last executing test programs: 1m37.664904986s ago: executing program 0 (id=300): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000280)={0x4, 0x2}) 1m24.573115862s ago: executing program 0 (id=302): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0x5, 0x0, 'queue0\x00', 0x10000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000380)) 1m21.237555513s ago: executing program 1 (id=303): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002dc0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_RANGE_FROM_DATA={0x4}, @NFTA_RANGE_SREG={0x8}, @NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 1m17.999183417s ago: executing program 0 (id=304): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000009b000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m14.368590628s ago: executing program 1 (id=305): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) pread64(r0, &(0x7f0000000240)=""/253, 0xfd, 0x4) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000100)={0xa00, 0xa00}) 1m6.413508294s ago: executing program 0 (id=306): r0 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000000400)=[{0x0}, {0x0}], 0x2}, 0x0, 0x40000023, 0x1}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 1m6.413109004s ago: executing program 1 (id=307): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9400000010000100"/20, @ANYRES32=r1, @ANYBLOB="0006000000000000240012800b00010067656e657665000014000280060005004e24000008000b"], 0x94}, 0x1, 0x2, 0x0, 0x804}, 0x0) 56.966753689s ago: executing program 0 (id=308): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x401, 0x101) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x41) 56.755991863s ago: executing program 1 (id=309): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004000) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x541b, 0x0) 33.08826528s ago: executing program 0 (id=310): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNGETFILTER(r0, 0x801054db, 0x0) 33.088000199s ago: executing program 1 (id=311): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000420040008002900787d040008001b"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x884) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 0s ago: executing program 1 (id=312): r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x10000, @empty}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x1, &(0x7f0000000300)=0x20000008, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:40583' (ED25519) to the list of known hosts. syzkaller login: [ 707.402365][ T3199] cgroup: Unknown subsys name 'net' [ 708.406080][ T3199] cgroup: Unknown subsys name 'cpuset' [ 708.625448][ T3199] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 815.781818][ T3199] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 1019.282814][ T3207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1019.508965][ T3207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1024.742735][ T3208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1024.932521][ T3208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1039.454219][ T3207] hsr_slave_0: entered promiscuous mode [ 1039.535185][ T3207] hsr_slave_1: entered promiscuous mode [ 1048.256033][ T3208] hsr_slave_0: entered promiscuous mode [ 1048.279051][ T3208] hsr_slave_1: entered promiscuous mode [ 1048.296433][ T3208] debugfs: 'hsr0' already exists in 'hsr' [ 1048.303317][ T3208] Cannot create hsr debugfs directory [ 1065.173284][ T3207] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1066.154381][ T3207] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1066.962967][ T3207] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1068.079406][ T3207] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1074.635407][ T3208] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1075.049189][ T3208] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1075.734379][ T3208] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1076.051332][ T3208] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1095.982793][ T3207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1102.615226][ T3208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1184.209577][ T3207] veth0_vlan: entered promiscuous mode [ 1186.655302][ T3207] veth1_vlan: entered promiscuous mode [ 1191.822140][ T3207] veth0_macvtap: entered promiscuous mode [ 1192.592455][ T3207] veth1_macvtap: entered promiscuous mode [ 1198.338346][ T3311] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1198.378744][ T3311] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1198.381965][ T3311] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1198.384740][ T3311] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.790571][ T3208] veth0_vlan: entered promiscuous mode [ 1206.154307][ T3208] veth1_vlan: entered promiscuous mode [ 1209.805293][ T3207] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1209.864347][ T3208] veth0_macvtap: entered promiscuous mode [ 1210.562199][ T3208] veth1_macvtap: entered promiscuous mode [ 1215.710237][ T3311] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1215.976194][ T3311] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1215.992846][ T3311] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1215.996137][ T3311] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1261.131193][ T3840] ======================================================= [ 1261.131193][ T3840] WARNING: The mand mount option has been deprecated and [ 1261.131193][ T3840] and is ignored by this kernel. Remove the mand [ 1261.131193][ T3840] option from the mount to silence this warning. [ 1261.131193][ T3840] ======================================================= [ 1283.764439][ T3852] netlink: 'syz.0.11': attribute type 1 has an invalid length. [ 1307.066055][ T3860] netlink: 16 bytes leftover after parsing attributes in process `syz.0.14'. [ 1378.114293][ T3136] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1379.804219][ T3136] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1379.833930][ T3136] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1379.896426][ T3136] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1379.904899][ T3136] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1380.851881][ T3892] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1381.320592][ T3136] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1385.784040][ T3202] usb 2-1: USB disconnect, device number 2 [ 1543.812391][ T3985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.56'. [ 1605.243905][ T4013] rdma_op ffffaf8031e1a9f0 conn xmit_rdma 0000000000000000 [ 1675.230755][ T4047] netlink: 8 bytes leftover after parsing attributes in process `syz.1.80'. [ 1710.962239][ T4069] ALSA: mixer_oss: invalid index 100000 [ 1711.796511][ T4068] netlink: 20 bytes leftover after parsing attributes in process `syz.1.86'. [ 1781.743079][ T4092] random: crng reseeded on system resumption [ 1867.522301][ T4129] netlink: 16 bytes leftover after parsing attributes in process `syz.1.112'. [ 1902.798133][ T4145] netlink: 56 bytes leftover after parsing attributes in process `syz.1.120'. [ 2004.403936][ T4195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.137'. [ 2025.544684][ T4205] capability: warning: `syz.0.141' uses deprecated v2 capabilities in a way that may be insecure [ 2060.733034][ T4221] netlink: 16 bytes leftover after parsing attributes in process `syz.0.149'. [ 2082.512848][ T4229] netlink: 32 bytes leftover after parsing attributes in process `syz.0.152'. [ 2102.183498][ T4239] netlink: 'syz.0.156': attribute type 1 has an invalid length. [ 2102.221475][ T4239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.156'. [ 2173.999957][ T3666] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 2174.463158][ T3666] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2174.472759][ T3666] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 2174.481493][ T3666] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2174.750948][ T3666] usb 2-1: New USB device found, idVendor=0525, idProduct=d0a1, bcdDevice= 0.40 [ 2174.754755][ T3666] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2174.794368][ T3666] usb 2-1: Product: syz [ 2174.801132][ T3666] usb 2-1: Manufacturer: syz [ 2174.803110][ T3666] usb 2-1: SerialNumber: syz [ 2175.471748][ T3666] cdc_ncm 2-1:1.0: skipping garbage [ 2175.475500][ T3666] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 2175.572206][ T3666] cdc_ncm 2-1:1.0: bind() failure [ 2180.043401][ T3827] usb 2-1: USB disconnect, device number 3 [ 2194.394499][ T4284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.172'. [ 2229.466679][ T4300] usb usb1: usbfs: process 4300 (syz.0.178) did not claim interface 8 before use [ 2277.011030][ T4318] tmpfs: Bad value for 'nr_blocks' [ 2277.561845][ T4317] Illegal XDP return value 32768 on prog (id 7) dev N/A, expect packet loss! [ 2364.560646][ T4355] syz.1.203 (4355): /proc/4354/oom_adj is deprecated, please use /proc/4354/oom_score_adj instead. [ 2554.199898][ T4433] netlink: 71 bytes leftover after parsing attributes in process `syz.1.239'. [ 2580.954510][ T4449] netlink: 12 bytes leftover after parsing attributes in process `syz.1.245'. [ 2581.214774][ T4449] Zero length message leads to an empty skb [ 2588.004174][ T4451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.247'. [ 2599.151743][ T4460] netlink: 8 bytes leftover after parsing attributes in process `syz.1.250'. [ 2654.450058][ T4496] netlink: 220 bytes leftover after parsing attributes in process `syz.1.264'. [ 2654.454284][ T4496] netlink: 'syz.1.264': attribute type 5 has an invalid length. [ 2717.474571][ T4528] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 2717.805345][ T4528] xt_connbytes: Forcing CT accounting to be enabled [ 2724.356311][ T4533] process 'syz.1.281' launched './file2' with NULL argv: empty string added [ 2859.802212][ T4593] netlink: 80 bytes leftover after parsing attributes in process `syz.1.307'. [ 2905.763177][ T4606] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'. [ 2907.014800][ T4610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'. [ 3664.811977][ T33] INFO: task syz.1.312:4614 blocked for more than 423 seconds. [ 3664.813739][ T33] Not tainted syzkaller #0 [ 3664.814920][ T33] Blocked by coredump. [ 3664.815812][ T33] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3673.259492][ T33] task:syz.1.312 state:D stack:0 pid:4614 tgid:4613 ppid:3208 task_flags:0x40044c flags:0x00000002 [ 3673.263922][ T33] Call Trace: [ 3673.265710][ T33] [] __schedule+0xf10/0x4098 [ 3679.576199][ T33] [] schedule+0xb4/0x334 [ 3684.450847][ T33] [] schedule_preempt_disabled+0x16/0x28 [ 3684.453250][ T33] [] rwsem_down_read_slowpath+0x4ca/0x954 [ 3684.455506][ T33] [] down_read+0xe0/0x454 [ 3689.261764][ T33] [] do_exit+0x69a/0x2828 [ 3689.264001][ T33] [] do_group_exit+0xca/0x258 [ 3689.265531][ T33] [] get_signal+0x1f7e/0x224c [ 3694.202466][ T33] [] arch_do_signal_or_restart+0xca0/0x1ddc [ 3694.205393][ T33] [] exit_to_user_mode_loop+0x8e/0x874