067][ T58] usb 4-1: Manufacturer: syz [ 230.155515][ T58] usb 4-1: SerialNumber: syz [ 230.174362][ T58] usb 4-1: bad CDC descriptors [ 230.748012][ T7968] ptrace attach of "./syz-executor exec"[7969] was attempted by " [ 230.937552][ T58] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 230.985307][ T29] audit: type=1800 audit(1721766111.369:43): pid=7973 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.857" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 231.029440][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.058593][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.276815][ T58] usb 2-1: Using ep0 maxpacket: 32 [ 231.296187][ T58] usb 2-1: New USB device found, idVendor=0421, idProduct=04d8, bcdDevice=6a.33 [ 231.351501][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.418152][ T58] usb 2-1: config 0 descriptor?? [ 231.459152][ T58] usb 2-1: bad CDC descriptors [ 231.466947][ T58] cdc_acm 2-1:0.0: Zero length descriptor references [ 231.481350][ T58] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22 [ 231.773413][ T58] usb 2-1: USB disconnect, device number 6 [ 232.479293][ T58] usb 4-1: USB disconnect, device number 10 [ 233.051912][ T8006] netlink: 20 bytes leftover after parsing attributes in process `syz.0.871'. [ 233.076500][ T8006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.871'. [ 233.122110][ T8006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.871'. [ 233.157994][ T29] audit: type=1326 audit(1721766113.537:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7997 comm="syz.2.868" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1695375f19 code=0x0 [ 233.598240][ T8025] mkiss: ax0: crc mode is auto. [ 233.910267][ T58] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 234.086356][ T8037] netlink: 8 bytes leftover after parsing attributes in process `syz.3.880'. [ 234.149587][ T58] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 234.193449][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.233947][ T58] usb 2-1: config 0 descriptor?? [ 234.260785][ T58] cp210x 2-1:0.0: cp210x converter detected [ 234.553030][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.882'. [ 234.573761][ T25] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 234.757526][ T58] usb 2-1: cp210x converter now attached to ttyUSB0 [ 234.770215][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 234.820502][ T25] usb 3-1: New USB device found, idVendor=0421, idProduct=04d8, bcdDevice=6a.33 [ 234.868608][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.918964][ T25] usb 3-1: config 0 descriptor?? [ 234.946412][ T25] usb 3-1: bad CDC descriptors [ 234.970324][ T25] cdc_acm 3-1:0.0: Zero length descriptor references [ 235.019178][ T25] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22 [ 235.404066][ T58] usb 3-1: USB disconnect, device number 9 [ 235.804944][ T29] audit: type=1326 audit(1721766116.184:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8055 comm="syz.4.888" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f05b9b75f19 code=0x0 [ 235.946973][ T8060] sctp: [Deprecated]: syz.0.889 (pid 8060) Use of int in max_burst socket option. [ 235.946973][ T8060] Use struct sctp_assoc_value instead [ 236.491752][ T58] usb 2-1: USB disconnect, device number 7 [ 236.529016][ T58] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 236.748951][ T58] cp210x 2-1:0.0: device disconnected [ 236.783532][ T8082] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 237.967988][ T8104] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 238.239452][ T8108] netlink: 8 bytes leftover after parsing attributes in process `syz.3.904'. [ 238.617184][ T8111] netlink: 'syz.2.907': attribute type 32 has an invalid length. [ 238.974936][ T8121] netlink: 'syz.4.910': attribute type 11 has an invalid length. [ 239.930036][ T8138] xt_TPROXY: Can be used only with -p tcp or -p udp [ 241.367244][ T8142] netlink: 'syz.4.916': attribute type 1 has an invalid length. [ 241.979776][ T5098] Bluetooth: hci4: command 0x0406 tx timeout [ 242.474304][ T5143] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 242.684991][ T5143] usb 4-1: Using ep0 maxpacket: 16 [ 242.693574][ T5143] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 242.715484][ T5143] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 242.744056][ T5143] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 242.765416][ T5143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.776266][ T8181] Bluetooth: MGMT ver 1.23 [ 242.803012][ T5143] usb 4-1: config 0 descriptor?? [ 243.354131][ T5143] microsoft 0003:045E:07DA.0003: No inputs registered, leaving [ 243.368384][ T5143] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 243.396865][ T5143] microsoft 0003:045E:07DA.0003: no inputs found [ 243.414544][ T5143] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway [ 243.742794][ T8208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 243.913603][ T54] Bluetooth: hci5: command 0x0406 tx timeout [ 243.970091][ T8208] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 244.274503][ T58] usb 4-1: USB disconnect, device number 11 [ 244.457601][ T25] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 244.661244][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 244.669936][ T25] usb 3-1: New USB device found, idVendor=1943, idProduct=2257, bcdDevice=91.ed [ 244.682575][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.691970][ T25] usb 3-1: Product: syz [ 244.697578][ T25] usb 3-1: Manufacturer: syz [ 244.706061][ T25] usb 3-1: SerialNumber: syz [ 244.772919][ T25] usb 3-1: config 0 descriptor?? [ 244.797180][ T25] s2255 3-1:0.0: Could not find bulk-in endpoint [ 244.807718][ T25] Sensoray 2255 driver load failed: 0xfffffff4 [ 244.815335][ T25] s2255 3-1:0.0: probe with driver s2255 failed with error -12 [ 244.998040][ T25] usb 3-1: USB disconnect, device number 10 [ 245.963046][ T8272] netlink: 8 bytes leftover after parsing attributes in process `syz.3.942'. [ 247.194216][ T8286] xt_ipvs: protocol family 7 not supported [ 247.795028][ T8345] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.240950][ T8379] input: syz0 as /devices/virtual/input/input13 [ 250.146003][ T8396] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 250.503048][ T54] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 252.354037][ T8482] input: syz0 as /devices/virtual/input/input14 [ 253.648181][ T8528] netlink: 'syz.0.998': attribute type 10 has an invalid length. [ 253.722622][ T8528] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.757140][ T8528] bond0: (slave team0): Enslaving as an active interface with an up link [ 254.399454][ T8556] IPv6: Can't replace route, no match found [ 254.486608][ T58] libceph: connect (1)[c::]:6789 error -101 [ 254.515168][ T58] libceph: mon0 (1)[c::]:6789 connect error [ 254.592251][ T29] audit: type=1326 audit(1721766134.804:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.2.1004" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1695375f19 code=0x0 [ 254.882363][ T5144] libceph: connect (1)[c::]:6789 error -101 [ 254.894806][ T5144] libceph: mon0 (1)[c::]:6789 connect error [ 255.316857][ T8554] ceph: No mds server is up or the cluster is laggy [ 255.484005][ T8589] netlink: 'syz.3.1011': attribute type 10 has an invalid length. [ 255.547076][ T8589] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.572041][ T8589] bond0: (slave team0): Enslaving as an active interface with an up link [ 255.586409][ T8591] netlink: 'syz.4.1012': attribute type 10 has an invalid length. [ 255.627374][ T8591] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1012'. [ 255.871400][ T8600] xt_TPROXY: Can be used only with -p tcp or -p udp [ 257.677211][ T8596] sched: RT throttling activated [ 259.687350][ T54] Bluetooth: hci5: command 0x0406 tx timeout [ 260.614109][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.620778][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.802014][ T8591] team0: Port device geneve0 added [ 262.066087][ T8617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1020'. [ 262.356973][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 262.555185][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 262.603665][ T9] usb 2-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice=3f.99 [ 262.653223][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.673199][ T9] usb 2-1: config 0 descriptor?? [ 262.706311][ T9] usb 2-1: interface 1 not found [ 262.955493][ T9] usb 2-1: USB disconnect, device number 8 [ 263.251753][ T5147] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 263.292677][ T8673] netlink: 'syz.0.1030': attribute type 1 has an invalid length. [ 263.483387][ T5147] usb 3-1: Using ep0 maxpacket: 8 [ 263.492275][ T5147] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 263.500514][ T5147] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 263.512560][ T5147] usb 3-1: config 0 has no interface number 0 [ 263.522770][ T5147] usb 3-1: config 0 interface 52 has no altsetting 0 [ 263.540566][ T5147] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 263.567303][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 263.582682][ T5147] usb 3-1: Product: syz [ 263.588379][ T5147] usb 3-1: SerialNumber: syz [ 263.608671][ T5147] usb 3-1: config 0 descriptor?? [ 263.717439][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1031'. [ 263.778517][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 264.163481][ T8651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 264.632582][ T8651] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 265.019098][ T8651] netlink: 'syz.2.1027': attribute type 2 has an invalid length. [ 265.071657][ T5147] usb 3-1: USB disconnect, device number 11 [ 265.838627][ T5147] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 265.935488][ T5186] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 266.048161][ T5147] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.059034][ T5147] usb 1-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice=3f.99 [ 266.071304][ T5147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.091530][ T5147] usb 1-1: config 0 descriptor?? [ 266.122232][ T5147] usb 1-1: interface 1 not found [ 266.132729][ T5186] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 266.160163][ T5186] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 266.186682][ T5186] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 266.217634][ T5186] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 266.262911][ T5186] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 266.279986][ T5186] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.319737][ T5147] libceph: connect (1)[c::]:6789 error -101 [ 266.331473][ T5147] libceph: mon0 (1)[c::]:6789 connect error [ 266.347959][ T58] usb 1-1: USB disconnect, device number 13 [ 266.414575][ T54] Bluetooth: hci4: unexpected event for opcode 0x0c46 [ 266.425033][ T29] audit: type=1326 audit(1721766146.599:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8751 comm="syz.3.1044" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x0 [ 266.538797][ T8776] netlink: 'syz.1.1045': attribute type 1 has an invalid length. [ 266.585983][ T5186] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 266.605519][ T5186] usb 3-1: USB disconnect, device number 12 [ 266.619977][ T58] libceph: connect (1)[c::]:6789 error -101 [ 266.631698][ T58] libceph: mon0 (1)[c::]:6789 connect error [ 266.653263][ T5615] udevd[5615]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 267.099547][ T8752] ceph: No mds server is up or the cluster is laggy [ 268.755289][ T8867] usb usb8: usbfs: process 8867 (syz.1.1064) did not claim interface 0 before use [ 271.420683][ T8924] netlink: 'syz.1.1078': attribute type 1 has an invalid length. [ 274.554897][ T8970] xt_ipvs: protocol family 7 not supported [ 274.677191][ T58] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 275.630234][ T58] usb 1-1: config 0 has an invalid interface number: 233 but max is 0 [ 275.664121][ T58] usb 1-1: config 0 has no interface number 0 [ 275.691637][ T58] usb 1-1: config 0 interface 233 altsetting 90 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 275.725454][ T58] usb 1-1: config 0 interface 233 has no altsetting 0 [ 275.749289][ T58] usb 1-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 275.769438][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.800071][ T58] usb 1-1: config 0 descriptor?? [ 276.090105][ T58] usb 1-1: string descriptor 0 read error: -71 [ 276.129474][ T58] ums-realtek 1-1:0.233: USB Mass Storage device detected [ 276.143278][ T25] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 276.438506][ T58] usb 1-1: USB disconnect, device number 14 [ 276.449865][ T25] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 276.730335][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.887185][ T25] usb 2-1: config 0 descriptor?? [ 277.123619][ T9029] syz.2.1102: attempt to access beyond end of device [ 277.123619][ T9029] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 277.375546][ T9049] tun0: tun_chr_ioctl cmd 1074025681 [ 277.847340][ T25] pegasus 2-1:0.0: probe with driver pegasus failed with error -121 [ 277.904018][ T9062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1110'. [ 277.957676][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 279.050024][ T9101] syz.0.1119: attempt to access beyond end of device [ 279.050024][ T9101] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 279.067159][ T9107] tun0: tun_chr_ioctl cmd 1074025681 [ 279.270290][ T58] usb 2-1: USB disconnect, device number 9 [ 279.793112][ T9161] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1133'. [ 279.862586][ T9163] tun0: tun_chr_ioctl cmd 1074025681 [ 279.911433][ T9161] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1133'. [ 280.572254][ T25] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 280.843538][ T25] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 280.863545][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.894647][ T25] usb 4-1: config 0 descriptor?? [ 281.311546][ T9198] xt_CONNSECMARK: invalid mode: 0 [ 282.014490][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1143'. [ 282.062363][ T9207] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 282.072258][ T9207] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 282.081885][ T9207] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 282.090724][ T9207] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 282.147448][ T9207] vxlan0: entered promiscuous mode [ 282.772323][ T25] pegasus 4-1:0.0: probe with driver pegasus failed with error -121 [ 283.737741][ T54] Bluetooth: hci2: unexpected event 0x1c length: 4 < 5 [ 284.781628][ T9261] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1157'. [ 284.949186][ T9] usb 4-1: USB disconnect, device number 12 [ 285.156235][ T9291] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1161'. [ 285.250413][ T5193] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 285.483869][ T5193] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 285.510220][ T9316] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1167'. [ 285.520365][ T5193] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 285.537234][ T5193] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.545713][ T5193] usb 3-1: Product: syz [ 285.553718][ T5193] usb 3-1: Manufacturer: syz [ 285.559911][ T5193] usb 3-1: SerialNumber: syz [ 285.587410][ T5193] cdc_ether 3-1:1.0: skipping garbage [ 285.594172][ T5193] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 287.407786][ T9349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1174'. [ 287.519157][ T25] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 287.722436][ T25] usb 1-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 287.742691][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.791306][ T25] usb 1-1: config 0 descriptor?? [ 287.830223][ T5193] usb 3-1: USB disconnect, device number 13 [ 288.420671][ T9401] ecryptfs_parse_options: eCryptfs: unrecognized option [arrier] [ 288.439043][ T9401] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 288.469340][ T9401] Error parsing options; rc = [-22] [ 288.842970][ T9339] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.854069][ T9339] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 289.917894][ T9339] Cannot find set identified by id 0 to match [ 289.965213][ T25] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 289.997091][ T9400] xt_ipvs: protocol family 7 not supported [ 290.046678][ T25] asix 1-1:0.0: probe with driver asix failed with error -71 [ 290.081805][ T25] usb 1-1: USB disconnect, device number 15 [ 290.227808][ T9427] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1189'. [ 291.124022][ T9439] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1190'. [ 291.704551][ T5147] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 291.750928][ T29] audit: type=1326 audit(1721766171.822:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.4.1197" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f05b9b75f19 code=0x0 [ 291.917280][ T5147] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 291.931610][ T5147] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 291.941821][ T5147] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.955307][ T5147] usb 4-1: Product: syz [ 291.965561][ T5147] usb 4-1: Manufacturer: syz [ 291.976377][ T5147] usb 4-1: SerialNumber: syz [ 291.996611][ T5147] cdc_ether 4-1:1.0: skipping garbage [ 292.002099][ T5147] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 292.467090][ T5193] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 292.748329][ T5193] usb 3-1: Using ep0 maxpacket: 32 [ 292.755023][ T5193] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 292.768604][ T5193] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 292.777685][ T5193] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 292.786008][ T5193] usb 3-1: Product: syz [ 292.790655][ T5193] usb 3-1: Manufacturer: syz [ 292.795960][ T5193] usb 3-1: SerialNumber: syz [ 293.082972][ T5193] usb 3-1: config 0 descriptor?? [ 293.233240][ T9477] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 293.572227][ T5193] usb 3-1: USB disconnect, device number 14 [ 294.184418][ T5143] usb 4-1: USB disconnect, device number 13 [ 295.036728][ T5143] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 295.287373][ T5143] usb 4-1: Using ep0 maxpacket: 8 [ 295.346950][ T5143] usb 4-1: config 0 has an invalid interface number: 5 but max is 0 [ 296.026961][ T5143] usb 4-1: config 0 has no interface number 0 [ 296.059888][ T5143] usb 4-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=f0.ff [ 296.069142][ T5143] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.095647][ T5143] usb 4-1: Product: syz [ 296.100454][ T5143] usb 4-1: Manufacturer: syz [ 296.110843][ T5143] usb 4-1: SerialNumber: syz [ 296.138265][ T5143] usb 4-1: config 0 descriptor?? [ 296.414246][ T5098] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 296.428572][ T5098] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 296.439491][ T5098] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 296.450998][ T5098] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 296.460515][ T5098] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 296.469592][ T5098] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 296.781350][ T9590] input: syz0 as /devices/virtual/input/input15 [ 296.858002][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.031577][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.137263][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.152763][ T9546] chnl_net:caif_netlink_parms(): no params data found [ 297.199113][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.224226][ T5143] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 297.302024][ T9546] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.311445][ T9546] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.319153][ T9546] bridge_slave_0: entered allmulticast mode [ 297.327887][ T9546] bridge_slave_0: entered promiscuous mode [ 297.337804][ T9546] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.345310][ T9546] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.352811][ T9546] bridge_slave_1: entered allmulticast mode [ 297.360389][ T9546] bridge_slave_1: entered promiscuous mode [ 297.411686][ T9546] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.429320][ T5143] usb 3-1: Using ep0 maxpacket: 16 [ 297.447909][ T5143] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 297.464639][ T5143] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0 [ 297.491770][ T5143] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid wMaxPacketSize 0 [ 297.512718][ T5143] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 0 [ 297.529602][ T5144] usb 4-1: USB disconnect, device number 14 [ 297.560275][ T9546] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.578685][ T5143] usb 3-1: New USB device found, idVendor=104f, idProduct=0004, bcdDevice=8f.af [ 297.606051][ T5143] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.630091][ T5143] usb 3-1: Product: syz [ 297.634737][ T5143] usb 3-1: Manufacturer: syz [ 297.642468][ T5143] usb 3-1: SerialNumber: syz [ 297.664358][ T5143] usb 3-1: config 0 descriptor?? [ 297.691189][ T5143] iuu_phoenix 3-1:0.0: iuu_phoenix converter detected [ 297.718980][ T5143] usb 3-1: iuu_phoenix converter now attached to ttyUSB0 [ 297.720276][ T9546] team0: Port device team_slave_0 added [ 297.786721][ T9546] team0: Port device team_slave_1 added [ 297.876046][ T9546] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.883535][ T9546] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.911351][ T5144] usb 3-1: USB disconnect, device number 15 [ 297.911392][ T9546] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.934148][ T9546] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 297.943190][ T9546] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.943585][ T5144] iuu_phoenix ttyUSB0: iuu_phoenix converter now disconnected from ttyUSB0 [ 297.985920][ T9546] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 297.992076][ T5144] iuu_phoenix 3-1:0.0: device disconnected [ 298.024608][ T11] bridge_slave_1: left allmulticast mode [ 298.031333][ T11] bridge_slave_1: left promiscuous mode [ 298.039075][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.055314][ T11] bridge_slave_0: left allmulticast mode [ 298.061026][ T11] bridge_slave_0: left promiscuous mode [ 298.066733][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.514908][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 298.550241][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 298.572040][ T11] bond0 (unregistering): Released all slaves [ 298.578935][ T54] Bluetooth: hci3: command tx timeout [ 298.807767][ T9546] hsr_slave_0: entered promiscuous mode [ 298.824693][ T9546] hsr_slave_1: entered promiscuous mode [ 298.843958][ T9546] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 298.867165][ T9546] Cannot create hsr debugfs directory [ 298.989906][ T29] audit: type=1326 audit(1721766179.027:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9859 comm="syz.3.1219" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faad8b75f19 code=0x0 [ 299.249857][ T11] hsr_slave_0: left promiscuous mode [ 299.257291][ T11] hsr_slave_1: left promiscuous mode [ 299.263867][ T5144] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 299.276591][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 299.286250][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 299.296955][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 299.308957][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 299.334211][ T11] veth1_macvtap: left promiscuous mode [ 299.340802][ T11] veth0_macvtap: left promiscuous mode [ 299.348845][ T11] veth1_vlan: left promiscuous mode [ 299.354654][ T11] veth0_vlan: left promiscuous mode [ 299.475404][ T5144] usb 3-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 299.505618][ T5144] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.549280][ T5144] usb 3-1: config 0 descriptor?? [ 299.737301][ T9964] sock: sock_timestamping_bind_phc: sock not bind to device [ 300.136119][ T11] team0 (unregistering): Port device team_slave_1 removed [ 300.202352][ T11] team0 (unregistering): Port device team_slave_0 removed [ 300.616602][ T9894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 300.633556][ T9894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 300.655096][ T9894] Cannot find set identified by id 0 to match [ 300.666020][ T54] Bluetooth: hci3: command tx timeout [ 301.022924][ T5144] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 301.056645][ T5144] asix 3-1:0.0: probe with driver asix failed with error -71 [ 301.089414][ T5144] usb 3-1: USB disconnect, device number 16 [ 302.482026][ T5193] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 302.615730][ T9546] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 302.726107][ T9546] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 302.727494][ T5193] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 302.752711][ T54] Bluetooth: hci3: command tx timeout [ 302.777274][ T9546] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 302.819768][ T9546] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 302.841066][ T5193] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 302.859200][ T5193] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 302.897896][ T5193] usb 3-1: SerialNumber: syz [ 302.898398][T10065] sock: sock_timestamping_bind_phc: sock not bind to device [ 302.936520][ T5193] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 302.951144][ T5098] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 302.970812][ T5098] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 302.981655][ T5098] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 302.990887][ T5098] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 303.004576][ T5098] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 303.015581][ T5098] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 303.103141][T10082] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1237'. [ 303.132245][T10082] gretap0: entered promiscuous mode [ 303.247150][ T2474] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.477558][ T2474] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.611140][ T2474] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.824549][ T2474] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.903044][ T9546] 8021q: adding VLAN 0 to HW filter on device bond0 [ 303.933306][T10132] netlink: 340 bytes leftover after parsing attributes in process `syz.4.1246'. [ 304.159003][ T9546] 8021q: adding VLAN 0 to HW filter on device team0 [ 304.445500][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.452867][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.550113][ T2474] bridge_slave_1: left allmulticast mode [ 304.555821][ T2474] bridge_slave_1: left promiscuous mode [ 304.607996][ T2474] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.918211][ T5098] Bluetooth: hci3: command tx timeout [ 305.082107][ T5098] Bluetooth: hci1: command tx timeout [ 305.284954][ T25] usb 3-1: USB disconnect, device number 17 [ 305.298762][ T2474] bridge_slave_0: left allmulticast mode [ 305.320432][ T2474] bridge_slave_0: left promiscuous mode [ 305.474632][ T2474] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.562439][T10265] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1257'. [ 305.913471][T10275] xt_CONNSECMARK: invalid mode: 0 [ 305.952048][ T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 306.738152][ T9] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 306.755314][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.773402][ T9] usb 4-1: config 0 descriptor?? [ 306.925055][ T2474] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 306.937473][ T2474] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 306.952271][ T2474] bond0 (unregistering): (slave team0): Releasing backup interface [ 306.964543][ T2474] bond0 (unregistering): Released all slaves [ 306.994491][T10066] chnl_net:caif_netlink_parms(): no params data found [ 307.043054][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.050257][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 307.167651][ T5098] Bluetooth: hci1: command tx timeout [ 307.299451][T10066] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.313736][T10066] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.325178][T10066] bridge_slave_0: entered allmulticast mode [ 307.334048][T10066] bridge_slave_0: entered promiscuous mode [ 307.375381][T10066] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.385769][T10066] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.393378][T10066] bridge_slave_1: entered allmulticast mode [ 307.401225][T10066] bridge_slave_1: entered promiscuous mode [ 307.491655][T10066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 307.528289][ T2474] hsr_slave_0: left promiscuous mode [ 307.539517][ T2474] hsr_slave_1: left promiscuous mode [ 307.550026][ T2474] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 307.561851][ T2474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 307.573992][ T2474] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 307.589954][ T2474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 307.625758][ T2474] veth1_macvtap: left promiscuous mode [ 307.639893][ T2474] veth0_macvtap: left promiscuous mode [ 307.648059][ T2474] veth1_vlan: left promiscuous mode [ 307.653446][ T2474] veth0_vlan: left promiscuous mode [ 307.778602][ T9] pegasus 4-1:0.0: probe with driver pegasus failed with error -121 [ 308.393184][ T2474] team0 (unregistering): Port device team_slave_1 removed [ 308.464876][ T2474] team0 (unregistering): Port device team_slave_0 removed [ 309.081412][ T9] usb 4-1: USB disconnect, device number 15 [ 309.149268][T10066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.253610][ T5098] Bluetooth: hci1: command tx timeout [ 309.360421][T10066] team0: Port device team_slave_0 added [ 309.458324][T10066] team0: Port device team_slave_1 added [ 310.341669][T10066] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.353113][T10066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.385245][T10066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.408057][T10066] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.415522][T10066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.450945][T10066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 310.701991][T10066] hsr_slave_0: entered promiscuous mode [ 310.711292][T10066] hsr_slave_1: entered promiscuous mode [ 311.021380][ T9546] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 311.338988][ T54] Bluetooth: hci1: command tx timeout [ 311.339210][ T5107] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 311.353213][ T5107] Bluetooth: hci2: Injecting HCI hardware error event [ 311.363082][ T5107] Bluetooth: hci2: hardware error 0x00 [ 311.573206][ T9546] veth0_vlan: entered promiscuous mode [ 311.620430][ T9546] veth1_vlan: entered promiscuous mode [ 311.873833][ T9546] veth0_macvtap: entered promiscuous mode [ 311.920418][ T9546] veth1_macvtap: entered promiscuous mode [ 312.001466][ T9546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 312.019685][ T9546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.030949][ T9546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 312.041921][ T9546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.056937][ T9546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 312.069625][ T9546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.120283][ T9546] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 312.222517][T10615] ip6gretap0: entered promiscuous mode [ 312.232889][T10615] ip6gretap0: left promiscuous mode [ 312.285485][ T9546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.299864][ T9546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.312454][ T9546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.324235][ T9546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.334503][ T9546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.345157][ T9546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.362630][ T9546] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 312.387380][ T9546] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.397107][ T9546] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.407599][ T9546] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.417084][ T9546] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.482564][T10066] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 312.520791][T10066] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 312.567884][T10066] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 312.599928][T10066] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 312.644523][T10634] team0: entered allmulticast mode [ 312.656401][T10634] team_slave_0: entered allmulticast mode [ 312.665277][T10634] team_slave_1: entered allmulticast mode [ 312.693810][T10634] dvmrp0: entered allmulticast mode [ 312.760547][ T987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 312.788636][ T987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.869263][ T2474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 312.891361][ T2474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.989205][T10066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.048573][T10066] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.110495][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.117722][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 313.130101][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.137666][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 313.290335][T10672] ip6gretap0: entered promiscuous mode [ 313.314805][T10672] ip6gretap0: left promiscuous mode [ 313.424882][ T54] Bluetooth: hci1: command 0x0405 tx timeout [ 313.426284][ T5107] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 313.480945][T10066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 313.499096][T10682] netlink: 'syz.2.1295': attribute type 4 has an invalid length. [ 313.583481][T10066] veth0_vlan: entered promiscuous mode [ 313.626549][T10066] veth1_vlan: entered promiscuous mode [ 313.717629][T10066] veth0_macvtap: entered promiscuous mode [ 313.738366][T10066] veth1_macvtap: entered promiscuous mode [ 313.772611][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.792103][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.803701][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 313.932698][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.045999][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 314.186099][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.288532][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 314.400663][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.489181][T10066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 314.564366][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.576081][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.593255][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.635149][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.657819][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.674681][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.685699][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.696798][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.728756][T10066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 314.757238][T10066] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.766995][T10066] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.786672][T10066] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.833189][T10066] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.937374][T10716] wireguard0: entered promiscuous mode [ 314.945159][T10716] wireguard0: entered allmulticast mode [ 315.164859][T10735] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 315.365425][ T29] audit: type=1326 audit(1721766195.347:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10748 comm="syz.4.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b9b75f19 code=0x7ffc0000 [ 315.389137][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.406652][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.621072][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.629787][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.648578][ T29] audit: type=1326 audit(1721766195.357:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10748 comm="syz.4.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b9b75f19 code=0x7ffc0000 [ 315.914444][ T29] audit: type=1326 audit(1721766195.357:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10748 comm="syz.4.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f05b9b75f19 code=0x7ffc0000 [ 315.937820][ T29] audit: type=1326 audit(1721766195.357:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10748 comm="syz.4.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b9b75f19 code=0x7ffc0000 [ 316.070255][ T29] audit: type=1326 audit(1721766195.357:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10748 comm="syz.4.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b9b75f19 code=0x7ffc0000 [ 316.668615][T10792] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 317.442727][ T5098] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 317.458773][ T5098] Bluetooth: hci3: Injecting HCI hardware error event [ 317.583655][ T5107] Bluetooth: hci3: hardware error 0x00 [ 318.326168][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.341819][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.425545][T10815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1329'. [ 321.699147][T10830] program syz.0.1331 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 321.726613][ T5141] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 321.891965][T10836] netlink: 'syz.0.1333': attribute type 10 has an invalid length. [ 321.916905][ T5141] usb 2-1: Using ep0 maxpacket: 8 [ 321.930690][ T5141] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 321.942835][T10836] team0: Device hsr_slave_0 failed to register rx_handler [ 321.950599][ T5141] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.963861][ T5141] usb 2-1: config 0 descriptor?? [ 322.256002][T10847] i2c i2c-0: Invalid block write size 254 [ 323.510626][ T5107] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 326.868891][ T5141] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 326.909142][ T5141] asix 2-1:0.0: probe with driver asix failed with error -71 [ 326.959359][ T5141] usb 2-1: USB disconnect, device number 10 [ 326.966929][T10863] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 1 (only 8 groups) [ 327.957395][T10900] i2c i2c-0: Invalid block write size 254 [ 329.968251][T10929] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1357'. [ 330.016414][T10929] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1357'. [ 330.104485][T10934] i2c i2c-0: Invalid block write size 254 [ 332.532502][ T5141] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 332.742630][ T5141] usb 3-1: Using ep0 maxpacket: 32 [ 332.767487][ T5141] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 332.807665][ T5141] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.904385][ T5141] usb 3-1: config 0 descriptor?? [ 332.967916][ T5141] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 333.170086][ T5141] gspca_nw80x: reg_w err -71 [ 333.193727][ T5141] nw80x 3-1:0.0: probe with driver nw80x failed with error -71 [ 333.243780][ T5141] usb 3-1: USB disconnect, device number 18 [ 334.759675][ T29] audit: type=1326 audit(1721766214.710:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10997 comm="syz.0.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2560375f19 code=0x7ffc0000 [ 334.953923][ T29] audit: type=1326 audit(1721766214.720:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10997 comm="syz.0.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2560375f19 code=0x7ffc0000 [ 335.055053][ T29] audit: type=1326 audit(1721766214.720:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10997 comm="syz.0.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2560375f19 code=0x7ffc0000 [ 335.151178][ T29] audit: type=1326 audit(1721766214.720:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10997 comm="syz.0.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2560375f19 code=0x7ffc0000 [ 335.173658][ T29] audit: type=1326 audit(1721766214.720:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10997 comm="syz.0.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2560375f19 code=0x7ffc0000 [ 336.188674][T11030] syz.2.1380[11030] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 336.188828][T11030] syz.2.1380[11030] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 336.472192][T11039] vxfs: WRONG superblock magic 00000000 at 1 [ 336.491830][T11039] vxfs: WRONG superblock magic 00000000 at 8 [ 336.498067][T11039] vxfs: can't find superblock. [ 337.724658][ T5107] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 337.812941][ T29] audit: type=1326 audit(1721766217.744:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11062 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1695375f19 code=0x7ffc0000 [ 337.903652][ T29] audit: type=1326 audit(1721766217.744:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11062 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1695375f19 code=0x7ffc0000 [ 337.963524][ T29] audit: type=1326 audit(1721766217.744:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11062 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1695375f19 code=0x7ffc0000 [ 338.070172][ T29] audit: type=1326 audit(1721766217.744:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11062 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1695375f19 code=0x7ffc0000 [ 338.132125][ T29] audit: type=1326 audit(1721766217.744:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11062 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1695375f19 code=0x7ffc0000 [ 338.200623][T11078] overlayfs: missing 'lowerdir' [ 338.492924][T11092] syz.3.1396[11092] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 338.493071][T11092] syz.3.1396[11092] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 338.586862][T11094] /dev/nullb0: Can't open blockdev [ 340.332269][T11124] xt_CT: You must specify a L4 protocol and not use inversions on it [ 340.977356][T11133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1407'. [ 342.634019][T11145] vxfs: WRONG superblock magic 00000000 at 1 [ 342.640530][T11145] vxfs: WRONG superblock magic 00000000 at 8 [ 342.646789][T11145] vxfs: can't find superblock. [ 343.102627][T11130] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 343.604809][ T25] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 344.125856][ T25] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 344.135094][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.302089][ T25] usb 2-1: config 0 descriptor?? [ 344.387001][T11187] nla_validate_range_unsigned: 2 callbacks suppressed [ 344.387022][T11187] netlink: 'syz.2.1418': attribute type 11 has an invalid length. [ 344.627332][T11199] xt_CT: You must specify a L4 protocol and not use inversions on it [ 348.380224][ T25] pegasus 2-1:0.0: probe with driver pegasus failed with error -32 [ 348.394788][ T25] usb 2-1: USB disconnect, device number 11 [ 348.567665][T11240] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 348.602514][T11241] netlink: 'syz.3.1429': attribute type 11 has an invalid length. [ 348.635998][T11240] VFS: Can't find a romfs filesystem on dev nullb0. [ 348.635998][T11240] [ 348.920616][T11264] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1433'. [ 348.982090][T11265] [ 348.984476][T11265] ====================================================== [ 348.991510][T11265] WARNING: possible circular locking dependency detected [ 348.998543][T11265] 6.10.0-syzkaller-12084-g28bbe4ea686a #0 Not tainted [ 349.005321][T11265] ------------------------------------------------------ [ 349.012441][T11265] syz.0.1432/11265 is trying to acquire lock: [ 349.018521][T11265] ffff888011487940 (&sbi->pipe_mutex){+.+.}-{3:3}, at: autofs_notify_daemon+0x71f/0xf80 [ 349.028394][T11265] [ 349.028394][T11265] but task is already holding lock: [ 349.035821][T11265] ffff888062a25c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 349.045178][T11265] [ 349.045178][T11265] which lock already depends on the new lock. [ 349.045178][T11265] [ 349.055596][T11265] [ 349.055596][T11265] the existing dependency chain (in reverse order) is: [ 349.064670][T11265] [ 349.064670][T11265] -> #2 (&of->mutex){+.+.}-{3:3}: [ 349.071897][T11265] lock_acquire+0x1ed/0x550 [ 349.076933][T11265] __mutex_lock+0x136/0xd70 [ 349.081951][T11265] kernfs_fop_write_iter+0x1eb/0x500 [ 349.087755][T11265] iter_file_splice_write+0xbd7/0x14e0 [ 349.093727][T11265] do_splice+0xd77/0x1900 [ 349.098589][T11265] __se_sys_splice+0x331/0x4a0 [ 349.103874][T11265] do_syscall_64+0xf3/0x230 [ 349.108913][T11265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.115333][T11265] [ 349.115333][T11265] -> #1 (&pipe->mutex){+.+.}-{3:3}: [ 349.122708][T11265] lock_acquire+0x1ed/0x550 [ 349.127722][T11265] __mutex_lock+0x136/0xd70 [ 349.132731][T11265] pipe_write+0x1c9/0x1a40 [ 349.137668][T11265] __kernel_write_iter+0x47e/0x900 [ 349.143287][T11265] __kernel_write+0x120/0x180 [ 349.148471][T11265] autofs_notify_daemon+0x732/0xf80 [ 349.154174][T11265] autofs_wait+0x10b8/0x1b30 [ 349.159269][T11265] autofs_mount_wait+0x170/0x330 [ 349.164714][T11265] autofs_d_automount+0x555/0x710 [ 349.170258][T11265] __traverse_mounts+0x2ba/0x580 [ 349.175708][T11265] step_into+0x5e5/0x1080 [ 349.180544][T11265] path_openat+0x184b/0x3470 [ 349.185641][T11265] do_filp_open+0x235/0x490 [ 349.190652][T11265] do_sys_openat2+0x13e/0x1d0 [ 349.195844][T11265] __x64_sys_openat+0x247/0x2a0 [ 349.201204][T11265] do_syscall_64+0xf3/0x230 [ 349.206217][T11265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.212710][T11265] [ 349.212710][T11265] -> #0 (&sbi->pipe_mutex){+.+.}-{3:3}: [ 349.220432][T11265] validate_chain+0x18e0/0x5900 [ 349.226311][T11265] __lock_acquire+0x137a/0x2040 [ 349.231848][T11265] lock_acquire+0x1ed/0x550 [ 349.236954][T11265] __mutex_lock+0x136/0xd70 [ 349.241993][T11265] autofs_notify_daemon+0x71f/0xf80 [ 349.247695][T11265] autofs_wait+0x10b8/0x1b30 [ 349.252789][T11265] autofs_mount_wait+0x170/0x330 [ 349.258233][T11265] autofs_d_automount+0x555/0x710 [ 349.263805][T11265] __traverse_mounts+0x2ba/0x580 [ 349.269257][T11265] step_into+0x5e5/0x1080 [ 349.274123][T11265] path_lookupat+0x16f/0x450 [ 349.279224][T11265] filename_lookup+0x256/0x610 [ 349.284503][T11265] kern_path+0x35/0x50 [ 349.289088][T11265] lookup_bdev+0xc5/0x290 [ 349.293957][T11265] resume_store+0x1a0/0x710 [ 349.298970][T11265] kernfs_fop_write_iter+0x3a1/0x500 [ 349.304763][T11265] iter_file_splice_write+0xbd7/0x14e0 [ 349.310733][T11265] direct_splice_actor+0x11e/0x220 [ 349.316363][T11265] splice_direct_to_actor+0x58e/0xc90 [ 349.322245][T11265] do_splice_direct+0x28c/0x3e0 [ 349.327613][T11265] do_sendfile+0x56d/0xe20 [ 349.332539][T11265] __se_sys_sendfile64+0x17c/0x1e0 [ 349.338156][T11265] do_syscall_64+0xf3/0x230 [ 349.343168][T11265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.349747][T11265] [ 349.349747][T11265] other info that might help us debug this: [ 349.349747][T11265] [ 349.359958][T11265] Chain exists of: [ 349.359958][T11265] &sbi->pipe_mutex --> &pipe->mutex --> &of->mutex [ 349.359958][T11265] [ 349.372377][T11265] Possible unsafe locking scenario: [ 349.372377][T11265] [ 349.379820][T11265] CPU0 CPU1 [ 349.385171][T11265] ---- ---- [ 349.390523][T11265] lock(&of->mutex); [ 349.394503][T11265] lock(&pipe->mutex); [ 349.401162][T11265] lock(&of->mutex); [ 349.407650][T11265] lock(&sbi->pipe_mutex); [ 349.412161][T11265] [ 349.412161][T11265] *** DEADLOCK *** [ 349.412161][T11265] [ 349.420374][T11265] 3 locks held by syz.0.1432/11265: [ 349.425550][T11265] #0: ffff888078d9c420 (sb_writers#8){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x220 [ 349.435210][T11265] #1: ffff888062a25c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 349.444949][T11265] #2: ffff888017af73c8 (kn->active#62){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 349.454947][T11265] [ 349.454947][T11265] stack backtrace: [ 349.460828][T11265] CPU: 1 UID: 0 PID: 11265 Comm: syz.0.1432 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 349.471223][T11265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 349.481278][T11265] Call Trace: [ 349.484546][T11265] [ 349.487471][T11265] dump_stack_lvl+0x241/0x360 [ 349.492141][T11265] ? __pfx_dump_stack_lvl+0x10/0x10 [ 349.497332][T11265] ? print_circular_bug+0x130/0x1a0 [ 349.502521][T11265] check_noncircular+0x36a/0x4a0 [ 349.507445][T11265] ? __pfx_check_noncircular+0x10/0x10 [ 349.512901][T11265] validate_chain+0x18e0/0x5900 [ 349.517745][T11265] ? __pfx_validate_chain+0x10/0x10 [ 349.522928][T11265] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 349.529332][T11265] ? do_raw_spin_unlock+0x13c/0x8b0 [ 349.534516][T11265] ? finish_task_switch+0x1e5/0x870 [ 349.539697][T11265] ? lockdep_hardirqs_on+0x99/0x150 [ 349.544886][T11265] ? __schedule+0x17b6/0x4a10 [ 349.549559][T11265] ? mark_lock+0x9a/0x350 [ 349.553881][T11265] __lock_acquire+0x137a/0x2040 [ 349.558728][T11265] lock_acquire+0x1ed/0x550 [ 349.563219][T11265] ? autofs_notify_daemon+0x71f/0xf80 [ 349.568582][T11265] ? __pfx_lock_acquire+0x10/0x10 [ 349.573599][T11265] ? __pfx___might_resched+0x10/0x10 [ 349.578888][T11265] ? autofs_notify_daemon+0x6c6/0xf80 [ 349.584249][T11265] ? __pfx_lock_release+0x10/0x10 [ 349.589274][T11265] __mutex_lock+0x136/0xd70 [ 349.593775][T11265] ? autofs_notify_daemon+0x71f/0xf80 [ 349.599135][T11265] ? __mutex_unlock_slowpath+0x21d/0x750 [ 349.604761][T11265] ? autofs_notify_daemon+0x71f/0xf80 [ 349.610121][T11265] ? __pfx___mutex_lock+0x10/0x10 [ 349.615129][T11265] ? from_kgid_munged+0x1fe/0x7a0 [ 349.620144][T11265] ? __pfx_from_kgid_munged+0x10/0x10 [ 349.625504][T11265] ? kasan_save_track+0x51/0x80 [ 349.630338][T11265] ? kasan_save_track+0x3f/0x80 [ 349.635174][T11265] ? __kasan_kmalloc+0x98/0xb0 [ 349.639924][T11265] ? autofs_notify_daemon+0x48c/0xf80 [ 349.645282][T11265] autofs_notify_daemon+0x71f/0xf80 [ 349.650465][T11265] ? iter_file_splice_write+0xbd7/0x14e0 [ 349.656093][T11265] ? __pfx_autofs_notify_daemon+0x10/0x10 [ 349.661832][T11265] ? __init_waitqueue_head+0xae/0x150 [ 349.667202][T11265] autofs_wait+0x10b8/0x1b30 [ 349.671785][T11265] ? __pfx_autofs_wait+0x10/0x10 [ 349.676714][T11265] ? autofs_d_automount+0x54b/0x710 [ 349.681904][T11265] ? __pfx_lock_release+0x10/0x10 [ 349.686917][T11265] ? _raw_spin_unlock+0x28/0x50 [ 349.691790][T11265] ? path_has_submounts+0x10b/0x170 [ 349.697008][T11265] autofs_mount_wait+0x170/0x330 [ 349.701948][T11265] autofs_d_automount+0x555/0x710 [ 349.707002][T11265] __traverse_mounts+0x2ba/0x580 [ 349.711957][T11265] step_into+0x5e5/0x1080 [ 349.716285][T11265] ? __up_read+0x2c2/0x6b0 [ 349.720691][T11265] ? __pfx___up_read+0x10/0x10 [ 349.725438][T11265] ? make_vfsuid+0x46/0x90 [ 349.729843][T11265] ? __pfx_step_into+0x10/0x10 [ 349.734620][T11265] ? walk_component+0x18d/0x410 [ 349.739475][T11265] path_lookupat+0x16f/0x450 [ 349.744068][T11265] filename_lookup+0x256/0x610 [ 349.748829][T11265] ? __pfx_filename_lookup+0x10/0x10 [ 349.754114][T11265] ? getname_kernel+0x59/0x2f0 [ 349.758882][T11265] ? rcu_is_watching+0x15/0xb0 [ 349.763663][T11265] ? getname_kernel+0x59/0x2f0 [ 349.768434][T11265] ? getname_kernel+0x140/0x2f0 [ 349.773291][T11265] kern_path+0x35/0x50 [ 349.777355][T11265] lookup_bdev+0xc5/0x290 [ 349.781699][T11265] ? rcu_is_watching+0x15/0xb0 [ 349.786472][T11265] ? __pfx_lookup_bdev+0x10/0x10 [ 349.791403][T11265] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 349.798007][T11265] ? __asan_memcpy+0x40/0x70 [ 349.802621][T11265] resume_store+0x1a0/0x710 [ 349.807131][T11265] ? __pfx_resume_store+0x10/0x10 [ 349.812152][T11265] ? sysfs_kf_write+0x182/0x2a0 [ 349.816995][T11265] ? __pfx_sysfs_kf_write+0x10/0x10 [ 349.822184][T11265] kernfs_fop_write_iter+0x3a1/0x500 [ 349.827459][T11265] iter_file_splice_write+0xbd7/0x14e0 [ 349.832923][T11265] ? __pfx_iter_file_splice_write+0x10/0x10 [ 349.838816][T11265] ? rcu_read_lock_any_held+0xb7/0x160 [ 349.844271][T11265] ? __pfx_iter_file_splice_write+0x10/0x10 [ 349.850155][T11265] direct_splice_actor+0x11e/0x220 [ 349.855258][T11265] splice_direct_to_actor+0x58e/0xc90 [ 349.860630][T11265] ? __pfx_direct_splice_actor+0x10/0x10 [ 349.866254][T11265] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 349.872137][T11265] ? __fget_files+0x29/0x470 [ 349.876717][T11265] ? __pfx_lock_release+0x10/0x10 [ 349.881746][T11265] do_splice_direct+0x28c/0x3e0 [ 349.886602][T11265] ? __pfx_do_splice_direct+0x10/0x10 [ 349.891969][T11265] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 349.897851][T11265] ? rw_verify_area+0x1d2/0x6b0 [ 349.902690][T11265] do_sendfile+0x56d/0xe20 [ 349.907104][T11265] ? __pfx_do_sendfile+0x10/0x10 [ 349.912035][T11265] __se_sys_sendfile64+0x17c/0x1e0 [ 349.917139][T11265] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 349.922759][T11265] ? do_syscall_64+0x100/0x230 [ 349.927543][T11265] ? do_syscall_64+0xb6/0x230 [ 349.932486][T11265] do_syscall_64+0xf3/0x230 [ 349.936993][T11265] ? clear_bhb_loop+0x35/0x90 [ 349.941667][T11265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.947659][T11265] RIP: 0033:0x7f2560375f19 [ 349.952077][T11265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.971717][T11265] RSP: 002b:00007f256111d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 349.980150][T11265] RAX: ffffffffffffffda RBX: 00007f2560506038 RCX: 00007f2560375f19 [ 349.988113][T11265] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 349.996091][T11265] RBP: 00007f25603e4e68 R08: 0000000000000000 R09: 0000000000000000 [ 350.004063][T11265] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 350.012026][T11265] R13: 000000000000006e R14: 00007f2560506038 R15: 00007fffe0ea8788 [ 350.019997][T11265] [ 350.083686][T11265] PM: Image not found (code -6)