last executing test programs: 2m28.078670647s ago: executing program 4 (id=636): open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000580)=[{{&(0x7f00000004c0)=@xdp={0x2c, 0x0, r2, 0x38}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000340)='\a', 0x1}], 0x1}}], 0x1, 0x0) 2m27.820724868s ago: executing program 4 (id=639): sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x16}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10}}}}}}, 0x0) 2m27.619554998s ago: executing program 4 (id=642): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x8000}, 0x4) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0xfffd, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0xe, 0x9}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) syz_emit_ethernet(0x2a, &(0x7f0000000300)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x0, 0x1c, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) 2m26.26004764s ago: executing program 4 (id=658): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902120001000000000904"], 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) 2m24.329770411s ago: executing program 4 (id=680): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000300)='./file1\x00', &(0x7f0000000080)='tmpfs\x00', 0x800, 0x0) 2m24.162662819s ago: executing program 4 (id=682): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESHEX, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800e00010069703665727370616e0000002c"], 0x60}}, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa080009"], 0x48}}, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 2m8.985411709s ago: executing program 32 (id=682): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESHEX, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800e00010069703665727370616e0000002c"], 0x60}}, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa080009"], 0x48}}, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1m29.773641588s ago: executing program 3 (id=1173): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r2, &(0x7f0000000840)={&(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000880)=ANY=[], 0xa, 0x800}, 0x4000080) close(r0) 1m19.976364335s ago: executing program 5 (id=1306): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r2, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) 1m19.747167065s ago: executing program 5 (id=1309): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) write(r0, &(0x7f0000000180)="2cd889f0253e14f3", 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x24c01, 0x0) write$FUSE_ENTRY(r3, &(0x7f0000000340)={0x90, 0x0, 0x0, {0x2, 0x0, 0xa, 0x0, 0x7ff, 0x7, {0x5, 0x6, 0x7ff, 0x5, 0x51b5, 0x4, 0x1, 0x7fffffff, 0xf5, 0x6000, 0x9, 0x0, 0x0, 0x6, 0x3e}}}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x8], 0x0, 0x0, 0x1}}, 0x40) 1m19.374714208s ago: executing program 5 (id=1313): r0 = socket$nl_rdma(0x10, 0x3, 0x14) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r3, 0x0, 0x400000008000f28, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) splice(r2, 0x0, r1, 0x0, 0x114, 0xe) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="00010000031401"], 0x100}, 0x1, 0x0, 0x0, 0x4040024}, 0x0) 1m18.986011307s ago: executing program 5 (id=1319): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2125099, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') sendfile(r0, r0, &(0x7f0000000000)=0x2eb4, 0x2000007ff) 1m18.770579942s ago: executing program 5 (id=1321): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x55) listen(r0, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r1, 0x0) 1m18.398731075s ago: executing program 5 (id=1326): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) add_key(&(0x7f0000000240)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) pipe2$watch_queue(&(0x7f00000000c0), 0x80) r1 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) 1m18.101892459s ago: executing program 33 (id=1326): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) add_key(&(0x7f0000000240)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) pipe2$watch_queue(&(0x7f00000000c0), 0x80) r1 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) 1m6.891835307s ago: executing program 3 (id=1173): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r2, &(0x7f0000000840)={&(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000880)=ANY=[], 0xa, 0x800}, 0x4000080) close(r0) 53.99407426s ago: executing program 3 (id=1173): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r2, &(0x7f0000000840)={&(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000880)=ANY=[], 0xa, 0x800}, 0x4000080) close(r0) 45.118772332s ago: executing program 6 (id=1584): socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x1, 0xfffffffd, 0xd3}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x72, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r0, 0x47bc, 0xf5, 0x0, 0x0, 0x0) 44.238164008s ago: executing program 6 (id=1593): r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8) bind$vsock_stream(r0, &(0x7f0000000940), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f00000000c0)={0x28, 0x0, 0x0, @local}, 0x10) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1) shutdown(r1, 0x1) 43.473311154s ago: executing program 6 (id=1600): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2721, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) 43.103122471s ago: executing program 6 (id=1602): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2125099, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 42.824740017s ago: executing program 6 (id=1606): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x77, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = syz_io_uring_setup(0x1ed3, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x5, 0x279}, &(0x7f00000002c0)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='pids.current\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0x8, 0x0, 0x0, 0x9, 0x7, 0x1}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 42.571477093s ago: executing program 3 (id=1173): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r2, &(0x7f0000000840)={&(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000880)=ANY=[], 0xa, 0x800}, 0x4000080) close(r0) 42.518468921s ago: executing program 6 (id=1612): syz_open_dev$sndmidi(0x0, 0x2, 0x141101) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) openat$snapshot(0xffffffffffffff9c, 0x0, 0x40000, 0x19) ioctl$VIDIOC_S_MODULATOR(0xffffffffffffffff, 0x40445637, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f0000000080), 0x0) 42.125991019s ago: executing program 34 (id=1612): syz_open_dev$sndmidi(0x0, 0x2, 0x141101) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) openat$snapshot(0xffffffffffffff9c, 0x0, 0x40000, 0x19) ioctl$VIDIOC_S_MODULATOR(0xffffffffffffffff, 0x40445637, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f0000000080), 0x0) 25.724699847s ago: executing program 3 (id=1173): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r2, &(0x7f0000000840)={&(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000880)=ANY=[], 0xa, 0x800}, 0x4000080) close(r0) 10.302501134s ago: executing program 3 (id=1173): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r2, &(0x7f0000000840)={&(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000880)=ANY=[], 0xa, 0x800}, 0x4000080) close(r0) 5.260277216s ago: executing program 7 (id=1857): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x1e, 0x3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="c4000000250001"], 0xc4}}, 0x4004) 4.562125262s ago: executing program 7 (id=1859): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x1}], 0x1}}], 0x1, 0x24008094) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) recvfrom$unix(r2, &(0x7f0000000140)=""/263, 0x40000, 0x0, 0x0, 0x0) 4.308005509s ago: executing program 7 (id=1862): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1038, 0x1410, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, &(0x7f0000000300)={0x0, 0x24, 0x51, {0x51, 0x11, "98e7c6dde4263d3db71c093cce367bb457fe88370a0c28a5d8caa241bd126bbed473dc60eaf35dd8e411674436de007ac8044f3d0dbc02ad4cf91e4a9304e18e49883d8daa6391ce25526420ee47d4"}}, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xc, 0x2031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 3.693256012s ago: executing program 1 (id=1869): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r0}, 0x18) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r4, 0x0, r3, 0x0, 0x46) close(r3) 3.622253887s ago: executing program 1 (id=1870): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events.local\x00', 0x275a, 0x0) sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, 0x0, 0x18040) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x25, &(0x7f0000000080)=0x1, 0x4) 3.415131579s ago: executing program 1 (id=1871): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x42202) socketpair$unix(0x1, 0x3, 0x0, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) 3.17920732s ago: executing program 1 (id=1872): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1}) io_uring_enter(r2, 0x47fa, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) 3.046573614s ago: executing program 0 (id=1873): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x1}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast2, 0x2}, 0x1c) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) bind$inet6(r3, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) 2.972497318s ago: executing program 0 (id=1874): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r0, &(0x7f0000000300)="f7b920e49a48d1", 0x7) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=[0x1, 0x7], 0x0, 0x0, 0x2}}, 0x40) 2.586611593s ago: executing program 0 (id=1876): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x842, 0x0) writev(r0, &(0x7f0000000a40)=[{&(0x7f00000003c0)="ff071d6ce89d96666b08e828be032f55097076e40148c200000000fb00000200"/50, 0x32}, {&(0x7f0000000bc0)="d18a876f8f46c153dde8db040cc7e763ba2fab29aca1a1a2e0a38bc757e61b5aab090000000000000051ed697ff263589940cf437f1efae8e2342bb1adc1c9d8febaecb3aef2d7650869408a287d92d06f5d660a68f3f0a39e926d8dbd6f8d9de335fe4c520feaffc62c3435ab63a2f77234987d3b1130d31bd78fb28883050a1b8dd4ea2cdc62703eb86600dba7da620ad621c21b75893f334cfc82a3931e8cf3dfa12d31fa32797f5a940475fd8947bde48c8126a44eb9d229126e34e0d8aace15047ccd5bd0932270c88dac48e0bbb2af55a35efca697fe5435b19f", 0xdd}, {&(0x7f0000000000)="a9e47d4ed965685b48214fff756364b93155b267f07697b50eede6ed45f973d3da857dba0deed519dc9a7267b99f19a1b405e7d2", 0x34}, {&(0x7f00000001c0)="10", 0x1}], 0x4) syz_emit_ethernet(0x4e, &(0x7f0000001080)=ANY=[@ANYBLOB="0380c2000003aaaaaaaaaa4388a82700810000000000000000000064000000019078ac1e0001ac1414aa053490781200183f2500000000000000000100000000000000000000001863718e9bf70337791d7490689766c279a5acf4af6acf59dd6f018b35906beab7dba0f055fb1f54eb5d6e2bce4a55babffec5d9cbc39760551ff675c20f3b0d5e24f0c307bdbacfcab02d91f63014e884adbab3724374572b1c6497a08bda0b09832d433047dd57a514e479a40fd2fd80396a5dcc4a42d73061f846a9a4a8024516d39e940048855e1468dead1f8072edb18178f622b07ddcd15db84b4e27645a51cb67b8d9ba4f7b9ac3b57f2c3f5a5d0eeb8c293c469509ddd31b673b80302afe18073916fc3456958e8a01f6e6cc2fd84b6200745be0848d1fa8051bb78e7af347e0aedfb979f86c728840476052b162e9f99d020444040ac930568d0ab4212dc89dced247ef7ba297ea7c1c648cb9898299186706b9d93151a2ea9f15175fa5a6d4ea9591a0dd47b7f15d9fc4e935b3a7cd768c"], 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) r1 = socket$inet6(0xa, 0x3, 0x38) setsockopt$inet6_int(r1, 0x29, 0x7, &(0x7f0000000040)=0xeffe, 0x4) connect$inet6(r1, &(0x7f0000000280)={0xa, 0xfff6, 0x1, @loopback, 0xf263}, 0x1c) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xf338}], 0x1) 2.320458462s ago: executing program 0 (id=1877): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r2) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0xa1, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) 1.883202869s ago: executing program 2 (id=1879): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) inotify_init() r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000001480)='./file0/../file0/../file0/../file0\x00') 1.807177248s ago: executing program 1 (id=1880): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4, 0x32f}, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r1 = gettid() rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000000, 0x0}, 0x0, 0x8, &(0x7f0000000200)) tkill(r1, 0x16) 1.675291308s ago: executing program 2 (id=1881): socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, r0, 0x4}, 0x38) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\x00\x00\x00 '}) 1.354683696s ago: executing program 2 (id=1882): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000002000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000000085000000040000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x9, 0x5, 0x9fd, 0x84, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r3}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r3}, 0x38) 1.077763524s ago: executing program 7 (id=1883): r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r1, 0x1, 0x80, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r4) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0"], 0x398}}, 0x0) 847.780858ms ago: executing program 2 (id=1884): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000003300)={'#! ', './bus'}, 0xff1d) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "3d8b00", "d4cc4a4423daabeb8e7ba12fe6e1c742a683fa6e58757db76aae864d57fbaf37", "c3650f3f", "5e963dfa951f9b3d"}, 0x38) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) 664.543277ms ago: executing program 1 (id=1885): r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000008000000760000000000000127000000000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x37) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f9ff000085000000860000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r1, r4, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r1}, &(0x7f0000000100), &(0x7f0000000140)=r0}, 0x20) sendmsg(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001400)='H', 0x20001401}], 0x1, 0x0, 0x0, 0x3e80}, 0x0) 635.8669ms ago: executing program 7 (id=1886): socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff3}}}, 0x24}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001280)={&(0x7f0000000500)='percpu_free_percpu\x00', r4}, 0x10) 546.899753ms ago: executing program 0 (id=1887): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000729000000000000000085", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_clone3(&(0x7f0000000200)={0x4000000, 0x0, 0x0, 0x0, {0x33}, 0x0, 0x0, 0x0, 0x0}, 0x58) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000009004"]) 191.310061ms ago: executing program 2 (id=1888): r0 = socket(0xa, 0x3, 0x3a) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20, 0x10, [0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2]}}) 150.123198ms ago: executing program 0 (id=1889): socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = fsopen(&(0x7f0000000300)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) 38.909988ms ago: executing program 2 (id=1890): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') pread64(r3, &(0x7f0000001b80)=""/4084, 0xff4, 0x0) 0s ago: executing program 7 (id=1891): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_route(0x10, 0x3, 0x0) splice(r2, 0x0, r4, 0x0, 0x725e65a6, 0x0) write$binfmt_elf64(r3, &(0x7f0000000000)=ANY=[], 0xfffffd88) kernel console output (not intermixed with test programs): IP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x40600 [ 131.881710][ T8269] binder: 8268:8269 ioctl c0306201 200000000040 returned -14 [ 132.125642][ T5940] usb 4-1: 0:2 : does not exist [ 132.860868][ T8297] overlayfs: failed to clone upperpath [ 132.903539][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.914025][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.972418][ T5940] usb 4-1: 1:0: failed to get current value for ch 0 (-22) [ 133.035784][ T5940] usb 4-1: USB disconnect, device number 2 [ 133.102755][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 133.549633][ T8326] mmap: syz.2.352 (8326) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 134.307429][ T5938] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 134.474263][ T5938] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 134.494672][ T5938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.541164][ T5938] usb 5-1: config 0 descriptor?? [ 134.555482][ T5938] cp210x 5-1:0.0: cp210x converter detected [ 134.961663][ T5938] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 135.009934][ T8368] netlink: 'syz.2.370': attribute type 4 has an invalid length. [ 135.180994][ T5938] usb 5-1: cp210x converter now attached to ttyUSB0 [ 135.385966][ T5938] usb 5-1: USB disconnect, device number 6 [ 135.418637][ T5938] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 135.440312][ T5938] cp210x 5-1:0.0: device disconnected [ 136.590347][ T8406] overlayfs: failed to clone upperpath [ 136.911684][ T8417] syz.2.389 uses obsolete (PF_INET,SOCK_PACKET) [ 137.300966][ T8436] netlink: 8 bytes leftover after parsing attributes in process `syz.1.394'. [ 137.761361][ T8449] Invalid ELF header magic: != ELF [ 138.208387][ T8468] netlink: 'syz.2.406': attribute type 4 has an invalid length. [ 138.336806][ T30] audit: type=1326 audit(1750226212.193:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 138.400849][ T8481] overlayfs: failed to clone upperpath [ 138.401791][ T30] audit: type=1326 audit(1750226212.193:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 138.522667][ T30] audit: type=1326 audit(1750226212.203:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 138.612013][ T30] audit: type=1326 audit(1750226212.203:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 138.664581][ T8494] netlink: 52 bytes leftover after parsing attributes in process `syz.4.416'. [ 138.684349][ T8494] unsupported nlmsg_type 40 [ 138.697416][ T30] audit: type=1326 audit(1750226212.203:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 138.755735][ T30] audit: type=1326 audit(1750226212.203:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 138.814009][ T30] audit: type=1326 audit(1750226212.203:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 138.835214][ C0] vkms_vblank_simulate: vblank timer overrun [ 138.865506][ T30] audit: type=1326 audit(1750226212.203:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 138.886834][ C0] vkms_vblank_simulate: vblank timer overrun [ 138.944336][ T30] audit: type=1326 audit(1750226212.203:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 138.981483][ T30] audit: type=1326 audit(1750226212.203:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8475 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 139.003330][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.148190][ T8514] trusted_key: syz.0.422 sent an empty control message without MSG_MORE. [ 139.298211][ T8518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.426'. [ 139.643862][ T8535] veth0: entered promiscuous mode [ 139.655632][ T8535] netlink: 4 bytes leftover after parsing attributes in process `syz.1.433'. [ 140.642157][ T5938] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 140.822724][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.848716][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.875967][ T5938] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 140.904204][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.917966][ T5938] usb 1-1: config 0 descriptor?? [ 141.448591][ T5940] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 141.631147][ T5940] usb 5-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.641564][ T5940] usb 5-1: config 0 interface 0 has no altsetting 0 [ 141.656230][ T5940] usb 5-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00 [ 141.690954][ T5940] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.725932][ T5940] usb 5-1: config 0 descriptor?? [ 141.947491][ T5938] uclogic 0003:256C:006D.0003: interface is invalid, ignoring [ 141.983343][ T8579] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 142.014505][ T8579] macvlan2: entered allmulticast mode [ 142.042844][ T8579] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 142.072850][ T8579] mac80211_hwsim hwsim10 wlan0: left allmulticast mode [ 142.083024][ T8579] mac80211_hwsim hwsim10 wlan0: left promiscuous mode [ 142.178282][ T9] usb 1-1: USB disconnect, device number 4 [ 142.246252][ T5940] usbhid 5-1:0.0: can't add hid device: -71 [ 142.266902][ T5940] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 142.301690][ T5940] usb 5-1: USB disconnect, device number 7 [ 143.054527][ T8638] overlayfs: failed to clone lowerpath [ 144.117055][ T5938] libceph: connect (1)[c::]:6789 error -101 [ 144.131152][ T5938] libceph: mon0 (1)[c::]:6789 connect error [ 144.184313][ T8667] ceph: No mds server is up or the cluster is laggy [ 144.967447][ T5836] Bluetooth: hci5: command 0x1003 tx timeout [ 144.977487][ T5143] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 145.710535][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 145.944838][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.986306][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.035358][ T9] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 146.065712][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.113099][ T9] usb 5-1: config 0 descriptor?? [ 146.162613][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 146.557295][ T9] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 146.572513][ T9] cp2112 0003:10C4:EA90.0004: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 146.759692][ T9] cp2112 0003:10C4:EA90.0004: Part Number: 0x82 Device Version: 0xFE [ 147.603644][ T9] usb 5-1: USB disconnect, device number 8 [ 148.167967][ T5836] Bluetooth: hci5: command 0x1003 tx timeout [ 148.175215][ T5143] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 148.856507][ T8779] overlayfs: failed to clone upperpath [ 149.199046][ T8793] loop2: detected capacity change from 0 to 7 [ 149.350083][ T8793] loop2: p1 [ 149.397428][ T8793] loop2: partition table partially beyond EOD, truncated [ 149.451918][ T8793] loop2: p1 size 1919251295 extends beyond EOD, truncated [ 149.770830][ T5848] udevd[5848]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 149.998324][ T8815] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 150.497375][ T5938] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 150.680764][ T5938] usb 1-1: Using ep0 maxpacket: 16 [ 150.710812][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 150.735224][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 150.779425][ T5938] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 150.827324][ T5938] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 150.846064][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.890988][ T5938] usb 1-1: config 0 descriptor?? [ 151.304290][ T5938] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 151.375959][ T5938] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0005/input/input9 [ 151.525578][ T5938] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 151.583988][ T8864] netlink: 'syz.2.568': attribute type 1 has an invalid length. [ 151.601493][ T5938] usb 1-1: USB disconnect, device number 5 [ 151.762832][ T8866] fido_id[8866]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 151.889031][ T8864] 8021q: adding VLAN 0 to HW filter on device bond2 [ 152.015741][ T8870] bond2: (slave gretap2): making interface the new active one [ 152.060350][ T8870] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 152.098323][ T8870] syz.2.568 (8870) used greatest stack depth: 17464 bytes left [ 152.560686][ T5938] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 152.705776][ T5938] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 153.001716][ T8890] fido_id[8890]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 153.322640][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 153.322658][ T30] audit: type=1326 audit(1750226227.193:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8893 comm="syz.3.579" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f291e18e929 code=0x0 [ 154.453225][ T8937] overlayfs: failed to clone upperpath [ 154.917855][ T8949] netlink: 16 bytes leftover after parsing attributes in process `syz.4.602'. [ 155.948702][ T8981] netlink: 'syz.3.613': attribute type 10 has an invalid length. [ 155.960210][ T8980] netlink: 'syz.2.614': attribute type 12 has an invalid length. [ 155.990091][ T8980] netlink: 'syz.2.614': attribute type 29 has an invalid length. [ 156.001245][ T8980] netlink: 148 bytes leftover after parsing attributes in process `syz.2.614'. [ 156.010558][ T8980] netlink: 'syz.2.614': attribute type 1 has an invalid length. [ 156.118041][ T8984] netlink: 24 bytes leftover after parsing attributes in process `syz.2.615'. [ 156.157364][ T5938] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 156.341300][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.439231][ T5938] usb 1-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 156.488754][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.533038][ T5938] usb 1-1: config 0 descriptor?? [ 156.782753][ T8996] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 156.813618][ T8996] overlayfs: failed to set xattr on upper [ 156.829842][ T8996] overlayfs: ...falling back to redirect_dir=nofollow. [ 156.857288][ T8996] overlayfs: ...falling back to metacopy=off. [ 156.876753][ T8999] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 156.884420][ T8996] overlayfs: ...falling back to index=off. [ 156.893502][ T8996] overlayfs: ...falling back to uuid=null. [ 157.079870][ T5938] sony 0003:1345:3008.0007: hiddev0,hidraw0: USB HID vff.ff Device [HID 1345:3008] on usb-dummy_hcd.0-1/input0 [ 157.121955][ T5938] sony 0003:1345:3008.0007: failed to claim input [ 157.259130][ T5938] usb 1-1: USB disconnect, device number 6 [ 157.327504][ T9007] fido_id[9007]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 157.585888][ T9024] loop2: detected capacity change from 0 to 7 [ 157.586113][ T5938] kernel read not supported for file /input/mouse0 (pid: 5938 comm: kworker/0:6) [ 157.609008][ T9024] Dev loop2: unable to read RDB block 7 [ 157.627303][ T9024] loop2: unable to read partition table [ 157.649375][ T9024] loop2: partition table beyond EOD, truncated [ 157.686304][ T9024] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 160.056400][ T9108] netlink: 156 bytes leftover after parsing attributes in process `syz.1.663'. [ 160.257278][ T5906] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 160.427471][ T5906] usb 5-1: Using ep0 maxpacket: 8 [ 160.453205][ T5906] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 160.490598][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.522007][ T5906] usb 5-1: Product: syz [ 160.526235][ T5906] usb 5-1: Manufacturer: syz [ 160.551788][ T5906] usb 5-1: SerialNumber: syz [ 160.563096][ T5906] usb 5-1: config 0 descriptor?? [ 160.781463][ T5906] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 160.809674][ T5886] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 161.016943][ T5906] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 161.067460][ T5906] usb 5-1: USB disconnect, device number 9 [ 161.093594][ T5886] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 161.117754][ T5886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.131711][ T5886] usb 1-1: config 0 has no interfaces? [ 161.164443][ T5886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.177436][ T5886] usb 1-1: config 0 has no interfaces? [ 161.190740][ T5886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.202363][ T5886] usb 1-1: config 0 has no interfaces? [ 161.211414][ T5886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.227508][ T5886] usb 1-1: config 0 has no interfaces? [ 161.238285][ T5886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.257402][ T5886] usb 1-1: config 0 has no interfaces? [ 161.264360][ T5886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.277300][ T5886] usb 1-1: config 0 has no interfaces? [ 161.290331][ T5886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.300897][ T5886] usb 1-1: config 0 has no interfaces? [ 161.311662][ T5886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.326852][ T5886] usb 1-1: config 0 has no interfaces? [ 161.339826][ T5886] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 161.353539][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 161.367202][ T5886] usb 1-1: Product: syz [ 161.374762][ T5886] usb 1-1: Manufacturer: syz [ 161.380477][ T5886] usb 1-1: SerialNumber: syz [ 161.395406][ T5886] usb 1-1: config 0 descriptor?? [ 161.632815][ T5906] usb 1-1: USB disconnect, device number 7 [ 161.937036][ T9159] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 162.186622][ C1] vcan0: j1939_tp_rxtimer: 0xffff888057315800: rx timeout, send abort [ 162.686737][ C1] vcan0: j1939_tp_rxtimer: 0xffff888054947800: rx timeout, send abort [ 162.695995][ C1] vcan0: j1939_tp_rxtimer: 0xffff888057315800: abort rx timeout. Force session deactivation [ 163.025428][ T9181] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.170369][ T9181] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.194995][ C1] vcan0: j1939_tp_rxtimer: 0xffff888054947800: abort rx timeout. Force session deactivation [ 163.206849][ T5836] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 163.295256][ T9181] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.425126][ T9181] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.595415][ T9181] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.623068][ T9181] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.641819][ T9181] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.672055][ T9181] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.019658][ T9210] Illegal XDP return value 609868468 on prog (id 87) dev N/A, expect packet loss! [ 164.604780][ T9235] warning: `syz.0.716' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 164.906287][ T9240] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22) [ 165.883190][ T9279] netlink: 36 bytes leftover after parsing attributes in process `syz.2.734'. [ 167.289116][ T5836] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 167.298621][ T5836] Bluetooth: hci3: Injecting HCI hardware error event [ 167.307514][ T5143] Bluetooth: hci3: hardware error 0x00 [ 168.007612][ T30] audit: type=1326 audit(1750226497.871:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9334 comm="syz.0.755" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79faf8e929 code=0x0 [ 169.370911][ T5143] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 169.546666][ T9389] netlink: 'syz.0.778': attribute type 1 has an invalid length. [ 169.577081][ T9389] netlink: 'syz.0.778': attribute type 4 has an invalid length. [ 169.597068][ T9389] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.778'. [ 169.597673][ T9391] netlink: 'syz.3.779': attribute type 2 has an invalid length. [ 169.634630][ T9391] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.779'. [ 169.652000][ T9391] nbd: must specify a device to reconfigure [ 169.671671][ T9393] netlink: 32 bytes leftover after parsing attributes in process `syz.1.780'. [ 169.687510][ T9393] netlink: 32 bytes leftover after parsing attributes in process `syz.1.780'. [ 171.315519][ T9464] netlink: 12 bytes leftover after parsing attributes in process `syz.3.811'. [ 171.480460][ T9470] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 171.490831][ T9470] macvlan2: entered allmulticast mode [ 171.497882][ T9470] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 171.508797][ T9470] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 171.515687][ T9470] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 172.092754][ T9497] netlink: 20 bytes leftover after parsing attributes in process `syz.3.825'. [ 172.161499][ T9499] netlink: 76 bytes leftover after parsing attributes in process `syz.3.826'. [ 172.977293][ T5987] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 173.149986][ T9538] netlink: 8 bytes leftover after parsing attributes in process `syz.0.845'. [ 173.169853][ T5987] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.197252][ T5987] usb 4-1: config 0 interface 0 has no altsetting 0 [ 173.203936][ T5987] usb 4-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00 [ 173.235280][ T5987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.258856][ T5987] usb 4-1: config 0 descriptor?? [ 173.505916][ T9525] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 173.538029][ T9525] macvlan2: entered allmulticast mode [ 173.543501][ T9525] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 173.571361][ T9525] mac80211_hwsim hwsim6 wlan0: left allmulticast mode [ 173.578495][ T9525] mac80211_hwsim hwsim6 wlan0: left promiscuous mode [ 173.753533][ T5987] usbhid 4-1:0.0: can't add hid device: -71 [ 173.772819][ T5987] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 173.807523][ T5987] usb 4-1: USB disconnect, device number 3 [ 175.132880][ T9594] syz_tun: entered allmulticast mode [ 175.157101][ T9594] syz_tun: left allmulticast mode [ 176.788533][ T9646] netlink: 'syz.3.889': attribute type 1 has an invalid length. [ 176.843462][ T9646] netlink: 'syz.3.889': attribute type 4 has an invalid length. [ 176.878700][ T9646] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.889'. [ 178.150796][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 178.159815][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 178.169843][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 178.197097][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 178.213578][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 179.202332][ T1037] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.307256][ T5886] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 179.551078][ T5886] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 179.567541][ T5886] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 179.581992][ T1037] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.602570][ T5886] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 179.655511][ T5886] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 179.682666][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 179.697609][ T5886] usb 1-1: Product: syz [ 179.701827][ T5886] usb 1-1: Manufacturer: syz [ 179.737814][ T5886] cdc_wdm 1-1:1.0: skipping garbage [ 179.787367][ T5886] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 179.932850][ T1037] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.955508][ T43] usb 1-1: USB disconnect, device number 8 [ 180.133811][ T1037] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.248859][ T5836] Bluetooth: hci5: command tx timeout [ 180.465950][ T9673] chnl_net:caif_netlink_parms(): no params data found [ 181.024464][ T1037] bridge_slave_1: left allmulticast mode [ 181.031041][ T1037] bridge_slave_1: left promiscuous mode [ 181.038992][ T1037] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.081247][ T1037] bridge_slave_0: left allmulticast mode [ 181.087082][ T1037] bridge_slave_0: left promiscuous mode [ 181.092969][ T1037] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.257264][ T30] audit: type=1326 audit(1750226511.121:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9754 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 181.301504][ T9757] netlink: 'syz.0.928': attribute type 1 has an invalid length. [ 181.307317][ T30] audit: type=1326 audit(1750226511.121:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9754 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 181.382399][ T30] audit: type=1326 audit(1750226511.121:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9754 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 181.406000][ T30] audit: type=1326 audit(1750226511.161:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9758 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f09a15c11e5 code=0x7ffc0000 [ 181.444557][ T30] audit: type=1326 audit(1750226511.161:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9754 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 181.480824][ T30] audit: type=1326 audit(1750226511.181:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9754 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 181.516238][ T30] audit: type=1326 audit(1750226511.181:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9754 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 181.539265][ T30] audit: type=1326 audit(1750226511.181:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9754 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 181.560923][ T30] audit: type=1326 audit(1750226511.181:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9754 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 181.583401][ T30] audit: type=1326 audit(1750226511.181:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9754 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 181.782149][ T1037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 181.815018][ T1037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 181.826778][ T1037] bond0 (unregistering): Released all slaves [ 181.967415][ T9759] bond1: (slave gretap1): making interface the new active one [ 181.975800][ T9759] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 181.997012][ T9673] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.026603][ T9673] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.050462][ T9673] bridge_slave_0: entered allmulticast mode [ 182.066399][ T9772] overlayfs: failed to clone upperpath [ 182.077464][ T9673] bridge_slave_0: entered promiscuous mode [ 182.086054][ T9673] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.094641][ T9673] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.101943][ T9673] bridge_slave_1: entered allmulticast mode [ 182.127344][ T9673] bridge_slave_1: entered promiscuous mode [ 182.327385][ T5836] Bluetooth: hci5: command tx timeout [ 182.453112][ T9673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.491977][ T9673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.892617][ T9673] team0: Port device team_slave_0 added [ 182.937050][ T1037] hsr_slave_0: left promiscuous mode [ 182.964247][ T1037] hsr_slave_1: left promiscuous mode [ 182.987941][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 183.012330][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 183.049905][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 183.074878][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 183.146661][ T1037] veth1_macvtap: left promiscuous mode [ 183.178621][ T1037] veth0_macvtap: left promiscuous mode [ 183.184351][ T1037] veth1_vlan: left promiscuous mode [ 183.207599][ T1037] veth0_vlan: left promiscuous mode [ 183.981799][ T9810] input: syz1 as /devices/virtual/input/input10 [ 184.407451][ T5836] Bluetooth: hci5: command tx timeout [ 184.660318][ T9842] netlink: 4 bytes leftover after parsing attributes in process `syz.0.958'. [ 184.752802][ T1037] team0 (unregistering): Port device team_slave_1 removed [ 184.813038][ T1037] team0 (unregistering): Port device team_slave_0 removed [ 185.406882][ T9673] team0: Port device team_slave_1 added [ 185.555516][ T9673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.575848][ T9673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.624283][ T9673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.672800][ T9673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.815922][ T9673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.849487][ T9673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.101188][ T9673] hsr_slave_0: entered promiscuous mode [ 186.133655][ T9673] hsr_slave_1: entered promiscuous mode [ 186.157123][ T9673] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.191656][ T9673] Cannot create hsr debugfs directory [ 186.489402][ T5836] Bluetooth: hci5: command tx timeout [ 187.354542][ T9673] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 187.437834][ T9673] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 187.483610][ T9673] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 187.596668][ T9673] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 187.804201][ T9944] netlink: 'syz.1.995': attribute type 21 has an invalid length. [ 187.840393][ T9944] netlink: 128 bytes leftover after parsing attributes in process `syz.1.995'. [ 187.903478][ T9944] netlink: 'syz.1.995': attribute type 5 has an invalid length. [ 187.974429][ T9944] netlink: 'syz.1.995': attribute type 6 has an invalid length. [ 187.999329][ T9944] netlink: 3 bytes leftover after parsing attributes in process `syz.1.995'. [ 188.199057][ T9673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.457094][ T9673] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.553487][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.560727][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.688185][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.695415][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.403919][ T9673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.086568][ T9673] veth0_vlan: entered promiscuous mode [ 190.118857][ T9673] veth1_vlan: entered promiscuous mode [ 190.215184][ T9673] veth0_macvtap: entered promiscuous mode [ 190.244935][ T9673] veth1_macvtap: entered promiscuous mode [ 190.300114][ T9673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.324841][ T9673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.353430][ T9673] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.388065][ T9673] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.410802][ T9673] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.459441][ T9673] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.620992][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 190.621008][ T30] audit: type=1326 audit(1750226520.491:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10013 comm="syz.3.1009" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f291e18e929 code=0x0 [ 190.670285][ T30] audit: type=1326 audit(1750226520.491:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10016 comm="syz.1.1010" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x0 [ 190.692385][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.763340][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.875122][T10024] netlink: 'syz.2.1011': attribute type 10 has an invalid length. [ 190.883854][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.898218][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.925736][T10024] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 191.708323][T10050] capability: warning: `syz.0.1019' uses 32-bit capabilities (legacy support in use) [ 192.369351][T10069] overlayfs: failed to clone upperpath [ 192.402826][T10072] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1024'. [ 193.074288][ T5836] Bluetooth: Unexpected continuation frame (len 10) [ 193.785505][T10112] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1037'. [ 193.831569][T10112] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.841390][T10112] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.851130][T10112] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.860167][T10112] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.969798][T10112] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.979864][T10112] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.989403][T10112] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.998356][T10112] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.130324][T10119] netlink: 'syz.0.1039': attribute type 4 has an invalid length. [ 194.321888][ T43] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 194.332520][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.342838][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.517364][ T43] usb 6-1: Using ep0 maxpacket: 8 [ 194.540047][ T43] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 194.577503][ T43] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 194.627344][ T43] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 194.667819][ T43] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 194.720033][ T43] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 194.735190][T10140] overlayfs: failed to clone upperpath [ 194.741850][ T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.798764][ T43] usbtmc 6-1:16.0: bulk endpoints not found [ 195.096701][ T43] usb 6-1: USB disconnect, device number 2 [ 195.164730][T10149] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1050'. [ 196.060367][T10185] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 196.099150][T10185] overlayfs: failed to set xattr on upper [ 196.104942][T10185] overlayfs: ...falling back to index=off. [ 196.190169][T10185] overlayfs: ...falling back to uuid=null. [ 197.263813][T10231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1076'. [ 197.288271][T10231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1076'. [ 197.750939][ T43] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 197.922831][ T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.946350][ T43] usb 6-1: config 0 has no interfaces? [ 197.971225][ T43] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 197.995187][ T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.035782][ T43] usb 6-1: config 0 descriptor?? [ 198.522855][ T43] usb 6-1: USB disconnect, device number 3 [ 199.342664][T10283] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 199.883269][ T30] audit: type=1800 audit(1750226529.751:32): pid=10306 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1100" name="bus" dev="tmpfs" ino=1455 res=0 errno=0 [ 199.981582][T10307] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 200.787305][ T5906] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 200.957238][ T5906] usb 6-1: Using ep0 maxpacket: 8 [ 200.985382][ T5906] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 200.994979][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.003711][ T5906] usb 6-1: Product: syz [ 201.010848][ T5906] usb 6-1: Manufacturer: syz [ 201.015595][ T5906] usb 6-1: SerialNumber: syz [ 201.047577][ T5906] usb 6-1: config 0 descriptor?? [ 201.290526][ T5906] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 201.843201][T10395] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1131'. [ 201.880481][T10395] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1131'. [ 201.915492][ T5906] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 201.941485][ T5906] usb 6-1: USB disconnect, device number 4 [ 202.056585][T10399] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1134'. [ 202.475543][T10409] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1136'. [ 203.105337][T10432] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1146'. [ 203.170048][T10435] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1147'. [ 203.189865][T10434] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1146'. [ 203.236332][T10437] vlan2: entered promiscuous mode [ 203.241810][T10437] bridge0: entered promiscuous mode [ 203.248777][T10437] vlan2: entered allmulticast mode [ 203.254055][T10437] bridge0: entered allmulticast mode [ 203.356735][T10437] bridge_slave_0: left allmulticast mode [ 203.370262][T10440] 9pnet: p9_errstr2errno: server reported unknown error @í00000000000000000007 [ 203.375592][T10437] bridge_slave_0: left promiscuous mode [ 203.390897][T10437] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.410180][T10437] bridge_slave_1: left allmulticast mode [ 203.416394][T10437] bridge_slave_1: left promiscuous mode [ 203.422501][T10437] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.442972][T10437] bond0: (slave bond_slave_0): Releasing backup interface [ 203.485096][T10437] team0: Port device team_slave_0 removed [ 203.505395][T10437] team0: Port device team_slave_1 removed [ 203.512658][T10437] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 203.520895][T10437] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 203.532869][T10437] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 203.565645][T10437] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 203.638576][T10446] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1151'. [ 204.267289][ T5886] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 204.433025][ T5886] usb 6-1: Using ep0 maxpacket: 32 [ 204.677834][T10459] veth1_vlan: left promiscuous mode [ 204.710726][ T5886] usb 6-1: unable to get BOS descriptor or descriptor too short [ 204.729043][ T5886] usb 6-1: no configurations [ 204.733893][ T5886] usb 6-1: can't read configurations, error -22 [ 205.172351][T10496] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1162'. [ 205.789661][ T5886] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 206.449659][ T5886] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 206.464503][ T5886] usb 6-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 206.481635][ T5886] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 206.497526][ T5886] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 206.526138][ T5886] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 206.539013][ T5886] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 206.577479][ T5886] usb 6-1: Product: syz [ 206.582000][ T5886] usb 6-1: Manufacturer: syz [ 206.606502][ T5886] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 206.876640][ T5886] usb 6-1: USB disconnect, device number 6 [ 207.925593][T10553] tipc: Started in network mode [ 207.942162][T10553] tipc: Node identity 5f4144434241ac00403a, cluster identity 4711 [ 208.429205][ T5143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 208.444127][ T5143] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 208.453500][ T5143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 208.461807][ T5143] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 208.471827][ T5143] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 208.637255][ T5906] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 208.785789][T10570] chnl_net:caif_netlink_parms(): no params data found [ 208.827544][ T5906] usb 1-1: Using ep0 maxpacket: 16 [ 208.839029][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 208.857212][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 208.878108][ T5906] usb 1-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 208.906288][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.931784][ T5906] usb 1-1: config 0 descriptor?? [ 209.035859][T10570] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.045047][T10570] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.055312][T10570] bridge_slave_0: entered allmulticast mode [ 209.063870][T10570] bridge_slave_0: entered promiscuous mode [ 209.073349][T10570] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.080741][T10570] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.088571][T10570] bridge_slave_1: entered allmulticast mode [ 209.129636][T10570] bridge_slave_1: entered promiscuous mode [ 209.273548][T10570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.301306][T10570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.473105][T10570] team0: Port device team_slave_0 added [ 209.489988][T10570] team0: Port device team_slave_1 added [ 209.553025][T10570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.561211][T10570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.631937][T10570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.646284][T10570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.660007][T10570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.741211][T10570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.855049][ T5906] letsketch 0003:6161:4D15.0008: Device info: à ‡ [ 209.902430][T10570] hsr_slave_0: entered promiscuous mode [ 209.913121][T10570] hsr_slave_1: entered promiscuous mode [ 209.923434][T10570] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 209.940103][T10570] Cannot create hsr debugfs directory [ 210.058298][ T5906] letsketch 0003:6161:4D15.0008: Device info: ဉ [ 210.277369][ T5906] letsketch 0003:6161:4D15.0008: Device info: 豧 [ 210.326245][T10617] overlayfs: failed to clone upperpath [ 210.581906][ T5143] Bluetooth: hci0: command tx timeout [ 210.696304][T10570] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.725817][ T5906] usb 1-1: Max retries (5) exceeded reading string descriptor 2 [ 210.748936][ T5906] letsketch 0003:6161:4D15.0008: probe with driver letsketch failed with error -71 [ 210.820972][ T5906] usb 1-1: USB disconnect, device number 9 [ 210.919264][T10570] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.121208][T10570] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.296142][T10570] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.769462][ T5143] Bluetooth: hci2: command 0x0406 tx timeout [ 211.773699][T10570] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 211.869997][T10570] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 211.916497][T10570] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 212.031692][T10570] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 212.456621][T10570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.533188][T10570] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.596290][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.603639][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.656749][ T5836] Bluetooth: hci0: command tx timeout [ 212.730573][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.737801][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.080000][T10570] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.216648][T10570] veth0_vlan: entered promiscuous mode [ 214.265657][T10730] 9pnet_fd: Insufficient options for proto=fd [ 214.284582][T10570] veth1_vlan: entered promiscuous mode [ 214.332221][T10570] veth0_macvtap: entered promiscuous mode [ 214.347860][T10570] veth1_macvtap: entered promiscuous mode [ 214.428961][T10570] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.500025][T10570] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.558477][T10570] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.587282][T10570] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.604387][T10570] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.623552][T10570] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.727421][ T5836] Bluetooth: hci0: command tx timeout [ 214.884766][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 214.937565][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.097692][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.147643][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.537687][T10767] process 'syz.2.1237' launched './file1' with NULL argv: empty string added [ 216.244840][T10798] tipc: Failed to remove unknown binding: 66,1,1/0:92061603/92061605 [ 216.316092][T10799] tipc: Failed to remove unknown binding: 66,1,1/0:92061603/92061605 [ 216.346334][ T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.359292][T10799] tipc: Failed to remove unknown binding: 66,1,1/0:92061603/92061605 [ 216.574169][ T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.868646][T10815] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1250'. [ 216.900454][T10812] kvm: emulating exchange as write [ 216.953161][ T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.018092][T10815] bond0: invalid ARP target 0.0.0.0 specified for addition [ 217.045790][T10815] bond0: option arp_ip_target: invalid value (0) [ 217.389701][ T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.565302][T10837] overlayfs: failed to clone upperpath [ 217.917821][ T5143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 217.936094][ T5143] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 217.953046][ T5143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 217.977498][ T5143] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 217.991692][ T5143] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 218.381233][ T49] bridge_slave_1: left allmulticast mode [ 218.386927][ T49] bridge_slave_1: left promiscuous mode [ 218.442233][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.524903][T10862] ubi31: attaching mtd0 [ 218.598698][T10862] ubi31: scanning is finished [ 218.603551][T10862] ubi31: empty MTD device detected [ 218.670682][ T49] bridge_slave_0: left allmulticast mode [ 218.677033][ T49] bridge_slave_0: left promiscuous mode [ 218.691935][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.336019][T10862] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 219.354279][T10862] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 219.367115][T10862] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 219.375125][T10862] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 219.384733][T10862] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 219.404582][T10862] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 219.450743][T10862] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 212112314 [ 219.529470][T10874] vivid-000: disconnect [ 219.565661][T10862] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 219.588189][T10874] vivid-000: reconnect [ 219.615668][T10871] ubi31: background thread "ubi_bgt31d" started, PID 10871 [ 219.833020][T10877] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1266'. [ 220.090333][ T5143] Bluetooth: hci0: command tx timeout [ 220.398527][T10889] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1271'. [ 220.494703][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.543053][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.588142][ T49] bond0 (unregistering): Released all slaves [ 221.588544][T10898] syzkaller1: entered promiscuous mode [ 221.607275][T10898] syzkaller1: entered allmulticast mode [ 221.957060][T10928] ======================================================= [ 221.957060][T10928] WARNING: The mand mount option has been deprecated and [ 221.957060][T10928] and is ignored by this kernel. Remove the mand [ 221.957060][T10928] option from the mount to silence this warning. [ 221.957060][T10928] ======================================================= [ 222.014597][T10928] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 222.051251][T10928] overlayfs: failed to set xattr on upper [ 222.077509][T10928] overlayfs: ...falling back to redirect_dir=nofollow. [ 222.084430][T10928] overlayfs: ...falling back to uuid=null. [ 222.172584][ T5143] Bluetooth: hci0: command tx timeout [ 222.558446][T10942] overlayfs: failed to clone upperpath [ 222.737973][ T49] hsr_slave_0: left promiscuous mode [ 222.775282][ T49] hsr_slave_1: left promiscuous mode [ 222.788005][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 222.816108][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 222.873969][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 222.882283][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 223.015865][ T49] veth1_macvtap: left promiscuous mode [ 223.031802][ T49] veth0_macvtap: left promiscuous mode [ 223.042066][ T49] veth1_vlan: left promiscuous mode [ 223.072740][ T49] veth0_vlan: left promiscuous mode [ 223.580285][T10971] overlayfs: failed to clone upperpath [ 224.203616][T10978] overlayfs: failed to clone upperpath [ 224.253298][ T5143] Bluetooth: hci0: command tx timeout [ 224.706803][ T49] team0 (unregistering): Port device team_slave_1 removed [ 224.806468][ T49] team0 (unregistering): Port device team_slave_0 removed [ 225.512282][T10848] chnl_net:caif_netlink_parms(): no params data found [ 225.880137][T11014] 9pnet_fd: Insufficient options for proto=fd [ 226.044133][T10848] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.075987][T10848] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.091110][T10848] bridge_slave_0: entered allmulticast mode [ 226.106805][T10848] bridge_slave_0: entered promiscuous mode [ 226.146600][T10848] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.164808][T10848] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.218795][T10848] bridge_slave_1: entered allmulticast mode [ 226.251886][T10848] bridge_slave_1: entered promiscuous mode [ 226.327682][ T5143] Bluetooth: hci0: command tx timeout [ 226.486237][T10848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.701828][T10848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.845113][T11052] netlink: 240 bytes leftover after parsing attributes in process `syz.5.1313'. [ 226.873679][T11054] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1317'. [ 227.007096][T10848] team0: Port device team_slave_0 added [ 227.091286][T10848] team0: Port device team_slave_1 added [ 227.375047][T10848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 227.391178][T10848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.438157][T11075] overlayfs: failed to clone upperpath [ 227.454209][T10848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 227.529691][T10848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 227.536692][T10848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.573476][T10848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 227.764936][ T3542] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.811773][T10848] hsr_slave_0: entered promiscuous mode [ 227.822276][T10848] hsr_slave_1: entered promiscuous mode [ 227.829426][T10848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.837018][T10848] Cannot create hsr debugfs directory [ 228.029700][ T3542] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.279834][ T3542] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.347371][T11095] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1335'. [ 228.492830][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 228.501629][T11102] netlink: 'syz.1.1336': attribute type 4 has an invalid length. [ 228.503730][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 228.519852][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 228.530767][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 228.538951][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 228.599900][T11105] netlink: 'syz.1.1336': attribute type 4 has an invalid length. [ 228.660084][ T3542] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.917409][ T5987] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 229.067872][ T5987] usb 1-1: Using ep0 maxpacket: 16 [ 229.077458][ T5987] usb 1-1: config 0 has no interfaces? [ 229.085739][ T5987] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 229.102569][ T5987] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.123823][ T5987] usb 1-1: Product: syz [ 229.138123][ T5987] usb 1-1: Manufacturer: syz [ 229.168274][ T5987] usb 1-1: SerialNumber: syz [ 229.189308][ T5987] usb 1-1: config 0 descriptor?? [ 229.231013][ T3542] bridge_slave_1: left allmulticast mode [ 229.236900][ T3542] bridge_slave_1: left promiscuous mode [ 229.248537][ T3542] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.259046][ T3542] bridge_slave_0: left allmulticast mode [ 229.264741][ T3542] bridge_slave_0: left promiscuous mode [ 229.271537][ T3542] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.442833][ T9] usb 1-1: USB disconnect, device number 10 [ 229.856261][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 229.908363][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 229.916767][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 229.924705][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 229.934552][ T3542] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 229.937653][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 229.958534][ T3542] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 229.972018][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 229.972257][ T3542] bond0 (unregistering): Released all slaves [ 229.979405][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 230.000066][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 230.034967][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 230.057057][T11135] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 230.227749][T11139] netlink: 'syz.0.1345': attribute type 11 has an invalid length. [ 230.577773][ T5143] Bluetooth: hci4: command tx timeout [ 231.248609][ T3542] hsr_slave_0: left promiscuous mode [ 231.254861][ T3542] hsr_slave_1: left promiscuous mode [ 231.278026][ T3542] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 231.285504][ T3542] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.314160][ T3542] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.328883][ T3542] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 231.366622][ T3542] veth1_macvtap: left promiscuous mode [ 231.372418][ T3542] veth0_macvtap: left promiscuous mode [ 232.608746][ T3542] team0 (unregistering): Port device team_slave_1 removed [ 232.647454][ T5143] Bluetooth: hci4: command tx timeout [ 232.709045][ T3542] team0 (unregistering): Port device team_slave_0 removed [ 233.820961][T11100] chnl_net:caif_netlink_parms(): no params data found [ 234.012964][T10848] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 234.179051][T10848] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 234.263582][T10848] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 234.387097][T10848] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 234.644386][T11231] veth1_to_bond: entered allmulticast mode [ 234.727478][ T5143] Bluetooth: hci4: command tx timeout [ 234.750431][T11100] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.761214][T11100] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.774391][T11100] bridge_slave_0: entered allmulticast mode [ 234.786586][T11100] bridge_slave_0: entered promiscuous mode [ 234.811661][T11100] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.819550][T11100] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.826851][T11100] bridge_slave_1: entered allmulticast mode [ 234.835601][T11100] bridge_slave_1: entered promiscuous mode [ 234.990316][T11229] veth1_to_bond: left allmulticast mode [ 235.023826][T11100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.052510][T11100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.223712][T11100] team0: Port device team_slave_0 added [ 235.275524][T11100] team0: Port device team_slave_1 added [ 235.425952][T11100] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.465432][T11100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.511745][T11100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.556248][T11100] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.591736][T11100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.669921][T11100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 236.036831][T11100] hsr_slave_0: entered promiscuous mode [ 236.043720][T11100] hsr_slave_1: entered promiscuous mode [ 236.051093][T11100] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 236.061979][T11100] Cannot create hsr debugfs directory [ 236.152852][T10848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.283512][T10848] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.326064][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.333285][ T3542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.365083][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.372254][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.696134][T11100] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 236.732216][T11100] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 236.781903][T11100] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 236.817335][ T5143] Bluetooth: hci4: command tx timeout [ 236.841408][T11100] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 237.018277][ T30] audit: type=1326 audit(1750226566.891:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11294 comm="syz.0.1391" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79faf8e929 code=0x0 [ 237.111006][T10848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.156916][T11100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.224109][T11100] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.261125][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.268430][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.293745][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.300887][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.322568][T10848] veth0_vlan: entered promiscuous mode [ 237.357006][T10848] veth1_vlan: entered promiscuous mode [ 237.430436][T10848] veth0_macvtap: entered promiscuous mode [ 237.467097][T10848] veth1_macvtap: entered promiscuous mode [ 237.546368][T10848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.583091][T10848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.619997][T10848] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.642585][T10848] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.666540][T10848] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.690712][T10848] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.992964][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.036084][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.188443][T11316] overlayfs: failed to clone upperpath [ 238.218039][T11100] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.249460][ T1037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.275482][ T1037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.113875][ T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.267911][T11100] veth0_vlan: entered promiscuous mode [ 239.289238][T11100] veth1_vlan: entered promiscuous mode [ 239.335736][T11100] veth0_macvtap: entered promiscuous mode [ 239.350670][T11100] veth1_macvtap: entered promiscuous mode [ 239.411193][ T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.512822][T11100] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.533782][T11348] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1409'. [ 239.610207][T11100] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.706791][ T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.769647][T11100] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.797896][T11100] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.837295][T11100] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.857810][T11100] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.894414][T11352] batadv_slave_0: entered promiscuous mode [ 239.983412][T11359] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1412'. [ 240.008762][ T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.105279][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 240.114908][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 240.132465][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 240.150298][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 240.159503][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 240.255018][T11351] batadv_slave_0: left promiscuous mode [ 240.399821][T11369] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1416'. [ 240.704402][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.730339][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.884398][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.924004][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.236134][T11389] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 241.237600][ T36] bridge_slave_1: left allmulticast mode [ 241.358274][ T36] bridge_slave_1: left promiscuous mode [ 241.364117][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.418125][ T36] bridge_slave_0: left allmulticast mode [ 241.423842][ T36] bridge_slave_0: left promiscuous mode [ 241.470410][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.182310][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 242.194191][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 242.215498][ T36] bond0 (unregistering): Released all slaves [ 242.247993][ T5143] Bluetooth: hci0: command tx timeout [ 242.261584][T11362] chnl_net:caif_netlink_parms(): no params data found [ 242.905716][ T30] audit: type=1800 audit(1750226572.771:34): pid=11442 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.1440" name="file1" dev="overlay" ino=1449 res=0 errno=0 [ 242.979087][T11445] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1442'. [ 243.042207][ T36] hsr_slave_0: left promiscuous mode [ 243.058259][ T5987] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 243.068612][ T36] hsr_slave_1: left promiscuous mode [ 243.087441][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 243.094914][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 243.115449][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 243.125746][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 243.165064][ T36] veth1_macvtap: left promiscuous mode [ 243.171530][ T36] veth0_macvtap: left promiscuous mode [ 243.182050][ T36] veth1_vlan: left promiscuous mode [ 243.187586][ T36] veth0_vlan: left promiscuous mode [ 243.217355][ T5987] usb 7-1: Using ep0 maxpacket: 32 [ 243.230107][ T5987] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 243.242188][ T5987] usb 7-1: config 0 has no interface number 0 [ 243.263076][ T5987] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 243.282648][ T5987] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.309090][ T5987] usb 7-1: Product: syz [ 243.319117][ T5987] usb 7-1: Manufacturer: syz [ 243.334687][ T5987] usb 7-1: SerialNumber: syz [ 243.362087][ T5987] usb 7-1: config 0 descriptor?? [ 243.383651][ T5987] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 243.595870][ T5987] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 243.631266][ T5987] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 244.027658][ C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 244.035843][ T5987] usb 7-1: USB disconnect, device number 2 [ 244.065385][ T5987] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 244.105109][ T5987] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 244.128309][ T5987] quatech2 7-1:0.51: device disconnected [ 244.164187][ T36] team0 (unregistering): Port device team_slave_1 removed [ 244.211642][ T36] team0 (unregistering): Port device team_slave_0 removed [ 244.333479][ T5143] Bluetooth: hci0: command tx timeout [ 244.961213][T11362] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.974568][T11362] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.983033][T11362] bridge_slave_0: entered allmulticast mode [ 244.996185][T11362] bridge_slave_0: entered promiscuous mode [ 245.044371][T11448] sch_tbf: burst 511 is lower than device veth1 mtu (1514) ! [ 245.090362][T11480] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1454'. [ 245.108002][T11480] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1454'. [ 245.139626][T11362] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.146836][T11362] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.186092][T11362] bridge_slave_1: entered allmulticast mode [ 245.194272][T11362] bridge_slave_1: entered promiscuous mode [ 245.253716][T11490] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 245.272644][T11490] overlayfs: failed to set xattr on upper [ 245.292592][T11490] overlayfs: ...falling back to redirect_dir=nofollow. [ 245.307707][T11490] overlayfs: ...falling back to index=off. [ 245.327709][T11496] sctp: [Deprecated]: syz.2.1461 (pid 11496) Use of int in max_burst socket option deprecated. [ 245.327709][T11496] Use struct sctp_assoc_value instead [ 245.355108][T11362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.583697][T11362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.886991][T11362] team0: Port device team_slave_0 added [ 245.929615][T11362] team0: Port device team_slave_1 added [ 246.408301][ T5143] Bluetooth: hci0: command tx timeout [ 246.465339][T11362] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.473110][T11362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.564471][T11362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.607140][T11362] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.625663][T11362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.754142][T11362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.805662][T11515] netlink: 186420 bytes leftover after parsing attributes in process `syz.0.1466'. [ 247.068179][T11362] hsr_slave_0: entered promiscuous mode [ 247.078703][T11362] hsr_slave_1: entered promiscuous mode [ 247.086481][T11362] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 247.106071][T11362] Cannot create hsr debugfs directory [ 247.292278][ T5940] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 247.468856][ T5940] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.502960][ T5940] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 247.513317][ T5940] usb 1-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 247.536101][ T5940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.582561][ T5940] usb 1-1: config 0 descriptor?? [ 248.031582][ T5940] hid-led 0003:1D34:000A.0009: unknown main item tag 0x5 [ 248.283502][ T5940] hid-led 0003:1D34:000A.0009: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.0-1/input0 [ 248.359514][ T5940] hid-led 0003:1D34:000A.0009: Dream Cheeky Webmail Notifier initialized [ 248.421787][T11362] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 248.454773][T11362] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 248.457292][ T5940] usb 1-1: USB disconnect, device number 11 [ 248.476240][T11362] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 248.488141][ T5143] Bluetooth: hci0: command tx timeout [ 248.506384][T11362] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 248.632246][T11561] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1485'. [ 248.901696][T11362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.954743][T11362] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.026330][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.033575][ T3542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.129601][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.136837][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.353042][T11362] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 249.985587][T11362] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 250.154714][T11362] veth0_vlan: entered promiscuous mode [ 250.200344][T11362] veth1_vlan: entered promiscuous mode [ 250.586829][T11362] veth0_macvtap: entered promiscuous mode [ 250.655548][T11362] veth1_macvtap: entered promiscuous mode [ 250.753928][T11362] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.810581][T11362] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 250.892989][T11362] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.933350][T11362] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.973629][T11362] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.001310][T11362] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.249676][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.277812][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.344615][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.354669][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.370954][T11620] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1508'. [ 251.399824][T11620] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1508'. [ 251.552006][ T5987] kernel write not supported for file [eventfd] (pid: 5987 comm: kworker/1:7) [ 251.954441][ T3542] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.201126][ T3542] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.403093][ T3542] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.472517][ T3542] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.722533][ T3542] bridge_slave_1: left allmulticast mode [ 252.747562][ T3542] bridge_slave_1: left promiscuous mode [ 252.759798][ T3542] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.807575][ T3542] bridge_slave_0: left allmulticast mode [ 252.813283][ T3542] bridge_slave_0: left promiscuous mode [ 252.837461][ T3542] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.204104][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 253.231657][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 253.241327][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 253.265676][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 253.274227][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 253.368469][T11673] netlink: 'syz.6.1525': attribute type 7 has an invalid length. [ 253.376882][T11673] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1525'. [ 253.903800][ T3542] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 253.914572][ T3542] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 253.924689][ T3542] bond0 (unregistering): Released all slaves [ 254.227009][T11665] chnl_net:caif_netlink_parms(): no params data found [ 254.334444][ T3542] hsr_slave_0: left promiscuous mode [ 254.344447][ T3542] hsr_slave_1: left promiscuous mode [ 254.352905][ T3542] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 254.369563][ T3542] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 254.388992][ T3542] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.398417][ T3542] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.445372][ T3542] veth1_macvtap: left promiscuous mode [ 254.455234][ T3542] veth0_macvtap: left promiscuous mode [ 254.461360][ T3542] veth1_vlan: left promiscuous mode [ 254.468304][ T3542] veth0_vlan: left promiscuous mode [ 255.371873][ T5143] Bluetooth: hci0: command tx timeout [ 255.431231][ T3542] team0 (unregistering): Port device team_slave_1 removed [ 255.505326][ T3542] team0 (unregistering): Port device team_slave_0 removed [ 255.779416][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.785886][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.627240][T11665] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.634603][T11665] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.662823][T11665] bridge_slave_0: entered allmulticast mode [ 256.675787][T11665] bridge_slave_0: entered promiscuous mode [ 256.684754][T11665] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.700110][T11665] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.710567][T11665] bridge_slave_1: entered allmulticast mode [ 256.718653][T11665] bridge_slave_1: entered promiscuous mode [ 256.770851][T11740] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1549'. [ 256.855131][T11665] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.904326][T11665] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.154787][T11665] team0: Port device team_slave_0 added [ 257.175869][T11665] team0: Port device team_slave_1 added [ 257.288725][T11665] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.312000][T11665] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.397040][T11665] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.416499][T11665] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.423700][T11665] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.450273][ T5143] Bluetooth: hci0: command tx timeout [ 257.456194][T11665] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 257.785921][T11665] hsr_slave_0: entered promiscuous mode [ 257.816397][T11665] hsr_slave_1: entered promiscuous mode [ 257.825000][T11665] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 257.834905][T11665] Cannot create hsr debugfs directory [ 258.440063][T11774] overlayfs: failed to clone upperpath [ 258.788639][T11665] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 258.829287][T11665] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 258.890567][T11665] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 258.935400][T11665] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 258.998290][T11797] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1570'. [ 259.047490][T11791] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1569'. [ 259.273129][T11665] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.341609][T11665] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.383957][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.391196][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.434419][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.442000][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.527445][ T5143] Bluetooth: hci0: command tx timeout [ 260.970910][ T30] audit: type=1326 audit(1750226590.841:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11839 comm="syz.0.1585" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79faf8e929 code=0x0 [ 261.010732][T11665] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 261.212450][T11665] veth0_vlan: entered promiscuous mode [ 261.263060][T11665] veth1_vlan: entered promiscuous mode [ 261.437012][T11665] veth0_macvtap: entered promiscuous mode [ 261.469142][T11665] veth1_macvtap: entered promiscuous mode [ 261.526967][T11665] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 261.551598][T11665] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 261.573326][T11665] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.585023][T11665] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.600252][T11665] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.610375][ T5143] Bluetooth: hci0: command tx timeout [ 261.623255][T11665] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.920334][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 261.936620][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 262.064225][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 262.096498][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 262.714764][T11874] trusted_key: encrypted_key: insufficient parameters specified [ 263.245452][T11887] netlink: 'syz.2.1607': attribute type 4 has an invalid length. [ 263.271386][T11887] netlink: 'syz.2.1607': attribute type 4 has an invalid length. [ 263.554086][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.755482][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.857860][T11902] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1615'. [ 263.979443][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.119241][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.372660][ T12] bridge_slave_1: left allmulticast mode [ 264.397314][ T12] bridge_slave_1: left promiscuous mode [ 264.405490][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.445850][ T12] bridge_slave_0: left allmulticast mode [ 264.468462][ T12] bridge_slave_0: left promiscuous mode [ 264.487852][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.608188][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 264.621214][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 264.639209][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 264.673166][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 264.682498][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 264.722734][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 264.739444][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 264.752353][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 264.773227][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 264.791950][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 265.326715][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 265.345173][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.355257][ T12] bond0 (unregistering): Released all slaves [ 265.817900][ T12] hsr_slave_0: left promiscuous mode [ 265.839370][ T12] hsr_slave_1: left promiscuous mode [ 265.851886][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 265.868271][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 265.886944][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 265.900550][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 265.967543][ T12] veth1_macvtap: left promiscuous mode [ 265.973187][ T12] veth0_macvtap: left promiscuous mode [ 265.987409][ T12] veth1_vlan: left promiscuous mode [ 265.993230][ T12] veth0_vlan: left promiscuous mode [ 266.000091][T11946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1628'. [ 266.731997][ T5143] Bluetooth: hci0: command tx timeout [ 266.763987][ T12] team0 (unregistering): Port device team_slave_1 removed [ 266.813878][ T12] team0 (unregistering): Port device team_slave_0 removed [ 266.890659][ T5143] Bluetooth: hci4: command tx timeout [ 267.251516][T11946] vcan0: entered promiscuous mode [ 267.269819][T11946] vcan0: entered allmulticast mode [ 267.404038][T11916] chnl_net:caif_netlink_parms(): no params data found [ 267.599988][T11969] netlink: 'syz.2.1638': attribute type 2 has an invalid length. [ 267.846791][T11916] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.863012][T11916] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.872581][T11916] bridge_slave_0: entered allmulticast mode [ 267.886257][T11916] bridge_slave_0: entered promiscuous mode [ 267.895695][T11914] chnl_net:caif_netlink_parms(): no params data found [ 267.923917][T11916] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.932621][T11916] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.946897][T11916] bridge_slave_1: entered allmulticast mode [ 267.956843][T11916] bridge_slave_1: entered promiscuous mode [ 268.078300][T11916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 268.104347][T11916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 268.312892][T11916] team0: Port device team_slave_0 added [ 268.359159][T11916] team0: Port device team_slave_1 added [ 268.738377][T11914] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.745639][T11914] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.764835][T11914] bridge_slave_0: entered allmulticast mode [ 268.811484][ T5143] Bluetooth: hci0: command tx timeout [ 268.982956][ T5143] Bluetooth: hci4: command tx timeout [ 269.053803][T11914] bridge_slave_0: entered promiscuous mode [ 269.103650][T11916] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 269.110989][T11916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.148701][T11916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 269.166836][T11916] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 269.174011][T11916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.457286][T11916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 269.478343][T11914] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.485532][T11914] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.572770][T11914] bridge_slave_1: entered allmulticast mode [ 269.584036][T11914] bridge_slave_1: entered promiscuous mode [ 269.735436][T11916] hsr_slave_0: entered promiscuous mode [ 269.743793][T11916] hsr_slave_1: entered promiscuous mode [ 269.755438][T11916] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 269.773585][T11916] Cannot create hsr debugfs directory [ 269.799994][T11914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 269.829783][T11914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 269.842893][T12008] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1649'. [ 269.996739][T11914] team0: Port device team_slave_0 added [ 270.031389][T11914] team0: Port device team_slave_1 added [ 270.246486][T12021] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.286508][T12021] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.379147][T11914] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 270.394198][T11914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.453518][T11914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 270.626263][T11914] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 270.633464][T11914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.669192][T11914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 270.897817][ T5143] Bluetooth: hci0: command tx timeout [ 270.987739][T10727] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.053306][ T5143] Bluetooth: hci4: command tx timeout [ 271.117499][T11914] hsr_slave_0: entered promiscuous mode [ 271.123889][T11914] hsr_slave_1: entered promiscuous mode [ 271.132123][T11914] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 271.140388][T11914] Cannot create hsr debugfs directory [ 271.242395][T10727] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.400649][T10727] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.559504][T10727] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.893946][T11916] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 271.949723][T11916] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 271.996319][T11916] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 272.054518][T11916] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 272.303493][T10727] bridge_slave_1: left allmulticast mode [ 272.338637][T10727] bridge_slave_1: left promiscuous mode [ 272.350108][T10727] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.394986][T10727] bridge_slave_0: left allmulticast mode [ 272.403466][T10727] bridge_slave_0: left promiscuous mode [ 272.410898][T10727] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.473960][T12073] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.1669'. [ 272.497829][T12073] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1669'. [ 272.946065][T10727] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 272.961661][T10727] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 272.973919][T10727] bond0 (unregistering): Released all slaves [ 272.977401][ T5143] Bluetooth: hci0: command tx timeout [ 273.127374][ T5143] Bluetooth: hci4: command tx timeout [ 273.454363][T11916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 273.501860][T10727] hsr_slave_0: left promiscuous mode [ 273.508686][T10727] hsr_slave_1: left promiscuous mode [ 273.514914][T10727] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 273.523052][T10727] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 273.532623][T10727] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 273.545754][T10727] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 273.571293][T10727] veth1_macvtap: left promiscuous mode [ 273.577049][T10727] veth0_macvtap: left promiscuous mode [ 273.583190][T10727] veth1_vlan: left promiscuous mode [ 273.589422][T10727] veth0_vlan: left promiscuous mode [ 273.617397][ T5940] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 273.771705][T12096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1679'. [ 273.801755][ T5940] usb 1-1: Using ep0 maxpacket: 16 [ 273.822390][ T5940] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 273.855230][ T5940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.877498][ T5940] usb 1-1: Product: syz [ 273.881724][ T5940] usb 1-1: Manufacturer: syz [ 273.886328][ T5940] usb 1-1: SerialNumber: syz [ 273.898585][ T5940] usb 1-1: config 0 descriptor?? [ 274.021020][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880567cb800: rx timeout, send abort [ 274.079024][T12100] overlayfs: failed to clone upperpath [ 274.343415][ T5940] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 274.415618][ T5940] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 274.432103][ T5940] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 274.442986][ T5940] usb 1-1: media controller created [ 274.521163][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880567c9800: rx timeout, send abort [ 274.529756][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880567cb800: abort rx timeout. Force session deactivation [ 274.540989][T12092] dtv5100: wlen = 0, aborting. [ 274.554414][ T5940] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 274.626000][ T5940] zl10353_read_register: readreg error (reg=127, ret==0) [ 274.651767][ T5940] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 274.666081][ T5940] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 274.692823][ T5940] usb 1-1: USB disconnect, device number 12 [ 274.784076][ T5940] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 274.794950][T10727] team0 (unregistering): Port device team_slave_1 removed [ 274.905776][T10727] team0 (unregistering): Port device team_slave_0 removed [ 275.029481][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880567c9800: abort rx timeout. Force session deactivation [ 275.913402][T11916] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.930054][T11914] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 275.944263][T11914] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 275.961577][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.968820][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.995166][T11914] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 276.024594][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.031850][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.065764][T11914] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 276.303304][T12127] overlayfs: upper fs does not support tmpfile. [ 276.507087][T11914] 8021q: adding VLAN 0 to HW filter on device bond0 [ 276.541244][T11914] 8021q: adding VLAN 0 to HW filter on device team0 [ 276.581540][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.588696][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.611094][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.618255][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.643531][T11914] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 276.655470][T11914] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 276.837411][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 276.901983][T11916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.987414][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 277.091432][ T9] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 277.165390][T11916] veth0_vlan: entered promiscuous mode [ 277.178412][T11916] veth1_vlan: entered promiscuous mode [ 277.210409][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.238416][T11916] veth0_macvtap: entered promiscuous mode [ 277.258798][T11916] veth1_macvtap: entered promiscuous mode [ 277.284614][T11916] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 277.305263][T11916] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 277.323106][T11916] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.335386][T11916] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.346896][T11916] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.358088][T11916] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.369697][ T9] usb 1-1: config 0 descriptor?? [ 277.471753][ T9] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 277.526983][T10727] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.558714][T10727] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.648190][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.656272][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.760616][T11914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 277.846929][ T30] audit: type=1326 audit(1750226607.711:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12148 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 277.868656][T11914] veth0_vlan: entered promiscuous mode [ 277.892203][T11914] veth1_vlan: entered promiscuous mode [ 277.953145][ T30] audit: type=1326 audit(1750226607.711:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12148 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 278.044845][ T30] audit: type=1326 audit(1750226607.771:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12148 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 278.070782][T11914] veth0_macvtap: entered promiscuous mode [ 278.084034][ T30] audit: type=1326 audit(1750226607.771:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12148 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 278.085342][T12156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1695'. [ 278.114020][T11914] veth1_macvtap: entered promiscuous mode [ 278.144389][ T30] audit: type=1326 audit(1750226607.771:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12148 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 278.189530][ T30] audit: type=1326 audit(1750226607.771:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12148 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 278.211405][ T30] audit: type=1326 audit(1750226607.781:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12148 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 278.233289][ T30] audit: type=1326 audit(1750226607.781:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12148 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7ffc0000 [ 278.300801][T11914] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 278.354871][T11914] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 278.395234][T11914] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.417336][T11914] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.426128][T11914] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.454830][T11914] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.539377][ T9] gspca_vc032x: reg_w err -71 [ 278.544135][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.549535][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.557667][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.563005][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.573578][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.597562][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.602908][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.629096][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.639897][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.649252][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.659588][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.659674][T12164] netlink: 'syz.1.1698': attribute type 10 has an invalid length. [ 278.664906][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.664934][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.664944][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.664954][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.664964][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.664974][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.718467][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 278.723892][ T9] gspca_vc032x: Unknown sensor... [ 278.730674][ T9] vc032x 1-1:0.0: probe with driver vc032x failed with error -22 [ 278.743090][ T9] usb 1-1: USB disconnect, device number 13 [ 278.772424][T12164] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 278.786722][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.815684][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.976868][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.989789][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.145510][T12195] input: syz1 as /devices/virtual/input/input11 [ 280.245724][ T1145] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.693962][ T30] audit: type=1326 audit(1750226610.561:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12185 comm="syz.2.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f526598e929 code=0x7fc00000 [ 280.945926][ T1145] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.002839][ T1145] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.174659][ T1145] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.648223][ T1145] bridge_slave_1: left allmulticast mode [ 281.666684][ T1145] bridge_slave_1: left promiscuous mode [ 281.706405][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.742099][ T1145] bridge_slave_0: left allmulticast mode [ 281.761284][ T1145] bridge_slave_0: left promiscuous mode [ 281.796894][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.871616][T12225] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1721'. [ 282.251488][T12229] Invalid source name [ 282.255501][T12229] UBIFS error (pid: 12229): cannot open "./file0", error -22 [ 282.549925][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 282.572276][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 282.578205][T12240] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1726'. [ 282.638370][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 282.880880][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 282.895576][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 283.398905][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.430011][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.446771][ T1145] bond0 (unregistering): Released all slaves [ 283.497941][T12240] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 283.993635][T12269] netlink: 'syz.1.1733': attribute type 4 has an invalid length. [ 284.387588][ T1145] hsr_slave_0: left promiscuous mode [ 284.411811][ T1145] hsr_slave_1: left promiscuous mode [ 284.425252][T12285] overlayfs: failed to clone upperpath [ 284.432508][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.456055][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.759108][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.801517][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.898940][ T1145] veth1_macvtap: left promiscuous mode [ 284.911814][ T1145] veth0_macvtap: left promiscuous mode [ 284.941886][ T1145] veth1_vlan: left promiscuous mode [ 284.954103][ T1145] veth0_vlan: left promiscuous mode [ 284.968412][ T5143] Bluetooth: hci0: command tx timeout [ 285.740512][T12311] netlink: 'syz.2.1751': attribute type 1 has an invalid length. [ 285.808519][T12313] overlayfs: failed to clone upperpath [ 286.693121][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 286.717449][ T9] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 286.743954][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 286.877379][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 286.885933][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.905791][ T9] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 286.914945][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.930193][ T9] usb 8-1: config 0 descriptor?? [ 287.047284][ T5143] Bluetooth: hci0: command tx timeout [ 287.371915][ T9] mcp2221 0003:04D8:00DD.000A: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.7-1/input0 [ 287.490963][T12311] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 287.492949][T12235] chnl_net:caif_netlink_parms(): no params data found [ 287.805440][ T9] usb 8-1: USB disconnect, device number 2 [ 287.848721][T12235] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.855888][T12235] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.882549][T12235] bridge_slave_0: entered allmulticast mode [ 287.890556][T12235] bridge_slave_0: entered promiscuous mode [ 287.900680][T12235] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.908178][T12235] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.915438][T12235] bridge_slave_1: entered allmulticast mode [ 287.923698][T12235] bridge_slave_1: entered promiscuous mode [ 288.114909][T12235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 288.149841][T12235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 288.201121][ T24] IPVS: starting estimator thread 0... [ 288.297384][T12365] IPVS: using max 32 ests per chain, 76800 per kthread [ 288.388463][T12235] team0: Port device team_slave_0 added [ 288.449221][T12235] team0: Port device team_slave_1 added [ 288.550532][T12235] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 288.557663][T12235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.627272][T12235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 288.899294][T12235] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 288.918012][T12235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.930817][T12385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1779'. [ 288.983423][T12235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 289.059600][ T30] audit: type=1326 audit(1750226618.921:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12374 comm="syz.1.1777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09a158e929 code=0x7fc00000 [ 289.127551][ T5143] Bluetooth: hci0: command tx timeout [ 289.180776][T12235] hsr_slave_0: entered promiscuous mode [ 289.274858][T12235] hsr_slave_1: entered promiscuous mode [ 289.423621][ T30] audit: type=1326 audit(1750226619.281:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12374 comm="syz.1.1777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f09a158e929 code=0x7fc00000 [ 289.478451][T12235] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 289.486082][T12235] Cannot create hsr debugfs directory [ 289.582211][T12388] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 289.653991][T12392] netlink: 'syz.1.1782': attribute type 10 has an invalid length. [ 289.666615][T12388] overlayfs: failed to set xattr on upper [ 289.707308][T12388] overlayfs: ...falling back to redirect_dir=nofollow. [ 289.756198][T12388] overlayfs: ...falling back to index=off. [ 289.785153][T12388] overlayfs: ...falling back to uuid=null. [ 290.108126][T12399] netlink: 'syz.1.1784': attribute type 4 has an invalid length. [ 290.145022][T12400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1785'. [ 290.170350][T12396] netlink: 'syz.1.1784': attribute type 4 has an invalid length. [ 290.197784][ T5886] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 290.367672][ T5886] usb 1-1: Using ep0 maxpacket: 32 [ 290.390952][ T5886] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 290.429289][ T5886] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 290.461425][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 290.510433][T12410] netlink: 2048 bytes leftover after parsing attributes in process `syz.2.1788'. [ 290.511752][ T5886] usb 1-1: Product: syz [ 290.539629][T12410] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1788'. [ 290.548599][ T5886] usb 1-1: Manufacturer: syz [ 290.548621][ T5886] usb 1-1: SerialNumber: syz [ 290.575190][ T5886] usb 1-1: config 0 descriptor?? [ 290.601673][T12394] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 290.919106][ T5886] usb 1-1: USB disconnect, device number 14 [ 291.207418][ T5143] Bluetooth: hci0: command tx timeout [ 291.333231][T12235] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 291.368639][ T5886] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 291.377960][T12235] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 291.394712][T12235] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 291.449584][T12235] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 291.540755][ T5886] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 291.570664][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 291.598157][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.609552][ T5886] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 291.650214][ T5886] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 291.733507][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.022932][ T5886] usb 1-1: config 0 descriptor?? [ 292.090226][T12235] 8021q: adding VLAN 0 to HW filter on device bond0 [ 292.132742][T12443] overlayfs: failed to clone upperpath [ 292.145502][T12235] 8021q: adding VLAN 0 to HW filter on device team0 [ 292.170653][T12125] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.177826][T12125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.286736][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.293948][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 293.152917][ T5886] usbhid 1-1:0.0: can't add hid device: -71 [ 293.167876][ T5886] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 293.230552][ T5886] usb 1-1: USB disconnect, device number 15 [ 293.680269][T12235] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.804373][T12235] veth0_vlan: entered promiscuous mode [ 293.845633][T12235] veth1_vlan: entered promiscuous mode [ 293.941567][T12235] veth0_macvtap: entered promiscuous mode [ 293.973086][T12235] veth1_macvtap: entered promiscuous mode [ 294.104753][T12485] overlayfs: failed to clone upperpath [ 294.116717][T12235] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.156274][T12235] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.196608][T12235] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.219408][T12235] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.234865][T12235] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.244438][T12235] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.269932][T12489] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1812'. [ 294.818766][ T3542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.826731][ T3542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 294.909233][ T3542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.931977][ T3542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 294.987659][T12505] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1819'. [ 295.023569][T12505] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 295.115130][T12505] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 295.201903][T12505] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 295.210188][T12505] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 295.723274][T12125] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.820318][T12125] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.188944][T12125] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.254911][T12125] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.346863][T12125] bridge_slave_1: left allmulticast mode [ 296.352687][T12125] bridge_slave_1: left promiscuous mode [ 296.358792][T12125] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.368284][T12125] bridge_slave_0: left allmulticast mode [ 296.375062][T12125] bridge_slave_0: left promiscuous mode [ 296.381074][T12125] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.742881][T12125] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 296.753522][T12125] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 296.765563][T12125] bond0 (unregistering): Released all slaves [ 297.001098][ T5906] libceph: connect (1)[c::]:6789 error -101 [ 297.021976][T12535] ceph: No mds server is up or the cluster is laggy [ 297.032805][ T5906] libceph: mon0 (1)[c::]:6789 connect error [ 297.071255][T12543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1831'. [ 297.951756][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 297.961242][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 297.973835][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 297.984110][T12125] hsr_slave_0: left promiscuous mode [ 297.984288][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 298.002664][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 298.020390][T12125] hsr_slave_1: left promiscuous mode [ 298.076296][T12125] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 298.103124][T12125] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 298.149599][T12125] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 298.172347][T12125] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 298.197484][ T5940] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 298.284552][T12125] veth1_macvtap: left promiscuous mode [ 298.300761][T12125] veth0_macvtap: left promiscuous mode [ 298.313317][T12125] veth1_vlan: left promiscuous mode [ 298.323690][T12125] veth0_vlan: left promiscuous mode [ 298.374781][ T5940] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.398410][ T5940] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 298.426725][ T5940] usb 8-1: New USB device found, idVendor=046d, idProduct=c713, bcdDevice= 0.00 [ 298.449242][ T5940] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.476714][ T5940] usb 8-1: config 0 descriptor?? [ 298.921174][ T5940] hid (null): report_id 0 is invalid [ 298.943787][ T5940] logitech-djreceiver 0003:046D:C713.000B: unexpected long global item [ 298.956875][ T5940] logitech-djreceiver 0003:046D:C713.000B: logi_dj_probe: parse failed [ 298.966652][ T5940] logitech-djreceiver 0003:046D:C713.000B: probe with driver logitech-djreceiver failed with error -22 [ 299.128611][ T5940] usb 8-1: USB disconnect, device number 3 [ 299.283439][T12125] team0 (unregistering): Port device team_slave_1 removed [ 299.352742][T12125] team0 (unregistering): Port device team_slave_0 removed [ 300.086920][T12569] bridge: RTM_NEWNEIGH with invalid ether address [ 300.093935][ T5143] Bluetooth: hci0: command tx timeout [ 300.265597][T12600] net_ratelimit: 3319 callbacks suppressed [ 300.265660][T12600] IPVS: fo: SCTP 172.20.20.187:0 - no destination available [ 300.282879][ T5886] IPVS: starting estimator thread 0... [ 300.387404][T12602] IPVS: using max 25 ests per chain, 60000 per kthread [ 300.495053][T12560] chnl_net:caif_netlink_parms(): no params data found [ 300.799926][T12614] netlink: 176 bytes leftover after parsing attributes in process `syz.7.1857'. [ 301.036842][T12617] overlayfs: failed to clone upperpath [ 301.627012][T12560] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.649984][T12560] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.679304][T12560] bridge_slave_0: entered allmulticast mode [ 301.691445][T12560] bridge_slave_0: entered promiscuous mode [ 301.710360][T12560] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.727313][T12560] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.744825][T12560] bridge_slave_1: entered allmulticast mode [ 301.765190][T12560] bridge_slave_1: entered promiscuous mode [ 301.776657][T12628] xt_CT: No such helper "snmp" [ 301.884465][T12560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 301.927803][ T5921] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 301.938306][T12560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 302.108540][ T5921] usb 8-1: Using ep0 maxpacket: 8 [ 302.118468][ T5921] usb 8-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 302.136029][T12560] team0: Port device team_slave_0 added [ 302.143167][ T5921] usb 8-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 302.163722][ T5921] usb 8-1: config 0 interface 0 has no altsetting 0 [ 302.167905][ T5143] Bluetooth: hci0: command tx timeout [ 302.171573][ T5921] usb 8-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 302.185393][ T5921] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.205645][T12560] team0: Port device team_slave_1 added [ 302.215176][ T5921] usb 8-1: config 0 descriptor?? [ 302.282110][T12560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 302.290115][T12560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.317640][T12560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 302.335648][T12560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 302.343113][T12560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.372636][T12560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.437617][T12652] TCP: TCP_TX_DELAY enabled [ 302.466968][T12560] hsr_slave_0: entered promiscuous mode [ 302.474066][T12560] hsr_slave_1: entered promiscuous mode [ 302.483439][T12560] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 302.506026][T12560] Cannot create hsr debugfs directory [ 302.651829][ T5921] steelseries 0003:1038:1410.000C: unknown main item tag 0x5 [ 302.670132][ T5921] steelseries 0003:1038:1410.000C: item fetching failed at offset 3/5 [ 302.683513][ T5921] steelseries 0003:1038:1410.000C: parse failed [ 302.690489][ T5921] steelseries 0003:1038:1410.000C: probe with driver steelseries failed with error -22 [ 303.383698][T12560] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 303.391720][T12560] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 303.396645][T12560] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 303.408983][T12560] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 303.616611][T12560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 303.658821][T12560] 8021q: adding VLAN 0 to HW filter on device team0 [ 303.689661][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.696945][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 303.796851][T12679] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.830715][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.838010][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 303.959387][T12679] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.102232][T12679] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.179700][T12560] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 304.249596][ T5143] Bluetooth: hci0: command tx timeout [ 304.311754][T12679] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.792372][T12679] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.801289][ T9] usb 8-1: USB disconnect, device number 4 [ 304.929645][T12679] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.060428][T12679] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.068787][T12750] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1883'. [ 305.249631][T12679] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.292234][T12729] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 305.358375][T12759] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1886'. [ 305.396415][T12759] bridge_slave_1: left allmulticast mode [ 305.418146][T12759] bridge_slave_1: left promiscuous mode [ 305.423990][T12759] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.500985][T12759] bridge_slave_0: left allmulticast mode [ 305.509306][T12729] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 305.526190][T12759] bridge_slave_0: left promiscuous mode [ 305.537985][T12759] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.642266][T12729] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.659573][T12729] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.718800][T12743] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.726684][T12743] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.831552][T12560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.844865][T12743] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.875371][T12743] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.952912][T12700] ------------[ cut here ]------------ [ 305.959454][T12700] WARNING: CPU: 0 PID: 12700 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3ca/0x440 [ 305.969976][T12700] Modules linked in: [ 305.974280][T12700] CPU: 0 UID: 0 PID: 12700 Comm: kworker/u8:21 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 305.986924][T12700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 305.997652][T12700] Workqueue: cfg80211 cfg80211_event_work [ 306.003775][T12700] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 306.010100][T12700] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d8 c0 a2 00 cc e8 32 13 01 f7 90 0f 0b 90 eb bd e8 27 13 01 f7 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 17 13 01 f7 90 0f 0b 90 e9 de fd [ 306.010863][T12560] veth0_vlan: entered promiscuous mode [ 306.030034][T12700] RSP: 0000:ffffc90003c4f8e0 EFLAGS: 00010293 [ 306.041413][T12700] RAX: ffffffff8abf4819 RBX: dffffc0000000000 RCX: ffff88805f415a00 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 306.049511][T12700] RDX: 0000000000000000 RSI: ffffffff8d96e7f3 RDI: ffffffff8be1b800 [ 306.057623][T12700] RBP: ffffc90003c4f9b8 R08: ffffffff8f9fe3f7 R09: 1ffffffff1f3fc7e [ 306.065668][T12700] R10: dffffc0000000000 R11: fffffbfff1f3fc7f R12: ffff88806dec8d90 [ 306.073810][T12700] R13: 1ffff92000789f24 R14: ffff88802db8b338 R15: 0000000000000006 [ 306.082520][T12700] FS: 0000000000000000(0000) GS:ffff888125c85000(0000) knlGS:0000000000000000 [ 306.091692][T12700] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 306.098377][T12700] CR2: 000000110c258925 CR3: 000000003470c000 CR4: 00000000003526f0 [ 306.106905][T12700] DR0: 00000000000000f8 DR1: 0000000000000000 DR2: 0000000000000000 [ 306.115394][T12700] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 306.123646][T12700] Call Trace: [ 306.127017][T12700] [ 306.130085][T12700] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.135380][T12700] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 306.141425][T12700] ? cfg80211_event_work+0x24/0x60 [ 306.143763][T12560] veth1_vlan: entered promiscuous mode [ 306.146606][T12700] ? __pfx___mutex_lock+0x10/0x10 [ 306.157251][T12700] cfg80211_process_wdev_events+0x38a/0x4f0 [ 306.163226][T12700] cfg80211_process_rdev_events+0xa1/0x110 [ 306.169732][T12700] cfg80211_event_work+0x2c/0x60 [ 306.174814][T12700] ? process_scheduled_works+0x9ef/0x17b0 [ 306.180704][T12700] process_scheduled_works+0xade/0x17b0 [ 306.186349][T12700] ? __pfx_process_scheduled_works+0x10/0x10 [ 306.192471][T12700] worker_thread+0x8a0/0xda0 [ 306.197234][T12700] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 306.204051][T12700] ? __kthread_parkme+0x7b/0x200 [ 306.209478][T12700] kthread+0x70e/0x8a0 [ 306.213671][T12700] ? __pfx_worker_thread+0x10/0x10 [ 306.218929][T12700] ? __pfx_kthread+0x10/0x10 [ 306.223543][T12700] ? _raw_spin_unlock_irq+0x23/0x50 [ 306.228909][T12700] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.234191][T12700] ? __pfx_kthread+0x10/0x10 [ 306.238973][T12700] ret_from_fork+0x3f9/0x770 [ 306.244464][T12700] ? __pfx_ret_from_fork+0x10/0x10 [ 306.249765][T12700] ? __switch_to_asm+0x39/0x70 [ 306.255358][T12700] ? __switch_to_asm+0x33/0x70 [ 306.260308][T12700] ? __pfx_kthread+0x10/0x10 [ 306.265240][T12700] ret_from_fork_asm+0x1a/0x30 [ 306.271475][T12700] [ 306.274582][T12700] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 306.281884][T12700] CPU: 0 UID: 0 PID: 12700 Comm: kworker/u8:21 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 306.294224][T12700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 306.304286][T12700] Workqueue: cfg80211 cfg80211_event_work [ 306.310022][T12700] Call Trace: [ 306.313303][T12700] [ 306.316232][T12700] dump_stack_lvl+0x99/0x250 [ 306.320831][T12700] ? __asan_memcpy+0x40/0x70 [ 306.325417][T12700] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.330629][T12700] ? __pfx__printk+0x10/0x10 [ 306.335233][T12700] panic+0x2db/0x790 [ 306.339140][T12700] ? __pfx_panic+0x10/0x10 [ 306.343559][T12700] ? show_trace_log_lvl+0x4fb/0x550 [ 306.348771][T12700] ? ret_from_fork_asm+0x1a/0x30 [ 306.353712][T12700] __warn+0x31b/0x4b0 [ 306.357694][T12700] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 306.363251][T12700] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 306.368804][T12700] report_bug+0x2be/0x4f0 [ 306.373140][T12700] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 306.378691][T12700] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 306.384240][T12700] ? __cfg80211_ibss_joined+0x3cc/0x440 [ 306.389790][T12700] handle_bug+0x84/0x160 [ 306.394033][T12700] exc_invalid_op+0x1a/0x50 [ 306.398535][T12700] asm_exc_invalid_op+0x1a/0x20 [ 306.403387][T12700] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 306.409551][T12700] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d8 c0 a2 00 cc e8 32 13 01 f7 90 0f 0b 90 eb bd e8 27 13 01 f7 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 17 13 01 f7 90 0f 0b 90 e9 de fd [ 306.429160][T12700] RSP: 0000:ffffc90003c4f8e0 EFLAGS: 00010293 [ 306.435245][T12700] RAX: ffffffff8abf4819 RBX: dffffc0000000000 RCX: ffff88805f415a00 [ 306.443221][T12700] RDX: 0000000000000000 RSI: ffffffff8d96e7f3 RDI: ffffffff8be1b800 [ 306.451194][T12700] RBP: ffffc90003c4f9b8 R08: ffffffff8f9fe3f7 R09: 1ffffffff1f3fc7e [ 306.459178][T12700] R10: dffffc0000000000 R11: fffffbfff1f3fc7f R12: ffff88806dec8d90 [ 306.467165][T12700] R13: 1ffff92000789f24 R14: ffff88802db8b338 R15: 0000000000000006 [ 306.475156][T12700] ? __cfg80211_ibss_joined+0x3c9/0x440 [ 306.480731][T12700] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.485939][T12700] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 306.491839][T12700] ? cfg80211_event_work+0x24/0x60 [ 306.496956][T12700] ? __pfx___mutex_lock+0x10/0x10 [ 306.501990][T12700] cfg80211_process_wdev_events+0x38a/0x4f0 [ 306.507900][T12700] cfg80211_process_rdev_events+0xa1/0x110 [ 306.513718][T12700] cfg80211_event_work+0x2c/0x60 [ 306.518660][T12700] ? process_scheduled_works+0x9ef/0x17b0 [ 306.524399][T12700] process_scheduled_works+0xade/0x17b0 [ 306.529992][T12700] ? __pfx_process_scheduled_works+0x10/0x10 [ 306.536005][T12700] worker_thread+0x8a0/0xda0 [ 306.540610][T12700] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 306.546957][T12700] ? __kthread_parkme+0x7b/0x200 [ 306.551926][T12700] kthread+0x70e/0x8a0 [ 306.555999][T12700] ? __pfx_worker_thread+0x10/0x10 [ 306.561124][T12700] ? __pfx_kthread+0x10/0x10 [ 306.565716][T12700] ? _raw_spin_unlock_irq+0x23/0x50 [ 306.570918][T12700] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.576161][T12700] ? __pfx_kthread+0x10/0x10 [ 306.580766][T12700] ret_from_fork+0x3f9/0x770 [ 306.585372][T12700] ? __pfx_ret_from_fork+0x10/0x10 [ 306.590515][T12700] ? __switch_to_asm+0x39/0x70 [ 306.595294][T12700] ? __switch_to_asm+0x33/0x70 [ 306.600058][T12700] ? __pfx_kthread+0x10/0x10 [ 306.604670][T12700] ret_from_fork_asm+0x1a/0x30 [ 306.609460][T12700] [ 306.612777][T12700] Kernel Offset: disabled [ 306.617118][T12700] Rebooting in 86400 seconds..