last executing test programs: 4.722026975s ago: executing program 3 (id=943): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x20040084) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00'}) r5 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x48}, 0x8000) 3.404020609s ago: executing program 3 (id=949): r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') pivot_root(0x0, &(0x7f0000000180)='.\x00') bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000e80)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r4, &(0x7f0000002ec0)={0x10, 0xffffffffffffffda, r5}, 0x10) sendmsg$nl_route(r0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') preadv(r6, &(0x7f00000001c0)=[{&(0x7f00000010c0)=""/225, 0xe1}], 0x1, 0x7, 0x20000000) 2.660977724s ago: executing program 0 (id=962): write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106, 0x8}}, 0x20) r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x180, 0x0) close(r2) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x7ffff, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {0xb, 0xb}, {0x0, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x1, 0x4d89c374, 0x1, 0x8}, 0x1000b, 0xfffffffe, 0x32, 0x5, 0x9, 0x7, 0x9, 0x1d, 0x5, 0xffffff5c, {0xffff1c72, 0x23, 0x3, 0x1008, 0xfffffffe, 0x7583}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x404c800}, 0x400c000) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031620d3fc140000004788031c", 0xe, 0x4, &(0x7f0000000140)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) 2.476115028s ago: executing program 2 (id=958): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) shutdown(r0, 0x1) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 2.475742094s ago: executing program 2 (id=959): socket$nl_generic(0x11, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4054) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20000) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d074af6e8dafe09"}}}}}}}, 0x0) fsopen(0x0, 0x0) fchdir(0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b0000000800", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 2.471378268s ago: executing program 3 (id=960): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001380)=@newtfilter={0xb4, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x4}, {}, {0x1, 0xe}}, [@filter_kind_options=@f_u32={{0x8}, {0x88, 0x2, [@TCA_U32_SEL={0x84, 0x5, {0x10, 0x6, 0x8, 0x101, 0x4, 0xe, 0x7, 0x2, [{0x8e5, 0x8b39, 0x3a, 0x40}, {0xffffff89, 0x9d2, 0x2, 0x10000}, {0x9, 0x3, 0x8, 0x8}, {0x0, 0x8, 0x3b7, 0x5}, {0x553e3387, 0x3, 0x8000, 0x2}, {0x1, 0x4, 0x1}, {0xffffffff, 0xa8c, 0xfffffff8, 0xd}]}}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000010}, 0x80) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@gettfilter={0x2c, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xd, 0xc}, {0x0, 0xfff1}, {0x1}}, [{0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000801}, 0x4049080) 2.396890288s ago: executing program 0 (id=961): fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e000000004000028006000100fe0f000004000480280003800c00010040000000060000000c003900ff04000000000000d8fd010006000000090000000600050088a800000800", @ANYRES32=r0, @ANYBLOB="08000500", @ANYRES64=r0], 0x8c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0) 2.396668306s ago: executing program 2 (id=963): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x13) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x428a4}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'syz_tun\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x8000) syz_emit_ethernet(0x2e, &(0x7f0000000600)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 2.336350798s ago: executing program 2 (id=965): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x5, 0x0, 0x2, 0x180, 0x5, 0x4, 0xf1, 0x50, 0x12, 0x2, 0x0, 0x2d, 0x0, 0x6, 0x0, 0x8000000bdb], 0xd000, 0x43102}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x5, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x4, 0x1000000003, 0x0, 0x10043, 0x2000001, 0x3, 0x2004cb, 0x0, 0x1000007, 0xd2, 0x2, 0x2, 0x3, 0x0, 0x7], 0xeeee8000, 0x202}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x56c}, 0x1, 0x0, 0x0, 0x2004c0d1}, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x60000, 0xeeee0000, 0x9, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x2, 0x5, 0x6, 0x5, 0x5, 0x2, 0x89}, {0x6000, 0xe000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x7, 0x3, 0x5, 0x5, 0x5}, {0x1, 0xf000, 0xd, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x9, 0x83, 0xf7, 0x83}, {0x4000, 0xc000, 0x9, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0xf, 0x1, 0x7}, {0xeeef0000, 0x10000, 0x4, 0x5, 0x7, 0xc1, 0x8, 0x3, 0x9, 0x89, 0x40, 0x70}, {0x200000, 0xdddd1000, 0x4, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0x9, 0xb0, 0x9}, {0x3000, 0x30}, {0x8000000, 0x7}, 0x80010000, 0x0, 0x0, 0x2024, 0xffffffffffffffff, 0x9500, 0xf000, [0x9, 0x204, 0x5b, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.335608131s ago: executing program 0 (id=966): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x20, 0x0, 0x2, 0xfffff010}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x7, 0x9}, 0x8) 2.335302191s ago: executing program 3 (id=967): mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r4, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) shutdown(r4, 0x1) dup(0xffffffffffffffff) 2.205905229s ago: executing program 1 (id=969): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) shutdown(r0, 0x1) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 2.205612618s ago: executing program 1 (id=970): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1}) readv(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/39, 0x27}], 0x1) mlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, 0x0) 2.125693474s ago: executing program 1 (id=971): r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x5) 2.125476956s ago: executing program 1 (id=972): socket$nl_generic(0x11, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4054) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20000) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d074af6e8dafe09"}}}}}}}, 0x0) fsopen(0x0, 0x0) fchdir(0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b0000000800", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 2.125310124s ago: executing program 2 (id=973): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x13) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x428a4}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'syz_tun\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x8000) syz_emit_ethernet(0x2e, &(0x7f0000000600)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 2.036726963s ago: executing program 2 (id=974): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000000140)='\b', 0x1, 0x0, &(0x7f0000000240)={0x3a, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) 1.982001204s ago: executing program 1 (id=975): fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e000000004000028006000100fe0f000004000480280003800c00010040000000060000000c003900ff04000000000000d8fd010006000000090000000600050088a800000800", @ANYRES32=r0, @ANYBLOB="08000500", @ANYRES64=r0], 0x8c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0) 1.874832355s ago: executing program 1 (id=976): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001380)=@newtfilter={0xb4, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x4}, {}, {0x1, 0xe}}, [@filter_kind_options=@f_u32={{0x8}, {0x88, 0x2, [@TCA_U32_SEL={0x84, 0x5, {0x10, 0x6, 0x8, 0x101, 0x4, 0xe, 0x7, 0x2, [{0x8e5, 0x8b39, 0x3a, 0x40}, {0xffffff89, 0x9d2, 0x2, 0x10000}, {0x9, 0x3, 0x8, 0x8}, {0x0, 0x8, 0x3b7, 0x5}, {0x553e3387, 0x3, 0x8000, 0x2}, {0x1, 0x4, 0x1}, {0xffffffff, 0xa8c, 0xfffffff8, 0xd}]}}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000010}, 0x80) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@gettfilter={0x2c, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xd, 0xc}, {0x0, 0xfff1}, {0x1}}, [{0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000801}, 0x4049080) 1.413643271s ago: executing program 0 (id=977): bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x7fff, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0xff) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000140)=0x12) 1.136095834s ago: executing program 0 (id=978): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3], 0x3c}}, 0x14) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x6}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x198, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x168, 0x2, [@TCA_BASIC_EMATCHES={0x164, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x30, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_LVALUE={0x8, 0x2, [@TCF_META_TYPE_VAR="f1559583"]}, @TCA_EM_META_LVALUE={0xe, 0x2, [@TCF_META_TYPE_VAR="cf202a19a82f8557c426"]}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x104, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x4000, 0x1, 0x0, 0x0, {{0xfff7, 0x0, 0x3}, "345951de295f56a5eeb42771df9e4e7995aded654f9799a11df223e1200bf1eec0a132b5d9218262ff7315e18d0f44b219363a7e65e3ea3fde44449f54d158eb552dc1dd7b6ff7dce0b3769cb0ac74c5882011a7ca360b415d76a735181adb479a881e45d8f0ccd071bb2bd5168326471ffca39f97e7504ad6c29f1cf948b890512b5c5f735d00e9092cd20f55044df30c7cba4f21702e128852a04ed00fd1f8556d14a94465b86a4f9774e403ef59fe156ae102e241bdc914512d582ac9cbb0f1b0a39910b2292f6ff36934d614a470867ae5085e442530fdae060592e259bed9df5018a4cc0c6a86764af00afbb458041c2ad7"}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}]}]}}]}, 0x198}}, 0x0) 606.189381ms ago: executing program 3 (id=979): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) shutdown(r0, 0x1) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 165.933µs ago: executing program 0 (id=980): syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002afd6bc10ef171e72c390010203010902"], 0xfffffffffffffffe) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x8, 0x3, 0xff, 0x81, 0x57e, 0xfffffffffbfffffd, 0x4002004c4, 0xfffffffffffffffa, 0x3, 0x8, 0x9, 0x1, 0x2, 0x100000001, 0x8, 0xfffffffffffff001], 0x10000, 0x2100}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 3 (id=981): sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000000) close(0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r1 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x40240) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000000)={r0, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe, 0x14, "fee8a2ab78fc179fd1f809000100aca7ca44c6a4b3e00d9683dda1af01000000c0ff12001000000000000000000300", "2809e8dbe1b22d0000b420a1a93c7540f476779e0117613dd4070000ebff08000000000000000000020000000800000000faffffff00", "e7460000102000000000e4440000002000000000000000000000008bd02800", [0xe0]}}) r2 = syz_open_dev$loop(&(0x7f0000000240), 0x195d, 0xec4d2770249a3ef5) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82803, 0x8e) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r3) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:51816' (ED25519) to the list of known hosts. [ 47.883990][ T5725] cgroup: Unknown subsys name 'net' [ 48.030832][ T5725] cgroup: Unknown subsys name 'cpuset' [ 48.037398][ T5725] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.076188][ T5725] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.195335][ T5757] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.196734][ T5758] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.197454][ T5759] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.198398][ T5755] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.200060][ T5757] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.200648][ T5757] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.201613][ T5759] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.202672][ T5757] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.203088][ T5758] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.203911][ T5757] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.204377][ T5758] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.204626][ T5755] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.204970][ T5758] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.205293][ T5755] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.205717][ T5755] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.208852][ T5748] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.209084][ T5759] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.215519][ T5757] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.217903][ T5748] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.224072][ T5757] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.885445][ T5742] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.889791][ T5742] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.892171][ T5742] bridge_slave_0: entered allmulticast mode [ 53.894851][ T5742] bridge_slave_0: entered promiscuous mode [ 53.951430][ T5742] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.954034][ T5742] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.956471][ T5742] bridge_slave_1: entered allmulticast mode [ 53.959325][ T5742] bridge_slave_1: entered promiscuous mode [ 53.992995][ T5744] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.995487][ T5744] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.998057][ T5744] bridge_slave_0: entered allmulticast mode [ 54.001599][ T5744] bridge_slave_0: entered promiscuous mode [ 54.012281][ T5744] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.015724][ T5744] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.019151][ T5744] bridge_slave_1: entered allmulticast mode [ 54.023419][ T5744] bridge_slave_1: entered promiscuous mode [ 54.039889][ T5742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.045459][ T5742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.067257][ T5743] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.069702][ T5743] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.072074][ T5743] bridge_slave_0: entered allmulticast mode [ 54.074822][ T5743] bridge_slave_0: entered promiscuous mode [ 54.103388][ T5743] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.106541][ T5743] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.108993][ T5743] bridge_slave_1: entered allmulticast mode [ 54.113061][ T5743] bridge_slave_1: entered promiscuous mode [ 54.117770][ T5753] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.120194][ T5753] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.122586][ T5753] bridge_slave_0: entered allmulticast mode [ 54.125386][ T5753] bridge_slave_0: entered promiscuous mode [ 54.138351][ T5744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.144357][ T5744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.159517][ T5753] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.162453][ T5753] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.165901][ T5753] bridge_slave_1: entered allmulticast mode [ 54.169400][ T5753] bridge_slave_1: entered promiscuous mode [ 54.173529][ T5742] team0: Port device team_slave_0 added [ 54.182830][ T5743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.189481][ T5743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.200554][ T5742] team0: Port device team_slave_1 added [ 54.228955][ T5744] team0: Port device team_slave_0 added [ 54.240710][ T5753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.245679][ T5753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.257053][ T5744] team0: Port device team_slave_1 added [ 54.261365][ T5743] team0: Port device team_slave_0 added [ 54.270874][ T5742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.273291][ T5742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.281797][ T5742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.299783][ T5743] team0: Port device team_slave_1 added [ 54.311118][ T5742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.314269][ T5742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.325018][ T5742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.343629][ T5753] team0: Port device team_slave_0 added [ 54.354677][ T5753] team0: Port device team_slave_1 added [ 54.357038][ T5744] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.359282][ T5744] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.367221][ T5744] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.378276][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.380567][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.388944][ T5743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.393414][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.395653][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.403780][ T5743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.415424][ T5744] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.417796][ T5744] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.425773][ T5744] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.458530][ T5753] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.460942][ T5753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.471926][ T5753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.478884][ T5753] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.481339][ T5753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.491000][ T5753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.511536][ T5742] hsr_slave_0: entered promiscuous mode [ 54.515282][ T5742] hsr_slave_1: entered promiscuous mode [ 54.537628][ T5743] hsr_slave_0: entered promiscuous mode [ 54.541059][ T5743] hsr_slave_1: entered promiscuous mode [ 54.543538][ T5743] debugfs: 'hsr0' already exists in 'hsr' [ 54.545500][ T5743] Cannot create hsr debugfs directory [ 54.585982][ T5744] hsr_slave_0: entered promiscuous mode [ 54.588824][ T5744] hsr_slave_1: entered promiscuous mode [ 54.591287][ T5744] debugfs: 'hsr0' already exists in 'hsr' [ 54.593259][ T5744] Cannot create hsr debugfs directory [ 54.632552][ T5753] hsr_slave_0: entered promiscuous mode [ 54.634879][ T5753] hsr_slave_1: entered promiscuous mode [ 54.637301][ T5753] debugfs: 'hsr0' already exists in 'hsr' [ 54.639204][ T5753] Cannot create hsr debugfs directory [ 54.999177][ T5742] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.008157][ T5742] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 55.011698][ T5742] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.018861][ T5742] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 55.022273][ T5742] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.042088][ T5742] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 55.049147][ T5742] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.064232][ T5742] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 55.121707][ T5743] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.127952][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 55.131546][ T5743] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.139354][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 55.142459][ T5743] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.147059][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 55.155897][ T5743] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.161476][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 55.224198][ T5744] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.229785][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 55.233151][ T5744] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.238495][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 55.242102][ T5744] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.246563][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 55.249480][ T5744] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.254671][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 55.258171][ T5751] Bluetooth: hci0: command tx timeout [ 55.258204][ T5757] Bluetooth: hci1: command tx timeout [ 55.258251][ T5748] Bluetooth: hci3: command tx timeout [ 55.328066][ T5753] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.332398][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 55.335528][ T5753] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.340254][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 55.343818][ T5753] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.346862][ T5757] Bluetooth: hci2: command tx timeout [ 55.352558][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 55.357222][ T5753] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.364559][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 55.392090][ T5742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.446057][ T5742] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.461862][ T5743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.474824][ T104] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.477744][ T104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.491292][ T104] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.493748][ T104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.519631][ T5743] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.534077][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.536482][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.552885][ T5744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.561883][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.564369][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.597093][ T5744] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.613918][ T5753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.627206][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.630017][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.642643][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.645266][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.665482][ T5753] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.684411][ T104] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.686761][ T104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.700746][ T104] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.703134][ T104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.762402][ T5753] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.915129][ T5742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.935191][ T5743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.969256][ T5742] veth0_vlan: entered promiscuous mode [ 55.979678][ T5744] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.984971][ T5742] veth1_vlan: entered promiscuous mode [ 56.018394][ T5753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.025498][ T5743] veth0_vlan: entered promiscuous mode [ 56.039699][ T5742] veth0_macvtap: entered promiscuous mode [ 56.047476][ T5742] veth1_macvtap: entered promiscuous mode [ 56.059493][ T5743] veth1_vlan: entered promiscuous mode [ 56.081335][ T5742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.103512][ T5742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.114946][ T5753] veth0_vlan: entered promiscuous mode [ 56.123846][ T5753] veth1_vlan: entered promiscuous mode [ 56.131287][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.136022][ T5743] veth0_macvtap: entered promiscuous mode [ 56.141031][ T5744] veth0_vlan: entered promiscuous mode [ 56.146029][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.149520][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.159975][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.163518][ T5743] veth1_macvtap: entered promiscuous mode [ 56.177409][ T5744] veth1_vlan: entered promiscuous mode [ 56.190557][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.195816][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.219098][ T58] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.224272][ T58] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.230013][ T5753] veth0_macvtap: entered promiscuous mode [ 56.240552][ T58] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.244813][ T58] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.250395][ T5753] veth1_macvtap: entered promiscuous mode [ 56.271204][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.274516][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.290168][ T5744] veth0_macvtap: entered promiscuous mode [ 56.300753][ T5744] veth1_macvtap: entered promiscuous mode [ 56.305130][ T5753] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.330251][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.333404][ T5753] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.334354][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.353629][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.360422][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.388146][ T71] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.394482][ T5744] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.403198][ T5742] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.404012][ T1158] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.411935][ T1158] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.416081][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.419585][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.428267][ T1158] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.438557][ T5744] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.453221][ T71] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.458528][ T71] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.482542][ T71] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.488389][ T71] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.562473][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.566876][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.623632][ T1158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.626836][ T1158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.651749][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.663252][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.706814][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.720471][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.877693][ T5912] syzkaller0: entered promiscuous mode [ 56.880467][ T5912] syzkaller0: entered allmulticast mode [ 56.934315][ T5919] binder: 5917:5919 ioctl c0306201 80000240 returned -11 [ 56.964641][ T5921] 9pnet_virtio: no channels available for device 127.0.0.1 [ 57.139779][ T5946] 9pnet_virtio: no channels available for device 127.0.0.1 [ 57.242319][ T5757] Bluetooth: hci0: Malformed MSFT vendor event: 0x02 [ 57.337202][ T5757] Bluetooth: hci1: command tx timeout [ 57.339466][ T5751] Bluetooth: hci0: command tx timeout [ 57.346429][ T5757] Bluetooth: hci3: command tx timeout [ 57.417892][ T5757] Bluetooth: hci2: command tx timeout [ 57.464115][ T5970] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 57.761028][ T5976] netlink: 8 bytes leftover after parsing attributes in process `syz.1.38'. [ 57.938306][ T5995] binder: 5994:5995 ioctl 4018620d 0 returned -22 [ 57.941317][ T5995] binder: 5994:5995 ioctl c0306201 80000240 returned -11 [ 57.959976][ T5997] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 58.154282][ T6024] binder: 6022:6024 ioctl 4018620d 0 returned -22 [ 58.156953][ T6024] binder: 6022:6024 ioctl c0306201 80000240 returned -11 [ 58.248504][ T6035] syzkaller0: entered promiscuous mode [ 58.251077][ T6035] syzkaller0: entered allmulticast mode [ 58.333244][ T6041] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 58.504920][ T6052] netlink: 4 bytes leftover after parsing attributes in process `syz.2.67'. [ 58.510996][ T6052] netlink: 12 bytes leftover after parsing attributes in process `syz.2.67'. [ 58.631743][ T6064] binder: 6063:6064 ioctl c0306201 0 returned -14 [ 58.635326][ T6064] binder: 6063:6064 ioctl c0306201 80000240 returned -11 [ 58.718408][ T5757] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 58.998058][ T6093] Zero length message leads to an empty skb [ 59.054490][ T6101] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 59.417083][ T5757] Bluetooth: hci3: command tx timeout [ 59.417343][ T5751] Bluetooth: hci0: command tx timeout [ 59.417403][ T5748] Bluetooth: hci1: command tx timeout [ 59.496533][ T5751] Bluetooth: hci2: command tx timeout [ 59.743122][ T5751] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 60.106006][ T6164] binder: 6163:6164 ioctl c0306201 80000240 returned -11 [ 60.271562][ T5751] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 60.366010][ T6174] macvlan2: entered promiscuous mode [ 60.368387][ T6174] bond0: entered promiscuous mode [ 60.370042][ T6174] bond_slave_0: entered promiscuous mode [ 60.371965][ T6174] bond_slave_1: entered promiscuous mode [ 60.376066][ T6174] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 60.498219][ T6179] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 60.794218][ T6187] binder: 6186:6187 ioctl c0306201 80000240 returned -11 [ 61.318198][ T5751] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 61.364482][ T6229] netlink: 24 bytes leftover after parsing attributes in process `syz.3.135'. [ 61.446739][ T6229] warning: `syz.3.135' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 61.496927][ T5751] Bluetooth: hci1: command tx timeout [ 61.507711][ T5751] Bluetooth: hci3: command tx timeout [ 61.508151][ T5757] Bluetooth: hci0: command tx timeout [ 61.543368][ T6242] binder: 6241:6242 ioctl c0306201 80000240 returned -11 [ 61.578299][ T5757] Bluetooth: hci2: command tx timeout [ 61.599245][ T6243] serio: Serial port ptm0 [ 61.692640][ T6240] netlink: 64 bytes leftover after parsing attributes in process `syz.3.140'. [ 61.701180][ T6240] netlink: 24 bytes leftover after parsing attributes in process `syz.3.140'. [ 61.774811][ T6259] netlink: 24 bytes leftover after parsing attributes in process `syz.0.148'. [ 61.832685][ T6264] overlayfs: failed to resolve './file1': -2 [ 61.888528][ T6269] binder: 6267:6269 ioctl c0306201 0 returned -14 [ 61.891009][ T6269] binder: 6267:6269 ioctl c0306201 80000240 returned -11 [ 62.049094][ T6286] overlayfs: failed to resolve './file1': -2 [ 62.219775][ T6296] binder: 6295:6296 ioctl c0306201 0 returned -14 [ 62.222287][ T6296] binder: 6295:6296 ioctl c0306201 80000240 returned -11 [ 62.389840][ T6316] netlink: 4 bytes leftover after parsing attributes in process `syz.3.173'. [ 62.716446][ T6341] netlink: 'syz.3.180': attribute type 12 has an invalid length. [ 62.722610][ T6341] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 62.815679][ T6348] overlayfs: failed to resolve './file0': -2 [ 62.953962][ T6360] binder: 6359:6360 ioctl c0306201 80000240 returned -11 [ 62.957306][ T6358] syzkaller0: entered promiscuous mode [ 62.959913][ T6358] syzkaller0: entered allmulticast mode [ 63.309060][ T6385] netlink: 4 bytes leftover after parsing attributes in process `syz.3.198'. [ 63.361888][ T6390] binder: 6389:6390 ioctl c0306201 80000240 returned -11 [ 63.407679][ T6393] syzkaller0: entered promiscuous mode [ 63.409478][ T6393] syzkaller0: entered allmulticast mode [ 64.018739][ T40] audit: type=1326 audit(1779193297.981:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.2.207" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4f7c code=0x7ffc0000 [ 64.027686][ T40] audit: type=1326 audit(1779193297.981:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.2.207" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fd4f7c code=0x7ffc0000 [ 64.036933][ T40] audit: type=1326 audit(1779193297.981:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.2.207" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4f7c code=0x7ffc0000 [ 64.045992][ T40] audit: type=1326 audit(1779193297.981:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.2.207" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4f7c code=0x7ffc0000 [ 64.055442][ T40] audit: type=1326 audit(1779193297.981:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.2.207" exe="/syz-executor" sig=0 arch=40000003 syscall=396 compat=1 ip=0xf7fd4f7c code=0x7ffc0000 [ 64.064385][ T40] audit: type=1326 audit(1779193297.981:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.2.207" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4f7c code=0x7ffc0000 [ 64.236124][ T6420] syzkaller0: entered promiscuous mode [ 64.239842][ T6420] syzkaller0: entered allmulticast mode [ 65.218256][ T6446] syzkaller0: entered promiscuous mode [ 65.220037][ T6446] syzkaller0: entered allmulticast mode [ 65.406923][ T5757] Bluetooth: hci0: Malformed MSFT vendor event: 0x02 [ 65.480026][ T6462] netlink: 4 bytes leftover after parsing attributes in process `syz.3.222'. [ 65.488986][ T6464] overlayfs: failed to resolve './file0': -2 [ 65.534442][ T6467] netlink: 12 bytes leftover after parsing attributes in process `syz.3.222'. [ 66.223748][ T6486] netlink: 24 bytes leftover after parsing attributes in process `syz.3.227'. [ 66.435560][ T5757] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 67.240652][ T6521] syzkaller0: entered promiscuous mode [ 67.242542][ T6521] syzkaller0: entered allmulticast mode [ 67.358213][ T40] audit: type=1326 audit(1779193301.321:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6526 comm="syz.3.244" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f62f7c code=0x0 [ 69.267828][ T6571] syzkaller0: entered promiscuous mode [ 69.269652][ T6571] syzkaller0: entered allmulticast mode [ 70.556321][ T6620] syzkaller0: entered promiscuous mode [ 70.558656][ T6620] syzkaller0: entered allmulticast mode [ 71.906785][ T6667] syzkaller0: entered promiscuous mode [ 71.909341][ T6667] syzkaller0: entered allmulticast mode [ 72.134815][ T5757] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 72.797946][ T5757] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 73.823228][ T5757] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 73.858840][ T6721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.315'. [ 73.862624][ T6721] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:0000 with DS=0xf [ 73.930201][ T6727] netlink: 24 bytes leftover after parsing attributes in process `syz.0.318'. [ 74.033431][ T5757] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 74.427322][ T6761] netlink: 24 bytes leftover after parsing attributes in process `syz.3.332'. [ 74.523939][ T40] audit: type=1326 audit(1779193308.481:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.539723][ T40] audit: type=1326 audit(1779193308.481:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.554120][ T40] audit: type=1326 audit(1779193308.481:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.567758][ T40] audit: type=1326 audit(1779193308.481:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.582388][ T40] audit: type=1326 audit(1779193308.481:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=26 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.589742][ T40] audit: type=1326 audit(1779193308.481:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.596936][ T40] audit: type=1326 audit(1779193308.481:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.604612][ T40] audit: type=1326 audit(1779193308.481:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.612520][ T40] audit: type=1326 audit(1779193308.481:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.619562][ T40] audit: type=1326 audit(1779193308.481:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6765 comm="syz.3.334" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7f62f7c code=0x7ffc0000 [ 74.885852][ T6780] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 74.979172][ T6786] netlink: 24 bytes leftover after parsing attributes in process `syz.3.342'. [ 75.040402][ T6788] syzkaller0: entered promiscuous mode [ 75.042229][ T6788] syzkaller0: entered allmulticast mode [ 76.020604][ T6822] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 76.150021][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.152987][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.138242][ T6852] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 77.798483][ T6874] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 77.868842][ T6876] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3031574720 (3031574720 ns) > initial count (1846856882 ns). Using initial count to start timer. [ 77.986162][ T6881] netlink: 24 bytes leftover after parsing attributes in process `syz.3.383'. [ 78.586821][ T6903] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 78.641925][ T6906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.395'. [ 78.649647][ T6907] overlayfs: missing 'lowerdir' [ 78.990692][ T6929] syzkaller0: entered promiscuous mode [ 78.992899][ T6929] syzkaller0: entered allmulticast mode [ 79.041311][ T842] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 79.240430][ T842] usb 6-1: config 0 interface 0 altsetting 255 has an endpoint descriptor with address 0x5C, changing to 0xC [ 79.247455][ T842] usb 6-1: config 0 interface 0 altsetting 255 endpoint 0xC has invalid wMaxPacketSize 0 [ 79.251711][ T842] usb 6-1: config 0 interface 0 has no altsetting 0 [ 79.262725][ T842] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 79.266700][ T842] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 79.270254][ T842] usb 6-1: Product: syz [ 79.281354][ T842] usb 6-1: Manufacturer: syz [ 79.283508][ T842] usb 6-1: SerialNumber: syz [ 79.298579][ T842] usb 6-1: config 0 descriptor?? [ 79.388183][ T842] usb 6-1: selecting invalid altsetting 0 [ 79.759299][ T842] usb 6-1: USB disconnect, device number 2 [ 80.196995][ T6937] udevd[6937]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 80.744586][ T6940] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 80.839925][ T6947] netlink: 36 bytes leftover after parsing attributes in process `syz.3.410'. [ 80.933706][ T6955] syzkaller0: entered promiscuous mode [ 80.936226][ T6955] syzkaller0: entered allmulticast mode [ 81.111555][ T6963] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 81.178079][ T29] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 81.203201][ T6965] syzkaller0: entered promiscuous mode [ 81.205015][ T6965] syzkaller0: entered allmulticast mode [ 81.367199][ T29] usb 6-1: config 0 interface 0 altsetting 255 has an endpoint descriptor with address 0x5C, changing to 0xC [ 81.372181][ T29] usb 6-1: config 0 interface 0 altsetting 255 endpoint 0xC has invalid wMaxPacketSize 0 [ 81.383345][ T29] usb 6-1: config 0 interface 0 has no altsetting 0 [ 81.389550][ T29] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 81.393721][ T29] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 81.397840][ T29] usb 6-1: Product: syz [ 81.399945][ T29] usb 6-1: Manufacturer: syz [ 81.402022][ T29] usb 6-1: SerialNumber: syz [ 81.411816][ T29] usb 6-1: config 0 descriptor?? [ 81.430328][ T29] usb 6-1: selecting invalid altsetting 0 [ 81.678752][ T29] usb 6-1: USB disconnect, device number 3 [ 82.034665][ T5757] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 82.148305][ T6974] netlink: 36 bytes leftover after parsing attributes in process `syz.2.423'. [ 82.824380][ T6984] overlayfs: missing 'lowerdir' [ 82.847517][ T6983] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 82.870556][ T6986] netlink: 12 bytes leftover after parsing attributes in process `syz.1.428'. [ 82.874610][ T6986] netlink: 12 bytes leftover after parsing attributes in process `syz.1.428'. [ 82.880420][ T5757] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 82.951650][ T6999] netlink: 36 bytes leftover after parsing attributes in process `syz.3.434'. [ 83.135305][ T7009] syzkaller0: entered promiscuous mode [ 83.137759][ T7009] syzkaller0: entered allmulticast mode [ 84.484787][ T7014] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 84.537198][ T7018] netlink: 12 bytes leftover after parsing attributes in process `syz.1.442'. [ 84.538360][ T5757] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 84.549056][ T7018] netlink: 12 bytes leftover after parsing attributes in process `syz.1.442'. [ 84.618168][ T7025] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 84.620968][ T7025] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 84.691212][ T7031] netlink: 36 bytes leftover after parsing attributes in process `syz.2.447'. [ 84.736829][ T7033] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 84.772771][ T7039] netlink: 16 bytes leftover after parsing attributes in process `syz.2.453'. [ 84.775690][ T7039] netlink: 12 bytes leftover after parsing attributes in process `syz.2.453'. [ 84.805920][ T5757] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 84.840445][ T7043] syzkaller0: entered promiscuous mode [ 84.842390][ T7043] syzkaller0: entered allmulticast mode [ 84.939651][ T7051] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 84.943028][ T7051] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 86.335160][ T7065] __nla_validate_parse: 1 callbacks suppressed [ 86.335174][ T7065] netlink: 16 bytes leftover after parsing attributes in process `syz.0.463'. [ 86.344306][ T7065] netlink: 12 bytes leftover after parsing attributes in process `syz.0.463'. [ 86.348916][ T5757] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 86.403387][ T856] cfg80211: failed to load regulatory.db [ 86.583598][ T7086] netlink: 20 bytes leftover after parsing attributes in process `syz.2.473'. [ 86.655421][ T7093] netlink: 16 bytes leftover after parsing attributes in process `syz.2.476'. [ 86.659283][ T7093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.476'. [ 86.739673][ T5757] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 86.876650][ T7090] syzkaller0: entered promiscuous mode [ 86.879080][ T7090] syzkaller0: entered allmulticast mode [ 87.254297][ T7114] netlink: 16 bytes leftover after parsing attributes in process `syz.3.485'. [ 87.266713][ T7114] netlink: 12 bytes leftover after parsing attributes in process `syz.3.485'. [ 87.322162][ T7116] netlink: 20 bytes leftover after parsing attributes in process `syz.2.486'. [ 87.414361][ T5757] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 88.676619][ T5757] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 88.681569][ T7140] netlink: 16 bytes leftover after parsing attributes in process `syz.3.497'. [ 88.684920][ T7140] netlink: 12 bytes leftover after parsing attributes in process `syz.3.497'. [ 88.782544][ T5757] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 88.902877][ T7152] syzkaller0: entered promiscuous mode [ 88.906121][ T7152] syzkaller0: entered allmulticast mode [ 90.304752][ T5757] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 90.565701][ T7188] syzkaller0: entered promiscuous mode [ 90.569116][ T7188] syzkaller0: entered allmulticast mode [ 90.668441][ T7192] serio: Serial port ptm0 [ 92.085916][ T7203] syzkaller0: entered promiscuous mode [ 92.089869][ T7203] syzkaller0: entered allmulticast mode [ 92.121436][ T7215] syzkaller0: entered promiscuous mode [ 92.123191][ T7215] syzkaller0: entered allmulticast mode [ 92.230536][ T7225] __nla_validate_parse: 2 callbacks suppressed [ 92.230552][ T7225] netlink: 12 bytes leftover after parsing attributes in process `syz.1.525'. [ 92.241775][ T7225] netlink: 12 bytes leftover after parsing attributes in process `syz.1.525'. [ 93.560451][ T7253] syzkaller0: entered promiscuous mode [ 93.562361][ T7253] syzkaller0: entered allmulticast mode [ 94.607139][ T7284] syzkaller0: entered promiscuous mode [ 94.612399][ T7284] syzkaller0: entered allmulticast mode [ 94.794818][ T7299] netlink: 40 bytes leftover after parsing attributes in process `syz.0.549'. [ 94.948195][ T7304] kvm_intel: kvm [7303]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x462 [ 95.097129][ T7309] netlink: 12 bytes leftover after parsing attributes in process `syz.2.553'. [ 95.101028][ T7309] netlink: 12 bytes leftover after parsing attributes in process `syz.2.553'. [ 95.428632][ T7317] netlink: 620 bytes leftover after parsing attributes in process `syz.2.557'. [ 95.479031][ T7322] IPv6: addrconf: prefix option has invalid lifetime [ 95.481352][ T7322] IPv6: addrconf: prefix option has invalid lifetime [ 95.595273][ T7330] netlink: 16 bytes leftover after parsing attributes in process `syz.1.562'. [ 95.598723][ T7330] netlink: 12 bytes leftover after parsing attributes in process `syz.1.562'. [ 96.330163][ T7345] netlink: 620 bytes leftover after parsing attributes in process `syz.3.568'. [ 96.477060][ T7353] netlink: 16 bytes leftover after parsing attributes in process `syz.2.571'. [ 97.311672][ T7381] __nla_validate_parse: 2 callbacks suppressed [ 97.311694][ T7381] netlink: 16 bytes leftover after parsing attributes in process `syz.0.583'. [ 97.318208][ T7381] netlink: 12 bytes leftover after parsing attributes in process `syz.0.583'. [ 97.487435][ T7387] netlink: 620 bytes leftover after parsing attributes in process `syz.3.586'. [ 97.717538][ T7400] netlink: 104 bytes leftover after parsing attributes in process `syz.3.592'. [ 98.623821][ T7418] netlink: 8 bytes leftover after parsing attributes in process `syz.2.599'. [ 98.728908][ T7427] netlink: 104 bytes leftover after parsing attributes in process `syz.3.602'. [ 98.827979][ T7433] fuse: Bad value for 'fd' [ 98.968924][ T7442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.608'. [ 99.519045][ T7462] netlink: 8 bytes leftover after parsing attributes in process `syz.0.617'. [ 100.049929][ T7481] netlink: 8 bytes leftover after parsing attributes in process `syz.3.626'. [ 100.098719][ T7483] syzkaller0: entered promiscuous mode [ 100.101531][ T7483] syzkaller0: entered allmulticast mode [ 101.648782][ T7501] tap0: tun_chr_ioctl cmd 2147767521 [ 101.700051][ T7503] netlink: 8 bytes leftover after parsing attributes in process `syz.3.636'. [ 101.865458][ T7517] syzkaller0: entered promiscuous mode [ 101.868248][ T7517] syzkaller0: entered allmulticast mode [ 101.979002][ T7523] syzkaller0: entered promiscuous mode [ 101.981235][ T7523] syzkaller0: entered allmulticast mode [ 102.921210][ T7539] __nla_validate_parse: 2 callbacks suppressed [ 102.921230][ T7539] netlink: 104 bytes leftover after parsing attributes in process `syz.3.652'. [ 103.335112][ T7535] tap0: tun_chr_ioctl cmd 2148553947 [ 103.510553][ T7551] syzkaller0: entered promiscuous mode [ 103.512342][ T7551] syzkaller0: entered allmulticast mode [ 103.557584][ T7553] fuse: Bad value for 'fd' [ 103.571245][ T7557] netlink: 'syz.0.660': attribute type 1 has an invalid length. [ 103.584170][ T7556] overlayfs: missing 'lowerdir' [ 103.601506][ T7557] 8021q: adding VLAN 0 to HW filter on device bond1 [ 103.692942][ T7566] netlink: 104 bytes leftover after parsing attributes in process `syz.0.663'. [ 103.944239][ T7588] overlayfs: missing 'lowerdir' [ 105.015891][ T7629] netlink: 'syz.1.690': attribute type 12 has an invalid length. [ 105.131633][ T7638] netlink: 12 bytes leftover after parsing attributes in process `syz.0.693'. [ 105.231229][ T7640] binder: 7639:7640 ioctl c0306201 0 returned -14 [ 105.234893][ T7640] binder: 7639:7640 ioctl 4b3a 0 returned -22 [ 105.360768][ T7644] syzkaller0: entered promiscuous mode [ 105.363337][ T7644] syzkaller0: entered allmulticast mode [ 106.179992][ T7654] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 106.886341][ T7670] netlink: 28 bytes leftover after parsing attributes in process `syz.3.705'. [ 106.906313][ T7670] netlink: 8 bytes leftover after parsing attributes in process `syz.3.705'. [ 106.910196][ T7670] netlink: 24 bytes leftover after parsing attributes in process `syz.3.705'. [ 106.965545][ T7656] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 106.996611][ T7672] netlink: 16 bytes leftover after parsing attributes in process `syz.2.706'. [ 107.379143][ T7697] netlink: 28 bytes leftover after parsing attributes in process `syz.1.716'. [ 107.382222][ T7697] netlink: 8 bytes leftover after parsing attributes in process `syz.1.716'. [ 107.385191][ T7697] netlink: 12 bytes leftover after parsing attributes in process `syz.1.716'. [ 108.158879][ T7718] syzkaller0: entered promiscuous mode [ 108.162050][ T7718] syzkaller0: entered allmulticast mode [ 108.411054][ T7726] netlink: 28 bytes leftover after parsing attributes in process `syz.1.728'. [ 108.420948][ T7726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.728'. [ 108.432861][ T7726] netlink: 12 bytes leftover after parsing attributes in process `syz.1.728'. [ 108.916599][ T856] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 109.074467][ T856] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 109.079743][ T856] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.089533][ T856] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 109.097016][ T856] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 109.106305][ T856] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.115788][ T856] usb 6-1: config 0 descriptor?? [ 109.204547][ T7752] syzkaller0: entered promiscuous mode [ 109.208226][ T7752] syzkaller0: entered allmulticast mode [ 109.293924][ T7754] netlink: 'syz.3.739': attribute type 1 has an invalid length. [ 109.349132][ T7754] 8021q: adding VLAN 0 to HW filter on device bond1 [ 109.423674][ T7760] netlink: 12 bytes leftover after parsing attributes in process `syz.0.741'. [ 109.462031][ T7762] netlink: 8 bytes leftover after parsing attributes in process `syz.3.742'. [ 109.534706][ T7764] syzkaller0: entered promiscuous mode [ 109.536761][ T7764] syzkaller0: entered allmulticast mode [ 109.572568][ T856] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 109.963174][ T856] usb 6-1: USB disconnect, device number 4 [ 110.576646][ T7783] netlink: 24 bytes leftover after parsing attributes in process `syz.1.746'. [ 111.103498][ T7772] syzkaller0: entered promiscuous mode [ 111.109215][ T7772] syzkaller0: entered allmulticast mode [ 111.312776][ T7800] netlink: 4 bytes leftover after parsing attributes in process `syz.2.751'. [ 111.321508][ T7800] netlink: 12 bytes leftover after parsing attributes in process `syz.2.751'. [ 111.432551][ T7811] netlink: 28 bytes leftover after parsing attributes in process `syz.1.754'. [ 111.435717][ T7811] netlink: 8 bytes leftover after parsing attributes in process `syz.1.754'. [ 111.652677][ T7817] syzkaller0: entered promiscuous mode [ 111.656954][ T7817] syzkaller0: entered allmulticast mode [ 112.392714][ T7829] hub 8-0:1.0: USB hub found [ 112.395682][ T7829] hub 8-0:1.0: 1 port detected [ 113.230496][ T7853] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 113.459516][ T7862] __nla_validate_parse: 6 callbacks suppressed [ 113.459529][ T7862] netlink: 12 bytes leftover after parsing attributes in process `syz.3.772'. [ 113.500956][ T5827] kernel write not supported for file /snd/seq (pid: 5827 comm: kworker/0:3) [ 113.636922][ T7874] netlink: 620 bytes leftover after parsing attributes in process `syz.3.777'. [ 113.818400][ T7878] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.821952][ T7878] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.953095][ T7878] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.965003][ T7878] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.095568][ T7882] netlink: 4 bytes leftover after parsing attributes in process `syz.0.781'. [ 114.122487][ T7880] sch_tbf: burst 32852 is lower than device lo mtu (65550) ! [ 114.125158][ T13] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.129026][ T13] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.134352][ T7882] netlink: 12 bytes leftover after parsing attributes in process `syz.0.781'. [ 114.138475][ T13] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.150105][ T13] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.434289][ T7907] netlink: 84 bytes leftover after parsing attributes in process `syz.1.790'. [ 114.473759][ T7913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.792'. [ 114.481738][ T7913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.792'. [ 114.826485][ T5894] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 114.976441][ T5894] usb 7-1: Using ep0 maxpacket: 8 [ 114.980442][ T5894] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 114.985200][ T5894] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 114.989045][ T5894] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 114.992963][ T5894] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 246 [ 114.997188][ T5894] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 115.000477][ T5894] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.005761][ T5894] usb 7-1: config 0 descriptor?? [ 115.009359][ T7920] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 115.199979][ T7931] loop2: detected capacity change from 0 to 7 [ 115.206961][ T7931] Dev loop2: unable to read RDB block 7 [ 115.209618][ T7931] loop2: AHDI p1 p2 p3 [ 115.210974][ T7931] loop2: partition table partially beyond EOD, truncated [ 115.215802][ T7931] loop2: p1 start 1601398130 is beyond EOD, truncated [ 115.220150][ T7931] loop2: p2 start 1702059890 is beyond EOD, truncated [ 115.254687][ T7937] netlink: 4 bytes leftover after parsing attributes in process `syz.0.804'. [ 115.271811][ T7937] netlink: 12 bytes leftover after parsing attributes in process `syz.0.804'. [ 115.433460][ T5854] usb 7-1: USB disconnect, device number 2 [ 115.436516][ T5757] Bluetooth: hci4: Opcode 0x0c03 failed: -19 [ 115.648808][ T7954] syzkaller0: entered promiscuous mode [ 115.650666][ T7954] syzkaller0: entered allmulticast mode [ 116.294026][ T7984] syzkaller0: entered promiscuous mode [ 116.295917][ T7984] syzkaller0: entered allmulticast mode [ 116.529870][ T7999] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 116.833604][ T8012] syzkaller0: entered promiscuous mode [ 116.836089][ T8012] syzkaller0: entered allmulticast mode [ 117.206431][ T856] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 117.306477][ T5854] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 117.357790][ T856] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.361481][ T856] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.364677][ T856] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 117.367650][ T856] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.373186][ T856] usb 5-1: config 0 descriptor?? [ 117.458649][ T5854] usb 7-1: unable to get BOS descriptor or descriptor too short [ 117.462088][ T5854] usb 7-1: not running at top speed; connect to a high speed hub [ 117.467964][ T5854] usb 7-1: New USB device found, idVendor=1235, idProduct=8201, bcdDevice= 0.40 [ 117.471249][ T5854] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.474007][ T5854] usb 7-1: Product: syz [ 117.475533][ T5854] usb 7-1: Manufacturer: syz [ 117.477355][ T5854] usb 7-1: SerialNumber: syz [ 117.704674][ T5854] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 117.707104][ T5854] usb 7-1: MIDIStreaming interface descriptor not found [ 117.752349][ T5854] usb 7-1: USB disconnect, device number 3 [ 117.785959][ T856] usbhid 5-1:0.0: can't add hid device: -71 [ 117.790982][ T856] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 117.798428][ T856] usb 5-1: USB disconnect, device number 2 [ 117.816223][ T5745] udevd[5745]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 118.231558][ T8043] syzkaller0: entered promiscuous mode [ 118.233370][ T8043] syzkaller0: entered allmulticast mode [ 118.502181][ T8069] syzkaller0: entered promiscuous mode [ 118.504054][ T8069] syzkaller0: entered allmulticast mode [ 118.711403][ T8081] netlink: 4 bytes leftover after parsing attributes in process `syz.2.859'. [ 118.772335][ T8087] netlink: 'syz.3.863': attribute type 1 has an invalid length. [ 118.786233][ T8087] 8021q: adding VLAN 0 to HW filter on device bond2 [ 118.829931][ T8090] syzkaller0: entered promiscuous mode [ 118.831708][ T8090] syzkaller0: entered allmulticast mode [ 119.451669][ T8113] netlink: 24 bytes leftover after parsing attributes in process `syz.0.871'. [ 120.148949][ T8125] sch_tbf: burst 18 is lower than device lo mtu (65550) ! [ 120.240063][ T8134] syzkaller0: entered promiscuous mode [ 120.242846][ T8134] syzkaller0: entered allmulticast mode [ 120.286478][ T8138] netlink: 24 bytes leftover after parsing attributes in process `syz.3.880'. [ 120.570389][ T8157] syzkaller0: entered promiscuous mode [ 120.572798][ T8157] syzkaller0: entered allmulticast mode [ 120.605780][ T8162] netlink: 24 bytes leftover after parsing attributes in process `syz.1.890'. [ 120.715351][ T8167] netlink: 'syz.1.892': attribute type 1 has an invalid length. [ 120.998451][ T8188] netlink: 4 bytes leftover after parsing attributes in process `syz.0.899'. [ 121.004182][ T8189] syzkaller0: entered promiscuous mode [ 121.006086][ T8189] syzkaller0: entered allmulticast mode [ 121.071727][ T8194] netlink: 'syz.2.903': attribute type 1 has an invalid length. [ 121.251406][ T8208] netlink: 4 bytes leftover after parsing attributes in process `syz.1.910'. [ 121.395424][ T8218] netlink: 'syz.1.913': attribute type 1 has an invalid length. [ 121.446398][ T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 121.601715][ T24] usb 7-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 121.612382][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.618088][ T24] usb 7-1: Product: syz [ 121.621837][ T24] usb 7-1: Manufacturer: syz [ 121.627081][ T24] usb 7-1: SerialNumber: syz [ 121.644591][ T24] usb 7-1: config 0 descriptor?? [ 121.653867][ T24] ch341 7-1:0.0: ch341-uart converter detected [ 121.806048][ T8230] syzkaller0: entered promiscuous mode [ 121.808700][ T8230] syzkaller0: entered allmulticast mode [ 121.856676][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 122.016645][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 122.066778][ T24] usb 7-1: failed to send control message: -71 [ 122.070887][ T24] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 122.076644][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 122.078097][ T8235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.920'. [ 122.098451][ T24] usb 7-1: USB disconnect, device number 4 [ 122.116698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 122.118450][ T24] ch341 7-1:0.0: device disconnected [ 122.206787][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 122.354806][ T8252] syzkaller0: entered promiscuous mode [ 122.356638][ T8252] syzkaller0: entered allmulticast mode [ 122.516706][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 122.525172][ T5827] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 122.576346][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 122.616669][ T8259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.930'. [ 122.626773][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 122.676292][ T0] NOHZ tick-stop error: local softirq work is pending, handler #84!!! [ 122.696418][ T5827] usb 8-1: Using ep0 maxpacket: 16 [ 122.701333][ T5827] usb 8-1: config 0 has no interfaces? [ 122.726693][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 122.873519][ T5827] usb 8-1: string descriptor 0 read error: -71 [ 122.875680][ T5827] usb 8-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=90.c3 [ 122.880267][ T5827] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.890866][ T5827] r8152-cfgselector 8-1: Unknown version 0x0000 [ 122.893071][ T5827] r8152-cfgselector 8-1: config 0 descriptor?? [ 122.895358][ T5827] r8152-cfgselector 8-1: can't set config #0, error -71 [ 122.907062][ T5827] r8152-cfgselector 8-1: USB disconnect, device number 2 [ 122.944905][ T8269] syzkaller0: entered promiscuous mode [ 122.947135][ T8269] syzkaller0: entered allmulticast mode [ 123.539639][ T8277] netlink: 'syz.3.937': attribute type 1 has an invalid length. [ 124.146688][ T5757] Bluetooth: hci2: command tx timeout [ 124.602701][ T8283] syzkaller0: entered promiscuous mode [ 124.604384][ T8283] syzkaller0: entered allmulticast mode [ 124.684449][ T8297] netlink: 12 bytes leftover after parsing attributes in process `syz.2.944'. [ 126.043923][ T8322] netlink: 556 bytes leftover after parsing attributes in process `syz.0.950'. [ 126.786890][ T8337] netlink: 12 bytes leftover after parsing attributes in process `syz.2.955'. [ 126.795743][ T8335] syzkaller0: entered promiscuous mode [ 126.806790][ T8335] syzkaller0: entered allmulticast mode [ 126.854654][ T8339] syzkaller0: entered promiscuous mode [ 126.863070][ T8339] syzkaller0: entered allmulticast mode [ 127.016048][ T8351] netlink: 'syz.0.961': attribute type 4 has an invalid length. [ 127.061952][ T8354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.964'. [ 127.077160][ T8354] netlink: 28 bytes leftover after parsing attributes in process `syz.1.964'. [ 127.419673][ T8375] syzkaller0: entered promiscuous mode [ 127.421621][ T8375] syzkaller0: entered allmulticast mode [ 127.465379][ T8378] netlink: 'syz.1.975': attribute type 4 has an invalid length. [ 128.272521][ T8392] netlink: 4 bytes leftover after parsing attributes in process `syz.0.978'. [ 128.330968][ T8393] netlink: 28 bytes leftover after parsing attributes in process `syz.0.978'. [ 129.496822][ T8399] [ 129.497842][ T8399] ====================================================== [ 129.500615][ T8399] WARNING: possible circular locking dependency detected [ 129.503639][ T8399] syzkaller #0 Not tainted [ 129.505931][ T8399] ------------------------------------------------------ [ 129.508841][ T8399] syz.3.981/8399 is trying to acquire lock: [ 129.511141][ T8399] ffff88801ce9fa10 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 129.515109][ T8399] [ 129.515109][ T8399] but task is already holding lock: [ 129.518121][ T8399] ffff888026b71c50 (&q->q_usage_counter(io)#20){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 129.522637][ T8399] [ 129.522637][ T8399] which lock already depends on the new lock. [ 129.522637][ T8399] [ 129.527013][ T8399] [ 129.527013][ T8399] the existing dependency chain (in reverse order) is: [ 129.530706][ T8399] [ 129.530706][ T8399] -> #2 (&q->q_usage_counter(io)#20){++++}-{0:0}: [ 129.534140][ T8399] blk_alloc_queue+0x610/0x790 [ 129.535784][ T8399] blk_mq_alloc_queue+0x174/0x290 [ 129.537525][ T8399] __blk_mq_alloc_disk+0x29/0x120 [ 129.539350][ T8399] loop_add+0x498/0xb60 [ 129.540988][ T8399] loop_init+0x1d3/0x200 [ 129.542592][ T8399] do_one_initcall+0x121/0x750 [ 129.544361][ T8399] kernel_init_freeable+0x6ea/0x7b0 [ 129.546203][ T8399] kernel_init+0x1f/0x1e0 [ 129.547741][ T8399] ret_from_fork+0x72b/0xd50 [ 129.549702][ T8399] ret_from_fork_asm+0x1a/0x30 [ 129.551415][ T8399] [ 129.551415][ T8399] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 129.553684][ T8399] fs_reclaim_acquire+0xc4/0x100 [ 129.555317][ T8399] kmem_cache_alloc_noprof+0x4c/0x6e0 [ 129.557195][ T8399] __kernfs_iattrs+0x124/0x3e0 [ 129.558848][ T8399] __kernfs_setattr+0x4d/0x3c0 [ 129.560535][ T8399] kernfs_iop_setattr+0xda/0x130 [ 129.562170][ T8399] notify_change+0xb25/0x1330 [ 129.563799][ T8399] do_truncate+0x1df/0x240 [ 129.565361][ T8399] path_openat+0x2a55/0x31a0 [ 129.566977][ T8399] do_file_open+0x20e/0x430 [ 129.568666][ T8399] do_sys_openat2+0x10d/0x1e0 [ 129.571016][ T8399] __x64_sys_openat+0x12d/0x210 [ 129.573071][ T8399] do_syscall_64+0x10b/0xf80 [ 129.574793][ T8399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.576897][ T8399] [ 129.576897][ T8399] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 129.579540][ T8399] __lock_acquire+0x14b8/0x2630 [ 129.581260][ T8399] lock_acquire+0x1b1/0x370 [ 129.583031][ T8399] down_read+0x99/0x450 [ 129.584961][ T8399] kernfs_iop_getattr+0x9c/0xf0 [ 129.587155][ T8399] vfs_getattr_nosec+0x2d4/0x430 [ 129.589355][ T8399] vfs_getattr+0x4a/0x60 [ 129.591331][ T8399] loop_query_min_dio_size.isra.0+0x117/0x250 [ 129.594132][ T8399] lo_ioctl+0x13aa/0x1bc0 [ 129.596297][ T8399] lo_compat_ioctl+0xf3/0x160 [ 129.598379][ T8399] compat_blkdev_ioctl+0x682/0x7b0 [ 129.600550][ T8399] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 129.602921][ T8399] __do_fast_syscall_32+0xe7/0x950 [ 129.605263][ T8399] do_fast_syscall_32+0x32/0x70 [ 129.607405][ T8399] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 129.610112][ T8399] [ 129.610112][ T8399] other info that might help us debug this: [ 129.610112][ T8399] [ 129.614240][ T8399] Chain exists of: [ 129.614240][ T8399] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#20 [ 129.614240][ T8399] [ 129.619318][ T8399] Possible unsafe locking scenario: [ 129.619318][ T8399] [ 129.622195][ T8399] CPU0 CPU1 [ 129.624390][ T8399] ---- ---- [ 129.626504][ T8399] lock(&q->q_usage_counter(io)#20); [ 129.628787][ T8399] lock(fs_reclaim); [ 129.631246][ T8399] lock(&q->q_usage_counter(io)#20); [ 129.633733][ T8399] rlock(&root->kernfs_iattr_rwsem); [ 129.635455][ T8399] [ 129.635455][ T8399] *** DEADLOCK *** [ 129.635455][ T8399] [ 129.637975][ T8399] 3 locks held by syz.3.981/8399: [ 129.639563][ T8399] #0: ffff888026cd8430 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 129.643289][ T8399] #1: ffff888026b71c50 (&q->q_usage_counter(io)#20){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 129.647922][ T8399] #2: ffff888026b71c88 (&q->q_usage_counter(queue)#4){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 129.652556][ T8399] [ 129.652556][ T8399] stack backtrace: [ 129.654876][ T8399] CPU: 0 UID: 0 PID: 8399 Comm: syz.3.981 Not tainted syzkaller #0 PREEMPT(full) [ 129.654907][ T8399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 129.654920][ T8399] Call Trace: [ 129.654932][ T8399] [ 129.654941][ T8399] dump_stack_lvl+0x100/0x190 [ 129.654967][ T8399] print_circular_bug.cold+0x178/0x1c7 [ 129.655000][ T8399] check_noncircular+0x146/0x160 [ 129.655029][ T8399] __lock_acquire+0x14b8/0x2630 [ 129.655059][ T8399] lock_acquire+0x1b1/0x370 [ 129.655076][ T8399] ? kernfs_iop_getattr+0x9c/0xf0 [ 129.655095][ T8399] ? __pfx___might_resched+0x10/0x10 [ 129.655115][ T8399] down_read+0x99/0x450 [ 129.655134][ T8399] ? kernfs_iop_getattr+0x9c/0xf0 [ 129.655153][ T8399] ? find_held_lock+0x2b/0x80 [ 129.655174][ T8399] ? __pfx_down_read+0x10/0x10 [ 129.655189][ T8399] ? kernfs_root+0xee/0x2a0 [ 129.655206][ T8399] kernfs_iop_getattr+0x9c/0xf0 [ 129.655223][ T8399] vfs_getattr_nosec+0x2d4/0x430 [ 129.655247][ T8399] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 129.655266][ T8399] vfs_getattr+0x4a/0x60 [ 129.655285][ T8399] loop_query_min_dio_size.isra.0+0x117/0x250 [ 129.655316][ T8399] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 129.655349][ T8399] lo_ioctl+0x13aa/0x1bc0 [ 129.655366][ T8399] ? __pfx_lo_ioctl+0x10/0x10 [ 129.655384][ T8399] ? blk_get_meta_cap+0xd4/0x6c0 [ 129.655405][ T8399] ? lockdep_hardirqs_on+0x78/0x100 [ 129.655429][ T8399] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 129.655447][ T8399] ? tomoyo_path_number_perm+0x28f/0x580 [ 129.655468][ T8399] ? tomoyo_path_number_perm+0x28f/0x580 [ 129.655490][ T8399] ? blkdev_common_ioctl+0x515/0x2b80 [ 129.655508][ T8399] ? tomoyo_path_number_perm+0x188/0x580 [ 129.655525][ T8399] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 129.655546][ T8399] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 129.655572][ T8399] ? do_vfs_ioctl+0x226/0x13e0 [ 129.655587][ T8399] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 129.655606][ T8399] lo_compat_ioctl+0xf3/0x160 [ 129.655622][ T8399] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 129.655640][ T8399] compat_blkdev_ioctl+0x682/0x7b0 [ 129.655663][ T8399] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 129.655687][ T8399] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 129.655710][ T8399] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 129.655727][ T8399] __do_fast_syscall_32+0xe7/0x950 [ 129.655744][ T8399] ? lockdep_hardirqs_on+0x78/0x100 [ 129.655772][ T8399] do_fast_syscall_32+0x32/0x70 [ 129.655787][ T8399] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 129.655808][ T8399] RIP: 0023:0xf7f62f7c [ 129.655824][ T8399] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 129.655842][ T8399] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 129.655859][ T8399] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000004c06 [ 129.655869][ T8399] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000000 [ 129.655877][ T8399] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 129.655886][ T8399] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 129.655895][ T8399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 129.655910][ T8399] [ 129.779209][ T29] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 129.936485][ T29] usb 5-1: Using ep0 maxpacket: 16 [ 129.947797][ T29] usb 5-1: config 0 has no interfaces? [ 130.137763][ T29] usb 5-1: string descriptor 0 read error: -71 [ 130.140649][ T29] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=90.c3 [ 130.146776][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.160206][ T29] r8152-cfgselector 5-1: Unknown version 0x0000 [ 130.162361][ T29] r8152-cfgselector 5-1: config 0 descriptor?? [ 130.164839][ T29] r8152-cfgselector 5-1: can't set config #0, error -71 [ 130.177435][ T29] r8152-cfgselector 5-1: USB disconnect, device number 3 [ 137.580632][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.582930][ T1432] ieee802154 phy1 wpan1: encryption failed: -22