last executing test programs: 7.641586302s ago: executing program 2 (id=5671): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) poll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0) 7.312474216s ago: executing program 2 (id=5673): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2c, 0x4, 0x0, 0x0, 0xb0, 0x2000, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}}, {@broadcast, 0x3}, {@remote, 0x96}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010121}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x13, 0x0, [@remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00'}, 0x45c) 6.618288043s ago: executing program 2 (id=5675): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x64}, [@ldst]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x4) umount2(&(0x7f0000000240)='./file0\x00', 0xc) 6.299153094s ago: executing program 2 (id=5677): r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) write$P9_RLCREATE(r0, &(0x7f0000000000)={0x18}, 0x18) lseek(r0, 0x0, 0x4) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000227bd7000fddbdf25880000000c00990000040000360000000a00060008021100000100000e003300d4000500ffffffffffff0000b901330038870000ffffffffffff08021100000008021100000076000802110000007e0049800802110000000802110000016800b669390348023fa1b5eac2e77bb017029f66a46cc541e16365ab2b611290a2540015ec57f209ae42eba4f72b87bcaedee3ee71df57db919ae39b59a28a1c89647cc45f2734db8123bc908cb07d27551f252caefaff9bcfba3cc30aa8bfbbecabba6773beb0ce5b310000080211000000ffffffffffff6300cbc41938a357133d909249562cd07e24aa28742027b370eb40e67d1d95cb04119f1a8de87e88623d8df11111ac69eeb3443976efb9a0547a29e14003ce12ea057504dc44bb91d68cc9e05f2eac53d48fd662dde79a6b54170ca35f6d99945fea3eab25000000ffffffffffff080211000001210047f5ae5fc25ab80e860d3a76d947447375da17ed639aac16245bf12fdf3bfb848e00ffffffffffff080211000000ff0073951d9ad63707a1478820a503e4099a11c3026e209dae740145d9998278d35772fa186c7052de1ce4bad5603845f74a99a9a7c81e69aea7a2374670b0b0fca17e655ca8ef5ec0346e2e69a41a8cbe09b27957a93654b3952e65737a84d7976f5f26b679f9d273cbde1e3d3c38d756aea3a1331aacf8c723cd80f7fa9a6f4d201d2969adfe2cd45b3e1bad3bf70520bbacc3abc8ac6b00493b0953d58719932135bbbfdd0fb95369cd486b80ea2fd5c7cff2248ed8282e96d5ef809e836aede43cddf9e81496299419a50b44a6f54e71dcc3f89b9a2febdf307427c8b7b1533ed4ab807fb613def5ccae772d1dd399038dae5fc96f962334e160ee910cdbfd0000000802110000010802110000016400234e368d9022a21e05660057bf92fe59a458770eb076d618030159ef4205581937c47fb987e1489a54a33d7a5542f2ccbbf8d9159b928730655e08cfb9b42c9362d5ca1dcf6ce07d943cd0abf349641ba65360b65b4d91fd571cab7b46172f0cac11ecbe00000802110000000802110000006800b21b39c15956dbd6cd7c99391738a4601ea09e82820fb532d56fac0db37ac08aa53c8614444ba5e5178ce11a453a95f63ed5daa17a5d37df342d282f5f716fe4d5f844a91fd1b2e214fd34e50163cde43a3b26f2e06f8fae113a9390a25486bedbd0e4c94d4808a10000ffffffffffff0802110000013c00d2aa37549bd2c5cc9587ec6cbcc2e25cca715aa4e54d7d585073c60d68359b41335aa0893fc93c87b7d1e8d5b8293678af0b422e94dbede74dbb4640000008021100000008021100000164001dec837d3312542c4f6960368bf3e262c7837977719aed4e2c44033fbb9f38faa8283e48b465983264c8000732d220590e07624853c1a37bcfd9878491b5051854fa24c2da85d01e8966fef2dd5a01fde36e37003c25468d09199d2c4ac061c032710feb00000802110000010802110000013400536f48471f5bb51dd20d04986398e91c2cb67e503f1e54b0ebc1313b56382792aaa84dd5764c158974a43a11cb94e454f3b4e01600000802110000010802110000005d00c5e4ea68ad8fb30845872cdce77000c420a0091d1292d49582a3aa5a0901b75e234b80594b1d04e677b1b59f40f5132c5880e52f5abc8e7290414f98d8bc0c1d651e46e2be786eb2130f51d5c7bb9e698a9fdb8ab815910c7adb60c0fe0000000e003300c4001f000802110000010000"], 0x4fc}}, 0x20000000) setuid(0xee00) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x460000, 0x0) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1503"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) ioctl$TUNSETOFFLOAD(r3, 0x4010744d, 0x20000000) ioprio_set$pid(0x2, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x18) ioctl$HIDIOCGVERSION(r0, 0x80044801, &(0x7f00000001c0)) r5 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406004105240000000d240f0100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d0000090582020002000000090503020000001fff"], 0x0) syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000003c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000080)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000380)={r7, 0x80000001, 0xfffffff9}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x2c, r9, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xff}]}]}, 0x2c}}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000180)={r7, 0x2, r4, 0x1c0, 0x80000}) syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0) syz_usb_ep_write(r5, 0x82, 0x0, 0x0) 4.120113143s ago: executing program 0 (id=5685): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2c, 0x4, 0x0, 0x0, 0xb0, 0x2000, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}}, {@broadcast, 0x3}, {@remote, 0x96}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010121}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x13, 0x0, [@remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00'}, 0x45c) 4.030212757s ago: executing program 3 (id=5687): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x64}, [@ldst]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x4) umount2(&(0x7f0000000240)='./file0\x00', 0xc) 3.906069552s ago: executing program 3 (id=5689): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x0, 0x800000000004, @thr={0x0, 0x0}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a3000000000140007800800124000050000080008400000000012000300686173683a6e65742c706f72740000000500050002040000050004"], 0x60}}, 0x0) 3.802139416s ago: executing program 1 (id=5690): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000bc0), 0x4) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x0, 0xf, &(0x7f0000000280)=@ringbuf, &(0x7f0000000340)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000c40)={0x3, 0xf, 0x80000001, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000cc0)=[r0]}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0xb00000000000000, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r1, 0x2000000, 0xe, 0xffffffffffffffd4, &(0x7f0000000200)="493c1300"/14, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.693925789s ago: executing program 1 (id=5691): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') preadv(r2, &(0x7f0000000380)=[{&(0x7f0000000080)=""/36, 0x24}, {&(0x7f0000000180)=""/79, 0x4f}, {&(0x7f0000000200)=""/184, 0xb8}], 0x3, 0x0, 0x0) 3.555799708s ago: executing program 0 (id=5692): getpid() r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$NL80211_CMD_LEAVE_OCB(r0, &(0x7f0000006c40)={&(0x7f0000006b40), 0xc, &(0x7f0000006c00)={&(0x7f0000000140)=ANY=[], 0x28}}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 3.484404513s ago: executing program 3 (id=5693): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getuid() 3.483210955s ago: executing program 4 (id=5694): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x64, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}], {0x14, 0x10}}, 0xac}}, 0x0) 3.464493692s ago: executing program 1 (id=5695): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) poll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0) 3.365884031s ago: executing program 3 (id=5696): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfb}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) 3.365225499s ago: executing program 4 (id=5697): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)={0x48, r1, 0x921, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_SETUP={0x20, 0x70, [@NL80211_MESH_SETUP_AUTH_PROTOCOL={0x5}, @NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}, @NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5}, @NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL={0x5}]}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x48}}, 0x0) 3.350371856s ago: executing program 0 (id=5698): r0 = socket(0x2, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x182, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmmsg$unix(r0, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}], 0x1}}], 0x1, 0x0) 3.215686987s ago: executing program 4 (id=5699): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4}, @const={0x0, 0x0, 0x0, 0x2, 0x3}, @func_proto={0x2, 0x0, 0x0, 0x12, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x54}, 0x20) 3.208222831s ago: executing program 1 (id=5700): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0045520, &(0x7f0000002100)=0x10000) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r4, 0x0, 0x0) connect$llc(0xffffffffffffffff, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x10) socket$inet6(0xa, 0x6, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180), 0x0, 0x4) syz_open_procfs(0x0, 0x0) syz_emit_vhci(&(0x7f0000000800)=ANY=[@ANYBLOB="03890070be9de52cba6d93467877e01482335ae22e51f5b731dc9ec3b6a4bc154aa0edac4a34ef3240d64c9634dea7c5550652aa5c85f719818c87ba2484dd07eb0a4b3d1cbeb0fa23a9decaf9cd9af273"], 0x74) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24) sendmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1000000000000000000000000000000018000000000000001001000002"], 0x28, 0x500}}], 0x2, 0x40090) syz_emit_ethernet(0x1c9, &(0x7f0000000200)={@local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x193, 0x3a, 0x0, @private2, @mcast2, {[], @dest_unreach={0x1, 0x6, 0x0, 0x6, '\x00', {0x0, 0x6, "317413", 0x0, 0x0, 0x0, @empty, @rand_addr=' \x01\x00', [@hopopts={0x0, 0x2, '\x00', [@hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, @srh={0x0, 0x2, 0x4, 0x1, 0xa, 0x20, 0x7ff, [@private2]}, @fragment={0x2, 0x0, 0x10, 0x0, 0x0, 0xf, 0x64}, @dstopts={0x2f, 0x9, '\x00', [@jumbo={0xc2, 0x4, 0xfffff206}, @ra={0x5, 0x2, 0x6}, @enc_lim={0x4, 0x1, 0x7}, @hao={0xc9, 0x10, @local}, @calipso={0x7, 0x28, {0x1, 0x8, 0x8, 0xca, [0x8000, 0x6, 0x8000, 0x65f9]}}]}, @fragment={0x88, 0x0, 0x3, 0x1, 0x0, 0x0, 0x67}, @dstopts={0x36, 0x0, '\x00', [@jumbo={0xc2, 0x4, 0xea}]}, @srh={0x5c, 0xc, 0x4, 0x6, 0x81, 0x40, 0x2, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev, @ipv4, @remote, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @loopback]}], "42c868f94d11794807264c87b7c895c994bdff1aae2b83ea26d45d7163b27be2de9b062f3fbdf8918abc1cd0fb56ca63eb637bc84ba2e2c9b08d6cdfb8a5e4627c94363ed55d23daf9fb51"}}}}}}}, 0x0) 3.09412112s ago: executing program 0 (id=5701): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000df000000bfa300000000000007030000f0ffffff720af0fff8ffffff71a4f0ff000000005d040200000000001d400500000000004704000001ed00006203000000ffffff9c440284000000007a0a00fe00ffffffc303000051000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a1074649c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c0dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6acdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fed000000007baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca485683252b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a0032f37ff559be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee07751532d5e7d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e2fa3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef907000000f01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e015cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb581012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a0000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) close_range(r0, 0xffffffffffffffff, 0x0) 2.963157268s ago: executing program 4 (id=5702): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='syz_tun\x00', 0x10) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @mcast1}, 0x1c) syz_emit_ethernet(0x7e, &(0x7f0000000300)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x48, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "ebebbea5a6bc54a5cf79050aa689c7c0a4feeec8a95f84b6", "56261dcf421246c7fa0f68f32aea17b14d6285984901f27cfcfc7d9f632ca88e"}}}}}}}, 0x0) 2.952567113s ago: executing program 0 (id=5703): bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x15, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@remote}, {@dev, 0x65c}]}, @timestamp_prespec={0x44, 0x14, 0x0, 0x3, 0x0, [{@broadcast, 0x52b1}, {@multicast2}]}]}}}}}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r2, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r2, &(0x7f0000000000), 0x10) dup3(r1, r2, 0x0) 2.814527057s ago: executing program 4 (id=5704): syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x307, 0x6, 0x7, 0x8, 0x64, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}, 0x10) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES16], 0x40}}, 0x40091) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r6, 0x5609, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000004c0)='tlb_flush\x00'}, 0x10) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400) openat$audio(0xffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001a00)={0x20, 0x28, 0x107, 0x0, 0x0, {0x8}, [@nested={0xc, 0x1001, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}]}, 0x20}}, 0x40000) 2.535566434s ago: executing program 3 (id=5705): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) syslog(0x2, &(0x7f00000001c0)=""/7, 0x7) 1.996954721s ago: executing program 1 (id=5706): r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000300)={0x2, 0x0, 0x0, 0x0, 0x1100, 0x0, 0x0}) 1.931011379s ago: executing program 2 (id=5707): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000003000000a85ec2e936da18ed362f70146ef4fb8570158fb7338b01db093afd3059e395e5376daf63e3d81e682bcbf49cbe844432ab"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={0x0}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) getsockopt$ax25_int(r0, 0x101, 0x6, &(0x7f0000000300), &(0x7f0000000200)=0x4) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, 0x0) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00'}) openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'vcan0\x00', @remote}) writev(r5, &(0x7f0000001400)=[{&(0x7f0000000c00)}], 0x1) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) 1.930237778s ago: executing program 0 (id=5708): socket(0x10, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) rmdir(0x0) syz_emit_vhci(0x0, 0x7) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) symlinkat(0x0, r0, &(0x7f0000000000)='./file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a2b0c0000000000000000020000000900020073797a32000000000900010073797a30000000002c000480280001800b0001"], 0x80}}, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x84, &(0x7f0000000280)={0x0, @in6={{0xa, 0x0, 0x0, @dev}}}, 0x90) chdir(&(0x7f0000000140)='./bus\x00') r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000080), 0x10010) socket$packet(0x11, 0x2, 0x300) 180.073817ms ago: executing program 2 (id=5709): syz_io_uring_setup(0x1114, &(0x7f0000000300), &(0x7f00000001c0)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') r2 = syz_open_procfs(0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5393, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x0, 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_uring_enter(r2, 0x5b53, 0xfffffffc, 0x0, 0x0, 0x0) read$FUSE(r1, &(0x7f0000000080)={0x2020}, 0x2020) 121.481252ms ago: executing program 4 (id=5710): openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) mkdir(0x0, 0x0) socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000005c0)={'ip_vti0\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @dev}}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) 70.234788ms ago: executing program 3 (id=5711): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'team_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="9400000013004f0a000200"/20, @ANYRES32=r4, @ANYBLOB="00000000000000000800cfffecc507006c001a8054000a80140007"], 0x94}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x8f8, 0x0) 0s ago: executing program 1 (id=5712): ioprio_set$pid(0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) setpgid(0x0, r1) listxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x149a82, 0x0) sendfile(r2, r2, 0x0, 0x1) kernel console output (not intermixed with test programs): [ 1224.832350][ T46] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1224.871479][ T46] ftdi_sio 3-1:0.0: device disconnected [ 1224.948769][T27325] I/O error, dev loop7, sector 3712 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 1225.008880][T27325] I/O error, dev loop7, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 1225.052210][T27325] I/O error, dev loop7, sector 3712 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1225.063755][T27325] buffer_io_error: 109 callbacks suppressed [ 1225.063773][T27325] Buffer I/O error on dev loop7, logical block 464, async page read [ 1225.450909][ T46] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 1225.662761][ T29] audit: type=1326 audit(1722038710.231:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1225.987539][ T29] audit: type=1326 audit(1722038710.231:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1226.205569][ T29] audit: type=1326 audit(1722038710.231:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1226.238804][ T46] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1226.250263][ T29] audit: type=1326 audit(1722038710.231:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1226.273178][ T46] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1226.281146][ T29] audit: type=1326 audit(1722038710.231:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1226.300435][ T46] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1226.304081][ T29] audit: type=1326 audit(1722038710.241:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1226.390403][ T29] audit: type=1326 audit(1722038710.241:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1226.460510][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1226.469073][ T29] audit: type=1326 audit(1722038710.241:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1226.501725][ T46] usb 4-1: SerialNumber: syz [ 1226.544584][ T29] audit: type=1326 audit(1722038710.241:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1226.573465][ T29] audit: type=1326 audit(1722038710.241:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27356 comm="syz.1.4928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe700b77299 code=0x7ffc0000 [ 1226.602140][T27324] I/O error, dev loop7, sector 1280 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 1226.651142][T27324] Buffer I/O error on dev loop7, logical block 160, lost async page write [ 1226.693767][T27324] Buffer I/O error on dev loop7, logical block 161, lost async page write [ 1226.729441][T27324] Buffer I/O error on dev loop7, logical block 162, lost async page write [ 1226.781341][T27324] Buffer I/O error on dev loop7, logical block 163, lost async page write [ 1226.810107][T27324] Buffer I/O error on dev loop7, logical block 164, lost async page write [ 1226.841230][T27324] Buffer I/O error on dev loop7, logical block 165, lost async page write [ 1226.860022][T27324] Buffer I/O error on dev loop7, logical block 166, lost async page write [ 1226.894161][T27324] Buffer I/O error on dev loop7, logical block 167, lost async page write [ 1226.940703][T27324] Buffer I/O error on dev loop7, logical block 168, lost async page write [ 1227.018136][T27324] I/O error, dev loop7, sector 2304 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 1227.032237][T27324] I/O error, dev loop7, sector 3328 op 0x1:(WRITE) flags 0x800 phys_seg 48 prio class 0 [ 1227.499247][ T5649] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1227.517344][ T5649] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1227.535508][ T5649] bond0 (unregistering): Released all slaves [ 1227.853501][ T5649] bond1 (unregistering): Released all slaves [ 1228.048577][T27351] netlink: 'syz.3.4926': attribute type 21 has an invalid length. [ 1228.058907][T27351] netlink: 100 bytes leftover after parsing attributes in process `syz.3.4926'. [ 1229.134055][ T46] usb 4-1: 0:2 : does not exist [ 1229.139054][ T46] usb 4-1: unit 255 not found! [ 1229.179353][ T5649] tipc: Left network mode [ 1229.226251][ T46] usb 4-1: USB disconnect, device number 70 [ 1229.461211][T27439] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4938'. [ 1229.490425][T27439] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1229.501524][T27439] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1229.520735][T27439] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1229.530862][T27439] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1229.787047][ T5649] hsr_slave_0: left promiscuous mode [ 1229.808633][ T5649] hsr_slave_1: left promiscuous mode [ 1229.823789][ T5649] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1229.837751][ T5649] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1229.846922][ T5649] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1229.851282][ T46] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 1229.854634][ T5649] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1229.888802][ T5649] veth0_macvtap: left promiscuous mode [ 1229.895788][ T5649] veth1_vlan: left promiscuous mode [ 1229.901207][ T5649] veth0_vlan: left promiscuous mode [ 1230.073310][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1230.087731][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1230.106963][ T46] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice= 0.00 [ 1230.116555][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1230.143169][ T46] usb 2-1: config 0 descriptor?? [ 1231.707776][ T5242] Bluetooth: hci0: command 0x0406 tx timeout [ 1232.437307][ T5649] team0 (unregistering): Port device macvlan1 removed [ 1233.577268][ T5649] team0 (unregistering): Port device team_slave_1 removed [ 1233.775493][ T46] usbhid 2-1:0.0: can't add hid device: -71 [ 1233.784519][ T5649] team0 (unregistering): Port device team_slave_0 removed [ 1233.796904][ T46] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1233.842402][ T46] usb 2-1: USB disconnect, device number 72 [ 1234.172209][ T58] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 1234.382939][ T58] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1234.413669][ T58] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1234.450041][ T58] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1234.478800][ T58] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1234.487064][ T58] usb 4-1: SerialNumber: syz [ 1234.710056][ T58] usb 4-1: 0:2 : does not exist [ 1234.790183][ T58] usb 4-1: USB disconnect, device number 71 [ 1234.864723][T14031] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 1234.919296][T27472] tipc: Failed to obtain node identity [ 1234.927148][T27472] tipc: Enabling of bearer rejected, failed to enable media [ 1234.946613][T27498] netlink: 'syz.0.4950': attribute type 21 has an invalid length. [ 1234.954908][T27498] netlink: 100 bytes leftover after parsing attributes in process `syz.0.4950'. [ 1235.091621][T14031] usb 2-1: Using ep0 maxpacket: 32 [ 1235.103931][T14031] usb 2-1: too many configurations: 16, using maximum allowed: 8 [ 1235.133622][T14031] usb 2-1: config 20 has too many interfaces: 33, using maximum allowed: 32 [ 1235.145659][T14031] usb 2-1: config 20 has an invalid descriptor of length 242, skipping remainder of the config [ 1235.180325][T14031] usb 2-1: config 20 has 0 interfaces, different from the descriptor's value: 33 [ 1235.213857][T14031] usb 2-1: config 20 has too many interfaces: 33, using maximum allowed: 32 [ 1235.258099][T14031] usb 2-1: config 20 has an invalid descriptor of length 242, skipping remainder of the config [ 1235.290637][T14031] usb 2-1: config 20 has 0 interfaces, different from the descriptor's value: 33 [ 1235.349501][T14031] usb 2-1: config 20 has too many interfaces: 33, using maximum allowed: 32 [ 1235.385766][T14031] usb 2-1: config 20 has an invalid descriptor of length 242, skipping remainder of the config [ 1235.431237][T14031] usb 2-1: config 20 has 0 interfaces, different from the descriptor's value: 33 [ 1235.468545][T14031] usb 2-1: config 20 has too many interfaces: 33, using maximum allowed: 32 [ 1235.508855][T14031] usb 2-1: config 20 has an invalid descriptor of length 242, skipping remainder of the config [ 1235.546814][T14031] usb 2-1: config 20 has 0 interfaces, different from the descriptor's value: 33 [ 1235.589865][T14031] usb 2-1: config 20 has too many interfaces: 33, using maximum allowed: 32 [ 1235.658012][ T5649] IPVS: stop unused estimator thread 0... [ 1235.668449][T14031] usb 2-1: config 20 has an invalid descriptor of length 242, skipping remainder of the config [ 1235.736451][T14031] usb 2-1: config 20 has 0 interfaces, different from the descriptor's value: 33 [ 1235.829594][T14031] usb 2-1: config 20 has too many interfaces: 33, using maximum allowed: 32 [ 1235.873992][T14031] usb 2-1: config 20 has an invalid descriptor of length 242, skipping remainder of the config [ 1235.939262][T14031] usb 2-1: config 20 has 0 interfaces, different from the descriptor's value: 33 [ 1235.984641][T14031] usb 2-1: config 20 has too many interfaces: 33, using maximum allowed: 32 [ 1236.005698][T14031] usb 2-1: config 20 has an invalid descriptor of length 242, skipping remainder of the config [ 1236.032957][T14031] usb 2-1: config 20 has 0 interfaces, different from the descriptor's value: 33 [ 1236.057033][T14031] usb 2-1: config 20 has too many interfaces: 33, using maximum allowed: 32 [ 1236.067279][T14031] usb 2-1: config 20 has an invalid descriptor of length 242, skipping remainder of the config [ 1236.094493][T14031] usb 2-1: config 20 has 0 interfaces, different from the descriptor's value: 33 [ 1236.122010][T14031] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1236.132847][T14031] usb 2-1: New USB device strings: Mfr=1, Product=1, SerialNumber=128 [ 1236.141944][T14031] usb 2-1: Product: syz [ 1236.147080][T14031] usb 2-1: Manufacturer: syz [ 1236.155302][T14031] usb 2-1: SerialNumber: syz [ 1236.391341][T27591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4965'. [ 1236.471256][T27541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1236.471750][T27591] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1236.502375][T27591] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1236.509892][T27541] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1236.532918][T27591] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1236.540434][T27591] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1236.593043][T14031] usb 2-1: USB disconnect, device number 73 [ 1236.788052][T27619] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1237.052987][T27635] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4976'. [ 1237.259433][T27644] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4979'. [ 1237.325914][T27647] netlink: 'syz.0.4975': attribute type 21 has an invalid length. [ 1237.333942][T27647] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4975'. [ 1237.441982][ T5279] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 1238.043940][ T5279] usb 3-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice=ba.25 [ 1238.055895][ T5279] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1238.072177][ T5279] usb 3-1: Product: syz [ 1238.076482][ T5279] usb 3-1: Manufacturer: syz [ 1238.081256][ T5279] usb 3-1: SerialNumber: syz [ 1238.092212][ T5279] usb 3-1: config 0 descriptor?? [ 1238.102036][ T5279] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input79 [ 1238.341997][ T4654] bcm5974 3-1:0.0: could not read from device [ 1238.361514][T14031] usb 3-1: USB disconnect, device number 76 [ 1238.369580][ T4654] bcm5974 3-1:0.0: could not read from device [ 1238.395313][ T4654] bcm5974 3-1:0.0: could not read from device [ 1238.491742][ T46] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 1238.696453][ T5279] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1238.791204][ T46] usb 4-1: Using ep0 maxpacket: 8 [ 1238.804644][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 1238.857304][T27705] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1238.865580][T27705] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1238.948235][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1238.990618][ T5279] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1239.095959][ T46] usb 4-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10 [ 1239.128644][ T5279] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1239.196740][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1239.243717][ T5279] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1239.287350][ T8] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 1239.292489][ T46] usb 4-1: Product: syz [ 1239.307673][ T5279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1239.319365][ T46] usb 4-1: Manufacturer: syz [ 1239.326388][ T46] usb 4-1: SerialNumber: syz [ 1239.335389][ T5279] usb 5-1: SerialNumber: syz [ 1239.345184][ T46] usb 4-1: config 0 descriptor?? [ 1239.355401][ T46] radioshark2 4-1:0.0: Invalid radioSHARK2 device [ 1239.364430][ T46] radioshark2 4-1:0.0: probe with driver radioshark2 failed with error -22 [ 1239.378978][ T46] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1239.507290][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1239.517911][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1239.537643][ T8] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1239.547005][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1239.555763][ T8] usb 2-1: SerialNumber: syz [ 1239.619012][ T5279] usb 5-1: invalid UAC_HEADER (v1) [ 1239.625430][T21535] usb 4-1: USB disconnect, device number 72 [ 1239.638478][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.648072][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.662072][T14031] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1239.693704][ T5279] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1239.708181][ T5279] usb 5-1: USB disconnect, device number 67 [ 1239.799855][ T8] usb 2-1: 0:2 : does not exist [ 1239.830231][ T8] usb 2-1: USB disconnect, device number 74 [ 1239.863833][T14031] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1239.875480][T27768] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4998'. [ 1239.881063][T14031] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1239.896227][T14031] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1239.905647][T14031] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1239.924373][T27711] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 1239.946430][T14031] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1240.230561][ T5279] usb 3-1: USB disconnect, device number 77 [ 1240.594476][T27819] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5005'. [ 1240.618080][T27819] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1240.639633][T27819] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1240.660070][T27819] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1240.680669][T27819] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1240.750784][T27819] batadv0 (unregistering): left promiscuous mode [ 1240.998023][T27838] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1241.114484][T27848] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5014'. [ 1241.341280][ T46] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 1241.391765][T27856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5017'. [ 1241.541226][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 1241.564487][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 1241.596689][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1241.628667][ T46] usb 2-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10 [ 1241.658250][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1241.666389][ T46] usb 2-1: Product: syz [ 1241.670664][ T46] usb 2-1: Manufacturer: syz [ 1241.685942][ T46] usb 2-1: SerialNumber: syz [ 1241.704696][ T46] usb 2-1: config 0 descriptor?? [ 1241.724991][ T46] radioshark2 2-1:0.0: Invalid radioSHARK2 device [ 1241.751946][ T46] radioshark2 2-1:0.0: probe with driver radioshark2 failed with error -22 [ 1241.760947][ T46] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1241.980394][ T46] usb 2-1: USB disconnect, device number 75 [ 1243.153349][T27913] netlink: 'syz.2.5022': attribute type 10 has an invalid length. [ 1243.161472][T27913] netlink: 2 bytes leftover after parsing attributes in process `syz.2.5022'. [ 1243.170544][T27913] team0: entered promiscuous mode [ 1243.180614][T27913] team_slave_0: entered promiscuous mode [ 1243.189361][T27913] team_slave_1: entered promiscuous mode [ 1243.196648][T27913] bridge0: port 4(team0) entered blocking state [ 1243.203298][T27913] bridge0: port 4(team0) entered disabled state [ 1243.211829][T27913] team0: entered allmulticast mode [ 1243.358417][T27917] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1243.400180][T27913] team_slave_0: entered allmulticast mode [ 1244.269009][T27913] team_slave_1: entered allmulticast mode [ 1244.347141][T27913] bridge0: port 4(team0) entered blocking state [ 1244.353657][T27913] bridge0: port 4(team0) entered forwarding state [ 1244.440428][T27928] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5026'. [ 1244.569353][T27913] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5022'. [ 1246.037089][T27963] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5036'. [ 1246.406653][T27982] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5041'. [ 1246.617057][T27992] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1246.635946][T27993] netlink: 'syz.2.5046': attribute type 5 has an invalid length. [ 1246.661262][T27993] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5046'. [ 1246.763164][T28001] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5049'. [ 1246.786053][T28002] kAFS: No cell specified [ 1246.860522][T28009] mkiss: ax0: crc mode is auto. [ 1246.925784][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 1246.925805][ T29] audit: type=1326 audit(1722038731.531:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27967 comm="syz.3.5037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8676d77299 code=0x7fc00000 [ 1247.031249][ T5279] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1247.186278][T28025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5055'. [ 1247.307299][ T5279] usb 2-1: Using ep0 maxpacket: 32 [ 1247.999627][ T5279] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1248.029788][ T5279] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1248.046351][ T5279] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1248.101323][ T5279] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1248.125293][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1248.137105][ T5279] usb 2-1: Product: syz [ 1248.141399][ T5279] usb 2-1: Manufacturer: syz [ 1248.146131][ T5279] usb 2-1: SerialNumber: syz [ 1248.162519][ T5279] cdc_ncm 2-1:1.0: skipping garbage [ 1248.171370][ T5279] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 1248.188753][ T5279] cdc_ncm 2-1:1.0: bind() failure [ 1248.827040][T28066] netlink: 'syz.3.5068': attribute type 10 has an invalid length. [ 1248.851574][T28066] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1248.860488][T28066] team0: Port device netdevsim0 added [ 1248.870714][T28066] netlink: 'syz.3.5068': attribute type 10 has an invalid length. [ 1248.886403][T28066] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 1248.893894][ T5279] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1248.912790][T28066] team0: Port device netdevsim0 removed [ 1248.921298][T28066] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1249.014230][T28074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1249.038939][T28074] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1249.085358][ T5279] usb 5-1: config 0 has no interfaces? [ 1249.097131][ T5279] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 1249.106774][ T5279] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1249.125107][ T5279] usb 5-1: Manufacturer: syz [ 1249.137617][ T5279] usb 5-1: config 0 descriptor?? [ 1249.673417][ T58] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0 [ 1249.684264][ T58] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0 [ 1249.719774][ T58] hid-generic 0000:0000:0000.003A: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1249.924697][ T2566] bridge_slave_1: left allmulticast mode [ 1249.943666][ T2566] bridge_slave_1: left promiscuous mode [ 1249.953966][ T2566] bridge0: port 2(bridge_slave_1) entered disabled state [ 1249.967493][ T2566] bridge_slave_0: left allmulticast mode [ 1249.977502][ T2566] bridge_slave_0: left promiscuous mode [ 1249.986741][ T2566] bridge0: port 1(bridge_slave_0) entered disabled state [ 1249.997394][T28115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1250.015117][T28117] 9pnet_fd: p9_fd_create_tcp (28117): problem connecting socket to 127.0.0.1 [ 1250.017969][T28115] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1250.131363][ T58] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1250.323562][ T58] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1250.335222][ T58] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 1250.350686][ T58] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1250.365603][ T58] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1250.375190][ T58] usb 3-1: Product: syz [ 1250.380494][ T58] usb 3-1: Manufacturer: syz [ 1250.388583][ T58] usb 3-1: SerialNumber: syz [ 1250.561924][ T2566] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1250.584667][ T2566] bond0 (unregistering): Released all slaves [ 1250.598617][T28111] netlink: 'syz.0.5076': attribute type 5 has an invalid length. [ 1250.606832][T28099] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1250.898575][T28134] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1250.908374][T28134] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1251.026044][ T58] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS [ 1251.048365][ T58] cdc_ncm 3-1:1.0: bind() failure [ 1251.078248][ T58] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1251.097865][ T58] cdc_ncm 3-1:1.1: bind() failure [ 1251.120413][ T58] usb 3-1: USB disconnect, device number 78 [ 1251.171482][T21535] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 1251.235611][ T2566] hsr_slave_0: left promiscuous mode [ 1251.247415][ T2566] hsr_slave_1: left promiscuous mode [ 1251.256289][ T2566] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1251.268096][ T2566] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1251.281732][ T2566] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1251.289450][ T2566] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1251.325533][ T2566] vlan1: left promiscuous mode [ 1251.334105][ T2566] veth1_macvtap: left promiscuous mode [ 1251.339774][ T2566] veth0_macvtap: left promiscuous mode [ 1251.346706][ T2566] veth1_vlan: left promiscuous mode [ 1251.355343][ T2566] veth0_vlan: left promiscuous mode [ 1251.372254][T21535] usb 4-1: Using ep0 maxpacket: 32 [ 1251.393300][T21535] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1251.420852][T21535] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1251.444630][T21535] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1251.500190][T21535] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1251.523045][T21535] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1251.533038][T21535] usb 4-1: Product: syz [ 1251.537761][T21535] usb 4-1: Manufacturer: syz [ 1251.549314][T21535] usb 4-1: SerialNumber: syz [ 1251.583730][T21535] cdc_ncm 4-1:1.0: skipping garbage [ 1251.589479][T21535] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 1251.596785][T21535] cdc_ncm 4-1:1.0: bind() failure [ 1251.688364][ T46] usb 5-1: USB disconnect, device number 68 [ 1251.785709][ T2566] team0 (unregistering): Port device macvlan2 removed [ 1252.097723][T28189] 9pnet_rdma: rdma_create_trans (28189): problem binding to privport: 13 [ 1252.670662][ T2566] team0 (unregistering): Port device team_slave_1 removed [ 1252.741973][ T2566] team0 (unregistering): Port device team_slave_0 removed [ 1253.401608][ T5308] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 1253.620755][ T5308] usb 3-1: config 0 has no interfaces? [ 1253.655008][ T5308] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 1253.680412][ T5308] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1253.702086][ T5308] usb 3-1: Manufacturer: syz [ 1253.738473][ T5308] usb 3-1: config 0 descriptor?? [ 1254.452066][T28223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1254.460853][T28223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1254.523351][ T46] hid-generic 0000:0000:0000.003B: unknown main item tag 0x0 [ 1254.526539][ T2566] IPVS: stop unused estimator thread 0... [ 1254.555467][ T46] hid-generic 0000:0000:0000.003B: unknown main item tag 0x0 [ 1254.596561][ T46] hid-generic 0000:0000:0000.003B: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1254.750588][T28246] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5106'. [ 1254.760179][T28244] binder: 28243:28244 ioctl 8912 20000540 returned -22 [ 1254.771669][T28244] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5105'. [ 1254.921093][T28258] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1254.930570][T28258] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1255.061318][ T8] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1255.160227][T28263] netlink: 'syz.3.5109': attribute type 10 has an invalid length. [ 1255.180682][ T5242] Bluetooth: Wrong link type (-57) [ 1255.241244][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 1255.257373][ T8] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 1255.267458][ T8] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1255.278006][ T8] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1255.303438][ T8] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1255.316427][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1255.328854][ T8] usb 5-1: Product: ဉ [ 1255.333244][ T8] usb 5-1: Manufacturer: я [ 1255.340447][ T8] usb 5-1: SerialNumber: Ⰹ [ 1255.397233][T28268] can: request_module (can-proto-0) failed. [ 1255.580325][ T8] cdc_ncm 5-1:1.0: bind() failure [ 1255.598861][ T8] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1255.612016][ T8] cdc_ncm 5-1:1.1: bind() failure [ 1255.631003][ T8] usb 5-1: USB disconnect, device number 69 [ 1255.811387][T28294] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5117'. [ 1256.024694][T28302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1256.033687][T28302] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1256.172754][ T58] usb 3-1: USB disconnect, device number 79 [ 1257.045498][T23963] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1257.057698][T23963] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1257.066923][T23963] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1257.096928][T23963] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1257.110475][T23963] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1257.119604][T23963] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1257.244384][ T5242] Bluetooth: hci2: command tx timeout [ 1257.293074][T11394] Bluetooth: hci2: Opcode 0x206c failed: -110 [ 1257.833613][ T2566] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1257.890363][ T5308] IPVS: starting estimator thread 0... [ 1257.981395][T28359] IPVS: using max 17 ests per chain, 40800 per kthread [ 1258.349578][ T2566] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1258.461830][ T2566] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1258.603960][ T2566] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1258.817098][T28331] chnl_net:caif_netlink_parms(): no params data found [ 1259.311944][T23963] Bluetooth: hci4: command tx timeout [ 1259.320017][ T5242] Bluetooth: hci2: command 0x206c tx timeout [ 1259.329251][T11394] Bluetooth: hci2: Opcode 0x2046 failed: -110 [ 1260.052074][T28568] rdma_op ffff888062efd1f0 conn xmit_rdma 0000000000000000 [ 1260.094592][ T2566] team0: left allmulticast mode [ 1260.162018][ T2566] team_slave_0: left allmulticast mode [ 1260.238878][ T2566] team_slave_1: left allmulticast mode [ 1260.352017][ T2566] bridge0: port 4(team0) entered disabled state [ 1260.648808][ T2566] vlan2: left allmulticast mode [ 1260.700388][ T2566] vlan2: left promiscuous mode [ 1260.705706][ T2566] bridge0: port 3(vlan2) entered disabled state [ 1260.772102][ T2566] bridge_slave_1: left allmulticast mode [ 1260.794680][ T2566] bridge_slave_1: left promiscuous mode [ 1260.801732][ T2566] bridge0: port 2(bridge_slave_1) entered disabled state [ 1260.836902][ T2566] bridge_slave_0: left allmulticast mode [ 1260.865630][ T2566] bridge_slave_0: left promiscuous mode [ 1260.910976][ T2566] bridge0: port 1(bridge_slave_0) entered disabled state [ 1261.424877][T11394] Bluetooth: hci2: command 0x206c tx timeout [ 1261.457392][T11394] Bluetooth: hci4: command tx timeout [ 1261.905486][ T2566] bridge0 (unregistering): left allmulticast mode [ 1262.326014][ T2566] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1262.347070][ T2566] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1262.358364][ T2566] bond0 (unregistering): Released all slaves [ 1262.392552][T28331] bridge0: port 1(bridge_slave_0) entered blocking state [ 1262.399713][T28331] bridge0: port 1(bridge_slave_0) entered disabled state [ 1262.425467][T28331] bridge_slave_0: entered allmulticast mode [ 1262.442659][T28331] bridge_slave_0: entered promiscuous mode [ 1262.497565][T28580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5147'. [ 1262.531812][T28604] bridge0: port 3(bond0) entered blocking state [ 1262.542435][T28604] bridge0: port 3(bond0) entered disabled state [ 1262.560810][T28604] bond0: entered allmulticast mode [ 1262.566330][T28604] bond_slave_0: entered allmulticast mode [ 1262.572611][T28604] bond_slave_1: entered allmulticast mode [ 1262.586519][T28604] bond0: entered promiscuous mode [ 1262.594572][T28604] bond_slave_0: entered promiscuous mode [ 1262.600459][T28604] bond_slave_1: entered promiscuous mode [ 1262.610919][T28604] bridge0: port 3(bond0) entered blocking state [ 1262.618090][T28604] bridge0: port 3(bond0) entered forwarding state [ 1262.635548][ T2566] tipc: Left network mode [ 1262.635706][T28331] bridge0: port 2(bridge_slave_1) entered blocking state [ 1262.648422][T28331] bridge0: port 2(bridge_slave_1) entered disabled state [ 1262.665088][T28331] bridge_slave_1: entered allmulticast mode [ 1262.676593][T28331] bridge_slave_1: entered promiscuous mode [ 1262.846327][T28331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1262.894621][T28331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1263.008761][T28331] team0: Port device team_slave_0 added [ 1263.020777][T28331] team0: Port device team_slave_1 added [ 1263.111014][ T2566] hsr_slave_0: left promiscuous mode [ 1263.118442][ T2566] hsr_slave_1: left promiscuous mode [ 1263.130072][ T2566] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1263.144509][ T2566] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1263.165538][ T2566] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1263.173218][ T2566] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1263.218460][ T2566] veth1_macvtap: left promiscuous mode [ 1263.225734][ T2566] veth0_macvtap: left promiscuous mode [ 1263.234839][ T2566] veth1_vlan: left promiscuous mode [ 1263.240134][ T2566] veth0_vlan: left promiscuous mode [ 1263.451401][T14031] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 1263.481544][T11394] Bluetooth: hci2: command 0x206c tx timeout [ 1263.487978][ T5242] Bluetooth: hci4: command tx timeout [ 1263.677349][T14031] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1263.696365][T14031] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1263.719826][T14031] usb 5-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 1263.745761][T14031] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1263.771688][T14031] usb 5-1: config 0 descriptor?? [ 1264.078461][ T8] libceph: connect (1)[c::]:6789 error -101 [ 1264.203330][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 1264.461338][T14031] holtek 0003:1241:5015.003C: collection stack underflow [ 1264.481318][T14031] holtek 0003:1241:5015.003C: item 0 1 0 12 parsing failed [ 1264.490311][T14031] holtek 0003:1241:5015.003C: parse failed [ 1264.507111][T14031] holtek 0003:1241:5015.003C: probe with driver holtek failed with error -22 [ 1264.535495][T14031] libceph: connect (1)[c::]:6789 error -101 [ 1264.542020][T14031] libceph: mon0 (1)[c::]:6789 connect error [ 1264.574265][T28717] ceph: No mds server is up or the cluster is laggy [ 1265.363311][T28730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1265.376419][T14031] usb 5-1: USB disconnect, device number 70 [ 1265.378889][T28730] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1265.446276][T24323] hid-generic 0000:0000:0000.003D: unknown main item tag 0x0 [ 1265.470545][T24323] hid-generic 0000:0000:0000.003D: unknown main item tag 0x0 [ 1265.473175][T28743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1265.482838][T24323] hid-generic 0000:0000:0000.003D: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1265.497504][T28743] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1265.556942][ T5242] Bluetooth: hci4: command tx timeout [ 1265.588534][ T2566] team_slave_1 (unregistering): left promiscuous mode [ 1265.606273][ T2566] team0 (unregistering): Port device team_slave_1 removed [ 1265.655478][ T2566] team_slave_0 (unregistering): left promiscuous mode [ 1265.664312][ T2566] team0 (unregistering): Port device team_slave_0 removed [ 1266.215530][T28759] ieee802154 phy0 wpan0: encryption failed: -22 [ 1266.316502][T28762] rdma_op ffff8880215ca1f0 conn xmit_rdma 0000000000000000 [ 1267.101904][T28331] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1267.121623][T28331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1267.171557][T28331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1267.184386][T28331] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1267.191524][T28331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1267.217665][T28331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1267.240114][T28707] syz.0.5159 (28707) used obsolete PPPIOCDETACH ioctl [ 1267.337754][T28769] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 1267.356158][T28768] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1267.495690][T28795] sctp: [Deprecated]: syz.4.5175 (pid 28795) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1267.495690][T28795] Use struct sctp_sack_info instead [ 1267.546407][T28331] hsr_slave_0: entered promiscuous mode [ 1267.556565][T28331] hsr_slave_1: entered promiscuous mode [ 1267.573977][T28331] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1267.581862][T28331] Cannot create hsr debugfs directory [ 1267.652737][T28810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1267.662265][T28810] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1268.715893][ T9] IPVS: starting estimator thread 0... [ 1268.787544][T28836] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1268.913602][T28865] IPVS: using max 18 ests per chain, 43200 per kthread [ 1269.142261][ T46] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 1269.371401][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 1269.391510][ T46] usb 5-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be [ 1269.391639][ T5242] Bluetooth: hci0: command tx timeout [ 1269.400567][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1269.400592][ T46] usb 5-1: Product: syz [ 1269.400608][ T46] usb 5-1: Manufacturer: syz [ 1269.400624][ T46] usb 5-1: SerialNumber: syz [ 1269.413969][ T46] usb 5-1: config 0 descriptor?? [ 1269.605809][T28331] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1269.627274][T28331] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1269.642677][T28331] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1269.657650][T28331] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1269.671090][ T46] peak_usb 5-1:0.0: PEAK-System PCAN-Chip USB v169 fw v83.176.175 (1 channels) [ 1269.792620][T28331] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1269.829275][T28331] 8021q: adding VLAN 0 to HW filter on device team0 [ 1269.848800][T24323] bridge0: port 1(bridge_slave_0) entered blocking state [ 1269.856104][T24323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1269.874953][ T46] peak_usb 5-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 1269.900910][T24323] bridge0: port 2(bridge_slave_1) entered blocking state [ 1269.908147][T24323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1269.915953][ T46] peak_usb 5-1:0.0: unable to tell PCAN-Chip USB driver is loaded (err -71) [ 1270.012590][ T46] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -71 [ 1270.034819][ T46] usb 5-1: USB disconnect, device number 71 [ 1270.450353][T28331] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1270.527911][T28331] veth0_vlan: entered promiscuous mode [ 1270.544808][T28331] veth1_vlan: entered promiscuous mode [ 1270.607807][T28331] veth0_macvtap: entered promiscuous mode [ 1270.620434][T28331] veth1_macvtap: entered promiscuous mode [ 1270.655220][T28331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.673315][T28331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.693458][T28331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.709925][T28331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.725464][T28331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.736581][T28331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.754482][T28331] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1270.777558][T28331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1270.804873][T28331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.817534][T28331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1270.833960][T28331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.845072][T28331] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1270.858922][T28331] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.876334][T28331] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1270.898399][T28331] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1270.908317][T28331] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1270.918313][T28331] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1270.928978][T28331] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1271.068463][ T5625] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1271.085718][ T5625] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1271.120158][ T2905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1271.131056][ T2905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1271.227844][T28981] netlink: 'syz.2.5121': attribute type 10 has an invalid length. [ 1271.277668][T28981] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1271.314016][ T5242] Bluetooth: Wrong link type (-57) [ 1273.147617][T29011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1273.158755][T29011] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1273.194511][T29016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1273.206990][T29016] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1273.231506][ T5242] Bluetooth: hci4: command tx timeout [ 1273.301443][T24323] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1273.483130][T24323] usb 5-1: Using ep0 maxpacket: 32 [ 1273.492434][T24323] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 1273.567248][T29033] rdma_op ffff88806482c1f0 conn xmit_rdma 0000000000000000 [ 1274.246747][T24323] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1274.254917][T24323] usb 5-1: Product: syz [ 1274.259115][T24323] usb 5-1: Manufacturer: syz [ 1274.269466][T24323] usb 5-1: SerialNumber: syz [ 1274.276860][T24323] usb 5-1: config 0 descriptor?? [ 1274.629265][T24323] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 1274.670799][T24323] peak_usb 5-1:0.0: unable to read PCAN-USB Pro firmware info (err -71) [ 1275.274547][T29069] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1275.307333][ T5280] IPVS: starting estimator thread 0... [ 1275.373158][T24323] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -71 [ 1275.393573][T24323] usb 5-1: USB disconnect, device number 72 [ 1275.411342][T29070] IPVS: using max 19 ests per chain, 45600 per kthread [ 1275.591299][T14031] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1276.951550][T14031] usb 3-1: Using ep0 maxpacket: 32 [ 1276.973559][T14031] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 1276.994963][T14031] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1277.036527][T14031] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1277.091351][T14031] usb 3-1: config 1 has no interface number 0 [ 1277.097698][T14031] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1277.137950][T14031] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1277.152573][T14031] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1277.174811][T14031] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1277.194478][T14031] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 1277.548647][T29109] o2cb: This node has not been configured. [ 1277.555418][T29109] o2cb: Cluster check failed. Fix errors before retrying. [ 1277.562914][T29109] (syz.4.5211,29109,1):user_dlm_register:674 ERROR: status = -22 [ 1277.570980][T29109] (syz.4.5211,29109,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 1278.002513][T14031] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 1278.461846][ T29] audit: type=1326 audit(1722038763.051:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29118 comm="syz.0.5212" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0258577299 code=0x0 [ 1278.791563][T14031] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1278.943865][T29144] netlink: 'syz.1.5219': attribute type 29 has an invalid length. [ 1279.012938][T14031] usb 5-1: Using ep0 maxpacket: 32 [ 1279.027711][T14031] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 1279.037715][T14031] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1279.048734][T14031] usb 5-1: Product: syz [ 1279.057658][T14031] usb 5-1: Manufacturer: syz [ 1279.062842][T14031] usb 5-1: SerialNumber: syz [ 1279.074293][T14031] usb 5-1: config 0 descriptor?? [ 1279.091992][ T9] snd_usb_pod 3-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 1279.368749][T14031] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 1279.398905][ T9] usb 3-1: USB disconnect, device number 80 [ 1279.436073][T14031] peak_usb 5-1:0.0: unable to read PCAN-USB Pro firmware info (err -71) [ 1279.452464][ T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 1280.292702][T14031] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -71 [ 1280.330023][T14031] usb 5-1: USB disconnect, device number 73 [ 1280.477211][T29185] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5227'. [ 1280.527936][T29185] input: syz0 as /devices/virtual/input/input80 [ 1282.521805][ T5242] Bluetooth: hci2: unexpected event for opcode 0x0c26 [ 1283.863809][T29249] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1284.911573][T29276] vlan0: entered promiscuous mode [ 1284.962240][T29276] syz_tun: entered promiscuous mode [ 1285.023389][T29276] syz_tun: left promiscuous mode [ 1285.194149][ T29] audit: type=1326 audit(1722038769.801:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29284 comm="syz.1.5256" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe700b77299 code=0x0 [ 1286.042752][T29307] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5257'. [ 1286.065174][T29307] input: syz0 as /devices/virtual/input/input81 [ 1286.155475][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1286.190304][T29317] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1286.263048][T29320] netlink: 'syz.3.5260': attribute type 1 has an invalid length. [ 1286.321396][T29320] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5260'. [ 1286.331925][T29323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1286.340748][T29323] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1286.860275][T29337] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0) [ 1287.068784][T11394] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1287.080997][T11394] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1287.091556][T11394] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1287.102468][T11394] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1287.110186][T11394] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1287.121407][T11394] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1287.886862][T11320] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1287.983104][T29365] netlink: 'syz.2.5272': attribute type 3 has an invalid length. [ 1288.060114][ T29] audit: type=1326 audit(1722038772.661:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29358 comm="syz.1.5270" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe700b77299 code=0x0 [ 1288.087980][T11320] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1288.129890][T29376] netlink: 'syz.2.5273': attribute type 1 has an invalid length. [ 1288.151342][T29376] netlink: 76 bytes leftover after parsing attributes in process `syz.2.5273'. [ 1288.248682][T11320] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1288.401922][T11320] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1288.641760][ T5280] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1288.671577][T29347] chnl_net:caif_netlink_parms(): no params data found [ 1288.717088][T11320] bond0: left allmulticast mode [ 1288.723327][T11320] bond_slave_0: left allmulticast mode [ 1288.734075][T11320] bond_slave_1: left allmulticast mode [ 1288.740850][T11320] bond0: left promiscuous mode [ 1288.746725][T11320] bond_slave_0: left promiscuous mode [ 1288.753270][T11320] bond_slave_1: left promiscuous mode [ 1288.759017][T11320] bridge0: port 3(bond0) entered disabled state [ 1288.768346][T11320] bridge_slave_1: left allmulticast mode [ 1288.774481][T11320] bridge_slave_1: left promiscuous mode [ 1288.780173][T11320] bridge0: port 2(bridge_slave_1) entered disabled state [ 1288.789173][T11320] bridge_slave_0: left allmulticast mode [ 1288.795844][T11320] bridge_slave_0: left promiscuous mode [ 1288.801875][T11320] bridge0: port 1(bridge_slave_0) entered disabled state [ 1288.841668][ T5280] usb 3-1: Using ep0 maxpacket: 32 [ 1288.851568][ T5280] usb 3-1: config 0 has an invalid interface number: 198 but max is 0 [ 1288.867535][ T5280] usb 3-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 1288.885163][ T5280] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 1288.900482][ T5280] usb 3-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 1288.927071][ T5280] usb 3-1: config 0 has no interface number 0 [ 1288.934449][ T5280] usb 3-1: config 0 interface 198 altsetting 0 endpoint 0x8B has an invalid bInterval 31, changing to 8 [ 1288.965135][ T5280] usb 3-1: config 0 interface 198 altsetting 0 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 1288.981322][ T5280] usb 3-1: config 0 interface 198 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 1288.989517][T29507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1289.011374][ T5280] usb 3-1: config 0 interface 198 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 8 [ 1289.022452][T29507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1289.028169][ T5280] usb 3-1: New USB device found, idVendor=066f, idProduct=8000, bcdDevice= 0.01 [ 1289.063433][ T5280] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1289.073058][ T5280] usb 3-1: Product: syz [ 1289.091916][ T5280] usb 3-1: Manufacturer: syz [ 1289.096536][ T5280] usb 3-1: SerialNumber: syz [ 1289.121340][ T5280] usb 3-1: config 0 descriptor?? [ 1289.128851][ T5280] usb-storage 3-1:0.198: USB Mass Storage device detected [ 1289.188413][ T5280] usb-storage 3-1:0.198: Quirks match for vid 066f pid 8000: 10 [ 1289.232814][ T5242] Bluetooth: hci0: command tx timeout [ 1289.387103][ T5280] usb 3-1: USB disconnect, device number 81 [ 1289.526778][T11320] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1289.537978][T11320] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1289.549381][T11320] bond0 (unregistering): Released all slaves [ 1289.580477][T29499] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1289.590291][T29499] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1289.599460][T29499] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1289.608276][T29499] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1289.899711][T29347] bridge0: port 1(bridge_slave_0) entered blocking state [ 1289.910259][T29347] bridge0: port 1(bridge_slave_0) entered disabled state [ 1289.924026][T29347] bridge_slave_0: entered allmulticast mode [ 1289.940783][T29347] bridge_slave_0: entered promiscuous mode [ 1290.007130][T29347] bridge0: port 2(bridge_slave_1) entered blocking state [ 1290.029413][T29347] bridge0: port 2(bridge_slave_1) entered disabled state [ 1290.041540][T29347] bridge_slave_1: entered allmulticast mode [ 1290.048937][T29347] bridge_slave_1: entered promiscuous mode [ 1290.980801][T29347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1290.999494][T29617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1291.016086][T29617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1291.061409][T29586] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5282'. [ 1291.087418][T29347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1291.239988][T29347] team0: Port device team_slave_0 added [ 1291.252610][T29347] team0: Port device team_slave_1 added [ 1291.322065][ T5242] Bluetooth: hci0: command tx timeout [ 1291.348531][T11320] hsr_slave_0: left promiscuous mode [ 1291.363006][T11320] hsr_slave_1: left promiscuous mode [ 1291.398354][T11320] veth1_macvtap: left promiscuous mode [ 1291.407300][T11320] veth0_macvtap: left promiscuous mode [ 1291.413343][T11320] veth1_vlan: left promiscuous mode [ 1291.418709][T11320] veth0_vlan: left promiscuous mode [ 1291.777774][T29706] overlayfs: missing 'lowerdir' [ 1291.913637][T29714] xt_l2tp: missing protocol rule (udp|l2tpip) [ 1292.260897][T11320] team0 (unregistering): Port device team_slave_1 removed [ 1292.319017][T11320] team0 (unregistering): Port device team_slave_0 removed [ 1292.884180][T29347] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1292.891628][T29347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1292.923535][T29347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1292.981925][T29347] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1292.999316][T29347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1293.051271][T29347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1293.204141][T29347] hsr_slave_0: entered promiscuous mode [ 1293.214831][T29347] hsr_slave_1: entered promiscuous mode [ 1293.231583][T29347] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1293.239278][T29347] Cannot create hsr debugfs directory [ 1293.428079][ T5242] Bluetooth: hci0: command tx timeout [ 1294.397676][T11320] IPVS: stop unused estimator thread 0... [ 1294.753270][T29853] overlayfs: missing 'lowerdir' [ 1295.471519][ T5242] Bluetooth: hci0: command tx timeout [ 1295.535709][T29347] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1295.634280][T29347] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1295.667300][T29347] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1295.683595][T29347] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1296.622420][T29923] overlayfs: missing 'lowerdir' [ 1296.646663][T29347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1296.705747][T29347] 8021q: adding VLAN 0 to HW filter on device team0 [ 1296.777125][ T5280] bridge0: port 1(bridge_slave_0) entered blocking state [ 1296.784398][ T5280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1296.832880][ T5280] bridge0: port 2(bridge_slave_1) entered blocking state [ 1296.840124][ T5280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1297.093677][T29947] netlink: 64 bytes leftover after parsing attributes in process `syz.4.5326'. [ 1297.175880][T29950] netlink: 'syz.3.5330': attribute type 1 has an invalid length. [ 1297.208376][T29950] netlink: 9364 bytes leftover after parsing attributes in process `syz.3.5330'. [ 1297.251267][T29950] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5330'. [ 1297.408685][T29347] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1297.562950][T29347] veth0_vlan: entered promiscuous mode [ 1297.596499][T29347] veth1_vlan: entered promiscuous mode [ 1297.802849][T29970] netlink: 72 bytes leftover after parsing attributes in process `syz.2.5335'. [ 1299.438085][T29347] veth0_macvtap: entered promiscuous mode [ 1299.463948][T29347] veth1_macvtap: entered promiscuous mode [ 1299.503810][T29347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.518016][T29347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.546602][T29347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.569744][T29347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.580359][T29347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.591229][T29347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.607717][T29347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.618359][T29347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.636633][T29347] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1299.649578][T29986] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5340'. [ 1299.670616][T29986] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5340'. [ 1299.739924][T29347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.761207][T29347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.796355][T29347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.823977][T29347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.834220][T29347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.854058][T29347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.864125][T29347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.875100][T29347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.886822][T29347] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1299.933668][T29347] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1299.969334][T29347] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.028185][T29347] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.079492][T29347] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.921467][T17038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1300.930174][T17038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1300.988141][T11320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1301.002727][T11320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1301.014927][T30027] netlink: 'syz.3.5349': attribute type 1 has an invalid length. [ 1301.038544][T30027] netlink: 9364 bytes leftover after parsing attributes in process `syz.3.5349'. [ 1301.058825][T30027] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5349'. [ 1301.087864][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 1301.094668][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 1301.206491][T30033] geneve2: entered promiscuous mode [ 1301.225671][T30033] geneve2: entered allmulticast mode [ 1301.354250][T30040] syzkaller0: entered promiscuous mode [ 1301.360134][T30040] syzkaller0: entered allmulticast mode [ 1301.378980][T30043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1301.411811][T30043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1301.504191][T30056] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5358'. [ 1301.558615][T30056] bond1: entered promiscuous mode [ 1301.789301][T30097] wg1: entered promiscuous mode [ 1302.808718][T30112] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5366'. [ 1303.050725][T30116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1303.064156][T30116] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1303.119560][T30132] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5373'. [ 1303.163604][T30132] bond1: entered promiscuous mode [ 1303.339366][T30176] Bluetooth: MGMT ver 1.23 [ 1303.359010][T30174] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1303.380021][T30176] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5377'. [ 1303.401431][T30176] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5377'. [ 1303.634171][ T5242] Bluetooth: hci4: failed to read key size for handle 201 [ 1303.708953][T30189] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5380'. [ 1303.712036][T30190] netlink: 'syz.2.5379': attribute type 11 has an invalid length. [ 1304.992566][T30209] kvm: pic: non byte write [ 1305.005763][T30222] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4102857745 (32822861960 ns) > initial count (10843324416 ns). Using initial count to start timer. [ 1305.364612][T30240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5392'. [ 1306.154054][ T5242] Bluetooth: hci2: failed to read key size for handle 201 [ 1306.162496][ T5242] Bluetooth: hci2: unexpected event for opcode 0x1408 [ 1306.313576][T30245] netlink: 'syz.3.5394': attribute type 11 has an invalid length. [ 1307.052312][T30272] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5395'. [ 1307.982530][T30271] syz.1.5396[30271] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1307.982684][T30271] syz.1.5396[30271] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1308.584932][T30273] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1308.877107][T30287] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1309.156005][T30293] 9pnet_fd: Insufficient options for proto=fd [ 1310.061364][T30289] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5405'. [ 1310.097604][T30289] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5405'. [ 1310.443138][T30307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1310.455125][T30312] kvm: pic: non byte write [ 1310.461733][T30307] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1310.558553][T30295] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4102857745 (32822861960 ns) > initial count (10843324416 ns). Using initial count to start timer. [ 1310.855091][T30324] binder: 30323:30324 ioctl c018620b 0 returned -14 [ 1311.924983][ T5242] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 1313.138663][ T5242] Bluetooth: hci0: failed to read key size for handle 201 [ 1313.265498][T30370] netlink: 'syz.0.5427': attribute type 11 has an invalid length. [ 1313.706130][T30385] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1314.782270][T30396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1314.799527][T30396] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1316.631589][ T5280] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1316.811254][ T5280] usb 3-1: Using ep0 maxpacket: 32 [ 1316.820581][ T5280] usb 3-1: config index 0 descriptor too short (expected 164, got 36) [ 1316.841347][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1316.852681][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1316.862822][ T5280] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 1316.871985][ T5280] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1316.882207][ T5280] usb 3-1: config 0 descriptor?? [ 1317.302146][T30424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1317.322046][T30424] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1317.351710][ T29] audit: type=1326 audit(1722038801.951:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30451 comm="syz.0.5445" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffb00977299 code=0x0 [ 1317.377967][ T5280] logitech 0003:046D:C29C.003E: unknown main item tag 0x0 [ 1317.396136][ T5280] logitech 0003:046D:C29C.003E: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.2-1/input0 [ 1317.404502][T30454] kvm: pic: non byte write [ 1317.449441][T30444] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4102857745 (32822861960 ns) > initial count (10843324416 ns). Using initial count to start timer. [ 1317.552522][ T5280] logitech 0003:046D:C29C.003E: no inputs found [ 1317.565289][ T5280] usb 3-1: USB disconnect, device number 82 [ 1320.174266][T30483] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1320.208729][ T5242] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 1321.194196][T30505] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5456'. [ 1321.621439][T30529] netlink: 'syz.4.5462': attribute type 2 has an invalid length. [ 1321.981657][T30537] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5466'. [ 1322.272487][T30539] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4102857745 (32822861960 ns) > initial count (10843324416 ns). Using initial count to start timer. [ 1323.344780][T30562] : renamed from ipvlan1 [ 1323.977686][T30588] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1324.026301][T24323] usb 4-1: USB disconnect, device number 73 [ 1324.494503][ T2566] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1324.530715][ T2566] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1324.912618][ T2566] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1324.957602][ T2566] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1325.344304][ T2566] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1325.621457][ T2566] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1326.659986][ T2566] bond0: (slave netdevsim0): Releasing backup interface [ 1326.707005][ T2566] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1326.758191][ T2566] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1327.392298][ T2566] bridge_slave_1: left allmulticast mode [ 1327.409273][ T2566] bridge_slave_1: left promiscuous mode [ 1327.415310][ T2566] bridge0: port 2(bridge_slave_1) entered disabled state [ 1328.233464][ T2566] bridge_slave_0: left allmulticast mode [ 1328.239191][ T2566] bridge_slave_0: left promiscuous mode [ 1328.282070][T11394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1328.302487][ T2566] bridge0: port 1(bridge_slave_0) entered disabled state [ 1328.313773][T11394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1328.323791][T11394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1328.333078][T11394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1328.346986][T11394] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1328.356825][T11394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1328.450079][T30655] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5493'. [ 1329.436655][ T2566] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1329.463051][ T2566] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1329.693500][ T2566] bond0 (unregistering): Released all slaves [ 1330.085459][ T2566] bond1 (unregistering): Released all slaves [ 1330.119346][T30678] ip6gre1: entered allmulticast mode [ 1330.441880][T11394] Bluetooth: hci2: command tx timeout [ 1330.834497][T30643] chnl_net:caif_netlink_parms(): no params data found [ 1331.417533][ T2566] team0: left promiscuous mode [ 1331.430094][ T2566] team_slave_0: left promiscuous mode [ 1331.438510][ T2566] team_slave_1: left promiscuous mode [ 1331.457980][ T2566] hsr_slave_0: left promiscuous mode [ 1331.469969][ T2566] hsr_slave_1: left promiscuous mode [ 1331.529874][ T2566] veth1_macvtap: left promiscuous mode [ 1331.532917][T30808] vivid-007: disconnect [ 1331.541687][ T2566] veth0_macvtap: left promiscuous mode [ 1331.548619][ T2566] veth1_vlan: left promiscuous mode [ 1331.561400][ T2566] veth0_vlan: left promiscuous mode [ 1331.563251][T30806] vivid-007: reconnect [ 1332.553845][T11394] Bluetooth: hci2: command tx timeout [ 1333.220561][ T2566] team0 (unregistering): Port device team_slave_1 removed [ 1333.277845][ T2566] team0 (unregistering): Port device team_slave_0 removed [ 1333.929695][T30796] bridge: RTM_DELNEIGH with unconfigured vlan 3 on bridge_slave_0 [ 1334.296325][T30643] bridge0: port 1(bridge_slave_0) entered blocking state [ 1334.329924][T30643] bridge0: port 1(bridge_slave_0) entered disabled state [ 1334.363963][T30643] bridge_slave_0: entered allmulticast mode [ 1334.372005][T30643] bridge_slave_0: entered promiscuous mode [ 1334.387558][T30643] bridge0: port 2(bridge_slave_1) entered blocking state [ 1334.417859][T30643] bridge0: port 2(bridge_slave_1) entered disabled state [ 1334.428339][T30643] bridge_slave_1: entered allmulticast mode [ 1334.462143][T30643] bridge_slave_1: entered promiscuous mode [ 1334.483299][T30893] [U] [ 1334.486606][T30893] [U] [ 1334.489312][T30893] [U] [ 1334.492031][T30893] [U] [ 1334.527778][T30893] [U] [ 1334.530540][T30893] [U] [ 1334.533222][T30893] [U] [ 1334.535910][T30893] [U] [ 1334.550978][T30893] [U] [ 1334.553735][T30893] [U] [ 1334.556445][T30893] [U] [ 1334.559153][T30893] [U] [ 1334.580548][T30893] [U] [ 1334.583310][T30893] [U] [ 1334.586035][T30893] [U] [ 1334.588728][T30893] [U] [ 1334.599533][T11394] Bluetooth: hci2: command tx timeout [ 1334.614055][T30643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1334.629249][T30893] [U] [ 1334.632009][T30893] [U] [ 1334.634731][T30893] [U] [ 1334.637444][T30893] [U] [ 1334.639756][T30643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1334.645371][T30894] ieee802154 phy0 wpan0: encryption failed: -22 [ 1334.701269][T30643] team0: Port device team_slave_0 added [ 1334.704586][T30893] [U] [ 1334.713039][T30893] [U] [ 1334.713073][T30893] [U] [ 1334.713102][T30893] [U] [ 1334.719582][T30643] team0: Port device team_slave_1 added [ 1334.733300][T30893] [U] [ 1334.733337][T30893] [U] [ 1334.733362][T30893] [U] [ 1334.733392][T30893] [U] [ 1334.733467][T30893] [U] [ 1334.733496][T30893] [U] [ 1334.733524][T30893] [U] [ 1334.733553][T30893] [U] [ 1334.733776][T30893] [U] [ 1334.733807][T30893] [U] [ 1334.733836][T30893] [U] [ 1334.733865][T30893] [U] [ 1334.733937][T30893] [U] [ 1334.733970][T30893] [U] [ 1334.734001][T30893] [U] [ 1334.734030][T30893] [U] [ 1334.734431][T30893] [U] [ 1334.734462][T30893] [U] [ 1334.734492][T30893] [U] [ 1334.734521][T30893] [U] [ 1334.734593][T30893] [U] [ 1334.734627][T30893] [U] [ 1334.734656][T30893] [U] [ 1334.734684][T30893] [U] [ 1334.735012][T30893] [U] [ 1334.735043][T30893] [U] [ 1334.735072][T30893] [U] [ 1334.735101][T30893] [U] [ 1334.735172][T30893] [U] [ 1334.735203][T30893] [U] [ 1334.735232][T30893] [U] [ 1334.735268][T30893] [U] [ 1334.735473][T30893] [U] [ 1334.831886][T30893] [U] [ 1334.831918][T30893] [U] [ 1334.831944][T30893] [U] [ 1334.854556][T30893] [U] [ 1334.862549][T30893] [U] [ 1334.862581][T30893] [U] [ 1334.862609][T30893] [U] [ 1334.869109][T30893] [U] [ 1334.869143][T30893] [U] [ 1334.869172][T30893] [U] [ 1334.869199][T30893] [U] [ 1334.869271][T30893] [U] [ 1334.869300][T30893] [U] [ 1334.869326][T30893] [U] [ 1334.869350][T30893] [U] [ 1334.869576][T30893] [U] [ 1334.869605][T30893] [U] [ 1334.869634][T30893] [U] [ 1334.869663][T30893] [U] [ 1334.869735][T30893] [U] [ 1334.869765][T30893] [U] [ 1334.869794][T30893] [U] [ 1334.869826][T30893] [U] [ 1334.870174][T30893] [U] [ 1334.870205][T30893] [U] [ 1334.870232][T30893] [U] [ 1334.870260][T30893] [U] [ 1334.870329][T30893] [U] [ 1334.870357][T30893] [U] [ 1334.870383][T30893] [U] [ 1334.870408][T30893] [U] [ 1334.870601][T30893] [U] [ 1334.870631][T30893] [U] [ 1334.870657][T30893] [U] [ 1334.870684][T30893] [U] [ 1334.870761][T30893] [U] [ 1334.870789][T30893] [U] [ 1334.870816][T30893] [U] [ 1334.870845][T30893] [U] [ 1334.871090][T30893] [U] [ 1334.964395][T30893] [U] [ 1334.964417][T30893] [U] [ 1334.964434][T30893] [U] [ 1334.973680][T30643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1334.973694][T30643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1334.973710][T30643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1334.975022][T30643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1334.975033][T30643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1334.975048][T30643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1334.998505][T30893] [U] [ 1334.998545][T30893] [U] [ 1334.998576][T30893] [U] [ 1334.998603][T30893] [U] [ 1335.009108][T30893] [U] [ 1335.009145][T30893] [U] [ 1335.009174][T30893] [U] [ 1335.009204][T30893] [U] [ 1335.009237][T30893] [U] [ 1335.009264][T30893] [U] [ 1335.009293][T30893] [U] [ 1335.009321][T30893] [U] [ 1335.009368][T30893] [U] [ 1335.009392][T30893] [U] [ 1335.009415][T30893] [U] [ 1335.009436][T30893] [U] [ 1335.009461][T30893] [U] [ 1335.009488][T30893] [U] [ 1335.009513][T30893] [U] [ 1335.009546][T30893] [U] [ 1335.009589][T30893] [U] [ 1335.009618][T30893] [U] [ 1335.009647][T30893] [U] [ 1335.009674][T30893] [U] [ 1335.009706][T30893] [U] [ 1335.009733][T30893] [U] [ 1335.009758][T30893] [U] [ 1335.063715][T30892] [U] [ 1335.180529][T30643] hsr_slave_0: entered promiscuous mode [ 1335.183893][T30643] hsr_slave_1: entered promiscuous mode [ 1335.187545][T30643] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1335.187692][T30643] Cannot create hsr debugfs directory [ 1335.499908][T31038] Invalid ELF header magic: != ELF [ 1336.338654][T30643] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1336.369826][T30643] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1336.395486][T30643] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1336.417726][T30643] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1336.596134][T30643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1336.645794][T30643] 8021q: adding VLAN 0 to HW filter on device team0 [ 1336.671494][T11394] Bluetooth: hci2: command tx timeout [ 1336.726767][ T5279] bridge0: port 1(bridge_slave_0) entered blocking state [ 1336.734031][ T5279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1336.774184][ T5279] bridge0: port 2(bridge_slave_1) entered blocking state [ 1336.781421][ T5279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1337.189275][T30643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1337.254382][T30643] veth0_vlan: entered promiscuous mode [ 1337.279190][T30643] veth1_vlan: entered promiscuous mode [ 1337.347575][T30643] veth0_macvtap: entered promiscuous mode [ 1337.370582][T30643] veth1_macvtap: entered promiscuous mode [ 1337.417687][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1337.441804][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.461234][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1337.491230][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.511358][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1337.538250][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.550841][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1337.571057][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.581790][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1337.593918][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.606639][T30643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1337.623203][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.652202][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.671330][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.685522][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.705611][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.732371][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.761227][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.790664][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.820929][T30643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.840130][T30643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.854593][T30643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1337.907282][T30643] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.927876][T30643] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.939546][T30643] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.958225][T30643] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1338.181002][T17038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1338.211284][T17038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1338.473305][ T5242] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1338.485777][T17038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1338.495404][ T5242] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1338.505116][ T5242] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1338.505376][T17038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1338.535658][ T5242] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1338.546274][ T5242] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1338.571864][ T5242] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1339.494413][ T46] usb 2-1: USB disconnect, device number 76 [ 1339.701683][T11320] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1339.774437][T31149] kvm: pic: non byte write [ 1339.838341][T31149] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4102857745 (32822861960 ns) > initial count (10843324416 ns). Using initial count to start timer. [ 1339.848037][T31183] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.5540'. [ 1339.875290][T11320] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1339.888774][T31183] netlink: 'syz.2.5540': attribute type 1 has an invalid length. [ 1339.902431][T31183] netlink: 121 bytes leftover after parsing attributes in process `syz.2.5540'. [ 1340.004336][ T5242] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1340.018905][ T5242] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1340.027434][ T5242] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1340.038771][ T5242] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1340.048080][ T5242] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1340.055160][T11320] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1340.066291][ T5242] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1340.217195][T31200] syz.2.5541[31200] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1340.217283][T31200] syz.2.5541[31200] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1340.236838][T11320] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1340.262856][ T29] audit: type=1326 audit(1722038824.871:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31199 comm="syz.2.5541" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f91f2777299 code=0x0 [ 1340.415022][ T29] audit: type=1800 audit(1722038825.021:804): pid=31267 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.5543" name="bus" dev="overlay" ino=35 res=0 errno=0 [ 1340.591687][ T5242] Bluetooth: hci6: command tx timeout [ 1340.608989][T31137] chnl_net:caif_netlink_parms(): no params data found [ 1340.747677][T11320] bridge_slave_1: left allmulticast mode [ 1340.754843][T11320] bridge_slave_1: left promiscuous mode [ 1340.765594][T11320] bridge0: port 2(bridge_slave_1) entered disabled state [ 1340.776470][T11320] bridge_slave_0: left allmulticast mode [ 1340.782752][T11320] bridge_slave_0: left promiscuous mode [ 1340.788600][T11320] bridge0: port 1(bridge_slave_0) entered disabled state [ 1341.243596][T11320] bridge0 (unregistering): left allmulticast mode [ 1341.549499][T11320] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1341.571385][T11320] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1341.593980][T11320] bond0 (unregistering): Released all slaves [ 1341.608038][T11320] bond1 (unregistering): Released all slaves [ 1341.633516][T31349] netlink: 'syz.3.5545': attribute type 5 has an invalid length. [ 1341.801952][T31377] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.5549'. [ 1341.817549][T31377] netlink: 'syz.2.5549': attribute type 1 has an invalid length. [ 1341.825450][T31377] netlink: 121 bytes leftover after parsing attributes in process `syz.2.5549'. [ 1342.056811][T31137] bridge0: port 1(bridge_slave_0) entered blocking state [ 1342.065359][T31137] bridge0: port 1(bridge_slave_0) entered disabled state [ 1342.076044][T31137] bridge_slave_0: entered allmulticast mode [ 1342.083500][T31137] bridge_slave_0: entered promiscuous mode [ 1342.096360][T31137] bridge0: port 2(bridge_slave_1) entered blocking state [ 1342.103748][T31137] bridge0: port 2(bridge_slave_1) entered disabled state [ 1342.110989][T31137] bridge_slave_1: entered allmulticast mode [ 1342.111493][ T5242] Bluetooth: hci7: command tx timeout [ 1342.119147][T31137] bridge_slave_1: entered promiscuous mode [ 1342.250884][T31137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1342.359399][T31137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1342.395599][T31195] chnl_net:caif_netlink_parms(): no params data found [ 1342.538198][T31137] team0: Port device team_slave_0 added [ 1342.572569][T31137] team0: Port device team_slave_1 added [ 1342.677475][ T5242] Bluetooth: hci6: command tx timeout [ 1342.770098][T11320] hsr_slave_0: left promiscuous mode [ 1342.786229][T11320] hsr_slave_1: left promiscuous mode [ 1342.805773][T11320] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1342.819848][T11320] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1342.838438][T11320] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1342.838951][T31593] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5562'. [ 1342.850144][T11320] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1342.932664][T11320] veth1_macvtap: left promiscuous mode [ 1342.939043][T11320] veth0_macvtap: left promiscuous mode [ 1342.961462][T11320] veth1_vlan: left promiscuous mode [ 1342.966942][T11320] veth0_vlan: left promiscuous mode [ 1343.641092][T11394] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1343.660250][T11394] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1343.677590][T11394] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1343.691986][T11394] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1343.707385][T11394] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1343.740088][T11394] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1343.994990][T11320] team0 (unregistering): Port device team_slave_1 removed [ 1344.077145][T11320] team0 (unregistering): Port device team_slave_0 removed [ 1344.198922][ T5242] Bluetooth: hci7: command tx timeout [ 1344.754274][ T5242] Bluetooth: hci6: command tx timeout [ 1344.808865][T31137] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1344.821275][T31137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1344.880595][T31137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1344.944006][T31137] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1344.950983][T31137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1344.981470][T31137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1345.040293][T31195] bridge0: port 1(bridge_slave_0) entered blocking state [ 1345.050775][T31195] bridge0: port 1(bridge_slave_0) entered disabled state [ 1345.058157][T31195] bridge_slave_0: entered allmulticast mode [ 1345.076392][T31195] bridge_slave_0: entered promiscuous mode [ 1345.135955][T31195] bridge0: port 2(bridge_slave_1) entered blocking state [ 1345.146149][T31195] bridge0: port 2(bridge_slave_1) entered disabled state [ 1345.153632][T31195] bridge_slave_1: entered allmulticast mode [ 1345.164077][T31195] bridge_slave_1: entered promiscuous mode [ 1345.264008][T31137] hsr_slave_0: entered promiscuous mode [ 1345.286803][T31137] hsr_slave_1: entered promiscuous mode [ 1345.302469][T31137] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1345.312637][T31137] Cannot create hsr debugfs directory [ 1345.487140][T31195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1345.534547][T31195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1345.875453][ T5242] Bluetooth: hci4: command tx timeout [ 1345.978975][T31195] team0: Port device team_slave_0 added [ 1345.993593][T31195] team0: Port device team_slave_1 added [ 1346.067996][T31195] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1346.076706][T31195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1346.104035][T31195] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1346.157244][T31195] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1346.165479][T31195] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1346.191947][T31195] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1346.271539][ T5242] Bluetooth: hci7: command tx timeout [ 1346.323548][T31195] hsr_slave_0: entered promiscuous mode [ 1346.330681][T31195] hsr_slave_1: entered promiscuous mode [ 1346.340001][T31195] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1346.350074][T31195] Cannot create hsr debugfs directory [ 1346.409257][T11320] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1346.462827][T31606] chnl_net:caif_netlink_parms(): no params data found [ 1346.555255][T11320] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1346.652941][T11320] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1346.750066][T11320] bond0: (slave netdevsim0): Releasing backup interface [ 1346.763214][T11320] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1346.841413][ T5242] Bluetooth: hci6: command tx timeout [ 1346.906345][T31606] bridge0: port 1(bridge_slave_0) entered blocking state [ 1346.916299][T31606] bridge0: port 1(bridge_slave_0) entered disabled state [ 1346.923761][T31606] bridge_slave_0: entered allmulticast mode [ 1346.934110][T31606] bridge_slave_0: entered promiscuous mode [ 1346.946655][T31606] bridge0: port 2(bridge_slave_1) entered blocking state [ 1346.954513][T31606] bridge0: port 2(bridge_slave_1) entered disabled state [ 1346.962625][T31606] bridge_slave_1: entered allmulticast mode [ 1346.970562][T31606] bridge_slave_1: entered promiscuous mode [ 1347.068284][T31606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1347.100935][T31606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1347.180282][T31606] team0: Port device team_slave_0 added [ 1347.213684][T31606] team0: Port device team_slave_1 added [ 1347.229144][T11320] bridge_slave_1: left allmulticast mode [ 1347.235521][T11320] bridge_slave_1: left promiscuous mode [ 1347.244258][T11320] bridge0: port 2(bridge_slave_1) entered disabled state [ 1347.254347][T11320] bridge_slave_0: left allmulticast mode [ 1347.260011][T11320] bridge_slave_0: left promiscuous mode [ 1347.266318][T11320] bridge0: port 1(bridge_slave_0) entered disabled state [ 1347.766313][T11320] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1347.777459][T11320] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1347.788192][T11320] bond0 (unregistering): Released all slaves [ 1347.800586][T11320] bond1 (unregistering): Released all slaves [ 1347.845668][T31137] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1347.954045][ T5242] Bluetooth: hci4: command tx timeout [ 1347.995330][T31195] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1348.027475][T31606] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1348.038841][T31606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1348.065848][T31606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1348.083133][T31606] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1348.090373][T31606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1348.118665][T31606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1348.129866][T31137] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1348.141868][T31137] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1348.205636][T31195] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1348.231694][T31137] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1348.326594][T31606] hsr_slave_0: entered promiscuous mode [ 1348.333444][T31606] hsr_slave_1: entered promiscuous mode [ 1348.340500][T31606] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1348.351351][ T5242] Bluetooth: hci7: command tx timeout [ 1348.357624][T31606] Cannot create hsr debugfs directory [ 1348.421425][T31195] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1348.451600][T11320] hsr_slave_0: left promiscuous mode [ 1348.457468][T11320] hsr_slave_1: left promiscuous mode [ 1348.463595][T11320] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1348.471014][T11320] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1348.480129][T11320] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1348.489423][T11320] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1348.517366][T11320] veth1_macvtap: left promiscuous mode [ 1348.525022][T11320] veth0_macvtap: left promiscuous mode [ 1348.530684][T11320] veth1_vlan: left promiscuous mode [ 1348.536171][T11320] veth0_vlan: left promiscuous mode [ 1350.036255][ T5242] Bluetooth: hci4: command tx timeout [ 1350.139221][T11320] team0 (unregistering): Port device team_slave_1 removed [ 1350.215350][T11320] team0 (unregistering): Port device team_slave_0 removed [ 1350.898043][T31195] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1351.347327][T32292] syz.0.5579[32292] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1351.348040][T32292] syz.0.5579[32292] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1351.368915][T32292] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 1351.986097][T31137] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1352.037006][T11320] IPVS: stop unused estimator thread 0... [ 1352.051020][T31137] 8021q: adding VLAN 0 to HW filter on device team0 [ 1352.112214][ T5242] Bluetooth: hci4: command tx timeout [ 1352.113332][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 1352.124806][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1352.163795][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 1352.170964][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1352.186532][T31195] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1352.240394][T31195] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1352.274380][T31195] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1352.292926][T31195] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1352.397249][T31137] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1352.589817][T32326] netlink: 212 bytes leftover after parsing attributes in process `syz.0.5582'. [ 1352.691897][T31195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1352.746623][T31195] 8021q: adding VLAN 0 to HW filter on device team0 [ 1352.783926][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 1352.791059][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1352.882749][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 1352.889905][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1352.923875][T31137] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1352.937190][T32343] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5585'. [ 1352.974198][T32343] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5585'. [ 1352.985064][T31195] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1353.007520][T31195] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1353.020499][T31606] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1353.061827][T31606] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1353.074037][T31606] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1353.096333][T31606] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1353.214661][T31137] veth0_vlan: entered promiscuous mode [ 1353.235888][T31137] veth1_vlan: entered promiscuous mode [ 1353.335845][T31195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1353.385207][T31606] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1353.395459][T31137] veth0_macvtap: entered promiscuous mode [ 1353.438343][T31137] veth1_macvtap: entered promiscuous mode [ 1353.469585][T31606] 8021q: adding VLAN 0 to HW filter on device team0 [ 1353.492655][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 1353.499944][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1353.527948][T31137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1353.546025][T31137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1353.560615][T31137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1353.571450][T31137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1353.582811][T31137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1353.593858][T31137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1353.604191][T31137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1353.615045][T31137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1353.626804][T31137] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1353.651191][ T5308] bridge0: port 2(bridge_slave_1) entered blocking state [ 1353.658381][ T5308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1353.677127][T31137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1353.690010][T31137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1353.700269][T31137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1353.710766][T31137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1353.722586][T31137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1353.733197][T31137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1353.744186][T31137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1353.754736][T31137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1353.767709][T31137] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1353.830154][T31137] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1353.840287][T31137] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1353.849083][T31137] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1353.858357][T31137] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1353.939241][T31195] veth0_vlan: entered promiscuous mode [ 1354.019724][T31195] veth1_vlan: entered promiscuous mode [ 1354.098770][T32365] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5587'. [ 1354.136515][T17038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1354.160101][T17038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1354.240380][T31195] veth0_macvtap: entered promiscuous mode [ 1354.270737][ T5625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1354.279599][T31195] veth1_macvtap: entered promiscuous mode [ 1354.302151][ T5625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1354.347923][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1354.363161][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.375238][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1354.388534][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.407239][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1354.420100][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.437180][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1354.448419][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.458818][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1354.469791][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.485497][T31195] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1354.496664][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1354.507508][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.518841][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1354.532002][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.542579][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1354.553726][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.563969][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1354.574538][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.585072][T31195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1354.597652][T31195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.610869][T31195] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1354.655002][T31606] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1354.758026][T31195] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1354.777997][T31195] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1354.797381][T31195] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1354.808608][T31195] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1355.656120][T31606] veth0_vlan: entered promiscuous mode [ 1355.725024][T31606] veth1_vlan: entered promiscuous mode [ 1355.873288][T15983] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1355.921267][T15983] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1356.987721][T31606] veth0_macvtap: entered promiscuous mode [ 1357.008596][ T2905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1357.017730][ T2905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1357.192233][T11394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1357.211614][T11394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1357.222958][T11394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1357.235084][T11394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1357.244947][T11394] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1357.253282][T11394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1357.377340][T31606] veth1_macvtap: entered promiscuous mode [ 1357.509183][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1357.569180][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1357.581342][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1357.599230][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1357.610899][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1357.625053][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1357.640592][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1357.652680][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1357.663988][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1357.674723][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1357.686924][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1357.720848][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1357.743024][T31606] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1357.898065][ T5625] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1357.956614][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1357.968830][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1357.983997][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1357.994607][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1358.005007][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1358.018332][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1358.029295][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1358.052926][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1358.063324][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1358.085747][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1358.126405][T31606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1358.151297][T31606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1358.173250][T31606] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1359.271916][T31606] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1359.304675][T31606] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1359.311488][T11394] Bluetooth: hci2: command tx timeout [ 1359.369963][T31606] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1359.392420][T31606] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1359.578817][ T5625] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1359.754728][ T5625] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1359.936283][ T5625] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1360.369945][ T2905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1360.401974][ T2905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1360.563650][T32417] chnl_net:caif_netlink_parms(): no params data found [ 1360.624143][T11320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1360.640920][T11320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1360.711553][ T5625] bridge_slave_1: left allmulticast mode [ 1360.720033][ T5625] bridge_slave_1: left promiscuous mode [ 1360.729225][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 1360.777268][ T5625] bridge_slave_0: left allmulticast mode [ 1360.790082][ T5625] bridge_slave_0: left promiscuous mode [ 1360.807940][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 1360.855143][T32625] ip6t_REJECT: ECHOREPLY is not supported [ 1361.392217][T11394] Bluetooth: hci2: command tx timeout [ 1361.638765][T32633] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1361.667120][T32633] kvm: pic: level sensitive irq not supported [ 1361.667410][T32633] kvm: pic: non byte read [ 1361.694192][T32633] kvm: pic: level sensitive irq not supported [ 1361.694263][T32633] kvm: pic: non byte read [ 1361.718493][T32633] kvm: pic: level sensitive irq not supported [ 1361.718556][T32633] kvm: pic: non byte read [ 1361.741849][T32633] kvm: pic: level sensitive irq not supported [ 1361.741963][T32633] kvm: pic: non byte read [ 1362.072507][ T5625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1362.112733][ T5625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1362.145574][ T5625] bond0 (unregistering): Released all slaves [ 1362.623472][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.629983][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.054525][T24323] usb 2-1: new full-speed USB device number 77 using dummy_hcd [ 1363.472373][T24323] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 1363.480665][T24323] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1363.501290][T11394] Bluetooth: hci2: command 0x040f tx timeout [ 1363.571064][T24323] usb 2-1: config 0 has no interface number 0 [ 1363.571431][T24323] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 1363.571508][T24323] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1363.571557][T24323] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1363.571631][T24323] usb 2-1: config 0 interface 52 has no altsetting 0 [ 1365.001998][T24323] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 1365.041368][T24323] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 1365.114751][T24323] usb 2-1: Product: syz [ 1365.128239][T24323] usb 2-1: Manufacturer: syz [ 1365.173297][T24323] usb 2-1: SerialNumber: syz [ 1365.411695][T24323] usb 2-1: config 0 descriptor?? [ 1365.421400][T24323] usb 2-1: can't set config #0, error -71 [ 1365.431396][T24323] usb 2-1: USB disconnect, device number 77 [ 1366.101586][T32417] bridge0: port 1(bridge_slave_0) entered blocking state [ 1366.110913][ T5242] Bluetooth: hci2: command 0x040f tx timeout [ 1366.164692][T32417] bridge0: port 1(bridge_slave_0) entered disabled state [ 1366.206663][T32417] bridge_slave_0: entered allmulticast mode [ 1366.232446][T32417] bridge_slave_0: entered promiscuous mode [ 1366.273872][T32417] bridge0: port 2(bridge_slave_1) entered blocking state [ 1366.323061][T32417] bridge0: port 2(bridge_slave_1) entered disabled state [ 1366.365000][T32417] bridge_slave_1: entered allmulticast mode [ 1366.388311][T32417] bridge_slave_1: entered promiscuous mode [ 1366.904139][T32417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1366.956908][T32746] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1367.188870][T32417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1367.564024][ T341] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 1367.570591][ T341] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1367.582974][ T341] vhci_hcd vhci_hcd.0: Device attached [ 1367.646227][T32417] team0: Port device team_slave_0 added [ 1367.680639][T32417] team0: Port device team_slave_1 added [ 1367.703416][ T5625] hsr_slave_0: left promiscuous mode [ 1367.715098][ T5625] hsr_slave_1: left promiscuous mode [ 1367.727726][ T5625] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1367.750265][ T5625] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1367.770956][ T5625] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1367.780251][ T5625] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1367.837928][ T5625] veth1_macvtap: left promiscuous mode [ 1367.844967][ T5625] veth0_macvtap: left promiscuous mode [ 1367.851237][ T5625] veth1_vlan: left promiscuous mode [ 1367.857712][ T5625] veth0_vlan: left promiscuous mode [ 1367.901366][T24323] usb 17-1: new high-speed USB device number 3 using vhci_hcd [ 1368.192638][T11394] Bluetooth: hci2: command 0x040f tx timeout [ 1368.299980][ T343] vhci_hcd: connection closed [ 1368.301949][ T2566] vhci_hcd: stop threads [ 1368.316971][ T2566] vhci_hcd: release socket [ 1368.326078][ T2566] vhci_hcd: disconnect device [ 1368.330891][ T5279] usb 3-1: new full-speed USB device number 83 using dummy_hcd [ 1368.563657][ T5279] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 1368.580280][ T5279] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1368.596370][ T5279] usb 3-1: config 0 has no interface number 0 [ 1368.624820][ T5279] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 1368.636887][ T5279] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1368.646816][ T5279] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1368.663702][ T5279] usb 3-1: config 0 interface 52 has no altsetting 0 [ 1368.673059][ T5279] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 1368.682271][ T5279] usb 3-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 1368.690642][ T5279] usb 3-1: Product: syz [ 1368.695000][ T5279] usb 3-1: Manufacturer: syz [ 1368.699768][ T5279] usb 3-1: SerialNumber: syz [ 1368.709359][ T5279] usb 3-1: config 0 descriptor?? [ 1368.950580][ T5279] synaptics_usb 3-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 1368.976511][ T5279] synaptics_usb 3-1:0.52: probe with driver synaptics_usb failed with error -5 [ 1369.195307][ T5625] team0 (unregistering): Port device team_slave_1 removed [ 1369.209252][ T5279] usb 3-1: USB disconnect, device number 83 [ 1369.283045][ T5625] team0 (unregistering): Port device team_slave_0 removed [ 1370.169604][T32417] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1370.197612][T32417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1370.234716][T32417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1370.278264][T32417] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1370.314303][T32417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1370.362564][T32417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1370.701092][T32417] hsr_slave_0: entered promiscuous mode [ 1370.720208][T32417] hsr_slave_1: entered promiscuous mode [ 1370.738594][T32417] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1370.766217][T32417] Cannot create hsr debugfs directory [ 1372.669514][ T588] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1372.706392][ T595] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5659'. [ 1372.789461][ T604] netlink: 8280 bytes leftover after parsing attributes in process `syz.4.5658'. [ 1372.831936][ T604] netlink: 8280 bytes leftover after parsing attributes in process `syz.4.5658'. [ 1372.834797][ T603] bridge0: port 3(macvlan2) entered blocking state [ 1372.850135][ T603] bridge0: port 3(macvlan2) entered disabled state [ 1372.900672][ T603] macvlan2: entered allmulticast mode [ 1372.904881][ T597] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5658'. [ 1372.912105][ T603] macvlan2: entered promiscuous mode [ 1372.979555][ T622] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 49 (only 8 groups) [ 1373.025612][ T595] macvlan2 (unregistering): left allmulticast mode [ 1373.057878][ T595] macvlan2 (unregistering): left promiscuous mode [ 1373.108308][T24323] vhci_hcd: vhci_device speed not set [ 1373.112070][ T595] bridge0: port 3(macvlan2) entered disabled state [ 1373.469586][T32417] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1373.503692][T32417] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1373.549361][T32417] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1373.572615][T32417] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1373.715001][T32417] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1373.830943][T32417] 8021q: adding VLAN 0 to HW filter on device team0 [ 1373.878511][ T5279] bridge0: port 1(bridge_slave_0) entered blocking state [ 1373.885725][ T5279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1373.928586][ T5279] bridge0: port 2(bridge_slave_1) entered blocking state [ 1373.935797][ T5279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1374.677928][T32417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1374.735757][ T694] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5674'. [ 1374.755368][ T694] bridge0: port 3(macvlan2) entered blocking state [ 1374.765550][ T694] bridge0: port 3(macvlan2) entered disabled state [ 1374.775798][ T694] macvlan2: entered allmulticast mode [ 1374.785229][ T694] macvlan2: entered promiscuous mode [ 1374.909802][T32417] veth0_vlan: entered promiscuous mode [ 1374.941106][T32417] veth1_vlan: entered promiscuous mode [ 1375.000539][T32417] veth0_macvtap: entered promiscuous mode [ 1375.020197][T32417] veth1_macvtap: entered promiscuous mode [ 1375.047655][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1375.076345][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.088631][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1375.105651][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.117384][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1375.130418][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.141100][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1375.154597][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.164993][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1375.177170][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.194940][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1375.207872][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.229682][T32417] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1375.259141][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1375.274113][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.297290][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1375.312191][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.342374][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1375.369222][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.383677][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1375.394977][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.405023][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1375.415657][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.425882][T32417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1375.442747][T32417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1375.463241][T32417] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1375.520238][T32417] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1375.567193][T32417] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1375.610184][T32417] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1375.620317][T32417] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1376.474108][T10013] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 1376.573728][ T2905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1376.600054][ T2905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1376.693591][T10013] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1376.723577][ T5625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1376.747236][ T5625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1376.753389][T10013] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1376.777632][T10013] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1376.819310][T10013] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1376.837577][T10013] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1376.859211][T10013] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1376.893941][T10013] usb 3-1: Product: syz [ 1376.905190][T10013] usb 3-1: Manufacturer: syz [ 1376.917692][T10013] usb 3-1: SerialNumber: syz [ 1376.955470][T10013] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 1376.991706][T10013] cdc_ncm 3-1:1.0: bind() failure [ 1377.020317][T10013] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1377.040427][T10013] cdc_ncm 3-1:1.1: bind() failure [ 1377.655738][ T765] netlink: 'syz.1.5688': attribute type 4 has an invalid length. [ 1377.682635][ T765] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.5688'. [ 1378.845359][T11394] Bluetooth: hci6: SCO packet for unknown connection handle 137 [ 1379.531779][ T5279] usb 3-1: USB disconnect, device number 84 [ 1381.530942][ T834] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5711'. [ 1381.581698][ T834] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5711'. [ 1381.775576][ T845] [ 1381.778033][ T845] ====================================================== [ 1381.785053][ T845] WARNING: possible circular locking dependency detected [ 1381.792087][ T845] 6.10.0-syzkaller-12708-g2f8c4f506285 #0 Not tainted [ 1381.798849][ T845] ------------------------------------------------------ [ 1381.805867][ T845] syz.1.5712/845 is trying to acquire lock: [ 1381.811846][ T845] ffff88805fb96940 (&sbi->pipe_mutex){+.+.}-{3:3}, at: autofs_notify_daemon+0x71f/0xf80 [ 1381.821615][ T845] [ 1381.821615][ T845] but task is already holding lock: [ 1381.828985][ T845] ffff88801a375888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 1381.838320][ T845] [ 1381.838320][ T845] which lock already depends on the new lock. [ 1381.838320][ T845] [ 1381.848805][ T845] [ 1381.848805][ T845] the existing dependency chain (in reverse order) is: [ 1381.857820][ T845] [ 1381.857820][ T845] -> #2 (&of->mutex){+.+.}-{3:3}: [ 1381.865049][ T845] lock_acquire+0x1ed/0x550 [ 1381.870086][ T845] __mutex_lock+0x136/0xd70 [ 1381.875123][ T845] kernfs_fop_write_iter+0x1eb/0x500 [ 1381.880936][ T845] iter_file_splice_write+0xbd7/0x14e0 [ 1381.886928][ T845] do_splice+0xd77/0x1900 [ 1381.891789][ T845] __se_sys_splice+0x331/0x4a0 [ 1381.897087][ T845] do_syscall_64+0xf3/0x230 [ 1381.902121][ T845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1381.908539][ T845] [ 1381.908539][ T845] -> #1 (&pipe->mutex){+.+.}-{3:3}: [ 1381.915937][ T845] lock_acquire+0x1ed/0x550 [ 1381.920968][ T845] __mutex_lock+0x136/0xd70 [ 1381.926000][ T845] pipe_write+0x1c9/0x1a40 [ 1381.930943][ T845] __kernel_write_iter+0x47e/0x900 [ 1381.936579][ T845] __kernel_write+0x120/0x180 [ 1381.941788][ T845] autofs_notify_daemon+0x732/0xf80 [ 1381.947512][ T845] autofs_wait+0x10b8/0x1b30 [ 1381.952628][ T845] autofs_do_expire_multi+0x659/0x950 [ 1381.958526][ T845] autofs_root_ioctl+0x4c/0x60 [ 1381.963819][ T845] __se_sys_ioctl+0xfc/0x170 [ 1381.968931][ T845] do_syscall_64+0xf3/0x230 [ 1381.973959][ T845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1381.980381][ T845] [ 1381.980381][ T845] -> #0 (&sbi->pipe_mutex){+.+.}-{3:3}: [ 1381.988127][ T845] validate_chain+0x18e0/0x5900 [ 1381.993501][ T845] __lock_acquire+0x137a/0x2040 [ 1381.998879][ T845] lock_acquire+0x1ed/0x550 [ 1382.003909][ T845] __mutex_lock+0x136/0xd70 [ 1382.008934][ T845] autofs_notify_daemon+0x71f/0xf80 [ 1382.014655][ T845] autofs_wait+0x10b8/0x1b30 [ 1382.019766][ T845] autofs_mount_wait+0x170/0x330 [ 1382.025225][ T845] autofs_d_automount+0x555/0x710 [ 1382.030779][ T845] __traverse_mounts+0x2ba/0x580 [ 1382.036249][ T845] step_into+0x5e5/0x1080 [ 1382.041101][ T845] path_lookupat+0x16f/0x450 [ 1382.046214][ T845] filename_lookup+0x256/0x610 [ 1382.051503][ T845] kern_path+0x35/0x50 [ 1382.056096][ T845] lookup_bdev+0xc5/0x290 [ 1382.060943][ T845] resume_store+0x1a0/0x710 [ 1382.065973][ T845] kernfs_fop_write_iter+0x3a1/0x500 [ 1382.071780][ T845] iter_file_splice_write+0xbd7/0x14e0 [ 1382.077765][ T845] direct_splice_actor+0x11e/0x220 [ 1382.083415][ T845] splice_direct_to_actor+0x58e/0xc90 [ 1382.089320][ T845] do_splice_direct+0x28c/0x3e0 [ 1382.094697][ T845] do_sendfile+0x56d/0xe20 [ 1382.099637][ T845] __se_sys_sendfile64+0x17c/0x1e0 [ 1382.105272][ T845] do_syscall_64+0xf3/0x230 [ 1382.110296][ T845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1382.116713][ T845] [ 1382.116713][ T845] other info that might help us debug this: [ 1382.116713][ T845] [ 1382.126933][ T845] Chain exists of: [ 1382.126933][ T845] &sbi->pipe_mutex --> &pipe->mutex --> &of->mutex [ 1382.126933][ T845] [ 1382.139379][ T845] Possible unsafe locking scenario: [ 1382.139379][ T845] [ 1382.146832][ T845] CPU0 CPU1 [ 1382.152194][ T845] ---- ---- [ 1382.157553][ T845] lock(&of->mutex); [ 1382.161536][ T845] lock(&pipe->mutex); [ 1382.168215][ T845] lock(&of->mutex); [ 1382.174720][ T845] lock(&sbi->pipe_mutex); [ 1382.179228][ T845] [ 1382.179228][ T845] *** DEADLOCK *** [ 1382.179228][ T845] [ 1382.187375][ T845] 3 locks held by syz.1.5712/845: [ 1382.192487][ T845] #0: ffff88802ae8c420 (sb_writers#8){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x220 [ 1382.202185][ T845] #1: ffff88801a375888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 1382.211948][ T845] #2: ffff888018ee1a58 (kn->active#72){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 1382.221975][ T845] [ 1382.221975][ T845] stack backtrace: [ 1382.227958][ T845] CPU: 1 UID: 0 PID: 845 Comm: syz.1.5712 Not tainted 6.10.0-syzkaller-12708-g2f8c4f506285 #0 [ 1382.238209][ T845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1382.248271][ T845] Call Trace: [ 1382.251561][ T845] [ 1382.254498][ T845] dump_stack_lvl+0x241/0x360 [ 1382.259186][ T845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1382.264401][ T845] ? print_circular_bug+0x130/0x1a0 [ 1382.269606][ T845] check_noncircular+0x36a/0x4a0 [ 1382.274553][ T845] ? __pfx_check_noncircular+0x10/0x10 [ 1382.280022][ T845] validate_chain+0x18e0/0x5900 [ 1382.284888][ T845] ? __pfx_validate_chain+0x10/0x10 [ 1382.290105][ T845] ? mark_lock+0x9a/0x350 [ 1382.294533][ T845] __lock_acquire+0x137a/0x2040 [ 1382.299403][ T845] lock_acquire+0x1ed/0x550 [ 1382.304006][ T845] ? autofs_notify_daemon+0x71f/0xf80 [ 1382.309394][ T845] ? __pfx_lock_acquire+0x10/0x10 [ 1382.314430][ T845] ? __pfx___might_resched+0x10/0x10 [ 1382.319723][ T845] ? autofs_notify_daemon+0x6c6/0xf80 [ 1382.325096][ T845] ? __pfx_lock_release+0x10/0x10 [ 1382.330131][ T845] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1382.335343][ T845] __mutex_lock+0x136/0xd70 [ 1382.339857][ T845] ? autofs_notify_daemon+0x71f/0xf80 [ 1382.345236][ T845] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1382.350874][ T845] ? autofs_notify_daemon+0x71f/0xf80 [ 1382.356255][ T845] ? __pfx___mutex_lock+0x10/0x10 [ 1382.361292][ T845] ? from_kgid_munged+0x1fe/0x7a0 [ 1382.366333][ T845] ? __pfx_from_kgid_munged+0x10/0x10 [ 1382.371719][ T845] ? kasan_save_track+0x51/0x80 [ 1382.376574][ T845] ? kasan_save_track+0x3f/0x80 [ 1382.381512][ T845] ? __kasan_kmalloc+0x98/0xb0 [ 1382.386278][ T845] ? autofs_notify_daemon+0x48c/0xf80 [ 1382.391656][ T845] autofs_notify_daemon+0x71f/0xf80 [ 1382.396861][ T845] ? iter_file_splice_write+0xbd7/0x14e0 [ 1382.402505][ T845] ? __pfx_autofs_notify_daemon+0x10/0x10 [ 1382.408244][ T845] ? __init_waitqueue_head+0xae/0x150 [ 1382.413631][ T845] autofs_wait+0x10b8/0x1b30 [ 1382.418231][ T845] ? __pfx_autofs_wait+0x10/0x10 [ 1382.423174][ T845] ? autofs_d_automount+0x54b/0x710 [ 1382.428388][ T845] ? __pfx_lock_release+0x10/0x10 [ 1382.433422][ T845] ? _raw_spin_unlock+0x28/0x50 [ 1382.438301][ T845] ? path_has_submounts+0x10b/0x170 [ 1382.443528][ T845] autofs_mount_wait+0x170/0x330 [ 1382.448487][ T845] autofs_d_automount+0x555/0x710 [ 1382.453538][ T845] __traverse_mounts+0x2ba/0x580 [ 1382.458496][ T845] step_into+0x5e5/0x1080 [ 1382.462839][ T845] ? __up_read+0x2c2/0x6b0 [ 1382.467268][ T845] ? __pfx___up_read+0x10/0x10 [ 1382.472035][ T845] ? make_vfsuid+0x46/0x90 [ 1382.476462][ T845] ? __pfx_step_into+0x10/0x10 [ 1382.481241][ T845] ? walk_component+0x18d/0x410 [ 1382.486099][ T845] path_lookupat+0x16f/0x450 [ 1382.490704][ T845] filename_lookup+0x256/0x610 [ 1382.495484][ T845] ? __pfx_filename_lookup+0x10/0x10 [ 1382.500804][ T845] ? getname_kernel+0x59/0x2f0 [ 1382.505595][ T845] ? rcu_is_watching+0x15/0xb0 [ 1382.510381][ T845] ? getname_kernel+0x59/0x2f0 [ 1382.515165][ T845] ? getname_kernel+0x140/0x2f0 [ 1382.520035][ T845] kern_path+0x35/0x50 [ 1382.524121][ T845] lookup_bdev+0xc5/0x290 [ 1382.528459][ T845] ? rcu_is_watching+0x15/0xb0 [ 1382.533233][ T845] ? __pfx_lookup_bdev+0x10/0x10 [ 1382.538172][ T845] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 1382.544778][ T845] ? __asan_memcpy+0x40/0x70 [ 1382.549389][ T845] resume_store+0x1a0/0x710 [ 1382.553906][ T845] ? __pfx_resume_store+0x10/0x10 [ 1382.558944][ T845] ? sysfs_kf_write+0x182/0x2a0 [ 1382.564242][ T845] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1382.569457][ T845] kernfs_fop_write_iter+0x3a1/0x500 [ 1382.574754][ T845] iter_file_splice_write+0xbd7/0x14e0 [ 1382.580242][ T845] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1382.586159][ T845] ? rcu_read_lock_any_held+0xb7/0x160 [ 1382.591642][ T845] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1382.597638][ T845] direct_splice_actor+0x11e/0x220 [ 1382.602768][ T845] splice_direct_to_actor+0x58e/0xc90 [ 1382.608162][ T845] ? __pfx_direct_splice_actor+0x10/0x10 [ 1382.613980][ T845] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1382.619881][ T845] ? __fget_files+0x29/0x470 [ 1382.624479][ T845] ? __pfx_lock_release+0x10/0x10 [ 1382.629530][ T845] do_splice_direct+0x28c/0x3e0 [ 1382.634416][ T845] ? __pfx_do_splice_direct+0x10/0x10 [ 1382.639807][ T845] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1382.645720][ T845] ? rw_verify_area+0x1d2/0x6b0 [ 1382.650584][ T845] do_sendfile+0x56d/0xe20 [ 1382.655104][ T845] ? __pfx_do_sendfile+0x10/0x10 [ 1382.660063][ T845] __se_sys_sendfile64+0x17c/0x1e0 [ 1382.665185][ T845] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 1382.670909][ T845] ? do_syscall_64+0x100/0x230 [ 1382.675682][ T845] ? do_syscall_64+0xb6/0x230 [ 1382.680363][ T845] do_syscall_64+0xf3/0x230 [ 1382.684871][ T845] ? clear_bhb_loop+0x35/0x90 [ 1382.689569][ T845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1382.695487][ T845] RIP: 0033:0x7f1091f77299 [ 1382.699926][ T845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1382.719544][ T845] RSP: 002b:00007f1092cc6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1382.727967][ T845] RAX: ffffffffffffffda RBX: 00007f1092106058 RCX: 00007f1091f77299 [ 1382.735947][ T845] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 1382.743925][ T845] RBP: 00007f1091fe48e6 R08: 0000000000000000 R09: 0000000000000000 [ 1382.751902][ T845] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1382.759961][ T845] R13: 000000000000006e R14: 00007f1092106058 R15: 00007ffc6c1d5c08 [ 1382.767948][ T845] [ 1382.818735][ T838] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5708'. [ 1383.071583][ T845] PM: Image not found (code -6)