last executing test programs: 25.142821946s ago: executing program 1 (id=6494): syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d"], 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x9) rmdir(&(0x7f0000000700)='./cgroup/../file0\x00') fsopen(&(0x7f0000000300)='tmpfs\x00', 0x0) symlinkat(&(0x7f0000000640)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file1\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x6, 0x8, 0x40, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f00000004c0)="2432431a0000fcbb3d09eea8aaa30b5bd28c2cc9c1280de27d117bd91335089947404bd2a455fdead9c9fb4523f8c11bcb92e559ba20dcf4626338e1b954cf424a27d985093156271197fc613f9fd339ff19c20297dc9c68ad2b45c3d8a221cda6a9b170e7c622f09d79f5b776285bf4bbd2a92cb0f984aa513ee691718c2da142cf03510c1d5badbd8d40b67390e90d50478363f04c7b6b17c23d5246c234dbf04aa24437175d9b381faad8a0b087761c4ff7f774cf1e53ffea24431a035529f1", 0x1000, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f0000000580), &(0x7f0000001580)=""/92}, 0x20) 23.037334649s ago: executing program 2 (id=6510): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x1, 0x198, [], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="000000000000000000000000004ff8d978fa7ef9850000000000e5ffffffffffffff000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000040000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000799e3b3c00000001000000000000000000ffffffff01000000110000000000000000000300736630b08d4a395bd1d6febe0dc24d5fe679000011000000000008000064756d6d793000000000000000000000010000000000000000000000000000006c6f00000000200000000000f8ffffffffffff000000000000000070000000a8000000d8000000646e6174000000000000200000000000000000000002000000000000000000586a2fb10000000000aaaaaaaaaaaa000001"]}, 0x1d9) socket$rxrpc(0x21, 0x2, 0xa) io_setup(0x7, &(0x7f0000000040)) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000280)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000002780)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={r8, 0x3, r6, 0x5}) r9 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) dup3(r10, r9, 0x0) ioctl$BLKALIGNOFF(r9, 0x127a, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r11 = syz_open_procfs(0x0, &(0x7f0000001080)='smaps_rollup\x00') mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) preadv(r11, &(0x7f0000000140)=[{&(0x7f0000000340)=""/181, 0xb5}], 0x1, 0x0, 0x0) 21.530590982s ago: executing program 1 (id=6526): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a06fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed03040f040000000000001d440000000000006b0a04fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 20.965649451s ago: executing program 1 (id=6531): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x89}]}}}]}, 0x3c}}, 0x0) 20.775645313s ago: executing program 1 (id=6534): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x230) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x230) 20.57213685s ago: executing program 1 (id=6536): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0x95) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x7f) 20.317244962s ago: executing program 2 (id=6538): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 20.176839443s ago: executing program 1 (id=6539): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000180)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x2, r4, r3, 0x0, 0x0, 0x0, 0x6, {0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fe1d0c223edc04a6a770f5dbbd0b0bd17b480240438ece397736ec0268208f7d"}}) 19.723490922s ago: executing program 2 (id=6543): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f0000000200)={0x0, 0xd, 0x0, "6e145c0ef63b736608314ceb833d278f8739057c56b9f38df459aa6db8a9f4d6"}) 19.411361444s ago: executing program 2 (id=6546): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x230) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x230) 19.199712499s ago: executing program 2 (id=6549): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0x95) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x7f) 17.677442486s ago: executing program 2 (id=6555): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f0000000200)={0x0, 0xd, 0x0, "6e145c0ef63b736608314ceb833d278f8739057c56b9f38df459aa6db8a9f4d6"}) 2.545878161s ago: executing program 3 (id=6610): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x120) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x200000a, 0x200000005c832, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = socket$pppoe(0x18, 0x1, 0x0) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, &(0x7f0000000200)={0x18, 0x0, {0x1, @multicast, 'gre0\x00'}}, 0x1e) r6 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r6, &(0x7f0000000400)={0x18, 0x0, {0x1, @empty, 'ip6gre0\x00'}}, 0x1e) connect$pppoe(r4, &(0x7f0000000480)={0x18, 0x0, {0x1, @multicast, 'dummy0\x00'}}, 0x1e) connect$pppoe(r5, &(0x7f00000004c0)={0x18, 0x0, {0x0, @empty, 'veth0_to_bond\x00'}}, 0x1e) open$dir(&(0x7f0000000040)='./file0\x00', 0x600100, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f00000000c0)=0x2354, 0x4) bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r7, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r8 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout_data(r8, 0x107, 0x16, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) recvmmsg(r7, &(0x7f00000070c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000004d40)=""/7, 0x7}}], 0x1, 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002800c00028005000100840000002c00018014000300fc02000000000000000000000000000014000400fe8000000000000000000000000000aa080017000000211f18000effffffff0000000000000200"/172], 0xac}}, 0x0) 2.365752688s ago: executing program 0 (id=6612): eventfd(0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = getpid() r3 = getpid() kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r0, &(0x7f00000000c0)={r1}) 2.188431443s ago: executing program 0 (id=6614): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e06bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b27663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3800000000000000009c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488a0200000000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e4a59414329a7c7f2fad6bc871f5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561fe589e0d12969bc982ff3f0000006c0c6c747d9a1cc500bb89283a16ff10feea20bdac0000000000000000ca06f256a55591019465f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ee40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a3dc4e97f7fda840bcdd3afaa0d7c3c229de4f0f4ac4d04f1a4e52e38325ca2e5f1f9caaa7234053eca09ec3c8c16940bc3edfb2e016f355391c0e7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac14141604089f034d2f87e5440c05ab845013f2325f1a39018902038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 1.792487777s ago: executing program 4 (id=6616): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000006000000000084e27fa40000000f000000c5000000a029b30095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x93c, &(0x7f00000002c0), &(0x7f0000000100), &(0x7f00000000c0)) r2 = io_uring_setup(0x7058, &(0x7f0000000040)) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x14, 0x20000002, r3) 1.722797021s ago: executing program 0 (id=6617): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000000000000000000000851000000600000018100000", @ANYRES32=r0, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000180000002020782500000000002020207b0af8c100000000bd510000000000000400150000feffffb7021b4f08000000b703000000000000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0xde, &(0x7f0000003e40)=""/222}, 0x90) 1.54303987s ago: executing program 4 (id=6618): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) r0 = inotify_init() r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r1, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000023c0)={0x18, 0x1, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_TABLE_USERDATA={0x4}]}, 0x18}}, 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) creat(&(0x7f0000000100)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x24e, &(0x7f0000000280), &(0x7f0000000200)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r2, 0xb15, 0x0, 0x0, 0x0, 0x0) 1.474094765s ago: executing program 0 (id=6619): r0 = io_uring_setup(0x1d3, &(0x7f0000000080)) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r2 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r2, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) close_range(r0, r0, 0x0) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c) sendto$inet6(r1, &(0x7f0000000040)="ff", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @private1}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) 1.414493614s ago: executing program 3 (id=6620): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0xff}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000300)={[{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, &(0x7f0000000780)="6766c744240066000000f30f01f96766c744240600000000670f011c24ba2100ecba6100ec66b8684b258a66efbafc0c66b87400000066ef0f01d6660f0d9e0a0065660fe460700f0017baf80c66b8ce395c8a66efbafc0cec0f32", 0x5b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.316634635s ago: executing program 4 (id=6621): setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, &(0x7f00000000c0)="0bbb268dd6ffa8080000000000000000000021", 0x13) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="8200000000000000b7000040"]) 1.06961642s ago: executing program 3 (id=6622): eventfd(0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = getpid() r3 = getpid() kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r0, &(0x7f00000000c0)={r1}) 957.12947ms ago: executing program 4 (id=6623): socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000002000)='logon\x00', &(0x7f0000001000), &(0x7f0000001000)='.', 0x1, r0) 839.656094ms ago: executing program 3 (id=6624): write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000), 0xf) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', @random='\a\x00\x00 \x00'}) 749.020209ms ago: executing program 4 (id=6625): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x62}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 451.159966ms ago: executing program 0 (id=6626): r0 = socket$kcm(0x11, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) setsockopt$sock_attach_bpf(r0, 0x107, 0xe, &(0x7f0000000000)=r3, 0x4) 417.188479ms ago: executing program 4 (id=6627): socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{}, {}, @device_b}, @channel_switch={0x8, 0x4, {{0x25, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0x0, 0x0, 0xb3}, 0x48) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cpuinfo\x00', 0x0, 0x0) read$FUSE(r7, &(0x7f0000000180)={0x2020}, 0x2020) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000021c0)={0x1b, 0x0, 0x0, 0xfffff000, 0x0, r6, 0x3, '\x00', 0x0, r6, 0x0, 0x1, 0x5}, 0x48) r8 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r8, 0x0, 0xca, &(0x7f00000001c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_addr=@multicast1, @multicast2}, 0x10) setsockopt$MRT_FLUSH(r8, 0x0, 0xd4, &(0x7f0000001b40)=0xa, 0x4) 311.464749ms ago: executing program 3 (id=6628): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000000000000000000000851000000600000018100000", @ANYRES32=r0, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000180000002020782500000000002020207b0af8c100000000bd510000000000000400150000feffffb7021b4f08000000b703000000000000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0xde, &(0x7f0000003e40)=""/222}, 0x90) 113.425299ms ago: executing program 0 (id=6629): syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_WRITE_DEF_DATA_LEN}}, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) clock_settime(0x0, &(0x7f00000014c0)={0x77359400}) r1 = epoll_create1(0x0) r2 = userfaultfd(0x1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000080)={0x40002000}) epoll_wait(r1, &(0x7f0000001600)=[{}], 0x1, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x1) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_group_source_req(r5, 0x29, 0x2c, &(0x7f0000000340)={0x7f, {{0xa, 0x4e21, 0x31cf, @mcast2}}, {{0xa, 0x4e24, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}}}, 0x108) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) ioperm(0x0, 0x23d, 0xe) setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x7ff, {{0xa, 0x2, 0x535, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}}, {{0xa, 0x0, 0x1, @private2, 0x3f}}}, 0x108) socket$nl_xfrm(0x10, 0x3, 0x6) iopl(0x3) r6 = socket$netlink(0x10, 0x3, 0x0) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000004900010000000000000000000a008000", @ANYRES32=0x0, @ANYBLOB="000000000800020000000000140001000000000000000000000000000000000191379ec1d1cd853806f8d3320327f1e5f0a9539b9edcd5a0ead15158a7f02b7f0287bdef7c5217154d9a7bf7895929950c758ec5b60c4543ae9da695964081a3c6bf776d9780925aba96777800b0e71d9fe59a585c01c5deb3"], 0x38}}, 0x0) pselect6(0x40, &(0x7f00000011c0), 0x0, &(0x7f00000010c0)={0x800000000000}, &(0x7f0000001100)={0x77359400}, 0x0) r7 = fcntl$getown(r3, 0x9) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000140)={'\x00', 0x3, 0x100, 0x3, 0x7fffffffffffffff, 0xf8, r7}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0) sendto$inet6(r5, &(0x7f00000001c0)='p', 0x1, 0x0, 0x0, 0x0) bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000080)={0x0, 0x203}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000880)={0x4c, r8, 0x1, 0x0, 0xffffffff, {{}, {@val={0x8, 0x3, r9}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16ad}], @NL80211_ATTR_FRAME={0x24, 0x33, @assoc_resp={{{}, {}, @device_a, @device_a, @from_mac=@device_b}, 0x0, 0x0, @default, @val, @void}}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0x4c}}, 0x0) 0s ago: executing program 3 (id=6630): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0xff}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000300)={[{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, &(0x7f0000000780)="6766c744240066000000f30f01f96766c744240600000000670f011c24ba2100ecba6100ec66b8684b258a66efbafc0c66b87400000066ef0f01d6660f0d9e0a0065660fe460700f0017baf80c66b8ce395c8a66efbafc0cec0f32", 0x5b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): h1 [ 997.703128][T19631] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 997.761275][T19631] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 998.069151][T19742] xt_CT: You must specify a L4 protocol and not use inversions on it [ 998.990982][T19631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 999.026700][T19631] 8021q: adding VLAN 0 to HW filter on device team0 [ 999.094955][T18183] bridge0: port 1(bridge_slave_0) entered blocking state [ 999.102297][T18183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 999.168260][T18183] bridge0: port 2(bridge_slave_1) entered blocking state [ 999.175641][T18183] bridge0: port 2(bridge_slave_1) entered forwarding state [ 999.360978][ T58] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 999.733038][ T58] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 999.840833][ T58] usb 3-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice= 0.00 [ 999.913549][ T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 999.977927][ T58] usb 3-1: config 0 descriptor?? [ 1000.015496][ T58] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input50 [ 1000.279173][ T58] usb 3-1: USB disconnect, device number 46 [ 1000.430389][T19631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1000.560458][T19631] veth0_vlan: entered promiscuous mode [ 1000.598319][T19631] veth1_vlan: entered promiscuous mode [ 1000.657136][T19631] veth0_macvtap: entered promiscuous mode [ 1000.692641][T19631] veth1_macvtap: entered promiscuous mode [ 1000.722999][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1000.734762][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.744728][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1000.755968][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.765913][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1000.783619][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.793683][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1000.804421][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.825548][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1000.839551][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.849949][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1000.860731][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.873046][T19631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1000.895100][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1000.906277][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.919661][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1000.930209][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.942625][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1000.955534][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.965639][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1000.976141][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1000.988492][T19631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1000.999892][T19631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1001.011800][T19631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1001.025922][T19631] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1001.034978][T19631] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1001.044116][T19631] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1001.055231][T19631] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1001.206489][T19788] pimreg: entered allmulticast mode [ 1001.232554][T19788] pimreg: left allmulticast mode [ 1001.279932][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1001.300690][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1001.369956][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1001.383362][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1001.565363][T19795] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5079'. [ 1001.595107][T19795] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5079'. [ 1002.579212][T19815] block nbd2: shutting down sockets [ 1002.911927][T19819] cgroup: name respecified [ 1004.593764][T19850] cgroup: name respecified [ 1004.602777][T19848] block nbd1: shutting down sockets [ 1005.622247][T19862] netlink: 'syz.4.5105': attribute type 29 has an invalid length. [ 1005.630505][T19862] netlink: 'syz.4.5105': attribute type 3 has an invalid length. [ 1005.649960][T19862] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5105'. [ 1006.250255][T19881] netlink: 'syz.4.5112': attribute type 24 has an invalid length. [ 1006.423266][T19885] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5116'. [ 1006.438526][T19885] team0: entered promiscuous mode [ 1006.446149][T19885] team_slave_0: entered promiscuous mode [ 1006.452456][T19885] team_slave_1: entered promiscuous mode [ 1006.493271][T19884] team0: left promiscuous mode [ 1006.506394][T19884] team_slave_0: left promiscuous mode [ 1006.516399][T18183] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1006.564818][T19884] team_slave_1: left promiscuous mode [ 1006.578510][T19891] ./file0: Can't lookup blockdev [ 1007.448894][T18183] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1007.471650][T18183] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1007.500850][T18183] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1007.544992][T18183] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1007.571207][T18183] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1007.601080][T18183] usb 3-1: config 0 descriptor?? [ 1007.811267][T19919] ./file0: Can't lookup blockdev [ 1007.851201][T19879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1007.860099][T19879] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1007.871294][T19920] netlink: 'syz.0.5125': attribute type 24 has an invalid length. [ 1007.940978][T18183] usbhid 3-1:0.0: can't add hid device: -71 [ 1007.948702][T18183] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1007.991809][T18183] usb 3-1: USB disconnect, device number 47 [ 1009.240310][T19940] netlink: 'syz.3.5137': attribute type 4 has an invalid length. [ 1009.362179][T19943] block nbd0: NBD_DISCONNECT [ 1009.414052][T19941] block nbd0: Disconnected due to user request. [ 1009.427105][T19941] block nbd0: shutting down sockets [ 1011.070716][T19978] Bluetooth: hci1: command 0x0406 tx timeout [ 1011.760788][T19995] hfs: can't find a HFS filesystem on dev nullb0 [ 1011.774292][T19994] block nbd3: shutting down sockets [ 1011.862361][T20000] block nbd3: NBD_DISCONNECT [ 1011.867603][T20000] block nbd3: Send disconnect failed -32 [ 1011.899119][T20000] block nbd3: Send disconnect failed -32 [ 1012.890967][ T46] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.062709][T20030] hfs: can't find a HFS filesystem on dev nullb0 [ 1013.109880][ T46] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.151226][ T784] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1013.361177][ T784] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1013.405386][ T784] usb 3-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice= 0.00 [ 1013.428233][ T46] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.444954][ T784] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1013.477942][ T784] usb 3-1: config 0 descriptor?? [ 1013.495466][ T784] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input51 [ 1013.554274][T20036] block nbd0: shutting down sockets [ 1013.640796][T20039] block nbd0: NBD_DISCONNECT [ 1013.645590][T20039] block nbd0: Send disconnect failed -32 [ 1013.661893][T20039] block nbd0: Send disconnect failed -32 [ 1013.670529][ T46] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.700296][ T5095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1013.727703][ T5095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1013.737205][ T5095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1013.748082][ T5095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1013.756467][ T784] usb 3-1: USB disconnect, device number 48 [ 1013.765715][ T5095] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1013.773681][ T5095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1014.225682][ T46] bridge_slave_1: left allmulticast mode [ 1014.245269][ T46] bridge_slave_1: left promiscuous mode [ 1014.265478][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 1014.307836][ T46] bridge_slave_0: left allmulticast mode [ 1014.353456][ T46] bridge_slave_0: left promiscuous mode [ 1014.359406][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 1014.762533][T20068] block nbd2: shutting down sockets [ 1014.801732][T20068] block nbd2: NBD_DISCONNECT [ 1014.826449][T20068] block nbd2: Send disconnect failed -32 [ 1014.832921][T20068] block nbd2: Send disconnect failed -32 [ 1014.874442][T20072] hfs: can't find a HFS filesystem on dev nullb0 [ 1016.183659][ T5097] Bluetooth: hci0: command tx timeout [ 1016.892664][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1016.927399][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1016.943374][ T46] bond0 (unregistering): Released all slaves [ 1017.048490][T20058] netlink: 'syz.1.5179': attribute type 2 has an invalid length. [ 1017.246938][T20040] chnl_net:caif_netlink_parms(): no params data found [ 1017.673535][ T46] hsr_slave_0: left promiscuous mode [ 1017.695205][ T46] hsr_slave_1: left promiscuous mode [ 1017.715661][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1017.733073][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1017.750062][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1017.777101][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1017.831365][ T46] veth1_macvtap: left promiscuous mode [ 1017.838342][ T46] veth0_macvtap: left promiscuous mode [ 1017.844289][ T46] veth1_vlan: left promiscuous mode [ 1017.849850][ T46] veth0_vlan: left promiscuous mode [ 1018.275898][ T5095] Bluetooth: hci0: command tx timeout [ 1019.198553][ T29] audit: type=1804 audit(1719829536.446:530): pid=20163 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.5222" name="/root/syzkaller.OTAcGX/185/file0" dev="sda1" ino=2110 res=1 errno=0 [ 1019.829100][ T46] team0 (unregistering): Port device team_slave_1 removed [ 1019.911139][ T46] team0 (unregistering): Port device team_slave_0 removed [ 1020.351026][ T5095] Bluetooth: hci0: command 0x040f tx timeout [ 1020.786325][T20040] bridge0: port 1(bridge_slave_0) entered blocking state [ 1020.798740][T20040] bridge0: port 1(bridge_slave_0) entered disabled state [ 1020.808061][T20040] bridge_slave_0: entered allmulticast mode [ 1020.841198][T20040] bridge_slave_0: entered promiscuous mode [ 1020.880837][T20166] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5222'. [ 1020.900757][T20168] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5222'. [ 1021.022327][T20040] bridge0: port 2(bridge_slave_1) entered blocking state [ 1021.055838][T20040] bridge0: port 2(bridge_slave_1) entered disabled state [ 1021.063657][T20040] bridge_slave_1: entered allmulticast mode [ 1021.072369][T20040] bridge_slave_1: entered promiscuous mode [ 1021.179480][T20184] tmpfs: Bad value for 'mpol' [ 1021.252441][T20040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1021.300189][T20040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1021.473346][ T5097] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 1021.505240][T20040] team0: Port device team_slave_0 added [ 1021.533933][T20040] team0: Port device team_slave_1 added [ 1021.629387][T20203] netlink: 'syz.2.5236': attribute type 1 has an invalid length. [ 1021.649729][T20203] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5236'. [ 1021.684304][T20040] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1021.727792][T20040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1021.773322][T20040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1021.815352][T20040] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1021.834116][T20040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1021.860863][T20040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1021.974692][T20040] hsr_slave_0: entered promiscuous mode [ 1021.992284][T20040] hsr_slave_1: entered promiscuous mode [ 1021.998898][T20040] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1022.007865][T20040] Cannot create hsr debugfs directory [ 1022.432334][ T5097] Bluetooth: hci0: command 0x040f tx timeout [ 1022.545789][T20227] netlink: 'syz.1.5247': attribute type 1 has an invalid length. [ 1022.574155][T20227] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5247'. [ 1022.637059][T20040] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1022.661026][T20040] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1022.684315][T20040] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1022.724767][T20040] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1022.868192][T20236] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5251'. [ 1023.004821][T20040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1023.057545][T20243] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5254'. [ 1023.073924][T20040] 8021q: adding VLAN 0 to HW filter on device team0 [ 1023.098345][T18183] bridge0: port 1(bridge_slave_0) entered blocking state [ 1023.105618][T18183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1023.129115][T18183] bridge0: port 2(bridge_slave_1) entered blocking state [ 1023.136500][T18183] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1023.387752][T20256] netlink: 'syz.1.5257': attribute type 1 has an invalid length. [ 1023.396058][T20256] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5257'. [ 1023.668147][T20040] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1024.378471][T20040] veth0_vlan: entered promiscuous mode [ 1024.567183][T20040] veth1_vlan: entered promiscuous mode [ 1024.722646][T20040] veth0_macvtap: entered promiscuous mode [ 1024.766509][T20040] veth1_macvtap: entered promiscuous mode [ 1024.847882][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1024.873033][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.884162][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1024.896801][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.907361][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1024.918264][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.929506][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1024.938852][T20272] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5262'. [ 1024.940992][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.941024][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1024.941045][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.941066][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1024.941084][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.943364][T20040] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1025.105720][T20278] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5264'. [ 1025.194197][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1025.240479][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1025.250019][T20284] netlink: 'syz.1.5267': attribute type 1 has an invalid length. [ 1025.270682][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1025.270703][T20284] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5267'. [ 1025.295174][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1025.313168][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1025.323947][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1025.345601][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1025.373090][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1025.397605][T20040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1025.408461][T20040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1025.420561][T20040] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1029.065849][T20040] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.075556][T20040] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.084857][T20040] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.093780][T20040] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.228505][T11795] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1029.246503][T11795] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1029.275290][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1029.283516][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1031.570494][T20302] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 1031.900957][ T5137] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1031.927607][T20319] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5279'. [ 1032.115089][ T5137] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1032.151411][ T5137] usb 3-1: language id specifier not provided by device, defaulting to English [ 1032.179887][ T5137] usb 3-1: New USB device found, idVendor=056a, idProduct=0069, bcdDevice= 0.40 [ 1032.195607][ T5137] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1032.217118][ T5137] usb 3-1: Product: syz [ 1032.225627][ T5137] usb 3-1: Manufacturer: 꼳ฐḼ馊ᠪ횔ꑇ꛲⨀맾ߟな㡰홖⒙ᒅ煗ﵙ [ 1032.248813][ T5137] usb 3-1: SerialNumber: syz [ 1032.282876][ T5083] kernel write not supported for file /vcs (pid: 5083 comm: kworker/0:3) [ 1032.298066][ T5137] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 1032.512086][T18183] usb 3-1: USB disconnect, device number 49 [ 1032.640838][ T5137] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1032.766666][T20335] netlink: 'syz.0.5285': attribute type 1 has an invalid length. [ 1032.775469][T20335] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5285'. [ 1032.856005][ T5137] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1032.902955][ T5137] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1032.923072][ T5137] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1032.936102][ T5137] usb 4-1: Product: syz [ 1032.940399][ T5137] usb 4-1: Manufacturer: syz [ 1032.945385][ T5137] usb 4-1: SerialNumber: syz [ 1032.965610][T20339] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1033.053265][T20341] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 1034.021750][ T5137] cdc_ncm 4-1:1.0: failed to get mac address [ 1034.232849][ T5137] cdc_ncm 4-1:1.0: bind() failure [ 1034.242445][ T5137] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 1034.251398][ T5137] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 1034.264303][ T5137] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 1034.279778][ T5137] usb 4-1: USB disconnect, device number 29 [ 1035.348471][T20363] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5298'. [ 1035.414970][ T5097] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1035.441938][T20365] xt_addrtype: ipv6 does not support BROADCAST matching [ 1037.593737][T20395] hfs: can't find a HFS filesystem on dev nullb0 [ 1038.420963][T20404] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5316'. [ 1041.913035][T20464] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5340'. [ 1043.245685][T20506] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1046.827585][T20547] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1046.883979][T20545] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5369'. [ 1048.936745][T20572] CIFS mount error: No usable UNC path provided in device string! [ 1048.936745][T20572] [ 1048.986771][T20572] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1049.142316][T20580] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1049.552353][T20587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5389'. [ 1050.175565][T20587] vlan0: entered allmulticast mode [ 1050.570749][T20609] CIFS mount error: No usable UNC path provided in device string! [ 1050.570749][T20609] [ 1050.599554][T20609] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1051.314379][T20622] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1052.416213][ T29] audit: type=1326 audit(1719829569.666:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20631 comm="syz.0.5405" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4bdfb75b99 code=0x0 [ 1052.614058][T20641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5408'. [ 1052.663209][T20641] vlan0: entered allmulticast mode [ 1053.193985][T20655] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5411'. [ 1053.209678][T20655] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1053.219400][T20655] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1053.512896][ T5083] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 1053.787349][ T5083] usb 2-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 1053.808449][ T5083] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1053.834581][ T5083] usb 2-1: Product: syz [ 1053.838970][ T5083] usb 2-1: Manufacturer: syz [ 1053.853524][ T5083] usb 2-1: SerialNumber: syz [ 1053.862569][ T5083] usb 2-1: config 0 descriptor?? [ 1053.873976][ T5083] usb 2-1: bad CDC descriptors [ 1053.887635][ T5083] pcwd_usb: The device isn't a Human Interface Device [ 1054.085806][ T5083] usb 2-1: USB disconnect, device number 38 [ 1055.083489][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.089923][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.959683][T20698] can: request_module (can-proto-4) failed. [ 1057.159432][ T5097] Bluetooth: hci2: command 0x0406 tx timeout [ 1060.055687][T20775] input: syz0 as /devices/virtual/input/input52 [ 1060.918646][T20784] dns_resolver: Unsupported content type (98) [ 1060.954001][T20784] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1061.415105][T20809] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1061.430762][T20800] block nbd0: Device being setup by another task [ 1061.450929][T20804] block nbd0: shutting down sockets [ 1061.779469][T20818] syz.0.5481 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1062.066964][T20823] input: syz0 as /devices/virtual/input/input53 [ 1062.942610][T20832] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5484'. [ 1063.125241][T20837] bridge0: entered promiscuous mode [ 1063.144065][T20839] netlink: 'syz.0.5488': attribute type 5 has an invalid length. [ 1063.152889][T20837] bridge0: left promiscuous mode [ 1063.753664][T20853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5492'. [ 1063.767792][T20853] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1063.777627][T20853] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1065.725960][T20877] bridge0: entered promiscuous mode [ 1065.748859][T20877] bridge0: left promiscuous mode [ 1066.707887][T20902] dns_resolver: Unsupported content type (98) [ 1066.761025][T20902] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1067.241670][T20926] random: crng reseeded on system resumption [ 1067.373130][ T5083] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 1067.433954][T20940] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5526'. [ 1067.570760][ T5083] usb 2-1: Using ep0 maxpacket: 8 [ 1067.579067][ T5083] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1067.595701][ T5083] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1067.605977][ T5083] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 1067.615576][ T5083] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1067.629922][ T5083] usb 2-1: config 0 descriptor?? [ 1068.077087][ T5083] kone 0003:1E7D:2CED.001C: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.1-1/input0 [ 1068.316801][ T5083] usb 2-1: USB disconnect, device number 39 [ 1068.821903][T20970] loop0: detected capacity change from 0 to 7 [ 1068.865410][T20970] Dev loop0: unable to read RDB block 7 [ 1068.890812][T20970] loop0: unable to read partition table [ 1068.909040][T20970] loop0: partition table beyond EOD, truncated [ 1068.920873][T20970] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 1068.920873][T20970] ) failed (rc=-5) [ 1069.160449][T20979] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5542'. [ 1069.301557][T20986] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5545'. [ 1069.339394][T20986] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5545'. [ 1069.356645][T20986] netlink: 'syz.3.5545': attribute type 6 has an invalid length. [ 1069.368134][T20986] netlink: 'syz.3.5545': attribute type 5 has an invalid length. [ 1069.387697][T20986] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5545'. [ 1069.800265][T21007] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5555'. [ 1069.960060][T21017] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5560'. [ 1069.982007][T21017] netlink: 43 bytes leftover after parsing attributes in process `syz.2.5560'. [ 1069.991841][T21017] netlink: 'syz.2.5560': attribute type 6 has an invalid length. [ 1070.001395][T21017] netlink: 'syz.2.5560': attribute type 5 has an invalid length. [ 1070.009228][T21017] netlink: 43 bytes leftover after parsing attributes in process `syz.2.5560'. [ 1070.029739][T21019] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5561'. [ 1070.051039][T21019] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5561'. [ 1070.662017][T21045] netlink: 'syz.3.5573': attribute type 6 has an invalid length. [ 1070.670066][T21045] netlink: 'syz.3.5573': attribute type 5 has an invalid length. [ 1071.422858][T21073] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1071.433223][T21073] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1072.264531][T21076] netlink: 'syz.1.5585': attribute type 6 has an invalid length. [ 1072.280365][T21076] netlink: 'syz.1.5585': attribute type 5 has an invalid length. [ 1073.759737][T21115] netlink: 'syz.0.5600': attribute type 6 has an invalid length. [ 1073.802093][T21115] netlink: 'syz.0.5600': attribute type 5 has an invalid length. [ 1074.619438][ T5097] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1074.635780][ T5097] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1074.647091][ T5097] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1074.659481][ T5097] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1074.669600][ T5097] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1074.677564][ T5097] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1074.984063][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.188184][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.221205][T21138] [U]  [ 1075.410122][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.634545][ T5095] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1075.655356][ T5095] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1075.687096][ T5095] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1075.709238][ T5095] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1075.725150][ T5095] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1075.734906][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.745882][ T5095] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1076.172605][T21142] chnl_net:caif_netlink_parms(): no params data found [ 1076.204011][ T11] bridge_slave_1: left allmulticast mode [ 1076.210313][ T11] bridge_slave_1: left promiscuous mode [ 1076.218692][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1076.238847][ T11] bridge_slave_0: left allmulticast mode [ 1076.256432][ T11] bridge_slave_0: left promiscuous mode [ 1076.266133][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1076.466748][T21186] input: syz0 as /devices/virtual/input/input54 [ 1076.773393][ T5097] Bluetooth: hci0: command tx timeout [ 1077.759693][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1077.773541][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1077.787899][ T11] bond0 (unregistering): Released all slaves [ 1077.794459][ T5097] Bluetooth: hci1: command tx timeout [ 1078.131022][T21142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1078.138254][T21142] bridge0: port 1(bridge_slave_0) entered disabled state [ 1078.171275][T21142] bridge_slave_0: entered allmulticast mode [ 1078.189291][T21142] bridge_slave_0: entered promiscuous mode [ 1078.213395][T21142] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.230747][T21142] bridge0: port 2(bridge_slave_1) entered disabled state [ 1078.238130][T21142] bridge_slave_1: entered allmulticast mode [ 1078.255918][T21142] bridge_slave_1: entered promiscuous mode [ 1078.266915][T21206] __nla_validate_parse: 11 callbacks suppressed [ 1078.266940][T21206] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5636'. [ 1078.348379][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5638'. [ 1078.375076][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5638'. [ 1078.714897][T21142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1078.840879][ T5097] Bluetooth: hci0: command tx timeout [ 1079.039090][ T11] hsr_slave_0: left promiscuous mode [ 1079.202472][ T11] hsr_slave_1: left promiscuous mode [ 1079.511094][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1079.550853][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1079.585524][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1079.617565][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1079.728319][ T11] veth1_macvtap: left promiscuous mode [ 1079.735500][ T11] veth0_macvtap: left promiscuous mode [ 1079.742333][ T11] veth1_vlan: left promiscuous mode [ 1079.748030][ T11] veth0_vlan: left promiscuous mode [ 1079.871469][ T5097] Bluetooth: hci1: command tx timeout [ 1080.803806][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1080.905847][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1080.921007][ T5097] Bluetooth: hci0: command tx timeout [ 1081.036713][T21239] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5647'. [ 1081.050125][T21239] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5647'. [ 1081.894099][T21142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1081.951185][ T5097] Bluetooth: hci1: command tx timeout [ 1082.043933][ C1] sd 0:0:1:0: [sda] tag#536 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1082.054641][ C1] sd 0:0:1:0: [sda] tag#536 CDB: Write(6) 0a 00 00 00 00 00 00 00 00 00 00 00 [ 1082.090479][T21163] chnl_net:caif_netlink_parms(): no params data found [ 1082.128111][T21142] team0: Port device team_slave_0 added [ 1082.177799][T21142] team0: Port device team_slave_1 added [ 1082.223946][T21249] netfs: Couldn't get user pages (rc=-14) [ 1082.381787][T21142] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1082.407294][T21142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1082.443851][T21142] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1082.481551][T21142] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1082.548591][T21142] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1082.612749][T21258] Cannot find add_set index 0 as target [ 1082.653495][T21142] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1082.751299][ T5097] Bluetooth: hci5: command 0x0406 tx timeout [ 1082.991669][ T5097] Bluetooth: hci0: command tx timeout [ 1083.397639][T21258] usb usb8: usbfs: process 21258 (syz.0.5653) did not claim interface 0 before use [ 1083.520526][ T29] audit: type=1326 audit(1719829600.736:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21254 comm="syz.0.5653" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4bdfb75b99 code=0x0 [ 1083.645979][T21163] bridge0: port 1(bridge_slave_0) entered blocking state [ 1083.667051][T21163] bridge0: port 1(bridge_slave_0) entered disabled state [ 1083.677002][T21163] bridge_slave_0: entered allmulticast mode [ 1083.695519][T21163] bridge_slave_0: entered promiscuous mode [ 1083.707316][T21271] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5656'. [ 1083.740817][T21271] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5656'. [ 1083.766295][T21142] hsr_slave_0: entered promiscuous mode [ 1083.815182][T21142] hsr_slave_1: entered promiscuous mode [ 1083.830764][T21142] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1083.846620][T21142] Cannot create hsr debugfs directory [ 1083.878209][T21163] bridge0: port 2(bridge_slave_1) entered blocking state [ 1083.885636][T21163] bridge0: port 2(bridge_slave_1) entered disabled state [ 1083.893957][ C1] sd 0:0:1:0: [sda] tag#561 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1083.904403][ C1] sd 0:0:1:0: [sda] tag#561 CDB: Write(6) 0a 00 00 00 00 00 00 00 00 00 00 00 [ 1083.931242][T21163] bridge_slave_1: entered allmulticast mode [ 1083.942582][T21163] bridge_slave_1: entered promiscuous mode [ 1084.031639][ T5095] Bluetooth: hci1: command tx timeout [ 1084.064652][T21163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1084.085120][T21163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1084.275941][T21163] team0: Port device team_slave_0 added [ 1084.318657][T21163] team0: Port device team_slave_1 added [ 1084.451445][T21163] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1084.470445][T21163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1084.515988][T21163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1084.603349][T21163] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1084.611787][T21163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1084.646910][T21163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1084.789622][T21291] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5668'. [ 1084.825430][T21291] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5668'. [ 1084.948412][T21142] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.090020][T21163] hsr_slave_0: entered promiscuous mode [ 1085.101227][ C1] sd 0:0:1:0: [sda] tag#562 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1085.105469][T21163] hsr_slave_1: entered promiscuous mode [ 1085.111641][ C1] sd 0:0:1:0: [sda] tag#562 CDB: Write(6) 0a 00 00 00 00 00 00 00 00 00 00 00 [ 1085.136508][T21163] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1085.160852][T21163] Cannot create hsr debugfs directory [ 1085.251055][T21142] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.473455][T21142] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.500992][T21299] block nbd0: shutting down sockets [ 1085.652815][T21142] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.768668][ T29] audit: type=1326 audit(1719829603.016:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21306 comm="syz.0.5674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdfb75b99 code=0x7ffc0000 [ 1085.798146][ T29] audit: type=1326 audit(1719829603.016:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21306 comm="syz.0.5674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdfb75b99 code=0x7ffc0000 [ 1085.839827][ T29] audit: type=1326 audit(1719829603.026:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21306 comm="syz.0.5674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f4bdfb75b99 code=0x7ffc0000 [ 1086.623460][T21142] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1086.659151][T21142] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1086.703199][T21142] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1086.734158][T21142] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1086.973245][T21163] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1087.002477][T21163] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1087.042787][T21163] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1087.086369][T21163] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1087.336336][T21142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1087.428037][T21142] 8021q: adding VLAN 0 to HW filter on device team0 [ 1087.505360][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 1087.512757][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1087.535697][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 1087.542975][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1087.580861][ T29] audit: type=1326 audit(1719829604.826:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21335 comm="syz.1.5687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40d175b99 code=0x7ffc0000 [ 1087.637560][T21163] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1087.659968][ T29] audit: type=1326 audit(1719829604.826:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21335 comm="syz.1.5687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40d175b99 code=0x7ffc0000 [ 1087.742638][ T29] audit: type=1326 audit(1719829604.886:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21335 comm="syz.1.5687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fe40d175b99 code=0x7ffc0000 [ 1087.750043][T21163] 8021q: adding VLAN 0 to HW filter on device team0 [ 1087.835073][ T5092] bridge0: port 1(bridge_slave_0) entered blocking state [ 1087.842336][ T5092] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1087.908231][ T5092] bridge0: port 2(bridge_slave_1) entered blocking state [ 1087.915605][ T5092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1088.182309][T21346] netfs: Couldn't get user pages (rc=-14) [ 1088.336726][T21142] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1088.533669][T21163] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1088.737962][T21163] veth0_vlan: entered promiscuous mode [ 1088.788543][T21163] veth1_vlan: entered promiscuous mode [ 1088.915627][T21163] veth0_macvtap: entered promiscuous mode [ 1088.951712][T21163] veth1_macvtap: entered promiscuous mode [ 1089.024453][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1089.054927][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.080676][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1089.100635][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.110529][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1089.140682][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.164581][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1089.175156][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.185087][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1089.195842][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.206154][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1089.216799][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.229379][T21163] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1089.269232][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1089.294484][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.312173][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1089.333624][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.351923][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1089.362787][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.372863][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1089.383953][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.395133][T21163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1089.408117][T21163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.422356][T21163] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1089.446874][T21163] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1089.467287][T21163] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1089.476439][T21163] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1089.495375][T21163] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1089.655494][T21142] veth0_vlan: entered promiscuous mode [ 1089.697189][T21142] veth1_vlan: entered promiscuous mode [ 1089.809677][T11795] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1089.833738][T11795] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1089.925958][ T5373] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1089.928318][T21142] veth0_macvtap: entered promiscuous mode [ 1089.934959][ T5373] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1090.000984][T21142] veth1_macvtap: entered promiscuous mode [ 1090.059501][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.100921][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.120646][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.149401][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.163057][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.180723][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.203231][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.221392][ T29] audit: type=1326 audit(1719829607.466:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21378 comm="syz.1.5700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40d175b99 code=0x7ffc0000 [ 1090.251626][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.272485][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.285017][ T29] audit: type=1326 audit(1719829607.466:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21378 comm="syz.1.5700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40d175b99 code=0x7ffc0000 [ 1090.298307][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.331565][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.331925][ T29] audit: type=1326 audit(1719829607.486:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21378 comm="syz.1.5700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fe40d175b99 code=0x7ffc0000 [ 1090.343809][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.386698][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.409061][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.454506][T21142] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1090.527565][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.556913][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.577677][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.600620][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.610510][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.650853][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.667246][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.706487][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.739067][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.762972][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.785241][T21142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.810650][T21142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.833439][T21142] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1090.867931][T21142] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1090.899573][T21142] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1090.908430][T21142] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1090.940722][T21142] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1091.220973][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1091.229034][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1091.289100][ T2481] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1091.315107][ T2481] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1091.446308][T21396] netlink: 'syz.4.5602': attribute type 1 has an invalid length. [ 1091.673358][T21404] sch_fq: defrate 4294967292 ignored. [ 1091.697773][ T29] audit: type=1326 audit(1719829608.946:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21405 comm="syz.4.5712" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb63d75b99 code=0x0 [ 1092.130024][T21419] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5716'. [ 1092.589195][T21428] binder: 21424:21428 ioctl c0306201 0 returned -14 [ 1093.314585][T21450] netlink: 'syz.1.5730': attribute type 5 has an invalid length. [ 1093.670862][T21464] sctp: [Deprecated]: syz.1.5736 (pid 21464) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1093.670862][T21464] Use struct sctp_sack_info instead [ 1094.688035][T21490] sctp: [Deprecated]: syz.1.5750 (pid 21490) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1094.688035][T21490] Use struct sctp_sack_info instead [ 1094.994126][ T5097] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1095.008289][ T5097] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1095.028700][ T5097] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1095.041714][ T5097] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1095.049727][ T5097] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1095.061158][ T5097] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1095.193049][T21505] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5754'. [ 1095.632705][T21498] chnl_net:caif_netlink_parms(): no params data found [ 1095.718685][T21522] sctp: [Deprecated]: syz.0.5762 (pid 21522) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1095.718685][T21522] Use struct sctp_sack_info instead [ 1095.888984][T21498] bridge0: port 1(bridge_slave_0) entered blocking state [ 1095.896462][T21498] bridge0: port 1(bridge_slave_0) entered disabled state [ 1095.906713][T21498] bridge_slave_0: entered allmulticast mode [ 1095.914695][T21498] bridge_slave_0: entered promiscuous mode [ 1095.932920][T21498] bridge0: port 2(bridge_slave_1) entered blocking state [ 1095.949429][T21498] bridge0: port 2(bridge_slave_1) entered disabled state [ 1095.967196][T21498] bridge_slave_1: entered allmulticast mode [ 1095.974932][T21498] bridge_slave_1: entered promiscuous mode [ 1096.115278][T21498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1096.151488][T21498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1096.326733][T21498] team0: Port device team_slave_0 added [ 1096.344350][T21498] team0: Port device team_slave_1 added [ 1096.473667][T21498] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1096.482514][T21498] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1096.508480][ C1] vkms_vblank_simulate: vblank timer overrun [ 1096.534174][T21498] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1096.611646][T21498] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1096.618678][T21498] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1096.644604][ C1] vkms_vblank_simulate: vblank timer overrun [ 1096.670517][T21550] sctp: [Deprecated]: syz.1.5772 (pid 21550) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1096.670517][T21550] Use struct sctp_sack_info instead [ 1096.710657][T21498] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1096.917623][T21498] hsr_slave_0: entered promiscuous mode [ 1096.951137][T21498] hsr_slave_1: entered promiscuous mode [ 1096.970674][T21498] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1096.978354][T21498] Cannot create hsr debugfs directory [ 1097.154127][ T5097] Bluetooth: hci2: command tx timeout [ 1097.530343][T21498] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.684152][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1097.807005][T21498] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.983419][T21498] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1098.110899][ T5097] Bluetooth: hci4: command 0x0405 tx timeout [ 1098.173887][T21498] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1098.534748][T21498] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1098.555589][T21498] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1098.608459][T21498] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1098.636335][T21498] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1098.943710][T21498] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1099.002199][T21498] 8021q: adding VLAN 0 to HW filter on device team0 [ 1099.030540][ T5211] bridge0: port 1(bridge_slave_0) entered blocking state [ 1099.037770][ T5211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1099.109271][ T5211] bridge0: port 2(bridge_slave_1) entered blocking state [ 1099.116576][ T5211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1099.232519][ T5095] Bluetooth: hci2: command tx timeout [ 1099.242002][T21599] netlink: 'syz.3.5791': attribute type 26 has an invalid length. [ 1099.264707][T21498] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1099.434961][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1099.531525][T21609] program syz.1.5794 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1099.639803][ T29] audit: type=1800 audit(1719829616.886:543): pid=21615 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.5796" name="file1" dev="sda1" ino=2131 res=0 errno=0 [ 1099.676582][T21498] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1099.705674][ T29] audit: type=1800 audit(1719829616.916:544): pid=21615 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.5796" name="file1" dev="sda1" ino=2131 res=0 errno=0 [ 1099.747464][ T29] audit: type=1800 audit(1719829616.916:545): pid=21615 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.5796" name="file2" dev="sda1" ino=2130 res=0 errno=0 [ 1099.780186][ T29] audit: type=1800 audit(1719829616.916:546): pid=21615 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.5796" name="file2" dev="sda1" ino=2130 res=0 errno=0 [ 1099.847961][T21498] veth0_vlan: entered promiscuous mode [ 1099.864373][T21498] veth1_vlan: entered promiscuous mode [ 1099.959371][T21498] veth0_macvtap: entered promiscuous mode [ 1099.993731][T21498] veth1_macvtap: entered promiscuous mode [ 1100.021173][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.036492][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.060922][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.081954][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.104670][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.127606][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.138085][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.169433][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.200064][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.220657][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.251769][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.280700][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.301268][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.317570][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.368887][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.400120][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.424433][T21498] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1100.454393][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.466911][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.484743][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.495454][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.505644][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.525600][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.535931][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.546567][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.557111][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.568022][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.578347][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.589498][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.601809][T21498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.627029][T21498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.650409][T21498] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1100.873931][T21498] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.883839][T21641] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1100.892372][T21498] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.915797][T21498] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.930930][T21498] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1101.015091][T21643] program syz.3.5806 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1101.312433][ T5095] Bluetooth: hci2: command tx timeout [ 1103.394271][ T5095] Bluetooth: hci2: command tx timeout [ 1103.475457][T21672] program syz.0.5817 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1103.758427][ T29] audit: type=1800 audit(1719829621.006:547): pid=21680 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.5821" name="file1" dev="sda1" ino=2130 res=0 errno=0 [ 1103.779953][ T29] audit: type=1800 audit(1719829621.026:548): pid=21680 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.5821" name="file1" dev="sda1" ino=2130 res=0 errno=0 [ 1103.817703][ T29] audit: type=1800 audit(1719829621.056:549): pid=21680 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.5821" name="file2" dev="sda1" ino=2137 res=0 errno=0 [ 1103.842110][ T29] audit: type=1800 audit(1719829621.056:550): pid=21680 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.5821" name="file2" dev="sda1" ino=2137 res=0 errno=0 [ 1104.470485][T21687] kvm: kvm [21686]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x80 [ 1108.004679][T21723] netlink: 'syz.3.5837': attribute type 7 has an invalid length. [ 1108.025132][T21723] netlink: 'syz.3.5837': attribute type 1 has an invalid length. [ 1108.046704][T21723] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.5837'. [ 1108.130503][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1108.159554][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1108.211703][ T2449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1108.257091][ T2449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1110.664713][T21762] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5853'. [ 1112.616325][T21788] ptrace attach of "./syz-executor exec"[19151] was attempted by "./syz-executor exec"[21788] [ 1112.634450][T21788] ptrace attach of "./syz-executor exec"[19151] was attempted by "./syz-executor exec"[21788] [ 1113.292206][ T29] audit: type=1804 audit(1719829630.536:551): pid=21792 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.5865" name="/root/syzkaller.n0EuVP/44/cgroup.controllers" dev="sda1" ino=2142 res=1 errno=0 [ 1113.389234][ T5097] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1113.433840][ T5097] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1113.446104][ T5097] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1113.458710][ T5097] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1113.467921][ T5097] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1113.477703][ T5097] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1113.963101][T21794] chnl_net:caif_netlink_parms(): no params data found [ 1114.229852][T21828] ptrace attach of "./syz-executor exec"[21142] was attempted by "./syz-executor exec"[21828] [ 1114.248198][T21828] ptrace attach of "./syz-executor exec"[21142] was attempted by "./syz-executor exec"[21828] [ 1114.515817][T21794] bridge0: port 1(bridge_slave_0) entered blocking state [ 1114.618143][T21794] bridge0: port 1(bridge_slave_0) entered disabled state [ 1114.726132][T21794] bridge_slave_0: entered allmulticast mode [ 1115.106047][T21794] bridge_slave_0: entered promiscuous mode [ 1115.153319][T21794] bridge0: port 2(bridge_slave_1) entered blocking state [ 1115.174116][T21794] bridge0: port 2(bridge_slave_1) entered disabled state [ 1115.211117][T21794] bridge_slave_1: entered allmulticast mode [ 1115.241173][T21794] bridge_slave_1: entered promiscuous mode [ 1115.341390][ T29] audit: type=1804 audit(1719829632.586:552): pid=21838 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.5882" name="/root/syzkaller.X3HlLr/35/cgroup.controllers" dev="sda1" ino=2138 res=1 errno=0 [ 1115.412816][T21794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1115.455863][T21794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1115.551212][ T5097] Bluetooth: hci4: command tx timeout [ 1115.638955][T21794] team0: Port device team_slave_0 added [ 1115.663970][T21845] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5885'. [ 1115.677091][T21794] team0: Port device team_slave_1 added [ 1115.790224][T21794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1115.799117][T21794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1115.825748][T21794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1115.839489][T21794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1115.854885][T21794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1115.919118][T21794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1116.015918][T21794] hsr_slave_0: entered promiscuous mode [ 1116.026087][T21794] hsr_slave_1: entered promiscuous mode [ 1116.035962][T21794] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1116.046030][T21794] Cannot create hsr debugfs directory [ 1116.436939][T21794] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.534217][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.545158][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.738518][T21794] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.971278][T21794] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1117.159842][T21794] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1117.585509][T21794] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1117.617607][T21794] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1117.630766][ T5097] Bluetooth: hci4: command tx timeout [ 1117.636749][T21794] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1117.649799][T21794] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1117.941125][T21794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1118.005396][T21794] 8021q: adding VLAN 0 to HW filter on device team0 [ 1118.043923][ T784] bridge0: port 1(bridge_slave_0) entered blocking state [ 1118.051921][ T784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1118.097219][ T784] bridge0: port 2(bridge_slave_1) entered blocking state [ 1118.104624][ T784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1118.424770][T21794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1118.504124][T21794] veth0_vlan: entered promiscuous mode [ 1118.523926][T21794] veth1_vlan: entered promiscuous mode [ 1118.577555][T21794] veth0_macvtap: entered promiscuous mode [ 1118.590324][T21794] veth1_macvtap: entered promiscuous mode [ 1118.614811][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.626113][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.642003][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.660619][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.682928][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.694518][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.704936][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.716410][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.726409][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.737094][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.750835][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.767271][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.781960][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.798197][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.820791][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.831465][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.846806][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.857992][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.875509][T21794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1118.887837][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1118.905143][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.920937][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1118.932611][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.946581][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1118.957493][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.967574][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1118.978299][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.990380][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.022365][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.035734][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.048287][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.058336][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.068955][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.081884][T21794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.094686][T21794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.107021][T21794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1119.191627][T21794] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.206873][T21794] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.215944][T21794] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.224777][T21794] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.453868][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1119.483190][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1119.527773][ T2449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1119.540805][ T2449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1119.713310][ T5097] Bluetooth: hci4: command tx timeout [ 1119.914100][ T29] audit: type=1804 audit(1719829637.166:553): pid=21945 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.5923" name="/root/syzkaller.n0EuVP/64/cgroup.controllers" dev="sda1" ino=2145 res=1 errno=0 [ 1120.075229][T21952] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5926'. [ 1120.141769][T21952] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5926'. [ 1120.881027][T21978] Non-string source [ 1121.697179][T21978] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1121.711265][T21978] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 1121.790803][ T5097] Bluetooth: hci4: command tx timeout [ 1121.997674][T21978] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1122.012886][T21978] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 1122.078542][T21978] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1122.105509][T21978] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1123.067288][T21978] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1123.097150][T21978] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1123.338364][T21978] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1123.360703][T21978] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1123.424388][T22024] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5952'. [ 1123.546835][ T5083] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1123.731997][ T29] audit: type=1804 audit(1719829640.976:554): pid=22031 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.5957" name="/root/syzkaller.n0EuVP/67/cgroup.controllers" dev="sda1" ino=2122 res=1 errno=0 [ 1123.770778][ T5083] usb 2-1: Using ep0 maxpacket: 8 [ 1123.778224][ T5083] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1123.805032][ T5083] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 1123.847386][ T5083] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1123.914923][ T5083] usb 2-1: New USB device found, idVendor=0471, idProduct=0311, bcdDevice=81.d5 [ 1123.937386][ T5083] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1123.970299][ T5083] usb 2-1: Product: syz [ 1123.987330][ T5083] usb 2-1: Manufacturer: syz [ 1124.010687][ T5083] usb 2-1: SerialNumber: syz [ 1124.032243][ T5083] usb 2-1: config 0 descriptor?? [ 1124.069894][ T5083] pwc: Philips PCVC740K (ToUCam Pro)/PCVC840 (ToUCam II) USB webcam detected. [ 1124.593768][ T5095] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1124.614840][ T5095] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1124.628274][ T5095] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1124.656719][ T5095] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1124.668071][ T5095] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1124.676286][ T5095] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1124.713280][ T5097] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1124.723299][ T5097] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1124.732959][ T5097] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1124.742575][ T5097] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1124.755750][ T5097] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1124.763666][ T5097] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1124.778819][ T2449] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1124.877766][T22051] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.5949'. [ 1124.908471][T22014] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.5949'. [ 1125.096832][ T5083] pwc: Failed to set LED on/off time (-71) [ 1125.106225][ T5083] pwc: send_video_command error -71 [ 1125.120692][ T5083] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 1125.132341][ T2449] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1125.138698][ T5083] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 1125.179603][ T5083] usb 2-1: USB disconnect, device number 40 [ 1125.265108][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1125.301407][T22070] 9pnet_fd: p9_fd_create_tcp (22070): problem connecting socket to 127.0.0.1 [ 1125.335685][ T2449] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1125.457822][ T2449] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1125.758253][T22054] chnl_net:caif_netlink_parms(): no params data found [ 1125.797759][ T2449] bridge_slave_1: left allmulticast mode [ 1125.816200][ T2449] bridge_slave_1: left promiscuous mode [ 1125.828361][ T2449] bridge0: port 2(bridge_slave_1) entered disabled state [ 1125.856278][ T2449] bridge_slave_0: left allmulticast mode [ 1125.875329][ T2449] bridge_slave_0: left promiscuous mode [ 1125.890310][ T2449] bridge0: port 1(bridge_slave_0) entered disabled state [ 1126.064285][T22070] 9pnet_fd: p9_fd_create_tcp (22070): problem connecting socket to 127.0.0.1 [ 1126.560002][T22112] netlink: 'syz.3.5984': attribute type 11 has an invalid length. [ 1127.157822][ T5097] Bluetooth: hci2: command tx timeout [ 1128.853475][ T2449] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1128.902684][ T2449] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1128.943163][ T2449] bond0 (unregistering): Released all slaves [ 1129.241254][ T5097] Bluetooth: hci2: command tx timeout [ 1129.707866][ T2449] hsr_slave_0: left promiscuous mode [ 1129.732345][ T2449] hsr_slave_1: left promiscuous mode [ 1129.774191][ T2449] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1129.791467][ T2449] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1129.836314][ T2449] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1129.844923][T22150] No such timeout policy "syz1" [ 1129.865539][ T2449] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1129.961401][ T2449] veth1_macvtap: left promiscuous mode [ 1129.967334][ T2449] veth0_macvtap: left promiscuous mode [ 1129.973505][ T2449] veth1_vlan: left promiscuous mode [ 1129.979038][ T2449] veth0_vlan: left promiscuous mode [ 1130.330785][ T5137] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1130.533215][ T5137] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 15399, setting to 1024 [ 1130.570679][ T5137] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1130.581842][ T5137] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1130.596523][ T5137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1130.607926][ T5137] usb 2-1: config 0 descriptor?? [ 1130.637270][T22157] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1131.311120][ T5097] Bluetooth: hci2: command tx timeout [ 1132.105037][ T2449] team0 (unregistering): Port device team_slave_1 removed [ 1132.313549][ T2449] team0 (unregistering): Port device team_slave_0 removed [ 1133.406353][ T5097] Bluetooth: hci2: command tx timeout [ 1134.354501][T22054] bridge0: port 1(bridge_slave_0) entered blocking state [ 1134.370763][T22054] bridge0: port 1(bridge_slave_0) entered disabled state [ 1134.382239][T22054] bridge_slave_0: entered allmulticast mode [ 1134.429587][T22054] bridge_slave_0: entered promiscuous mode [ 1134.463530][T22054] bridge0: port 2(bridge_slave_1) entered blocking state [ 1134.480744][T22054] bridge0: port 2(bridge_slave_1) entered disabled state [ 1134.491244][T22054] bridge_slave_1: entered allmulticast mode [ 1134.517790][T22054] bridge_slave_1: entered promiscuous mode [ 1134.737348][T22054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1134.859868][T22054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1135.192771][T22054] team0: Port device team_slave_0 added [ 1135.259120][T22054] team0: Port device team_slave_1 added [ 1135.435122][T22054] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1135.483621][T22054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1135.570861][T22054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1135.662012][T22054] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1135.669054][T22054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1135.781008][T22054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1136.130975][ T5083] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1136.151715][T22054] hsr_slave_0: entered promiscuous mode [ 1136.192868][T22054] hsr_slave_1: entered promiscuous mode [ 1136.227735][T22054] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1136.250661][T22054] Cannot create hsr debugfs directory [ 1136.333186][ T5083] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1136.361876][ T5083] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1136.419908][ T5083] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1136.429469][T22205] Non-string source [ 1136.470848][ T5083] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1136.497204][T22209] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6022'. [ 1136.531340][ T5083] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1136.550681][ T5083] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1136.559037][ T5083] usb 4-1: Manufacturer: syz [ 1136.604491][ T5083] usb 4-1: config 0 descriptor?? [ 1137.024656][ T5083] appleir 0003:05AC:8243.001D: No inputs registered, leaving [ 1137.082245][ T5083] appleir 0003:05AC:8243.001D: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 1137.210126][T22205] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1137.230453][T22205] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1137.318535][ T5083] usb 4-1: USB disconnect, device number 30 [ 1137.634451][T22054] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1137.657967][T22054] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1137.706982][T22054] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1137.758139][T22054] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1138.162591][T22054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1138.779978][T22054] 8021q: adding VLAN 0 to HW filter on device team0 [ 1138.813891][ T5211] bridge0: port 1(bridge_slave_0) entered blocking state [ 1138.821279][ T5211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1138.909645][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state [ 1138.916979][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1138.962447][ T29] audit: type=1326 audit(1719829656.216:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22225 comm="syz.3.6029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd09575b99 code=0x7fc00000 [ 1139.030236][ T29] audit: type=1326 audit(1719829656.246:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22225 comm="syz.3.6029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7efd09575b99 code=0x7fc00000 [ 1139.127081][T22054] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1139.180805][ T29] audit: type=1326 audit(1719829656.426:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22225 comm="syz.3.6029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd09575b99 code=0x7fc00000 [ 1139.373958][T22243] netlink: 72 bytes leftover after parsing attributes in process `syz.4.6033'. [ 1139.525402][T22246] [U] [ 1139.739180][T22255] input: syz1 as /devices/virtual/input/input56 [ 1139.813751][T22054] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1140.078307][T22054] veth0_vlan: entered promiscuous mode [ 1140.157956][T22054] veth1_vlan: entered promiscuous mode [ 1140.322792][T22054] veth0_macvtap: entered promiscuous mode [ 1140.328716][T22272] nbd3: detected capacity change from 0 to 12 [ 1140.355556][T22274] block nbd3: Send control failed (result -107) [ 1140.375489][T22054] veth1_macvtap: entered promiscuous mode [ 1140.392392][ T29] audit: type=1800 audit(1719829657.646:558): pid=22275 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.6047" name="bus" dev="sda1" ino=2128 res=0 errno=0 [ 1140.394685][T22274] block nbd3: Request send failed, requeueing [ 1140.434712][ T10] block nbd3: Dead connection, failed to find a fallback [ 1140.443826][ T10] block nbd3: shutting down sockets [ 1140.452551][ T10] blk_print_req_error: 5 callbacks suppressed [ 1140.452570][ T10] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.467977][ T10] buffer_io_error: 5 callbacks suppressed [ 1140.467991][ T10] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1140.560951][T22274] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.570288][T22274] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1140.578828][T22274] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.593023][T22274] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1140.601371][T22274] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.614840][T22274] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1140.647927][T22274] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.657608][T22274] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1140.670348][T22274] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.695785][T22274] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1140.720485][T22274] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.737902][T22274] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1140.746674][T22274] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.762950][T22274] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1140.781018][T22274] ldm_validate_partition_table(): Disk read failed. [ 1140.812013][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1140.856376][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1140.861006][T22274] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.893719][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1140.922585][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1140.943140][T22274] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1140.962799][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1140.976156][T22274] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1140.996304][T22274] Buffer I/O error on dev nbd3, logical block 0, async page read [ 1141.005353][T22274] Dev nbd3: unable to read RDB block 0 [ 1141.011766][T22274] nbd3: unable to read partition table [ 1141.021001][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1141.037605][T22274] nbd3: partition table beyond EOD, truncated [ 1141.050781][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1141.083074][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1141.121627][T22282] [U] [ 1142.157374][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1142.227116][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.276803][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1142.330725][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.350343][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1142.370626][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.390649][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1142.417821][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.430720][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1142.454549][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.477605][T22054] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1142.540404][T22286] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6051'. [ 1142.682620][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1142.694286][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.704619][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1142.715169][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.725230][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1142.735885][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.750865][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1142.770652][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.803624][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1142.840608][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.850508][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1142.878011][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.900743][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1142.940623][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.950520][T22054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1142.990813][T22054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1143.019141][T22054] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1143.044963][T22054] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1143.064754][T22054] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1143.080789][T22054] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1143.090198][T22054] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1143.196546][T22310] [U] [ 1143.465144][ T5373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1143.496010][ T5373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1143.601968][ T5373] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1143.634217][ T5373] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1143.814164][T22325] netlink: 'syz.4.6068': attribute type 15 has an invalid length. [ 1145.585689][T22368] netlink: 'syz.1.6081': attribute type 37 has an invalid length. [ 1145.747637][T22372] netlink: 'syz.0.6083': attribute type 15 has an invalid length. [ 1145.829667][T22375] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1145.892750][T22368] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6081'. [ 1147.818070][ T5083] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1148.041104][ T5083] usb 4-1: Using ep0 maxpacket: 16 [ 1148.095190][ T5083] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1148.933906][ T5083] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1148.964142][ T5083] usb 4-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00 [ 1148.973300][ T5083] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1149.017610][ T5083] usb 4-1: config 0 descriptor?? [ 1149.112005][ T29] audit: type=1800 audit(1719829666.353:559): pid=22433 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.6101" name="bus" dev="sda1" ino=2149 res=0 errno=0 [ 1149.220772][ T5139] usb 3-1: new full-speed USB device number 50 using dummy_hcd [ 1149.446907][ T5139] usb 3-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=56.a0 [ 1149.477342][ T5083] lenovo 0003:17EF:6009.001E: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.3-1/input0 [ 1149.481377][ T5139] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1149.515688][ T29] audit: type=1326 audit(1719829666.758:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22438 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562c775b99 code=0x7ffc0000 [ 1149.571792][ T5139] usb 3-1: Product: syz [ 1149.582464][ T5139] usb 3-1: Manufacturer: syz [ 1149.602683][ T5139] usb 3-1: SerialNumber: syz [ 1149.609115][ T29] audit: type=1326 audit(1719829666.758:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22438 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562c775b99 code=0x7ffc0000 [ 1149.635458][ T5139] usb 3-1: config 0 descriptor?? [ 1149.680013][ T5139] ums_eneub6250 3-1:0.0: USB Mass Storage device detected [ 1149.712704][ T29] audit: type=1326 audit(1719829666.797:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22438 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f562c775b99 code=0x7ffc0000 [ 1149.753431][T22399] lenovo 0003:17EF:6009.001E: pid 22399 passed too short report [ 1149.872098][ T29] audit: type=1326 audit(1719829666.797:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22438 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562c775b99 code=0x7ffc0000 [ 1149.959324][ T5139] usb 3-1: USB disconnect, device number 50 [ 1149.990392][ T29] audit: type=1326 audit(1719829666.797:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22438 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562c775b99 code=0x7ffc0000 [ 1150.109887][ T58] usb 4-1: USB disconnect, device number 31 [ 1150.169248][ T29] audit: type=1326 audit(1719829666.807:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22438 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f562c775b99 code=0x7ffc0000 [ 1150.273644][ T29] audit: type=1326 audit(1719829666.807:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22438 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562c775b99 code=0x7ffc0000 [ 1150.378262][ T29] audit: type=1326 audit(1719829666.817:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22438 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7f562c775b99 code=0x7ffc0000 [ 1150.472536][ T29] audit: type=1326 audit(1719829666.817:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22438 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562c775b99 code=0x7ffc0000 [ 1153.401706][ T5083] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1153.651663][ T5083] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1153.703558][ T5083] usb 3-1: config 1 has no interface number 0 [ 1153.720199][ T5083] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1153.776263][ T5083] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 1153.819790][ T5083] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1153.856595][ T5083] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1153.908486][ T5083] usb 3-1: Product: syz [ 1153.912742][ T5083] usb 3-1: Manufacturer: syz [ 1153.917400][ T5083] usb 3-1: SerialNumber: syz [ 1154.266400][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 1154.266422][ T29] audit: type=1326 audit(1719829671.448:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1154.423922][ T29] audit: type=1326 audit(1719829671.448:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1154.513869][ T29] audit: type=1326 audit(1719829671.517:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1154.617125][ T29] audit: type=1326 audit(1719829671.527:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1154.708476][ T29] audit: type=1326 audit(1719829671.527:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1154.820290][ T29] audit: type=1326 audit(1719829671.556:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1154.892122][ T5083] cdc_ncm 3-1:1.1: bind() failure [ 1154.944121][ T29] audit: type=1326 audit(1719829671.566:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1155.030381][ T29] audit: type=1326 audit(1719829671.566:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1155.087721][ T29] audit: type=1326 audit(1719829671.576:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1155.107430][ T5083] usb 3-1: USB disconnect, device number 51 [ 1155.127751][ T29] audit: type=1326 audit(1719829671.576:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22533 comm="syz.4.6145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb63d75b99 code=0x7ffc0000 [ 1155.661622][T22564] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6158'. [ 1156.067298][T22582] PKCS7: Unknown OID: [5] 1.9.49.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. [ 1156.101813][T22582] PKCS7: Only support pkcs7_signedData type [ 1156.355985][ T5083] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 1156.553928][ T5083] usb 3-1: New USB device found, idVendor=0c45, idProduct=6025, bcdDevice=41.12 [ 1156.588741][ T5083] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1156.650613][ T5083] usb 3-1: config 0 descriptor?? [ 1156.680757][ T5083] hub 3-1:0.0: bad descriptor, ignoring hub [ 1156.716805][ T5083] hub 3-1:0.0: probe with driver hub failed with error -5 [ 1156.782315][ T5083] gspca_main: sonixb-2.14.0 probing 0c45:6025 [ 1157.055250][T22596] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(30518188509921) <= P.seqno(0) <= S.SWH(30518188509995)) and (P.ackno exists or LAWL(61875618617178) <= P.ackno(61875618617179) <= S.AWH(61875618617179), sending SYNC... [ 1157.553318][T22601] pimreg: entered allmulticast mode [ 1157.645200][T22604] pimreg: left allmulticast mode [ 1157.687579][ T5083] sonixb 3-1:0.0: Error reading register 00: -71 [ 1157.751361][ T5083] usb 3-1: USB disconnect, device number 52 [ 1159.034114][T22608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6174'. [ 1160.789101][T22652] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6190'. [ 1161.722721][T22651] pimreg: entered allmulticast mode [ 1161.823292][T22660] PKCS7: Unknown OID: [5] 1.9.49.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. [ 1161.832262][T22660] PKCS7: Only support pkcs7_signedData type [ 1161.959931][T22651] pimreg: left allmulticast mode [ 1164.261985][T22720] netlink: 'syz.2.6219': attribute type 21 has an invalid length. [ 1164.317280][T22720] netlink: 128 bytes leftover after parsing attributes in process `syz.2.6219'. [ 1164.418682][T22725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6221'. [ 1164.459637][T22720] netlink: 'syz.2.6219': attribute type 4 has an invalid length. [ 1164.560471][T22720] netlink: 'syz.2.6219': attribute type 5 has an invalid length. [ 1164.725317][T22720] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6219'. [ 1166.397809][T22756] input: syz1 as /devices/virtual/input/input58 [ 1168.148969][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 1168.148991][ T29] audit: type=1800 audit(1719829685.185:615): pid=22797 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.6249" name="bus" dev="sda1" ino=2134 res=0 errno=0 [ 1170.626635][T22847] overlayfs: failed to resolve './file1': -2 [ 1171.569531][T22849] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6266'. [ 1171.639585][T22849] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6266'. [ 1171.698085][ T29] audit: type=1800 audit(1719829688.720:616): pid=22851 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.6266" name="bus" dev="sda1" ino=2149 res=0 errno=0 [ 1174.543775][T22907] 9pnet_fd: Insufficient options for proto=fd [ 1176.146763][ T29] audit: type=1800 audit(1719829693.132:617): pid=22929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.6297" name="bus" dev="sda1" ino=2131 res=0 errno=0 [ 1176.231498][ T29] audit: type=1804 audit(1719829693.132:618): pid=22929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.6297" name="/root/syzkaller.BeMGnM/43/bus" dev="sda1" ino=2131 res=1 errno=0 [ 1176.599097][T22939] tipc: Started in network mode [ 1176.635480][T22939] tipc: Node identity ffffffff, cluster identity 4711 [ 1176.684847][T22939] tipc: Node number set to 4294967295 [ 1177.474561][T22950] binder: 22949:22950 ioctl c018620c 20000100 returned -1 [ 1177.489164][T22954] macsec1: entered promiscuous mode [ 1177.506639][T22954] macvlan1: entered promiscuous mode [ 1177.526651][T22954] macsec1: entered allmulticast mode [ 1177.551042][T22954] macvlan1: entered allmulticast mode [ 1177.577091][T22954] veth1_vlan: entered allmulticast mode [ 1177.688608][T22954] macvlan1: left allmulticast mode [ 1177.693812][T22954] veth1_vlan: left allmulticast mode [ 1177.738105][T22954] macvlan1: left promiscuous mode [ 1178.104908][T22970] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6316'. [ 1178.162929][T22970] netlink: 'syz.1.6316': attribute type 4 has an invalid length. [ 1178.209834][T22970] netlink: 'syz.1.6316': attribute type 5 has an invalid length. [ 1178.285405][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 1178.293280][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.787592][T22987] binder: 22986:22987 ioctl c018620c 20000100 returned -1 [ 1179.204362][T22996] tipc: Started in network mode [ 1179.214904][T22996] tipc: Node identity ffffffff, cluster identity 4711 [ 1179.236803][T22996] tipc: Node number set to 4294967295 [ 1180.050536][T23022] MTD: Attempt to mount non-MTD device "./file0" [ 1180.104279][T23022] syz.3.6336: attempt to access beyond end of device [ 1180.104279][T23022] loop6: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1184.205727][T23072] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6355'. [ 1184.227516][T23072] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6355'. [ 1184.294870][ T29] audit: type=1800 audit(1719829701.239:619): pid=23072 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.6355" name="bus" dev="sda1" ino=2141 res=0 errno=0 [ 1184.343770][T23080] tmpfs: Unexpected value for 'grpquota' [ 1184.487195][ T29] audit: type=1800 audit(1719829701.349:620): pid=23083 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.6357" name="bus" dev="sda1" ino=2151 res=0 errno=0 [ 1184.844599][T23088] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6362'. [ 1184.932049][T23088] netlink: 'syz.4.6362': attribute type 4 has an invalid length. [ 1184.974906][T23088] netlink: 'syz.4.6362': attribute type 5 has an invalid length. [ 1185.485214][T23104] netlink: 'syz.1.6368': attribute type 7 has an invalid length. [ 1185.747188][ T45] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1185.999190][ T45] usb 3-1: Using ep0 maxpacket: 16 [ 1186.026033][ T45] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1186.157063][ T45] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1186.223101][ T45] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1186.394025][ T45] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1186.518429][ T45] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1186.528081][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1186.536352][ T45] usb 3-1: Product: syz [ 1186.540841][ T45] usb 3-1: Manufacturer: syz [ 1186.545491][ T45] usb 3-1: SerialNumber: syz [ 1186.672941][ T45] cdc_ncm 3-1:1.0: skipping garbage [ 1186.749748][ T45] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 1186.796398][ T45] cdc_ncm 3-1:1.0: bind() failure [ 1186.945304][T15325] usb 3-1: USB disconnect, device number 53 [ 1187.171233][T23120] program syz.3.6371 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1188.445926][T23149] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6381'. [ 1188.474120][T23149] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6381'. [ 1188.551196][ T29] audit: type=1800 audit(1719829705.481:621): pid=23149 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.6381" name="bus" dev="sda1" ino=2145 res=0 errno=0 [ 1188.573632][T23155] netlink: 'syz.4.6379': attribute type 7 has an invalid length. [ 1189.925951][ T29] audit: type=1326 audit(1719829706.845:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23157 comm="syz.2.6385" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5479f75b99 code=0x0 [ 1191.874950][T15325] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 1192.062761][T15325] usb 3-1: Using ep0 maxpacket: 8 [ 1192.097731][T15325] usb 3-1: New USB device found, idVendor=046d, idProduct=0850, bcdDevice=6b.da [ 1192.132109][T15325] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1192.176514][T15325] usb 3-1: config 0 descriptor?? [ 1192.230919][T23194] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6398'. [ 1192.273215][T23194] bridge_slave_1: left allmulticast mode [ 1192.302095][T23194] bridge_slave_1: left promiscuous mode [ 1192.337795][T23194] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.390033][T23194] bridge_slave_0: left allmulticast mode [ 1192.409797][T23194] bridge_slave_0: left promiscuous mode [ 1192.440686][T23194] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.826154][T23178] usb usb9: usbfs: interface 0 claimed by hub while 'syz.2.6391' sets config #0 [ 1192.877035][T15325] usb 3-1: string descriptor 0 read error: -71 [ 1192.916816][T15325] gspca_main: STV06xx-2.14.0 probing 046d:0850 [ 1192.944810][T15325] usb 3-1: unknown interface protocol 0xe6, assuming v1 [ 1192.990446][T15325] usb 3-1: cannot find UAC_HEADER [ 1193.094938][T15325] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1193.157945][T15325] usb 3-1: USB disconnect, device number 54 [ 1197.141298][T12704] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1197.263155][T23254] dccp_invalid_packet: P.Data Offset(100) too large [ 1197.411064][T12704] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1197.440119][T12704] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1197.487075][T12704] usb 4-1: config 1 has no interface number 0 [ 1197.513403][T12704] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1197.568404][T12704] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 1197.624147][T12704] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1197.655942][T12704] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1197.685352][T23258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6425'. [ 1197.695054][T12704] usb 4-1: Product: syz [ 1197.699363][T12704] usb 4-1: Manufacturer: syz [ 1197.727307][T12704] usb 4-1: SerialNumber: syz [ 1197.751036][T23258] bridge_slave_1: left allmulticast mode [ 1197.781980][T23258] bridge_slave_1: left promiscuous mode [ 1197.782190][T12704] usb 4-1: selecting invalid altsetting 1 [ 1197.794392][T23258] bridge0: port 2(bridge_slave_1) entered disabled state [ 1197.859760][T23258] bridge_slave_0: left allmulticast mode [ 1197.886682][T23258] bridge_slave_0: left promiscuous mode [ 1197.912142][T23258] bridge0: port 1(bridge_slave_0) entered disabled state [ 1198.422644][T12704] cdc_ncm 4-1:1.1: bind() failure [ 1198.462074][T12704] usb 4-1: USB disconnect, device number 32 [ 1199.521066][T23289] 9pnet_fd: Insufficient options for proto=fd [ 1200.721131][T23313] Bluetooth: MGMT ver 1.22 [ 1202.302133][T23336] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6454'. [ 1202.350671][T23333] bond_slave_0: entered promiscuous mode [ 1202.357407][T23333] bond_slave_1: entered promiscuous mode [ 1202.423943][T23333] macsec1: entered allmulticast mode [ 1202.453862][T23333] bond0: entered allmulticast mode [ 1202.494488][T23333] bond_slave_0: entered allmulticast mode [ 1202.514063][T23333] bond_slave_1: entered allmulticast mode [ 1202.591154][T23333] bond0: left allmulticast mode [ 1202.610744][T23333] bond_slave_0: left allmulticast mode [ 1202.664777][T23333] bond_slave_1: left allmulticast mode [ 1202.670474][T23333] bond_slave_0: left promiscuous mode [ 1202.676175][T23333] bond_slave_1: left promiscuous mode [ 1202.905702][T23338] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6455'. [ 1203.106663][T23340] bridge0: port 3(bond1) entered blocking state [ 1203.116420][T23340] bridge0: port 3(bond1) entered disabled state [ 1203.177554][T23340] bond1: entered allmulticast mode [ 1203.228427][T23340] bond1: entered promiscuous mode [ 1203.374537][T23342] bond1: (slave xfrm1): refused to change device type [ 1203.574992][T23362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6462'. [ 1203.815524][T23369] netlink: 'syz.1.6463': attribute type 3 has an invalid length. [ 1203.850080][T23369] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.6463'. [ 1204.646549][T23386] netlink: 72 bytes leftover after parsing attributes in process `syz.3.6472'. [ 1212.189678][T23410] netlink: 'syz.3.6484': attribute type 10 has an invalid length. [ 1212.209373][T23411] futex_wake_op: syz.2.6483 tries to shift op by 32; fix this program [ 1212.235603][T23410] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6484'. [ 1212.260174][T23410] bridge0: port 4(syz_tun) entered blocking state [ 1212.288438][T23410] bridge0: port 4(syz_tun) entered disabled state [ 1212.308027][T23410] syz_tun: entered allmulticast mode [ 1212.342167][T23410] syz_tun: entered promiscuous mode [ 1212.361875][T23410] bridge0: port 4(syz_tun) entered blocking state [ 1212.368629][T23410] bridge0: port 4(syz_tun) entered forwarding state [ 1212.415783][T23412] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6485'. [ 1212.603769][T23416] bond1: (slave xfrm2): The slave device specified does not support setting the MAC address [ 1212.637619][T23416] bond1: (slave xfrm2): Error -95 calling set_mac_address [ 1213.895983][T23440] autofs4:pid:23440:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(4294967071.1), cmd(0xc018937e) [ 1213.913397][T23440] autofs4:pid:23440:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 1213.938519][ T29] audit: type=1326 audit(1719829730.681:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23432 comm="syz.2.6492" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5479f75b99 code=0x0 [ 1216.195257][T23484] binder: 23482:23484 ioctl c0306201 0 returned -14 [ 1219.224741][ T63] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1219.660236][ T63] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.285132][ T63] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1221.408983][ T63] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1221.631321][ T5095] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1221.654936][ T5095] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1221.672282][ T5095] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1221.694240][ T5095] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1221.729172][ T5095] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1221.739334][ T5095] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1221.966075][ T63] bridge_slave_1: left allmulticast mode [ 1221.975307][ T63] bridge_slave_1: left promiscuous mode [ 1221.994124][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 1222.034851][ T63] bridge_slave_0: left allmulticast mode [ 1222.058851][ T63] bridge_slave_0: left promiscuous mode [ 1222.084187][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 1222.512684][ T29] audit: type=1800 audit(1719829739.368:624): pid=23579 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.6560" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1223.017015][ T5095] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1223.048345][ T5095] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1223.063114][ T5095] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1223.113319][ T5095] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1223.121355][ T5095] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1223.129723][ T5095] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1223.865254][ T5095] Bluetooth: hci2: command tx timeout [ 1224.310303][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1224.371579][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1224.417241][ T63] bond0 (unregistering): Released all slaves [ 1224.647550][ T63] tipc: Left network mode [ 1225.157601][ T784] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1225.216147][ T5095] Bluetooth: hci5: command tx timeout [ 1225.232370][T23616] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1225.369698][ T784] usb 4-1: Using ep0 maxpacket: 32 [ 1225.385676][ T784] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1225.415636][ T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1225.477967][ T784] usb 4-1: config 0 descriptor?? [ 1225.521570][ T784] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1225.627912][ T63] hsr_slave_0: left promiscuous mode [ 1225.639643][ T63] hsr_slave_1: left promiscuous mode [ 1225.665320][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1225.702719][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1225.910585][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1225.937027][ T5095] Bluetooth: hci2: command tx timeout [ 1225.955094][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1225.989797][ T784] gspca_nw80x: reg_r err -71 [ 1225.994554][ T784] nw80x 4-1:0.0: probe with driver nw80x failed with error -71 [ 1226.005491][ T784] usb 4-1: USB disconnect, device number 33 [ 1226.429893][ T63] veth1_macvtap: left promiscuous mode [ 1226.560014][ T63] veth0_macvtap: left promiscuous mode [ 1226.565855][ T63] veth1_vlan: left promiscuous mode [ 1226.610256][ T63] veth0_vlan: left promiscuous mode [ 1227.299371][ T5095] Bluetooth: hci5: command tx timeout [ 1228.019387][ T5095] Bluetooth: hci2: command tx timeout [ 1229.380682][ T5095] Bluetooth: hci5: command tx timeout [ 1229.422039][T23636] Falling back ldisc for pts0. [ 1229.724310][ T63] team0 (unregistering): Port device team_slave_1 removed [ 1229.947742][ T63] team0 (unregistering): Port device team_slave_0 removed [ 1230.101243][ T5095] Bluetooth: hci2: command tx timeout [ 1230.814646][ T29] audit: type=1326 audit(1719829747.658:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23654 comm="syz.3.6589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd09575b99 code=0x7ffc0000 [ 1230.928306][ T29] audit: type=1326 audit(1719829747.658:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23654 comm="syz.3.6589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd09575b99 code=0x7ffc0000 [ 1231.001407][ T29] audit: type=1326 audit(1719829747.688:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23654 comm="syz.3.6589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7efd09575b99 code=0x7ffc0000 [ 1231.035312][T23659] binder: 23657:23659 ioctl c0046209 0 returned -22 [ 1231.071897][ T29] audit: type=1326 audit(1719829747.688:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23654 comm="syz.3.6589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd09575b99 code=0x7ffc0000 [ 1231.462491][ T5095] Bluetooth: hci5: command tx timeout [ 1234.372073][T23571] chnl_net:caif_netlink_parms(): no params data found [ 1234.682824][T23586] chnl_net:caif_netlink_parms(): no params data found [ 1234.882023][T23571] bridge0: port 1(bridge_slave_0) entered blocking state [ 1234.955692][T23571] bridge0: port 1(bridge_slave_0) entered disabled state [ 1235.007177][T23571] bridge_slave_0: entered allmulticast mode [ 1235.014860][T23571] bridge_slave_0: entered promiscuous mode [ 1235.235471][T23571] bridge0: port 2(bridge_slave_1) entered blocking state [ 1235.243129][ T29] audit: type=1326 audit(1719829752.044:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23690 comm="syz.3.6599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd09575b99 code=0x7ffc0000 [ 1235.319429][T23571] bridge0: port 2(bridge_slave_1) entered disabled state [ 1235.376323][T23571] bridge_slave_1: entered allmulticast mode [ 1235.416685][ T29] audit: type=1326 audit(1719829752.044:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23690 comm="syz.3.6599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7efd09575b99 code=0x7ffc0000 [ 1235.442507][T23571] bridge_slave_1: entered promiscuous mode [ 1235.531102][T23694] binder: 23693:23694 ioctl c0046209 0 returned -22 [ 1235.563506][ T29] audit: type=1326 audit(1719829752.044:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23690 comm="syz.3.6599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd09575b99 code=0x7ffc0000 [ 1235.737046][ T29] audit: type=1326 audit(1719829752.044:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23690 comm="syz.3.6599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd09575b99 code=0x7ffc0000 [ 1235.874372][T23571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1236.156311][T23571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1236.259067][T23586] bridge0: port 1(bridge_slave_0) entered blocking state [ 1236.271314][T23586] bridge0: port 1(bridge_slave_0) entered disabled state [ 1236.303793][T23586] bridge_slave_0: entered allmulticast mode [ 1236.343917][T23586] bridge_slave_0: entered promiscuous mode [ 1236.385534][T23710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6606'. [ 1236.537941][T23571] team0: Port device team_slave_0 added [ 1236.892877][ T63] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1237.007658][T23586] bridge0: port 2(bridge_slave_1) entered blocking state [ 1237.014877][T23586] bridge0: port 2(bridge_slave_1) entered disabled state [ 1237.065708][T23586] bridge_slave_1: entered allmulticast mode [ 1237.086044][T23586] bridge_slave_1: entered promiscuous mode [ 1237.184080][T23571] team0: Port device team_slave_1 added [ 1237.213327][T23733] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6615'. [ 1237.326280][ T63] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1237.483892][T23586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1237.798765][ T63] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1237.858014][T23586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1237.966424][T23571] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1237.988450][T23571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1238.078392][T23571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1238.184701][ T63] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1238.312046][T23571] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1238.334710][T23571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1238.418330][T23571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1238.502183][T23586] team0: Port device team_slave_0 added [ 1238.541755][T23758] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6625'. [ 1238.696213][T23586] team0: Port device team_slave_1 added [ 1344.129140][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1344.136191][ C0] rcu: 1-...!: (1 GPs behind) idle=4e54/1/0x4000000000000000 softirq=104516/104517 fqs=1 [ 1344.148656][ C0] rcu: (detected by 0, t=10505 jiffies, g=154025, q=354 ncpus=2) [ 1344.156512][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1344.161788][ C1] NMI backtrace for cpu 1 [ 1344.161809][ C1] CPU: 1 PID: 23766 Comm: syz.0.6629 Not tainted 6.10.0-rc6-syzkaller #0 [ 1344.161828][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1344.161840][ C1] RIP: 0010:rb_insert_color+0x25/0x690 [ 1344.161873][ C1] Code: 90 90 90 90 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 83 ec 38 49 89 f7 48 89 fd 48 bb 00 00 00 00 00 fc ff df 48 89 f8 <48> c1 e8 03 80 3c 18 00 74 08 48 89 ef e8 a9 d9 82 f6 48 89 6c 24 [ 1344.161889][ C1] RSP: 0018:ffffc90000a18c50 EFLAGS: 00000086 [ 1344.161907][ C1] RAX: ffff88807e843340 RBX: dffffc0000000000 RCX: dffffc0000000000 [ 1344.161922][ C1] RDX: 0000000000000000 RSI: ffff8880b952c9d0 RDI: ffff88807e843340 [ 1344.161935][ C1] RBP: ffff88807e843340 R08: ffff88807e843357 R09: 0000000000000000 [ 1344.161948][ C1] R10: ffff88807e843340 R11: ffffed100fd0866b R12: ffff8880b952c9d0 [ 1344.161962][ C1] R13: ffff8880b952c9d0 R14: 0000000000000000 R15: ffff8880b952c9d0 [ 1344.161976][ C1] FS: 000055557e7bb500(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 1344.161992][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1344.162005][ C1] CR2: 000000110c28e29e CR3: 0000000063da8000 CR4: 00000000003506f0 [ 1344.162022][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1344.162034][ C1] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1344.162046][ C1] Call Trace: [ 1344.162057][ C1] [ 1344.162068][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1344.162099][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1344.162132][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1344.162163][ C1] ? nmi_handle+0x2a/0x5a0 [ 1344.162215][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1344.162247][ C1] ? nmi_handle+0x14f/0x5a0 [ 1344.162285][ C1] ? nmi_handle+0x2a/0x5a0 [ 1344.162324][ C1] ? rb_insert_color+0x25/0x690 [ 1344.162358][ C1] ? default_do_nmi+0x63/0x160 [ 1344.162390][ C1] ? exc_nmi+0x123/0x1f0 [ 1344.162410][ C1] ? end_repeat_nmi+0xf/0x53 [ 1344.162444][ C1] ? rb_insert_color+0x25/0x690 [ 1344.162468][ C1] ? rb_insert_color+0x25/0x690 [ 1344.162492][ C1] ? rb_insert_color+0x25/0x690 [ 1344.162516][ C1] [ 1344.162522][ C1] [ 1344.162528][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 1344.162555][ C1] ? advance_sched+0xa02/0xca0 [ 1344.162587][ C1] timerqueue_add+0x260/0x290 [ 1344.162605][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 1344.162637][ C1] enqueue_hrtimer+0x1b2/0x3c0 [ 1344.162667][ C1] __hrtimer_run_queues+0x6cb/0xd50 [ 1344.162693][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 1344.162723][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1344.162749][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 1344.162774][ C1] hrtimer_interrupt+0x396/0x990 [ 1344.162819][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1344.162848][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1344.162875][ C1] [ 1344.162881][ C1] [ 1344.162888][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1344.162916][ C1] RIP: 0010:lock_is_held_type+0x13b/0x190 [ 1344.162942][ C1] Code: 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 42 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f [ 1344.162957][ C1] RSP: 0018:ffffc9000c8ff7b8 EFLAGS: 00000206 [ 1344.162973][ C1] RAX: 99ef63be1f0e5a00 RBX: 0000000000000000 RCX: ffff888021b59e00 [ 1344.162986][ C1] RDX: 0000000000000000 RSI: ffffffff8bcacca0 RDI: ffffffff8c1f16c0 [ 1344.162999][ C1] RBP: ffffc9000c8ff9f0 R08: ffffc9000c8ff97f R09: 0000000000000000 [ 1344.163012][ C1] R10: ffffc9000c8ff970 R11: fffff5200191ff30 R12: 0000000000000246 [ 1344.163026][ C1] R13: ffff888021b59e00 R14: 00000000ffffffff R15: ffffffff8e333f80 [ 1344.163055][ C1] __schedule+0x209/0x49d0 [ 1344.163086][ C1] ? __pfx___schedule+0x10/0x10 [ 1344.163104][ C1] ? schedule+0x90/0x320 [ 1344.163120][ C1] ? __pfx_lock_release+0x10/0x10 [ 1344.163141][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 1344.163171][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1344.163200][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1344.163230][ C1] ? schedule+0x90/0x320 [ 1344.163246][ C1] schedule+0x14b/0x320 [ 1344.163264][ C1] ? futex_wait_queue+0x27/0x1d0 [ 1344.163284][ C1] futex_wait_queue+0x14e/0x1d0 [ 1344.163308][ C1] __futex_wait+0x17f/0x320 [ 1344.163333][ C1] ? __pfx___futex_wait+0x10/0x10 [ 1344.163357][ C1] ? __pfx_futex_wake_mark+0x10/0x10 [ 1344.163384][ C1] ? ktime_add_safe+0x38/0x70 [ 1344.163410][ C1] futex_wait+0x101/0x360 [ 1344.163432][ C1] ? __pfx_futex_wait+0x10/0x10 [ 1344.163455][ C1] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 1344.163483][ C1] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 1344.163511][ C1] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 1344.163542][ C1] ? ktime_get+0x3c/0xb0 [ 1344.163570][ C1] do_futex+0x33b/0x560 [ 1344.163601][ C1] ? __pfx_do_futex+0x10/0x10 [ 1344.163634][ C1] __se_sys_futex+0x3f9/0x480 [ 1344.163655][ C1] ? __pfx___se_sys_futex+0x10/0x10 [ 1344.163672][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1344.163693][ C1] ? do_syscall_64+0x100/0x230 [ 1344.163721][ C1] ? __x64_sys_futex+0x21/0xf0 [ 1344.163740][ C1] do_syscall_64+0xf3/0x230 [ 1344.163768][ C1] ? clear_bhb_loop+0x35/0x90 [ 1344.163802][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1344.163829][ C1] RIP: 0033:0x7f562c775b99 [ 1344.163847][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1344.163861][ C1] RSP: 002b:00007ffc4b5a7da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1344.163879][ C1] RAX: ffffffffffffffda RBX: 000000000012e654 RCX: 00007f562c775b99 [ 1344.163892][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f562c903fac [ 1344.163904][ C1] RBP: 000000000012e622 R08: 7fffffffffffffff R09: 000000074b5a80bf [ 1344.163917][ C1] R10: 00007ffc4b5a7e90 R11: 0000000000000246 R12: 00007f562c903fac [ 1344.163930][ C1] R13: 0000000000000032 R14: 00007ffc4b5a7eb0 R15: 00007ffc4b5a7e90 [ 1344.163952][ C1] [ 1344.164776][ C0] rcu: rcu_preempt kthread starved for 10500 jiffies! g154025 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 1344.769579][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1344.779570][ C0] rcu: RCU grace-period kthread stack dump: [ 1344.785568][ C0] task:rcu_preempt state:R running task stack:25584 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 1344.797357][ C0] Call Trace: [ 1344.800658][ C0] [ 1344.803700][ C0] __schedule+0x1796/0x49d0 [ 1344.808262][ C0] ? __pfx___schedule+0x10/0x10 [ 1344.813144][ C0] ? __pfx_lock_release+0x10/0x10 [ 1344.818196][ C0] ? __asan_memset+0x23/0x50 [ 1344.823002][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1344.828838][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1344.835193][ C0] ? schedule+0x90/0x320 [ 1344.839495][ C0] schedule+0x14b/0x320 [ 1344.843677][ C0] schedule_timeout+0x1be/0x310 [ 1344.848569][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 1344.854328][ C0] ? __pfx_process_timeout+0x10/0x10 [ 1344.859653][ C0] ? prepare_to_swait_event+0x32e/0x350 [ 1344.865246][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 1344.870139][ C0] ? __pfx_dyntick_save_progress_counter+0x10/0x10 [ 1344.876671][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1344.881986][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1344.887921][ C0] ? finish_swait+0xd4/0x1e0 [ 1344.892542][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 1344.897184][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1344.902429][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1344.908386][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1344.913464][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1344.918698][ C0] kthread+0x2f0/0x390 [ 1344.922801][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1344.928035][ C0] ? __pfx_kthread+0x10/0x10 [ 1344.932658][ C0] ret_from_fork+0x4b/0x80 [ 1344.937114][ C0] ? __pfx_kthread+0x10/0x10 [ 1344.941741][ C0] ret_from_fork_asm+0x1a/0x30 [ 1344.946563][ C0] [ 1344.949641][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1344.955980][ C0] CPU: 0 PID: 2449 Comm: kworker/u8:6 Not tainted 6.10.0-rc6-syzkaller #0 [ 1344.964529][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1344.974899][ C0] Workqueue: events_unbound toggle_allocation_gate [ 1344.981886][ C0] RIP: 0010:smp_call_function_many_cond+0x1860/0x29d0 [ 1344.988963][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 c9 0c 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 74 08 0c 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 58 08 [ 1345.008791][ C0] RSP: 0018:ffffc900090a7700 EFLAGS: 00000293 [ 1345.014986][ C0] RAX: ffffffff818a1e08 RBX: 1ffff110172a8891 RCX: ffff888029878000 [ 1345.022985][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1345.031068][ C0] RBP: ffffc900090a78e0 R08: ffffffff818a1dd7 R09: 1ffffffff25ee2b0 [ 1345.039154][ C0] R10: dffffc0000000000 R11: fffffbfff25ee2b1 R12: dffffc0000000000 [ 1345.047177][ C0] R13: ffff8880b9544488 R14: ffff8880b943f880 R15: 0000000000000001 [ 1345.055187][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 1345.064400][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1345.071009][ C0] CR2: 00007efd09549480 CR3: 000000000e132000 CR4: 00000000003506f0 [ 1345.079007][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1345.086998][ C0] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1345.095016][ C0] Call Trace: [ 1345.098331][ C0] [ 1345.101202][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 1345.107568][ C0] ? print_other_cpu_stall+0x1470/0x15a0 [ 1345.113330][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 1345.119174][ C0] ? __pfx_lock_release+0x10/0x10 [ 1345.124239][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 1345.130507][ C0] ? rcu_sched_clock_irq+0x9f4/0x10a0 [ 1345.135918][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 1345.141579][ C0] ? hrtimer_run_queues+0x16c/0x460 [ 1345.146812][ C0] ? acct_account_cputime+0x207/0x210 [ 1345.152318][ C0] ? update_process_times+0x1ce/0x230 [ 1345.157754][ C0] ? tick_nohz_handler+0x37c/0x500 [ 1345.162919][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 1345.168419][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 1345.173863][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 1345.179891][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1345.185647][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 1345.191755][ C0] ? hrtimer_interrupt+0x396/0x990 [ 1345.196932][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1345.203127][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1345.208968][ C0] [ 1345.211925][ C0] [ 1345.214882][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1345.221082][ C0] ? smp_call_function_many_cond+0x1847/0x29d0 [ 1345.227274][ C0] ? smp_call_function_many_cond+0x1878/0x29d0 [ 1345.233465][ C0] ? smp_call_function_many_cond+0x1860/0x29d0 [ 1345.239662][ C0] ? kmem_cache_alloc_bulk_noprof+0x146/0x770 [ 1345.245770][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 1345.250837][ C0] ? kmem_cache_alloc_bulk_noprof+0x146/0x770 [ 1345.256953][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 1345.263317][ C0] ? __pfx___might_resched+0x10/0x10 [ 1345.268724][ C0] ? __mutex_trylock_common+0x183/0x2e0 [ 1345.274301][ C0] ? __pfx___might_resched+0x10/0x10 [ 1345.279628][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 1345.284682][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 1345.289840][ C0] text_poke_bp_batch+0x352/0xb30 [ 1345.294907][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 1345.300572][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 1345.305744][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 1345.312029][ C0] text_poke_finish+0x30/0x50 [ 1345.316742][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 1345.322927][ C0] static_key_enable_cpuslocked+0x136/0x260 [ 1345.328865][ C0] static_key_enable+0x1a/0x20 [ 1345.333663][ C0] toggle_allocation_gate+0xb5/0x250 [ 1345.339236][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 1345.345330][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1345.351787][ C0] ? process_scheduled_works+0x945/0x1830 [ 1345.357527][ C0] process_scheduled_works+0xa2c/0x1830 [ 1345.363133][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 1345.369151][ C0] ? assign_work+0x364/0x3d0 [ 1345.373805][ C0] worker_thread+0x86d/0xd50 [ 1345.378440][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1345.383497][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1345.388636][ C0] kthread+0x2f0/0x390 [ 1345.392742][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1345.397884][ C0] ? __pfx_kthread+0x10/0x10 [ 1345.402507][ C0] ret_from_fork+0x4b/0x80 [ 1345.407045][ C0] ? __pfx_kthread+0x10/0x10 [ 1345.411670][ C0] ret_from_fork_asm+0x1a/0x30 [ 1345.416491][ C0]