last executing test programs: 1m23.740044211s ago: executing program 3 (id=817): ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x400000, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x6, @remote, 0xfffffffc}}, 0x0, 0x0, 0x6, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c0b5047b80e2c3535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf27900"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x0, 0x20000000, @remote}}, 0x0, 0x0, 0x0, 0x0, "ddfd3b7ed7c6a1c172a987ae5ce3cafd64c9a736831a5912d606798fb75c9981c4b3ac0e06891ff18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf80c07fb1a854dad742eef6187f2304844c296"}, 0xd8) sendto$inet6(r0, 0x0, 0x0, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2, 0x80000000}, 0x1c) 1m23.594679058s ago: executing program 3 (id=819): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x5, 0x30}, 0xc) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000002700)={0x1, 0x2, 0x0, 0xfffffff8}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x106, 0x5}}, 0x20) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000005c0)={0x8, 0x0, 0xfff, 0xfffffffa}, 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x3, 0xf06, 0x1, 0x94, 0xfffffffd, 0x5}, 0x9c) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000480)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty}}, 0xffffec47, 0x9, 0xffff1896, 0x100, 0x25, 0x7fff}, 0x9c) 1m23.480459273s ago: executing program 3 (id=822): openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x2adc0, 0x1c1}, 0x18) r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000080)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2, 0x3a, 'M', 0x3a, '\xcb\x94-\xa8|55a', 0x3a, './file0', 0x3a, [0x46, 0x46, 0x43]}, 0x33) 1m23.318103649s ago: executing program 3 (id=824): syz_mount_image$msdos(&(0x7f0000000900), &(0x7f0000000040)='./file0\x00', 0x3000002, &(0x7f00000000c0)=ANY=[@ANYRES8=0x0], 0x1, 0x26f, &(0x7f0000000280)="$eJzs3cFuEkEYB/CvQCntRc7GwyZePBH1DYipiZHEBMNBT5JUL60x2V7QizyGB5/AR/IxeuptDQ4FSqgxadltu79fAnzMP2FmCTB7mGE/PPp8fPTl9FPx+0d0Olm7FTGN84huNKIZyc7srnNRt2PVtHnpaewFAHDbDYfjftVjYLvyvD/e3XhuNvpVyYAAAAAAAAAAAAC4trX1/3Hl+v+IaGxa/1/6iAGA67L+//7L8/74YH7+dpn1/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB1zoviQfGPW0QUyfeqhwoA3JD/mP8BgHvG/A8A9WP+B4D6efvu/ev+YHA4zLJOxNl0MpqM0mPKX74aHD7N/upGRCO1nk0mo+Yif5bybPmqs3w3Dub58415O548Tvkse/FmsJbvxVE5bwEAAAAAAAAAAAAAAAAAAABUrpctdJety/39vd5VeapW/h9gbf9+Kx62SjsMAAAAAAAAAAAAAAAAAAAAuNNOv347Hp+cfMzLKXYiYtHyMyJurovWvGiudqHYdhFRbqf75X9ot1vsz7+Jt2U8F0XFP0wAAAAAAAAAAAAAAAAAAFBDqxu5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCultf/315R9TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9fAnAAD//y5pkJM=") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 1m23.032502731s ago: executing program 3 (id=827): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x80000000000000) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000000)={{0x1, 0x4000, 0xe, 0x0, 0x81, 0x4, 0xd, 0x4e, 0x0, 0x7, 0x6, 0x1}, {0x5000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0x5, 0x7, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0x7, 0x2, 0x1, 0x7, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xdddd1000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0xc, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0xf3, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0x3, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x2, 0x8e}, {0x4, 0x7}, {0x6000, 0x5}, 0x80000035, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x108001, 0x80]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m22.610828779s ago: executing program 3 (id=830): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendmmsg$unix(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40080}}], 0x1, 0x0) close(0x3) connect$unix(r1, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e) 1m22.35352768s ago: executing program 32 (id=830): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendmmsg$unix(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40080}}], 0x1, 0x0) close(0x3) connect$unix(r1, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e) 1m20.229603s ago: executing program 0 (id=853): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x80000000000000) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000000)={{0x1, 0x4000, 0xe, 0x0, 0x81, 0x4, 0xd, 0x4e, 0x0, 0x7, 0x6, 0x1}, {0x5000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0x5, 0x7, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0x7, 0x2, 0x1, 0x7, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xdddd1000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0xc, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0xf3, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0x3, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x2, 0x8e}, {0x4, 0x7}, {0x6000, 0x5}, 0x80000035, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x108001, 0x80]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m19.473013853s ago: executing program 0 (id=858): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x16, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000280)={0x2, 0x40000105, 0x0, 0x0}) r1 = getpid() bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) chroot(&(0x7f0000000000)='./file0\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) 1m17.264372367s ago: executing program 0 (id=872): fsopen(&(0x7f00000002c0)='gfs2\x00', 0x1) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000b80)=ANY=[], 0x134}, 0x1, 0x0, 0x0, 0x24040841}, 0x40008) sendmsg$NL80211_CMD_GET_KEY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x4, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0xc045) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='bbr', 0x37) write$binfmt_elf64(r1, &(0x7f0000000f80)=ANY=[], 0x540) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1) sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x14, r2, 0x800, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x20000000) 1m16.995014928s ago: executing program 0 (id=877): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, r0) setpgid(0x0, r0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) 1m16.71036935s ago: executing program 0 (id=880): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRESOCT=0x0], 0x7c}, 0x1, 0x0, 0x0, 0x44}, 0x40001) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) syz_emit_vhci(0x0, 0x35) socket$netlink(0x10, 0x3, 0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x395, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xffffffff, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2000000000002) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0) pread64(r6, &(0x7f0000000a00)=""/126, 0x7e, 0x7) 1m16.191742772s ago: executing program 0 (id=884): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) capset(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket(0xa, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000005c0)=ANY=[], 0x210) 1m15.674103954s ago: executing program 33 (id=884): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) capset(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket(0xa, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000005c0)=ANY=[], 0x210) 8.529409149s ago: executing program 1 (id=1438): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRESOCT=0x0], 0x7c}, 0x1, 0x0, 0x0, 0x44}, 0x40001) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) syz_emit_vhci(0x0, 0x35) socket$netlink(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x395, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xffffffff, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2000000000002) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0) pread64(r5, &(0x7f0000000a00)=""/126, 0x7e, 0x7) 6.869815799s ago: executing program 5 (id=1451): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) syz_clone(0x1000000, 0x0, 0xfffffd11, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) prctl$PR_SET_THP_DISABLE(0x29, 0x1) 6.096647242s ago: executing program 4 (id=1458): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) bind$packet(r2, &(0x7f0000000300)={0x11, 0x0, r1}, 0x14) bind$packet(r2, &(0x7f0000000040)={0x11, 0x3, r1, 0x1, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) 6.030398335s ago: executing program 1 (id=1459): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x1e8, 0x0, 0x8, 0xfa04, 0x98, 0x6c02, 0x150, 0x194, 0x194, 0x150, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'erspan0\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0xffff, 0x0, 0x0, 'snmp\x00', {0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248) 5.866628131s ago: executing program 4 (id=1461): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x16, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000280)={0x2, 0x40000105, 0x0, 0x0}) r1 = getpid() bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) chroot(&(0x7f0000000000)='./file0\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) 5.825849193s ago: executing program 1 (id=1462): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0xa4, '\x00', 0x567c4e8f, 0x1ff, 0x7, 0x7}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40098}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 5.209727139s ago: executing program 1 (id=1469): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRESOCT=0x0], 0x7c}, 0x1, 0x0, 0x0, 0x44}, 0x40001) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) syz_emit_vhci(0x0, 0x35) socket$netlink(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x395, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xffffffff, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2000000000002) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0) pread64(r5, &(0x7f0000000a00)=""/126, 0x7e, 0x7) 4.776262757s ago: executing program 5 (id=1472): openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0xe8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0x6}, {0x6, 0xe}}}, 0x24}}, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0xff) syz_open_dev$loop(&(0x7f0000000040), 0x81000000000000, 0x40000) r0 = socket(0xa, 0x3, 0x87) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x890b, &(0x7f0000000000)) 3.742805092s ago: executing program 2 (id=1474): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000001c0)={0x2, 0x0, @ioapic={0x2000, 0x2, 0x0, 0xffffffff, 0x0, [{0x81, 0x1, 0x2, '\x00', 0xff}, {0x6, 0x3, 0x5, '\x00', 0xff}, {0x1, 0x2, 0x91, '\x00', 0x6}, {0x4, 0x2, 0x8, '\x00', 0xff}, {0x9, 0x9, 0x80, '\x00', 0x8}, {0xfa, 0xce, 0x6, '\x00', 0x6}, {0x17, 0x8, 0x4, '\x00', 0xcf}, {0x4, 0xd, 0xf, '\x00', 0xb}, {0x98, 0xb, 0x4, '\x00', 0xfb}, {0x1, 0x4, 0xf9, '\x00', 0x9}, {0xd, 0xfd, 0x8, '\x00', 0x9}, {0x2, 0x5, 0x10, '\x00', 0x5}, {0xf, 0x6, 0x3, '\x00', 0x7f}, {0x9, 0x1, 0x8, '\x00', 0x8}, {0x81, 0x10, 0x4, '\x00', 0x3d}, {0x1, 0xe, 0x80, '\x00', 0x20}, {0x0, 0xc, 0x20, '\x00', 0x5}, {0x20, 0x40, 0x8, '\x00', 0xfc}, {0xb, 0x2, 0x5, '\x00', 0x4}, {0xf9, 0x5, 0x9, '\x00', 0x8}, {0x1, 0x6, 0x9, '\x00', 0xa}, {0x89, 0xfc, 0x94, '\x00', 0xa}, {0x5, 0xeb, 0xc0}, {0x6, 0x5, 0x0, '\x00', 0x1}]}}) 3.681099015s ago: executing program 2 (id=1475): io_setup(0x8, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x6, @remote, 0xfffffffc}}, 0x0, 0x0, 0x6, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c0b5047b80e2c3535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf27900"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x0, 0x20000000, @remote}}, 0x0, 0x0, 0x0, 0x0, "ddfd3b7ed7c6a1c172a987ae5ce3cafd64c9a736831a5912d606798fb75c9981c4b3ac0e06891ff18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf80c07fb1a854dad742eef6187f2304844c296"}, 0xd8) sendto$inet6(r0, 0x0, 0x0, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2, 0x80000000}, 0x1c) 3.666112215s ago: executing program 6 (id=1476): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x37, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xc1b}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) 3.510759982s ago: executing program 5 (id=1477): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe809000000fff5dd00000010000100050808004149004001040800", 0x58}], 0x1) 3.486524393s ago: executing program 2 (id=1478): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0xc) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x8) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x0) splice(r4, 0x0, r3, 0x0, 0x1000, 0x800000000000000) splice(r2, 0x0, r5, 0x0, 0x80, 0x8) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0) 3.300211081s ago: executing program 6 (id=1479): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@delchain={0x24, 0x66, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0xffe2, 0xfff1}, {0x7, 0xffff}, {0x1, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) 3.05558983s ago: executing program 6 (id=1480): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0xa4, '\x00', 0x567c4e8f, 0x1ff, 0x7, 0x7}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40098}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 2.830767541s ago: executing program 5 (id=1481): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="67400f07c40249af4b8bb9800000c00f3235010200000f300f20a366450f769e00000100440f20c03588001d00445b66baf80cb88cf4b684ef66bafc0ced460f01c9c4827d24c366ba4cf0ff07ef87f345a57a43e16806a4", 0x58}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x4000) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000340)={{0x2000, 0xeeee0000, 0x3, 0x9, 0xfb, 0xe4, 0x40, 0x3, 0x0, 0x2e, 0x19}, {0xffff1000, 0xeeee6001, 0x0, 0x0, 0x8, 0x5, 0x7d, 0x7, 0x5, 0x3}, {0xeeef0000, 0xdddd0000, 0x10, 0x5, 0x3, 0x4, 0x4, 0x9, 0x1, 0xa7, 0x5, 0x6}, {0x6000, 0xffef3000, 0xa, 0x6, 0x4, 0x46, 0xe0, 0x4, 0x5, 0x6, 0xe}, {0xeeef0000, 0xd000, 0x0, 0x3, 0x15, 0xf, 0xab, 0x7f, 0xf, 0x7, 0xf7, 0x83}, {0x6000, 0x8080000, 0xf, 0xa0, 0xb1, 0x8, 0x5e, 0xa0, 0x7d, 0xf, 0x1, 0x7}, {0xeeee8000, 0x8000000, 0x0, 0x85, 0x7, 0x5, 0x7, 0xfe, 0x5, 0x81, 0xff, 0x70}, {0xb000, 0x6000, 0x9, 0x5, 0xf, 0x6, 0x1, 0x34, 0x2, 0xc, 0xb0, 0x9}, {0xffff1000, 0x1}, {0x4}, 0xc0040035, 0x0, 0xdddd1000, 0x42410, 0x3, 0x2001, 0x3000, [0x6800000000000000, 0x4, 0x5e, 0xff]}) 2.488242195s ago: executing program 1 (id=1482): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) 2.319311392s ago: executing program 6 (id=1483): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) syz_clone(0x201e0000, 0x0, 0x0, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000040)='.\x00', 0x2) 2.290717913s ago: executing program 4 (id=1484): r0 = userfaultfd(0x80001) r1 = socket$nl_route(0x10, 0x3, 0x0) add_key$keyring(0x0, &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r5, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000ac0)="89e4192d92359cb3ee294530ae76ad6dc4ff20cc3ccc9d41018dd482ad1f395d4e38bd22b6fcae05c49fbdfdf66ae2994f191e9222effcb97205d0aaed4b29919f9e3bab7fdb276ca29501903c98de0b0cc8afca563f94fe69b6927ae594d1b53ad9f4a9f9f5c84a518d37939c84a5bd15048115ac421e9c56866ab6f91b0e8181d8999dd86c0177a971a39bf35b38eb0504bf70c02cc307c62d6f06c80b146153ca56a182831696c8cf46d2b065744e6dd4415ceff773e8d3a45aacc4fd8972cbe77878ce48d531066ec9e4790196e4a17b08ea09d4d3febf6721a44390383c7261e9e09f20c23f95e9c04d3c10220f3962d98b2bd98d5c3e50169a4c0c99f29c7a336489c26259957c4bdeae1c8cdf60d817db09336f680bbe954dc05669c9d48cb0a0488ed2385d935a7166b3187189e08d421903d546126289651db812f9c8754c0dc6f24a22ca988a2ac131cc52d724bb086a53a94e515e09fef354e9ca0daacaa347e96b3efd7c5c4063f6eb0cf55f08ff942780e6846d78410057ca2b845e69eeda4066de60a033e2f3c7e47b2f0c0c4c7da98b1d658c620f70dbe6eb8b5dd90216caa82c91db4c0f7ea02df5d5f8d6815d2d7868e6a6053f31a4fbe8732a1310ca7a79814177a981e5ab68dfeba4fe46ed4c51819be1308f73455e311f511ce4360cc7c24836c9b895ee5ce93cc42dd88f02d91b479c1748339024343700cce897087bbaae4fbd8e2ad5da016265ef097043acaf87504dde24216c805b40cf4d6edf2ae6564182acdf06580dde3fb66ab01625ffadc22f1ac7b97b9dec871edd96e86af127be1ef27548917a49476ce87f1719173369caf69d35d25637f0514e3e06069877968eb874a1c1adc92e760670e42b6cccd2fe0a5f9c543a44b382befc422d4486416b6fabe2f11944a3f08cded6fad9e3304a202d1c58841a6ab78b28a4162db2671d9ea74ee6f3b33a282f42abc911e3245531a34f5567cfcaa1cf762677c9f61d3aa2c4d76210edf440bf53e816d008ab2ea29cf42de9b88442d6b2eec4fbf23f7d23eaab316335dfc2dc10f9148df0b83d92c3a94fb0b49365af5ba599a1ea8e6fc7aea8df9208795cbbdf0af04f5f08fc828cb347a6e9daddbe514675b31e5134c7dfbb060dfc632ad82141ddea4e77e6c63c1843ca6fc820558b7355bae86e106c2be9c9b500c5134ab62444a8423d596bfe0e3b2df47dabf5abe271ae947f4878132915332e4fcc5b81ad6f12570de44f0fdd6a96397acebf95421c88ff274365be770edd1bd1f69bc2d2883fa70fa68828bddcb98f90b0b77e28f9c4726e5b0c52fa6f30a8d57321dfd2f2678bbc6511f39019f49d7dde6f19adeac78e4064b8288f5b4ac7d8ca35f7f70dfb376f5f3af98f02e76e57e21a00bac677703c8e2169816f5cf6c4d1bf803e0b2987544eeeffd197bcc10fe1d9a7b826a6693dc8bb32f19f25a88a15c3dcd30e7f48f0cda06ca99152bd1c892735598c32c6098ae12ef493334be720cb0ba3c710954fe0a80c3dec255f194761e5e904262118307bb49901808f9ca1af58648e9d57ffb744fd4f1d01b5ccaeaa5231def3f800cb8341d9109d93e3871c395892f8ffe25d6d9a7faa7073fd9c3b3aac94c554dab9c35667eb49d5f0e47fd6bb41ca4b2f420b1e3915fa653aaf8d842cc4b0fec5011bd0ba372601fb7930ce98402d2e3d64f8422550a621fa23b128e66b6afe1a74dab2b53de22214844e53441ab7998d4ac3557cca9ffe4997c778243c943ca2de0b1deba8468a5fe3c0f1fa93a9a7bb5dbc3ec2058ac7ad4ffa64966bbd90a5f3f53de5c44af6e93f248471ca09", 0x518}], 0x1}}], 0x1, 0x40) sendto$inet(r5, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80c0}, 0xc0884) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10}) 1.954753648s ago: executing program 5 (id=1485): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, 0x0) 1.261103007s ago: executing program 1 (id=1486): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x0, 0xd, 0x100000) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') preadv(r0, &(0x7f0000000340)=[{&(0x7f0000003200)=""/4096, 0x1000}], 0x1, 0x2c2, 0xca) 608.750465ms ago: executing program 4 (id=1487): syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYRES64=0x0], 0x0, 0x7b7, &(0x7f00000002c0)="$eJzs3U1sHGf5APBnXbvJ35Wiqv8qjaI0naRFSqXUXa9bF6uHsl2PnWnXu6vdNXKEUBs1TmXFaauWCuoDJZcWEAhx4li49sYNhAQSB+CERA9cuFXqCRUEEgIhJKOZ3XUce/3R1Pmg/f2s+B3PPPO+z7vezLNje2YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIhSbbZcnixFPWssLiXbjEREcn8/dmH79g2D/n51XbPLuBGl/F8cPhzHequO3X9t89H80+k40fvqRBzOm8Oxds/Re5/+/9GRwf67JHSjTu0zrhTxrTypyxdWV5dfvwmJ3ELf/cVuW0eHrfzXev55Pm1knWa2UJ1Pk6zTTGamp8uPn5vrJHNZPe2c73TThaTWTqvdZjs5U3s0mZyZmUrSifPNxcb8bLWeDlY+9VilXJ5OnptopdV2p9l4/LmJTu1cVq9njfkiplL+euQxTyW12fbzWTfpptWFJLm0sro8tdfs8qDJXbafeOTej9788O8ry/kTcqegUv+JWZmcrFQmp5+cefKpcnm0Uq5cv6K8RWxExEhEHnFTnrTcOYpD5m4O5sANB2CkX/+jHlk0YjGWIhnyMRa1mI12NGMh//qPY9si+gb1/wuP/+X3u427uf4Pqvyxa5uPR1H/T/a+OrlT/R+a60F+jPTz2Wn7G/FWrMXluBCrsRrL8fpNz+hTfowcbH/zkUYjsuhEM7JYiGqxJumvSWImpmM6yvFCnIu56EQSc5FFPdLoxPnoRDfS4hlVi3akUY1uNKMdSZyJWjwaSUzGTMzEVCSRxkScj2YsRiPmYzaqRS+XYqV43Ke25HX0my/+/OU/fPRevrwRNLnLREr5i7k86G+7BG0r9/uv/+vRj1D/P+8O+AgON259UP8BAACAz6xS8dP3/Px/LB4sluayevqV250WAAAAcICK3/yfyJuxfOnBKOXn/+UhkR/c8twAAACAg1EqrrErRcR4PNRbGlwuNeyHAAAAAMD/oOL3/yfzZjzi7WKF838AAAD4jPn2TvfY/3Bwj91O61Dpl3+NdnusdLW19EjpSjWPq165q7dfv/nyRo/dueOlw9HrpOhrenTtnlJEjNbSE6XB3S//c6jXflx8Pj66sftO9/ovbUlgY4+7tk4pT+DI2pYEjhYDfy9O9WJOXey1F/tx/TsSj89l9XSi1qw/XdwSMf/XffOVlW9EMf3vNBaOlOLSyuryxEuvrl4scrma93L1Sv8Gitvuozg8l2LE9f4jEA8On/FYcSFGf9zx3rjlzd+A/r2JR3Yfs7R5zHfidC/m9HivHb9+/ofzMScnnp6MavXISDdd6r65vmn2/SwmP+XM34mHezEPn3m41wzJonJdFq9sz6KyOYv9PRZ7ZjHWf2K9d+rtpX/8pllKp/bKYmpLFoc/YRYAt8ul4q4/16rQ/xVV6N/rPXn9v1Z3k15AX/8o98BGV/lRblAGthzlLsXGlsH+m2rdaGyr7ltfXsSWUXY4op/pxZzpvZ4YPT6krpSHHNFfW3ntt/0j+hPv/+jHXz35u5/eeHV7Px7txfSbuO/XO9TYfM7fbyyMDzpdeqa/8JMdx+3UK6UYi7jra1dei6NvvLX22MqVCy8vv7z8SqUyNV1+olx+shJjxUuFfqP2ADDE3u+xs2dE6Yk9zqrv2/iTgol4KV6N1bgYZ4urDSLioeG9jm/6M4SzcTqKk+UdzlrHN73Dy9k9zi2vxVa2xw5eV2yLndr0iD3ww6L55038pgDATXZ6jzq8n/p/do/z7utr+Zaz49i5lg/zxZv6aADA50Pa/rg03n231G5nrRcmZ2Ymq91zadJu1p5P2tnsfJpkjW7arp2rNubTpNVudpu1wQ+OZ9NO0llstZrtbjLXbCetZidbKt75Pem/9XsnXag2ulmt06qn1U6a1JqNbrXWTWazTi1p3f1sPeucS9vFzp1WWsvmslq1mzUbSae52K6lE0nSSdOktTgIzGbTRjeby/LFRtJqZwvV9tWIqC8upMls2qm1s1a32etwMFbWmGu2F4puJ7ZP/8+3+vEGgDvBG2+tXb6wurr8+idcGI1i4U/7Cb7dcwQArqdKAwAAAAAAAAAAAADAnW/75Xr52hu5InDtUHzyvQ7FDV19aGEfC/k38g5I4/YuvPjMM5d3inn27WPn9tfP8P8pwy51ffdIxN0/+0FvzZdu1Uw/iIgb2H29tEvM7T4yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2/w0AAP//naJXlA==") mkdirat(0xffffffffffffff9c, &(0x7f0000000b80)='./file1\x00', 0x4e) syz_mount_image$fuse(0x0, &(0x7f0000000c40)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) 486.69047ms ago: executing program 2 (id=1488): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x20000000, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0xa0, 0xfd, 0x5, 0x0, 0x3, 0x3, 0x9, 0x1, 0xf8, 0x19, 0x7, 0x3, 0x0, 0x9d, 0x1, 0x7, 0x4, 0x40, 0x0, '\x00', 0x4, 0xcaa}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0xe6, 0x561, 0xffffffff, 0x4, 0xfffffffffffffffd, 0x7, 0x9, 0xb, 0x0, 0x80, 0x5ac, 0x798, 0xa, 0x46, 0xc976, 0x6], 0x3000, 0x20200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 463.911821ms ago: executing program 6 (id=1489): socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket(0x2, 0x80805, 0x0) socket(0x10, 0x803, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 371.419405ms ago: executing program 2 (id=1490): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x30, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0x2}, {}, {0xe, 0x300}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) 258.70285ms ago: executing program 4 (id=1491): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, 0x0, 0x0) 258.35184ms ago: executing program 5 (id=1492): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xb6) 234.204351ms ago: executing program 2 (id=1493): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRESOCT=0x0], 0x7c}, 0x1, 0x0, 0x0, 0x44}, 0x40001) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) syz_emit_vhci(0x0, 0x35) socket$netlink(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x395, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xffffffff, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2000000000002) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0) pread64(r5, &(0x7f0000000a00)=""/126, 0x7e, 0x7) 181.216123ms ago: executing program 6 (id=1494): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0xa4, '\x00', 0x567c4e8f, 0x1ff, 0x7, 0x7}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40098}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 0s ago: executing program 4 (id=1495): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x16, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000280)={0x2, 0x40000105, 0x0, 0x0}) r1 = getpid() bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) chroot(&(0x7f0000000000)='./file0\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) kernel console output (not intermixed with test programs): c address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.077432][ T4277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.087422][ T4277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.098078][ T4277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.109686][ T4277] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.118408][ T4265] device veth0_macvtap entered promiscuous mode [ 67.134111][ T4265] device veth1_macvtap entered promiscuous mode [ 67.187362][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.187886][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.209608][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.209712][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.228059][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.237759][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.250210][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.272687][ T4277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.288355][ T4277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.298660][ T4277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.310044][ T4277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.333122][ T4277] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.344418][ T4270] device veth0_macvtap entered promiscuous mode [ 67.364312][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.391652][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.401343][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 67.410206][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.425061][ T4277] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.434396][ T4277] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.443934][ T4277] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.452897][ T4277] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.533774][ T4270] device veth1_macvtap entered promiscuous mode [ 67.553135][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.561704][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.608242][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.620945][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.639231][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.671589][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.689843][ T4386] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 67.692441][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.731344][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.746962][ T4265] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.761084][ T4270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.810753][ T4270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.810756][ T27] audit: type=1800 audit(1764747347.381:2): pid=4386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 67.843965][ T4270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.858884][ T4270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.869590][ T4270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.882674][ T4270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.894665][ T4270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.920930][ T4270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.963692][ T4270] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.991505][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.001329][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.019059][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.040485][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.075876][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.104924][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.138394][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.157116][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.171498][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.182737][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.199829][ T4265] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.224059][ T4396] netlink: 'syz.3.9': attribute type 10 has an invalid length. [ 68.232149][ T4347] bond0: (slave bond_slave_0): interface is now down [ 68.243298][ T4347] bond0: (slave bond_slave_1): interface is now down [ 68.258777][ T4396] device syz_tun entered promiscuous mode [ 68.262896][ T56] bond0: (slave bond_slave_0): interface is now down [ 68.277926][ T56] bond0: (slave bond_slave_1): interface is now down [ 68.302544][ T11] bond0: (slave bond_slave_0): interface is now down [ 68.311130][ T4396] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 68.320184][ T11] bond0: (slave bond_slave_1): interface is now down [ 68.328335][ T11] bond0: (slave syz_tun): interface is now down [ 68.338979][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.363869][ T11] bond0: (slave bond_slave_0): interface is now down [ 68.373196][ T11] bond0: (slave bond_slave_1): interface is now down [ 68.381676][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.414749][ T11] bond0: (slave syz_tun): interface is now down [ 68.427379][ T4270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.437055][ T4361] bond0: (slave bond_slave_0): interface is now down [ 68.449525][ T4361] bond0: (slave bond_slave_1): interface is now down [ 68.456720][ T4270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.466714][ T4361] bond0: (slave syz_tun): interface is now down [ 68.577832][ T4361] bond0: (slave bond_slave_0): interface is now down [ 68.586831][ T4270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.603108][ T4361] bond0: (slave bond_slave_1): interface is now down [ 68.614237][ T4270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.627328][ T4361] bond0: (slave syz_tun): interface is now down [ 68.639426][ T4270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.652134][ T4361] bond0: (slave bond_slave_0): interface is now down [ 68.658878][ T4361] bond0: (slave bond_slave_1): interface is now down [ 68.660327][ T4270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.678422][ T4270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.689276][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.697812][ T4270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.717964][ T4361] bond0: (slave syz_tun): interface is now down [ 68.736872][ T4270] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.744714][ T4281] Bluetooth: hci2: command 0x0419 tx timeout [ 68.753209][ T37] bond0: (slave bond_slave_0): interface is now down [ 68.823082][ T4281] Bluetooth: hci4: command 0x0419 tx timeout [ 68.823251][ T4282] Bluetooth: hci0: command 0x0419 tx timeout [ 68.829141][ T4281] Bluetooth: hci1: command 0x0419 tx timeout [ 68.835208][ T47] Bluetooth: hci3: command 0x0419 tx timeout [ 68.849976][ T37] bond0: (slave bond_slave_1): interface is now down [ 68.868892][ T37] bond0: (slave syz_tun): interface is now down [ 68.881333][ T4265] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.924430][ T4265] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.929306][ T11] bond0: (slave bond_slave_0): interface is now down [ 68.948086][ T4265] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.950782][ T11] bond0: (slave bond_slave_1): interface is now down [ 68.957031][ T4265] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.980724][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 69.016573][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 69.022201][ T11] bond0: (slave syz_tun): interface is now down [ 69.045916][ T11] bond0: (slave bond_slave_0): interface is now down [ 69.072314][ T11] bond0: (slave bond_slave_1): interface is now down [ 69.079423][ T11] bond0: (slave syz_tun): interface is now down [ 69.105829][ T9] bond0: (slave bond_slave_0): interface is now down [ 69.113465][ T9] bond0: (slave bond_slave_1): interface is now down [ 69.120335][ T9] bond0: (slave syz_tun): interface is now down [ 69.140719][ T4270] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.150931][ T9] bond0: (slave bond_slave_0): interface is now down [ 69.160565][ T9] bond0: (slave bond_slave_1): interface is now down [ 69.169385][ T4270] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.178690][ T9] bond0: (slave syz_tun): interface is now down [ 69.189115][ T4270] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.199293][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 69.209325][ T4270] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.250922][ T4361] bond0: (slave bond_slave_0): interface is now down [ 69.257945][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.283589][ T4361] bond0: (slave bond_slave_1): interface is now down [ 69.289418][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.303045][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 69.387784][ T4361] bond0: (slave syz_tun): interface is now down [ 69.412759][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.420301][ T11] bond0: (slave bond_slave_0): interface is now down [ 69.471037][ T11] bond0: (slave bond_slave_1): interface is now down [ 69.503430][ T11] bond0: (slave syz_tun): interface is now down [ 69.524253][ T4361] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.544528][ T4347] bond0: (slave bond_slave_0): interface is now down [ 69.563044][ T4361] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.587737][ T4347] bond0: (slave bond_slave_1): interface is now down [ 69.608058][ T4347] bond0: (slave syz_tun): interface is now down [ 69.649485][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.709068][ T4347] bond0: (slave bond_slave_0): interface is now down [ 69.709508][ T4361] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.762037][ T4347] bond0: (slave bond_slave_1): interface is now down [ 69.768790][ T4347] bond0: (slave syz_tun): interface is now down [ 69.775156][ T4361] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.814441][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.837624][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.839926][ T4347] bond0: now running without any active interface! [ 69.871018][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.896081][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.930436][ T4402] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.11'. [ 69.942382][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 69.982238][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.990590][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.998967][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 70.007293][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 70.030840][ T4403] netlink: 72 bytes leftover after parsing attributes in process `syz.1.11'. [ 70.129833][ T4405] binder: 4401:4405 ioctl 40046629 200000000200 returned -22 [ 70.195502][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.742359][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.772011][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 70.783550][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.794550][ T0] NOHZ tick-stop error: local softirq work is pending, handler #28a!!! [ 70.798295][ T4403] syz.1.11 (4403): drop_caches: 2 [ 70.971622][ T4361] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.980875][ T4361] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.018865][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 71.172632][ T4309] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 71.244116][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.258249][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.415438][ T4309] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 71.432184][ T4309] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 71.442813][ T4309] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 71.453064][ T4309] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 71.464688][ T4309] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 71.500124][ T4309] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 71.532503][ T4309] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 71.554861][ T4309] usb 3-1: Product: syz [ 71.559198][ T4309] usb 3-1: Manufacturer: syz [ 71.623361][ T4309] cdc_wdm 3-1:1.0: skipping garbage [ 71.629992][ T4309] cdc_wdm 3-1:1.0: skipping garbage [ 71.678934][ T4309] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 71.685354][ T4309] cdc_wdm 3-1:1.0: Unknown control protocol [ 71.824019][ T4415] tipc: Started in network mode [ 71.829263][ T4415] tipc: Node identity 220a85715bfa, cluster identity 4711 [ 71.836824][ T4415] tipc: Enabled bearer , priority 0 [ 71.867764][ T4420] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 71.870161][ T4409] tipc: Disabling bearer [ 73.884557][ T4342] usb 3-1: USB disconnect, device number 2 [ 74.473008][ T4452] netlink: 6032 bytes leftover after parsing attributes in process `syz.4.20'. [ 75.442221][ T4449] sched: RT throttling activated [ 75.529993][ T4456] netlink: 'syz.3.19': attribute type 4 has an invalid length. [ 75.574699][ T4459] netlink: 72 bytes leftover after parsing attributes in process `syz.4.20'. [ 75.656938][ T4460] binder: 4451:4460 ioctl 40046629 200000000200 returned -22 [ 76.920570][ T1169] cfg80211: failed to load regulatory.db [ 77.369534][ T4469] tipc: Started in network mode [ 77.400384][ T4469] tipc: Node identity 3eec9f7c9a65, cluster identity 4711 [ 77.552337][ T4469] tipc: Enabled bearer , priority 0 [ 77.720887][ T4467] tipc: Disabling bearer [ 77.947900][ T4459] syz.4.20 (4459): drop_caches: 2 [ 78.181107][ T4484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.30'. [ 78.974853][ T7] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 79.173660][ T7] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 79.202018][ T7] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 79.228463][ T7] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 79.248604][ T7] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 79.279895][ T7] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 80.327321][ T4497] netlink: 'syz.0.32': attribute type 4 has an invalid length. [ 80.423389][ T7] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 80.452095][ T7] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 80.537298][ T4500] 9pnet_virtio: no channels available for device syz [ 80.554581][ T4500] overlayfs: failed to resolve './file0': -2 [ 80.584261][ T7] usb 5-1: Product: syz [ 80.588467][ T7] usb 5-1: Manufacturer: syz [ 80.643228][ T7] cdc_wdm 5-1:1.0: skipping garbage [ 80.663847][ T7] cdc_wdm 5-1:1.0: skipping garbage [ 80.701144][ T7] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 80.719130][ T7] cdc_wdm 5-1:1.0: Unknown control protocol [ 81.637525][ T4527] tipc: Enabled bearer , priority 0 [ 81.689222][ T4526] tipc: Disabling bearer [ 82.220251][ T4536] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.42'. [ 82.314759][ T4537] netlink: 72 bytes leftover after parsing attributes in process `syz.0.42'. [ 82.390141][ T4538] binder: 4535:4538 ioctl 40046629 200000000200 returned -22 [ 83.990946][ T4537] syz.0.42 (4537): drop_caches: 2 [ 84.066036][ T7] usb 5-1: USB disconnect, device number 2 [ 85.817905][ T4548] netlink: 'syz.2.47': attribute type 4 has an invalid length. [ 86.343055][ T4564] tipc: Enabled bearer , priority 0 [ 86.496262][ T4559] tipc: Disabling bearer [ 87.772187][ T26] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 87.983654][ T26] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 88.001967][ T26] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 88.012584][ T26] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 88.021801][ T26] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 88.032871][ T26] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 88.054171][ T26] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 88.072527][ T26] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 88.080600][ T26] usb 4-1: Product: syz [ 88.090731][ T26] usb 4-1: Manufacturer: syz [ 88.101852][ T26] cdc_wdm 4-1:1.0: skipping garbage [ 88.114801][ T26] cdc_wdm 4-1:1.0: skipping garbage [ 88.124959][ T26] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 88.130868][ T26] cdc_wdm 4-1:1.0: Unknown control protocol [ 88.709387][ T4590] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.55'. [ 88.782029][ T4592] netlink: 72 bytes leftover after parsing attributes in process `syz.2.55'. [ 88.864867][ T4594] binder: 4589:4594 ioctl 40046629 200000000200 returned -22 [ 89.545221][ T4592] syz.2.55 (4592): drop_caches: 2 [ 91.122429][ T4602] netlink: 'syz.4.60': attribute type 4 has an invalid length. [ 91.229698][ T22] usb 4-1: USB disconnect, device number 2 [ 91.457088][ T4618] tipc: Enabled bearer , priority 0 [ 92.572998][ T4267] tipc: Node number set to 2760482684 [ 92.688148][ T4617] tipc: Disabling bearer [ 95.385943][ T4643] 9pnet_virtio: no channels available for device syz [ 96.261297][ T4651] 9pnet_virtio: no channels available for device syz [ 96.266822][ T4654] netlink: 6032 bytes leftover after parsing attributes in process `syz.3.71'. [ 96.727870][ T4654] netlink: 72 bytes leftover after parsing attributes in process `syz.3.71'. [ 97.023629][ T4653] syz.3.71 (4653): drop_caches: 2 [ 97.397119][ T4653] syz.3.71 (4653): drop_caches: 2 [ 98.492059][ T27] audit: type=1326 audit(1764747378.031:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4659 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 98.677827][ T4671] ======================================================= [ 98.677827][ T4671] WARNING: The mand mount option has been deprecated and [ 98.677827][ T4671] and is ignored by this kernel. Remove the mand [ 98.677827][ T4671] option from the mount to silence this warning. [ 98.677827][ T4671] ======================================================= [ 98.697703][ T4345] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 98.906495][ T27] audit: type=1326 audit(1764747378.031:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4659 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 99.050003][ T4345] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 99.072369][ T27] audit: type=1326 audit(1764747378.291:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4659 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 99.102766][ T4345] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 99.154352][ T4345] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 99.183149][ T4678] tipc: Started in network mode [ 99.188304][ T4345] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 99.202775][ T4678] tipc: Node identity 22a93a257cc8, cluster identity 4711 [ 99.205218][ T27] audit: type=1326 audit(1764747378.341:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4659 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 99.232641][ T4345] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 99.248930][ T27] audit: type=1326 audit(1764747378.341:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4659 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 99.252637][ T4678] tipc: Enabled bearer , priority 0 [ 99.272320][ T4345] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 99.295974][ T4345] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 99.309962][ T4345] usb 2-1: Product: syz [ 99.315644][ T4345] usb 2-1: Manufacturer: syz [ 99.329994][ T4345] cdc_wdm 2-1:1.0: skipping garbage [ 99.335889][ T4345] cdc_wdm 2-1:1.0: skipping garbage [ 99.365611][ T4345] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 99.372124][ T4345] cdc_wdm 2-1:1.0: Unknown control protocol [ 99.387634][ T4676] tipc: Disabling bearer [ 99.402258][ T4316] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 99.420252][ T4666] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 99.612766][ T4316] usb 4-1: Using ep0 maxpacket: 8 [ 99.619619][ T4316] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 99.649210][ T4316] usb 4-1: config 0 has no interface number 0 [ 99.678083][ T4316] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 99.719813][ T4316] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 99.752144][ T4316] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 99.880349][ T4316] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 99.892032][ T4316] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.903052][ T4316] usb 4-1: config 0 descriptor?? [ 99.934378][ T4316] ldusb 4-1:0.55: Interrupt in endpoint not found [ 100.120949][ T4309] usb 4-1: USB disconnect, device number 3 [ 100.492093][ T4317] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 100.684774][ T4317] usb 1-1: Using ep0 maxpacket: 8 [ 100.692826][ T4317] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 100.732205][ T4317] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 100.777245][ T4317] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 100.818361][ T4317] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 100.849526][ T4317] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 100.875635][ T4317] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.918578][ T4317] hub 1-1:1.0: bad descriptor, ignoring hub [ 100.944110][ T4317] hub: probe of 1-1:1.0 failed with error -5 [ 100.978517][ T4317] cdc_wdm 1-1:1.0: skipping garbage [ 101.003701][ T4317] cdc_wdm 1-1:1.0: skipping garbage [ 101.026633][ T4317] cdc_wdm 1-1:1.0: cdc-wdm1: USB WDM device [ 101.063727][ T4317] cdc_wdm 1-1:1.0: Unknown control protocol [ 101.472236][ T4317] usb 1-1: USB disconnect, device number 2 [ 101.495462][ T4317] usb 2-1: USB disconnect, device number 2 [ 102.111861][ T27] audit: type=1326 audit(1764747381.681:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4713 comm="syz.1.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 102.200623][ T27] audit: type=1326 audit(1764747381.681:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4713 comm="syz.1.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 102.200841][ T4716] tipc: Started in network mode [ 102.222588][ C1] vkms_vblank_simulate: vblank timer overrun [ 102.304757][ T27] audit: type=1326 audit(1764747381.731:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4713 comm="syz.1.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=106 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 102.327169][ T4716] tipc: Node identity 6ac38ddeb995, cluster identity 4711 [ 102.342120][ T4716] tipc: Enabled bearer , priority 0 [ 102.404092][ T4720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.414700][ T27] audit: type=1326 audit(1764747381.731:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4713 comm="syz.1.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 102.447396][ T4720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.493740][ T27] audit: type=1326 audit(1764747381.731:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4713 comm="syz.1.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 102.528432][ T4720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.571371][ T4720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.681239][ T4720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.725539][ T4720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.745824][ T4720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.756783][ T4720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.769704][ T4720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.781515][ T4720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.840147][ T4715] tipc: Disabling bearer [ 102.928670][ T4726] device netdevsim3 entered promiscuous mode [ 102.960459][ T4718] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 103.301756][ T4741] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 103.394348][ T4743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 103.504367][ T4749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.605459][ T4748] netlink: 'syz.4.101': attribute type 10 has an invalid length. [ 104.774885][ T4743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.207587][ T4777] device syzkaller0 entered promiscuous mode [ 107.939174][ T4791] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 108.943696][ T4827] device syzkaller0 entered promiscuous mode [ 110.279757][ T4827] tipc: Started in network mode [ 110.285068][ T4827] tipc: Node identity baa7656807a7, cluster identity 4711 [ 110.308609][ T4827] tipc: Enabled bearer , priority 0 [ 110.328766][ T4824] tipc: Resetting bearer [ 110.437284][ T4824] tipc: Disabling bearer [ 110.594532][ T4317] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 110.727141][ T4843] device syzkaller0 entered promiscuous mode [ 110.793882][ T4317] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 110.815495][ T4317] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 110.831038][ T4317] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 110.847790][ T4317] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 110.861266][ T4317] usb 4-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 110.875371][ T4317] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.884774][ T4317] usb 4-1: Product: syz [ 110.896650][ T4317] usb 4-1: Manufacturer: syz [ 110.907683][ T4317] usb 4-1: SerialNumber: syz [ 110.922313][ T4317] usb 4-1: config 0 descriptor?? [ 112.190852][ T4317] adutux 4-1:0.0: ADU208 now attached to /dev/usb/adutux0 [ 112.206012][ T4317] usb 4-1: USB disconnect, device number 4 [ 112.256026][ T4858] netlink: 52 bytes leftover after parsing attributes in process `syz.1.135'. [ 112.267171][ T4858] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.274914][ T4858] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.428198][ T4860] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 113.754941][ T4882] ALSA: mixer_oss: invalid OSS volume '' [ 113.851311][ T4882] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 113.858160][ T4882] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 113.909692][ T4882] vhci_hcd vhci_hcd.0: Device attached [ 114.112348][ T4316] vhci_hcd: vhci_device speed not set [ 114.182244][ T4316] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 114.221332][ T4883] vhci_hcd: connection reset by peer [ 114.230006][ T4433] vhci_hcd: stop threads [ 114.235093][ T4433] vhci_hcd: release socket [ 114.269159][ T4433] vhci_hcd: disconnect device [ 114.399153][ T4895] tipc: Enabling of bearer rejected, failed to enable media [ 114.760494][ T4899] ubi31: attaching mtd0 [ 114.799299][ T4899] ubi31: scanning is finished [ 114.889821][ T4899] ubi31: empty MTD device detected [ 115.056385][ T4899] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 115.076332][ T4899] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 115.115674][ T4899] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 115.156747][ T4899] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 115.193151][ T4899] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 115.266756][ T4899] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 115.311704][ T4899] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3489779012 [ 115.410061][ T4899] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 115.436383][ T4902] ubi31: background thread "ubi_bgt31d" started, PID 4902 [ 115.458039][ T4905] capability: warning: `syz.3.147' uses deprecated v2 capabilities in a way that may be insecure [ 117.001655][ T4924] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 117.631696][ T4939] tipc: Enabling of bearer rejected, failed to enable media [ 118.120598][ T4929] wg2 speed is unknown, defaulting to 1000 [ 118.136407][ T4929] wg2 speed is unknown, defaulting to 1000 [ 118.156343][ T4929] wg2 speed is unknown, defaulting to 1000 [ 119.312056][ T4316] vhci_hcd: vhci_device speed not set [ 119.960016][ T4929] infiniband syz2: set active [ 119.966373][ T26] wg2 speed is unknown, defaulting to 1000 [ 120.031865][ T4929] infiniband syz2: added wg2 [ 120.071048][ T4929] rdma_rxe: unable to create cq [ 120.082908][ T4929] infiniband syz2: Couldn't create ib_mad CQ [ 120.089223][ T4929] infiniband syz2: Couldn't open port 1 [ 120.114260][ T4961] tmpfs: Unknown parameter 'usrquota' [ 120.170472][ T4944] netlink: 'syz.3.157': attribute type 1 has an invalid length. [ 120.230508][ T4963] i2c i2c-0: Invalid block write size 37 [ 120.237199][ T4944] netlink: 'syz.3.157': attribute type 2 has an invalid length. [ 120.317820][ T4929] RDS/IB: syz2: added [ 120.374934][ T4929] smc: adding ib device syz2 with port count 1 [ 120.466322][ T4929] smc: ib device syz2 port 1 has pnetid [ 120.485010][ T26] wg2 speed is unknown, defaulting to 1000 [ 120.517084][ T4929] wg2 speed is unknown, defaulting to 1000 [ 120.572450][ T4944] 9pnet_virtio: no channels available for device syz [ 120.769527][ T4975] netlink: 24 bytes leftover after parsing attributes in process `syz.2.167'. [ 120.988571][ T4978] ubi: mtd0 is already attached to ubi31 [ 121.006678][ T4929] wg2 speed is unknown, defaulting to 1000 [ 121.128602][ T4983] tipc: Enabling of bearer rejected, failed to enable media [ 121.189051][ T4929] wg2 speed is unknown, defaulting to 1000 [ 121.277947][ T4929] wg2 speed is unknown, defaulting to 1000 [ 121.346560][ T4929] wg2 speed is unknown, defaulting to 1000 [ 123.158028][ T5011] tmpfs: Unknown parameter 'usrquota' [ 123.210127][ T5011] i2c i2c-0: Invalid block write size 37 [ 123.438163][ T5017] netlink: 24 bytes leftover after parsing attributes in process `syz.0.179'. [ 123.789269][ T5029] tipc: Enabling of bearer rejected, failed to enable media [ 124.162158][ T26] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 124.373524][ T26] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 124.412259][ T26] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 124.457100][ T26] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 124.532876][ T26] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 124.563183][ T26] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 125.120107][ T26] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 125.132291][ T26] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 125.148423][ T26] usb 4-1: Product: syz [ 125.160609][ T26] usb 4-1: Manufacturer: syz [ 125.175260][ T26] cdc_wdm 4-1:1.0: skipping garbage [ 125.207185][ T26] cdc_wdm 4-1:1.0: skipping garbage [ 125.226936][ T26] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 125.235248][ T26] cdc_wdm 4-1:1.0: Unknown control protocol [ 125.385187][ T4309] usb 4-1: USB disconnect, device number 5 [ 126.420672][ T5053] tmpfs: Unknown parameter 'usrquota' [ 126.635587][ T5054] netlink: 16 bytes leftover after parsing attributes in process `syz.3.190'. [ 126.665605][ T5053] i2c i2c-0: Invalid block write size 37 [ 126.751783][ T5059] netlink: 24 bytes leftover after parsing attributes in process `syz.3.193'. [ 127.332746][ T5071] ubi: mtd0 is already attached to ubi31 [ 127.446027][ T5075] tipc: Enabling of bearer rejected, failed to enable media [ 128.541552][ T5089] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 130.143346][ T5102] block device autoloading is deprecated and will be removed. [ 130.196475][ T5101] md: superblock version 12389 not known [ 130.255999][ T5101] md: couldn't set array info. -22 [ 130.261171][ T5102] md2: error: bitmap file must be a regular file [ 130.346773][ T5104] netlink: 24 bytes leftover after parsing attributes in process `syz.3.205'. [ 130.897702][ T5111] tmpfs: Unknown parameter 'usrquota' [ 130.935623][ T5111] i2c i2c-0: Invalid block write size 37 [ 131.897756][ T5143] tipc: Enabling of bearer rejected, failed to enable media [ 132.664310][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.671224][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.710778][ T5153] ubi: mtd0 is already attached to ubi31 [ 132.872522][ T5155] netlink: 24 bytes leftover after parsing attributes in process `syz.2.220'. [ 133.865342][ T5164] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 135.679022][ T5183] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 136.206974][ T5182] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 138.071732][ T5206] tipc: Enabling of bearer rejected, failed to enable media [ 138.352031][ T4309] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 138.572428][ T4309] usb 5-1: Using ep0 maxpacket: 8 [ 138.592643][ T4309] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 138.630774][ T4309] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 138.642051][ T4309] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 138.652415][ T4309] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 138.667283][ T4309] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 138.676751][ T4309] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.073396][ T4309] usb 5-1: usb_control_msg returned -32 [ 139.079006][ T4309] usbtmc 5-1:16.0: can't read capabilities [ 139.275217][ T5224] netlink: 24 bytes leftover after parsing attributes in process `syz.0.235'. [ 141.081180][ T4267] usb 5-1: USB disconnect, device number 3 [ 142.857342][ T5260] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 142.871178][ T5259] tipc: Enabling of bearer rejected, failed to enable media [ 142.912528][ T5239] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 145.873898][ T5300] kAFS: No cell specified [ 147.103442][ T5302] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 147.347654][ T5312] tipc: Enabling of bearer rejected, failed to enable media [ 149.053108][ T5323] Bluetooth: MGMT ver 1.22 [ 150.192085][ T5330] tmpfs: Unknown parameter 'usrquota' [ 153.735306][ T5362] tipc: Enabling of bearer rejected, failed to enable media [ 154.993791][ T5384] tipc: Enabling of bearer rejected, failed to enable media [ 156.608310][ T5398] serio: Serial port ptm0 [ 156.679880][ T5402] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 161.282945][ T5441] tipc: Enabling of bearer rejected, failed to enable media [ 164.774923][ T5501] tipc: Enabled bearer , priority 0 [ 164.874776][ T5500] tipc: Disabling bearer [ 166.867103][ T5542] tipc: Enabled bearer , priority 0 [ 166.997810][ T5541] tipc: Disabling bearer [ 169.445439][ T5565] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.453460][ T5565] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.239901][ T5565] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.314635][ T5565] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 171.533541][ T5565] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.552089][ T5565] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.562807][ T5565] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.574763][ T5565] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.598806][ T5582] netlink: 24 bytes leftover after parsing attributes in process `syz.2.331'. [ 172.700451][ T5596] tipc: Enabling of bearer rejected, failed to enable media [ 172.730778][ T5610] tipc: Enabled bearer , priority 0 [ 173.047080][ T5616] device syzkaller0 entered promiscuous mode [ 173.431250][ T5610] tipc: Resetting bearer [ 173.615854][ T5609] tipc: Resetting bearer [ 173.702864][ T5609] tipc: Disabling bearer [ 174.105759][ T5632] 9pnet_virtio: no channels available for device syz [ 177.480063][ T5652] netlink: 24 bytes leftover after parsing attributes in process `syz.2.348'. [ 177.760371][ T5656] tipc: Enabled bearer , priority 0 [ 177.815000][ T5655] tipc: Disabling bearer [ 179.384142][ T4324] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 179.596762][ T4324] usb 5-1: Using ep0 maxpacket: 8 [ 179.604006][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 179.642185][ T4324] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 179.667285][ T4324] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.700717][ T4324] usb 5-1: config 0 descriptor?? [ 179.863618][ T47] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 179.872198][ T47] Bluetooth: hci3: Injecting HCI hardware error event [ 179.880014][ T47] Bluetooth: hci3: hardware error 0x00 [ 179.926280][ T4324] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 180.056482][ T5688] netlink: 24 bytes leftover after parsing attributes in process `syz.3.360'. [ 181.233176][ T5697] tipc: Enabled bearer , priority 0 [ 181.773388][ T5696] tipc: Disabling bearer [ 181.942050][ T47] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 182.906220][ T4342] usb 5-1: USB disconnect, device number 4 úÿÿÿÿþïÿÿÿÿÿÿýÿÿÿÿÿÿÿ@ ÿÿ  /dev/fusefd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=00000000000000000000P)€Ì@sÿÿÿ./file0/file0./file0fuse[ 184.087380][ T5738] tipc: Enabled bearer , priority 0 [ 184.185959][ T5737] tipc: Disabling bearer [ 184.463434][ T5744] 9pnet_virtio: no channels available for device syz [ 184.579804][ T5748] 9pnet_virtio: no channels available for device syz [ 185.462048][ T4282] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 185.470793][ T4282] Bluetooth: hci1: Injecting HCI hardware error event [ 185.479397][ T4281] Bluetooth: hci1: hardware error 0x00 [ 185.500139][ T5755] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 185.506697][ T5755] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 185.559412][ T5755] vhci_hcd vhci_hcd.0: Device attached [ 185.597125][ T5755] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.386'. [ 185.661037][ T5761] netlink: 72 bytes leftover after parsing attributes in process `syz.0.386'. [ 185.694623][ T5761] syz.0.386 (5761): drop_caches: 2 [ 185.701087][ T5761] syz.0.386 (5761): drop_caches: 2 [ 185.711180][ T5756] vhci_hcd: cannot find the pending unlink 4294967287 [ 185.718710][ T5761] binder: 5754:5761 ioctl 40046629 200000000200 returned -22 [ 185.942038][ T4282] Bluetooth: hci4: command 0x0406 tx timeout [ 185.981451][ T4282] Bluetooth: hci2: command 0x0406 tx timeout [ 186.857514][ T5756] vhci_hcd: connection closed [ 186.859261][ T51] vhci_hcd: stop threads [ 186.882788][ T51] vhci_hcd: release socket [ 186.897229][ T51] vhci_hcd: disconnect device [ 186.922107][ T4267] usb 34-1: enqueue for inactive port 0 [ 187.226145][ T5770] tipc: Enabled bearer , priority 0 [ 187.444756][ T5769] tipc: Disabling bearer [ 187.542074][ T4281] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 187.691801][ T4267] usb usb34-port1: attempt power cycle [ 188.363052][ T4267] usb usb34-port1: unable to enumerate USB device [ 188.713252][ T4267] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 189.674991][ T4267] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 189.691309][ T4267] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.728283][ T4267] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.770080][ T4267] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.798661][ T4267] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.829122][ T4267] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.876196][ T4267] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.906479][ T4267] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.939893][ T4267] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.982724][ T4267] usb 5-1: config 0 interface 0 has no altsetting 0 [ 190.006307][ T4267] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.041132][ T4267] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.081644][ T4267] usb 5-1: config 0 interface 0 has no altsetting 0 [ 190.105307][ T4267] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.143508][ T4267] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.185655][ T4267] usb 5-1: config 0 interface 0 has no altsetting 0 [ 190.210865][ T4267] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.246883][ T4267] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.298534][ T4267] usb 5-1: config 0 interface 0 has no altsetting 0 [ 190.335201][ T4267] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.409136][ T4267] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.491483][ T4267] usb 5-1: config 0 interface 0 has no altsetting 0 [ 190.609365][ T5806] netlink: 36 bytes leftover after parsing attributes in process `syz.1.395'. [ 190.765822][ T4267] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.843842][ T4267] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 191.021503][ T4267] usb 5-1: config 0 interface 0 has no altsetting 0 [ 191.035094][ T5816] tipc: Enabled bearer , priority 0 [ 191.057754][ T4267] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 191.097388][ T4267] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 191.116488][ T4267] usb 5-1: Product: syz [ 191.136545][ T4267] usb 5-1: Manufacturer: syz [ 191.158074][ T4267] usb 5-1: SerialNumber: syz [ 191.173569][ T4267] usb 5-1: config 0 descriptor?? [ 191.224979][ T4267] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 191.310562][ T5814] tipc: Disabling bearer [ 191.472235][ T4281] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 191.480760][ T4281] Bluetooth: hci2: Injecting HCI hardware error event [ 191.495136][ T4282] Bluetooth: hci2: hardware error 0x00 [ 191.504828][ T4267] usb 5-1: USB disconnect, device number 5 [ 191.525824][ T4267] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 192.928856][ T5857] tipc: Enabled bearer , priority 0 [ 192.951236][ T5856] tipc: Disabling bearer [ 193.622839][ T4282] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 194.115915][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.126003][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.339225][ T5891] device syzkaller0 entered promiscuous mode [ 195.428349][ T5891] tipc: Enabled bearer , priority 0 [ 195.463143][ T5890] tipc: Resetting bearer [ 195.535487][ T5890] tipc: Disabling bearer [ 198.693506][ T26] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 198.903592][ T26] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 198.924769][ T26] usb 1-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 198.947793][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.018459][ T26] usb 1-1: Product: syz [ 199.062139][ T26] usb 1-1: Manufacturer: syz [ 199.097176][ T26] usb 1-1: SerialNumber: syz [ 199.360818][ T26] as10x_usb: device has been detected [ 199.401064][ T26] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 199.530372][ T26] usb 1-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 199.663826][ T26] as10x_usb: error during firmware upload part1 [ 199.698950][ T26] Registered device Elgato EyeTV DTT Deluxe [ 199.718834][ T26] usb 1-1: USB disconnect, device number 3 [ 199.826111][ T26] Unregistered device Elgato EyeTV DTT Deluxe [ 199.829579][ T26] as10x_usb: device has been disconnected [ 200.125102][ T5945] netlink: 24 bytes leftover after parsing attributes in process `syz.2.446'. [ 200.319128][ T5950] device syzkaller0 entered promiscuous mode [ 200.348577][ T5950] tipc: Enabled bearer , priority 0 [ 200.377045][ T5949] tipc: Resetting bearer [ 200.424373][ T5949] tipc: Disabling bearer [ 200.448705][ T5952] device syzkaller0 entered promiscuous mode [ 203.152786][ T5989] netlink: 24 bytes leftover after parsing attributes in process `syz.0.458'. [ 203.351745][ T5997] device syzkaller0 entered promiscuous mode [ 203.367049][ T5997] tipc: Enabled bearer , priority 0 [ 203.379764][ T5996] tipc: Resetting bearer [ 204.313266][ T5996] tipc: Disabling bearer [ 204.355109][ T6003] netlink: 24 bytes leftover after parsing attributes in process `syz.0.474'. [ 206.102739][ T6032] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 206.391781][ T6047] netlink: 24 bytes leftover after parsing attributes in process `syz.3.479'. [ 206.447365][ T6045] device syzkaller0 entered promiscuous mode [ 206.465873][ T6045] tipc: Enabled bearer , priority 0 [ 206.508993][ T6044] tipc: Resetting bearer [ 206.644966][ T6044] tipc: Disabling bearer [ 208.791547][ T6086] netlink: 24 bytes leftover after parsing attributes in process `syz.2.492'. [ 209.072996][ T6093] device syzkaller0 entered promiscuous mode [ 209.165644][ T6093] tipc: Enabled bearer , priority 0 [ 209.198010][ T6091] tipc: Resetting bearer [ 209.229787][ T6091] tipc: Disabling bearer [ 209.545309][ T6104] siw: device registration error -23 [ 209.577398][ T6104] smc: removing ib device syz2 [ 209.629823][ T6105] block device autoloading is deprecated and will be removed. [ 209.714787][ T6105] netlink: 'syz.2.497': attribute type 1 has an invalid length. [ 210.345733][ T6116] netlink: 7080 bytes leftover after parsing attributes in process `syz.1.503'. [ 210.919458][ T6124] netlink: 24 bytes leftover after parsing attributes in process `syz.1.506'. [ 211.304612][ T6131] binder: 6130:6131 unknown command 0 [ 211.368195][ T6131] binder: 6130:6131 ioctl c0306201 200000000080 returned -22 [ 211.628966][ T6135] device syzkaller0 entered promiscuous mode [ 211.704705][ T6134] netlink: 20 bytes leftover after parsing attributes in process `syz.2.505'. [ 211.780118][ T6135] tipc: Enabled bearer , priority 0 [ 211.826357][ T6133] tipc: Resetting bearer [ 212.029020][ T6133] tipc: Disabling bearer [ 212.814554][ T6155] tmpfs: Bad value for 'mpol' [ 213.058896][ T6159] netlink: 'syz.1.516': attribute type 4 has an invalid length. [ 213.272359][ T6163] netlink: 'syz.1.516': attribute type 4 has an invalid length. [ 213.475424][ T6166] netlink: 24 bytes leftover after parsing attributes in process `syz.3.518'. [ 213.539254][ T6168] netlink: 'syz.1.519': attribute type 9 has an invalid length. [ 213.812939][ T6176] device syzkaller0 entered promiscuous mode [ 213.857862][ T6176] tipc: Enabled bearer , priority 0 [ 213.873279][ T6175] tipc: Resetting bearer [ 213.925785][ T6175] tipc: Disabling bearer [ 214.052080][ T6182] fuse: root generation should be zero [ 214.450331][ T6192] netlink: 12 bytes leftover after parsing attributes in process `syz.1.529'. [ 214.563090][ T6196] netlink: 24 bytes leftover after parsing attributes in process `syz.4.531'. [ 214.701073][ T6199] binder: 6197:6199 ioctl 50009401 200000001700 returned -22 [ 215.667401][ T6206] syz.4.534 uses obsolete (PF_INET,SOCK_PACKET) [ 216.084913][ T6216] device syzkaller0 entered promiscuous mode [ 216.140044][ T6216] tipc: Enabled bearer , priority 0 [ 216.190105][ T6214] tipc: Resetting bearer [ 216.357847][ T6214] tipc: Disabling bearer [ 217.151986][ T7] tipc: Node number set to 3170919784 [ 218.742321][ T7] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 218.889202][ T6236] netlink: 24 bytes leftover after parsing attributes in process `syz.3.543'. [ 218.952069][ T7] usb 5-1: Using ep0 maxpacket: 8 [ 218.958706][ T7] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 219.089479][ T7] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 219.259409][ T7] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 219.322818][ T7] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 219.364780][ T6241] netlink: 24 bytes leftover after parsing attributes in process `syz.3.544'. [ 219.376902][ T7] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 219.390848][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.420891][ T7] hub 5-1:1.0: bad descriptor, ignoring hub [ 219.438338][ T7] hub: probe of 5-1:1.0 failed with error -5 [ 219.502543][ T7] cdc_wdm 5-1:1.0: skipping garbage [ 219.515562][ T7] cdc_wdm 5-1:1.0: skipping garbage [ 219.521859][ T7] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 219.535822][ T7] cdc_wdm 5-1:1.0: Unknown control protocol [ 221.182873][ T7] usb 5-1: USB disconnect, device number 6 [ 222.483319][ T6270] tipc: Enabling of bearer rejected, failed to enable media [ 223.259656][ T6284] device wireguard0 entered promiscuous mode [ 225.548478][ T6314] device syzkaller0 entered promiscuous mode [ 225.619405][ T6314] Zero length message leads to an empty skb [ 225.669536][ T6314] tipc: Enabled bearer , priority 0 [ 225.717759][ T6313] tipc: Resetting bearer [ 225.823204][ T6313] tipc: Disabling bearer [ 226.958761][ T6325] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 227.319243][ T6345] ALSA: mixer_oss: invalid OSS volume '' [ 227.441964][ T6345] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 227.448602][ T6345] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 227.531674][ T6345] vhci_hcd vhci_hcd.0: Device attached [ 227.731499][ T4434] vhci_hcd: vhci_device speed not set [ 227.811742][ T4434] usb 35-1: new full-speed USB device number 3 using vhci_hcd [ 227.921074][ T6348] vhci_hcd: connection reset by peer [ 227.928356][ T4412] vhci_hcd: stop threads [ 227.944430][ T4412] vhci_hcd: release socket [ 228.039965][ T4412] vhci_hcd: disconnect device [ 231.681743][ T27] audit: type=1326 audit(1764747767.261:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6371 comm="syz.4.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 231.753030][ T27] audit: type=1326 audit(1764747767.281:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6371 comm="syz.4.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 231.831400][ T27] audit: type=1326 audit(1764747767.281:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6371 comm="syz.4.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 231.896895][ T27] audit: type=1326 audit(1764747767.281:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6371 comm="syz.4.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 232.039385][ T6374] tipc: Enabled bearer , priority 0 [ 232.281833][ T6378] device syzkaller0 entered promiscuous mode [ 232.340487][ T6373] tipc: Resetting bearer [ 232.479117][ T6373] tipc: Disabling bearer [ 232.773542][ T6384] netlink: 64 bytes leftover after parsing attributes in process `syz.0.580'. [ 233.062769][ T4434] vhci_hcd: vhci_device speed not set [ 233.362037][ T6391] netlink: 8 bytes leftover after parsing attributes in process `syz.2.583'. [ 234.067875][ T6398] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 234.613761][ T6417] ubi: mtd0 is already attached to ubi31 [ 234.637974][ T6416] device syzkaller0 entered promiscuous mode [ 234.666474][ T6416] tipc: Enabled bearer , priority 0 [ 234.707671][ T6415] tipc: Resetting bearer [ 234.847434][ T6415] tipc: Disabling bearer [ 235.191484][ T6425] device syzkaller0 entered promiscuous mode [ 235.710931][ T6433] 9pnet_virtio: no channels available for device syz [ 236.850806][ T6433] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 236.859018][ T6433] overlayfs: overlapping lowerdir path [ 239.651822][ T6474] device syzkaller0 entered promiscuous mode [ 239.674571][ T6474] tipc: Enabled bearer , priority 0 [ 239.693824][ T6445] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 239.740113][ T6473] tipc: Resetting bearer [ 239.898348][ T6473] tipc: Disabling bearer [ 241.418991][ T6508] device syzkaller0 entered promiscuous mode [ 241.451491][ T6506] tipc: Enabled bearer , priority 0 [ 241.585367][ T6505] tipc: Resetting bearer [ 242.449680][ T4267] tipc: Node number set to 2045805937 [ 242.784565][ T6505] tipc: Disabling bearer [ 243.751416][ T6536] netlink: 64 bytes leftover after parsing attributes in process `syz.2.626'. [ 244.260947][ T6519] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 244.834644][ T6554] device syzkaller0 entered promiscuous mode [ 245.810927][ T6554] tipc: Enabled bearer , priority 0 [ 245.912452][ T6553] tipc: Resetting bearer [ 246.835081][ T6553] tipc: Disabling bearer [ 247.838508][ T6583] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 248.208970][ T4317] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 249.298914][ T4317] usb 5-1: Using ep0 maxpacket: 8 [ 249.305677][ T4317] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.357174][ T4317] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 249.508842][ T4317] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 249.569747][ T4317] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 249.615893][ T4317] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 249.648132][ T4317] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.695237][ T4317] hub 5-1:1.0: bad descriptor, ignoring hub [ 249.723738][ T4317] hub: probe of 5-1:1.0 failed with error -5 [ 249.748424][ T4317] cdc_wdm 5-1:1.0: skipping garbage [ 249.773832][ T4317] cdc_wdm 5-1:1.0: skipping garbage [ 249.792084][ T4317] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 249.818096][ T4317] cdc_wdm 5-1:1.0: Unknown control protocol [ 249.903412][ T6612] device syzkaller0 entered promiscuous mode [ 249.952824][ T6612] tipc: Enabled bearer , priority 0 [ 249.974032][ T6611] tipc: Resetting bearer [ 250.026073][ T6611] tipc: Disabling bearer [ 250.223847][ T4325] usb 5-1: USB disconnect, device number 7 [ 251.734678][ T6631] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 251.918549][ T26] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 252.118534][ T26] usb 4-1: Using ep0 maxpacket: 32 [ 252.132618][ T26] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 252.191827][ T26] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 252.213152][ T6643] device syzkaller0 entered promiscuous mode [ 252.234476][ T26] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 252.264089][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 252.288332][ T26] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 252.307749][ T26] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 252.338103][ T26] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 252.365706][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.395632][ T26] usb 4-1: config 0 descriptor?? [ 252.617453][ T26] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 252.755266][ T6643] tipc: Enabled bearer , priority 0 [ 254.717915][ T4309] usb 4-1: USB disconnect, device number 6 [ 254.758882][ T4309] usblp0: removed [ 255.508116][ T4267] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 255.541192][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.548368][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.613413][ T6671] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 255.738277][ T7] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 255.755280][ T4267] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 255.778637][ T4267] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 255.798170][ T4267] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 255.807327][ T4267] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.829779][ T6667] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 256.013674][ T7] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 256.032614][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.097249][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 256.464093][ T7] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 256.506005][ T4267] usb 4-1: USB disconnect, device number 7 [ 256.513059][ T7] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 256.527541][ T7] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 256.547398][ T7] usb 5-1: Manufacturer: syz [ 256.555451][ T7] usb 5-1: config 0 descriptor?? [ 256.985348][ T7] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 257.012283][ T7] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 257.067969][ T7] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 257.347481][ T6641] tipc: Resetting bearer [ 257.370848][ T6641] tipc: Disabling bearer [ 257.570101][ T7] usb 5-1: USB disconnect, device number 8 [ 259.447766][ T6713] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 259.695641][ T6719] tmpfs: Unknown parameter 'usrquota' [ 259.736340][ T4309] libceph: connect (1)[c::]:6789 error -101 [ 259.749221][ T4309] libceph: mon0 (1)[c::]:6789 connect error [ 259.759769][ T4309] libceph: connect (1)[c::]:6789 error -101 [ 259.766630][ T4309] libceph: mon0 (1)[c::]:6789 connect error [ 259.772919][ T6719] ceph: No mds server is up or the cluster is laggy [ 260.098757][ T6731] device syzkaller0 entered promiscuous mode [ 260.229962][ T6731] tipc: Enabled bearer , priority 0 [ 260.290641][ T6730] tipc: Resetting bearer [ 260.443315][ T6730] tipc: Disabling bearer [ 264.136681][ T6775] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 64993 [ 264.482360][ T6779] device syzkaller0 entered promiscuous mode [ 264.551318][ T6779] tipc: Enabled bearer , priority 0 [ 264.567636][ T6778] tipc: Resetting bearer [ 264.618546][ T6778] tipc: Disabling bearer [ 264.660481][ T6781] loop2: detected capacity change from 0 to 7 [ 265.132264][ T6781] Dev loop2: unable to read RDB block 7 [ 265.138611][ T6781] loop2: unable to read partition table [ 265.144805][ T6781] loop2: partition table beyond EOD, truncated [ 265.158221][ T6781] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 266.533854][ T6804] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 266.607530][ T6809] binder: 6785:6809 ioctl 0 200000000040 returned -22 [ 268.208926][ T6822] device syzkaller0 entered promiscuous mode [ 268.258458][ T6822] tipc: Enabled bearer , priority 0 [ 268.292859][ T6821] tipc: Resetting bearer [ 268.407995][ T6821] tipc: Disabling bearer [ 268.879469][ T4324] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 268.969063][ T4324] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 268.970945][ T6833] loop2: detected capacity change from 0 to 7 [ 269.076601][ T6833] Dev loop2: unable to read RDB block 7 [ 269.108612][ T6833] loop2: unable to read partition table [ 269.114505][ T6833] loop2: partition table beyond EOD, truncated [ 269.144583][ T6833] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 269.868010][ T6860] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 271.576286][ T6890] 9pnet_virtio: no channels available for device syz [ 272.456544][ T6893] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 272.464751][ T6893] overlayfs: overlapping lowerdir path [ 273.546166][ T6896] device syzkaller0 entered promiscuous mode [ 273.803970][ T6896] tipc: Enabled bearer , priority 0 [ 273.870808][ T6895] tipc: Resetting bearer [ 274.283225][ T6895] tipc: Disabling bearer [ 274.650033][ T6911] loop2: detected capacity change from 0 to 7 [ 274.766014][ T6911] Dev loop2: unable to read RDB block 7 [ 274.795970][ T6911] loop2: unable to read partition table [ 274.801808][ T6911] loop2: partition table beyond EOD, truncated [ 274.838040][ T6911] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 275.307130][ T6921] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 275.659666][ T6931] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 275.962953][ T6944] device syzkaller0 entered promiscuous mode [ 276.038415][ T6944] tipc: Enabled bearer , priority 0 [ 276.090764][ T6942] tipc: Resetting bearer [ 276.152086][ T6942] tipc: Disabling bearer [ 276.783009][ T6967] loop2: detected capacity change from 0 to 7 [ 276.824659][ T6967] Dev loop2: unable to read RDB block 7 [ 276.875515][ T6967] loop2: unable to read partition table [ 276.881347][ T6967] loop2: partition table beyond EOD, truncated [ 276.929241][ T6967] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 277.102418][ T6977] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 277.770938][ T27] audit: type=1326 audit(1764747813.357:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 277.892860][ T6997] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 277.902462][ T27] audit: type=1326 audit(1764747813.377:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 278.045197][ T27] audit: type=1326 audit(1764747813.377:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 278.100593][ T6997] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 278.172001][ T6997] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 278.195200][ T27] audit: type=1326 audit(1764747813.377:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 278.366228][ T27] audit: type=1326 audit(1764747813.377:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 278.500623][ T27] audit: type=1326 audit(1764747813.377:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 278.624094][ T27] audit: type=1326 audit(1764747813.377:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 278.725303][ T27] audit: type=1326 audit(1764747813.377:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 278.801475][ T7025] tipc: Enabling of bearer rejected, failed to enable media [ 278.831525][ T27] audit: type=1326 audit(1764747813.377:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 278.937028][ T27] audit: type=1326 audit(1764747813.377:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2419f8f749 code=0x7ffc0000 [ 279.762934][ T7040] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 279.850300][ T7050] loop3: detected capacity change from 0 to 128 [ 279.948799][ T7052] loop4: detected capacity change from 0 to 16 [ 280.013506][ T7052] erofs: (device loop4): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 26222) [ 280.041613][ T7058] loop2: detected capacity change from 0 to 164 [ 280.328162][ T7070] device syzkaller0 entered promiscuous mode [ 280.480550][ T7070] tipc: Enabled bearer , priority 0 [ 280.532079][ T7068] tipc: Resetting bearer [ 280.616199][ T7068] tipc: Disabling bearer [ 281.446267][ T7096] x_tables: duplicate underflow at hook 3 [ 281.700353][ T7101] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 281.752547][ T7105] netlink: 40 bytes leftover after parsing attributes in process `syz.4.785'. [ 281.877592][ T7110] block device autoloading is deprecated and will be removed. [ 281.894102][ T7112] overlayfs: filesystem on './file0' not supported as upperdir [ 282.170517][ T7121] device syzkaller0 entered promiscuous mode [ 282.219855][ T7123] loop3: detected capacity change from 0 to 16 [ 282.261217][ T7123] erofs: (device loop3): mounted with root inode @ nid 36. [ 282.282005][ T7125] loop0: detected capacity change from 0 to 128 [ 282.292793][ T7121] tipc: Enabled bearer , priority 0 [ 282.326317][ T7119] tipc: Resetting bearer [ 282.363006][ T7125] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 282.417597][ T7119] tipc: Disabling bearer [ 283.240364][ T7160] netlink: 40 bytes leftover after parsing attributes in process `syz.0.799'. [ 284.473287][ T7189] device syzkaller0 entered promiscuous mode [ 284.661567][ T7189] tipc: Enabled bearer , priority 0 [ 284.669817][ T7188] tipc: Resetting bearer [ 284.708866][ T7188] tipc: Disabling bearer [ 284.899064][ T7206] netlink: 40 bytes leftover after parsing attributes in process `syz.3.813'. [ 284.961247][ T7207] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 285.688460][ T7231] loop3: detected capacity change from 0 to 512 [ 285.728580][ T7231] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 285.747881][ T7233] device syzkaller0 entered promiscuous mode [ 285.757407][ T7231] FAT-fs (loop3): FAT read failed (blocknr 1568) [ 285.812754][ T7231] FAT-fs (loop3): FAT read failed (blocknr 1568) [ 285.847335][ T7233] tipc: Enabled bearer , priority 0 [ 285.871869][ T7232] tipc: Resetting bearer [ 285.938399][ T7232] tipc: Disabling bearer [ 285.978629][ T7236] netlink: 40 bytes leftover after parsing attributes in process `syz.2.826'. [ 286.060178][ T7234] bond0: (slave syz_tun): Releasing backup interface [ 286.935694][ T7257] loop4: detected capacity change from 0 to 128 [ 287.216863][ T7266] netlink: 40 bytes leftover after parsing attributes in process `syz.4.841'. [ 287.279221][ T7262] device syzkaller0 entered promiscuous mode [ 287.394464][ T7271] netlink: 28 bytes leftover after parsing attributes in process `syz.4.842'. [ 287.631638][ T4281] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 287.640313][ T4281] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 287.648522][ T4281] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 287.668561][ T4281] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 287.676045][ T4281] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 287.683446][ T4281] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 287.776914][ T7283] loop2: detected capacity change from 0 to 256 [ 288.161444][ T7275] chnl_net:caif_netlink_parms(): no params data found [ 288.430437][ T7275] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.437836][ T7275] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.446256][ T7275] device bridge_slave_0 entered promiscuous mode [ 288.455935][ T7275] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.464342][ T7275] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.472507][ T7275] device bridge_slave_1 entered promiscuous mode [ 288.506652][ T7275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 288.529790][ T7275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 288.643111][ T7275] team0: Port device team_slave_0 added [ 288.664349][ T7275] team0: Port device team_slave_1 added [ 288.735996][ T7275] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 288.744947][ T7275] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.839257][ T7275] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 288.872374][ T7308] netlink: 40 bytes leftover after parsing attributes in process `syz.2.852'. [ 288.900088][ T7275] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 288.908088][ T7275] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.934433][ T7275] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 288.962471][ T7314] device syzkaller0 entered promiscuous mode [ 289.085212][ T7275] device hsr_slave_0 entered promiscuous mode [ 289.095825][ T7275] device hsr_slave_1 entered promiscuous mode [ 289.133659][ T7275] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 289.140620][ T7318] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 289.162010][ T7275] Cannot create hsr debugfs directory [ 289.392271][ T7325] loop2: detected capacity change from 0 to 256 [ 289.774074][ T4282] Bluetooth: hci3: command 0x0409 tx timeout [ 290.001112][ T7275] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 290.015147][ T7275] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 290.028458][ T7275] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 290.052641][ T7275] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 290.241939][ T7275] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.257801][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 290.270668][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 290.303310][ T7275] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.331612][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 290.342927][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 290.352145][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.359308][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.368521][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 290.420080][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 290.429283][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 290.441537][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.448691][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.459199][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 290.477301][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 290.496485][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 290.516955][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 290.560269][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 290.584644][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 290.608616][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 290.704476][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 290.743077][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 290.785838][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 290.845864][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 290.900033][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 290.917073][ T7357] device syzkaller0 entered promiscuous mode [ 291.662069][ T7372] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 291.843786][ T7275] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 291.851816][ T4433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 291.859615][ T4282] Bluetooth: hci3: command 0x041b tx timeout [ 291.875323][ T4433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 291.946091][ T27] kauditd_printk_skb: 167 callbacks suppressed [ 291.946105][ T27] audit: type=1326 audit(1764747827.539:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.053741][ T27] audit: type=1326 audit(1764747827.579:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.124969][ T27] audit: type=1326 audit(1764747827.579:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.144946][ T7406] device syzkaller0 entered promiscuous mode [ 292.203760][ T27] audit: type=1326 audit(1764747827.579:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.231797][ T27] audit: type=1326 audit(1764747827.579:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.493722][ T27] audit: type=1326 audit(1764747827.579:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.573933][ T27] audit: type=1326 audit(1764747827.599:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.723672][ T27] audit: type=1326 audit(1764747827.599:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.757544][ T27] audit: type=1326 audit(1764747827.599:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.823958][ T27] audit: type=1326 audit(1764747827.599:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1bd38f749 code=0x7ffc0000 [ 292.873688][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 292.882473][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 292.942461][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 292.968924][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 293.055729][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 293.064231][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 293.095158][ T7275] device veth0_vlan entered promiscuous mode [ 293.115911][ T7275] device veth1_vlan entered promiscuous mode [ 293.201854][ T4952] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 293.220883][ T4952] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 293.230066][ T4952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 293.240677][ T4952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 293.253225][ T7275] device veth0_macvtap entered promiscuous mode [ 293.288711][ T7275] device veth1_macvtap entered promiscuous mode [ 293.584413][ T4952] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 293.626395][ T4952] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 293.725124][ T7275] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.963776][ T4282] Bluetooth: hci3: command 0x040f tx timeout [ 294.166587][ T7275] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.213535][ T7275] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.238901][ T7275] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.248960][ T7275] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.259568][ T7275] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.269459][ T7275] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.281315][ T7275] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.314091][ T7275] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.348075][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 294.362730][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 294.397088][ T7446] device syzkaller0 entered promiscuous mode [ 294.419116][ T7275] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.441303][ T7275] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.479424][ T7275] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.523152][ T7275] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.560347][ T7275] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.600995][ T7275] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.629060][ T7275] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.638487][ T4281] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 294.659294][ T7275] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.659338][ T4281] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 294.670946][ T7275] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.685001][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 294.694442][ T4281] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 294.703124][ T4281] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 294.713609][ T4281] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 294.786911][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 294.822229][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 294.846072][ T7275] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.877190][ T7275] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.913366][ T7275] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.027848][ T7275] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.045414][ T7454] loop2: detected capacity change from 0 to 16 [ 295.064823][ T7454] erofs: (device loop2): mounted with root inode @ nid 36. [ 295.229424][ T7459] loop2: detected capacity change from 0 to 16 [ 295.263082][ T7459] erofs: (device loop2): erofs_init_device: empty device tag @ pos 0 [ 295.343792][ T4430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.371305][ T4430] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.417112][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 295.478015][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.524857][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.579338][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 295.628024][ T7467] loop2: detected capacity change from 0 to 128 [ 295.715798][ T7448] chnl_net:caif_netlink_parms(): no params data found [ 295.844407][ T7472] overlayfs: failed to get inode (-116) [ 295.871977][ T7472] overlayfs: failed to get inode (-116) [ 295.881123][ T7448] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.920849][ T7448] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.934486][ T7448] device bridge_slave_0 entered promiscuous mode [ 295.979082][ T7448] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.013659][ T7448] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.021788][ T7448] device bridge_slave_1 entered promiscuous mode [ 296.167868][ T4282] Bluetooth: hci3: command 0x0419 tx timeout [ 296.190538][ T7485] device syzkaller0 entered promiscuous mode [ 296.219136][ T7448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 296.308287][ T7448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 296.498988][ T7448] team0: Port device team_slave_0 added [ 296.507278][ T7448] team0: Port device team_slave_1 added [ 296.571883][ T7448] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 296.589410][ T7448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.662431][ T7448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 296.707301][ T7448] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 296.720627][ T7448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.765830][ T7448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 296.813207][ T4282] Bluetooth: hci0: command 0x0409 tx timeout [ 296.996131][ T7448] device hsr_slave_0 entered promiscuous mode [ 297.028831][ T7448] device hsr_slave_1 entered promiscuous mode [ 297.054830][ T7448] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 297.086240][ T7448] Cannot create hsr debugfs directory [ 298.216303][ T7516] loop1: detected capacity change from 0 to 256 [ 298.350287][ T7448] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 298.378697][ T7448] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 298.404109][ T7448] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 298.425277][ T7448] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 298.682040][ T7448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 298.701236][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 298.723519][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 298.770382][ T7448] 8021q: adding VLAN 0 to HW filter on device team0 [ 298.800645][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 298.871572][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 298.898589][ T4282] Bluetooth: hci0: command 0x041b tx timeout [ 298.930659][ T4361] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.937845][ T4361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.012591][ T7529] device syzkaller0 entered promiscuous mode [ 299.185080][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 299.207610][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 299.233324][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 299.264889][ T4361] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.272047][ T4361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.320663][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 299.353897][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 299.378793][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 299.421595][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 299.461013][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 299.519704][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 299.553975][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 299.579481][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 299.607706][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 299.623767][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 299.642561][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 299.663734][ T7448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 299.773823][ T7545] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 299.859878][ T7555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.924'. [ 300.439860][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 300.449319][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 300.473429][ T7568] device syzkaller0 entered promiscuous mode [ 300.498201][ T7448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.779050][ T7582] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 300.973646][ T4282] Bluetooth: hci0: command 0x040f tx timeout [ 301.599715][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 301.615243][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 301.718068][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 301.739563][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 301.759816][ T7448] device veth0_vlan entered promiscuous mode [ 301.781891][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 301.819354][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 301.861232][ T7448] device veth1_vlan entered promiscuous mode [ 301.867564][ T7602] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 301.942223][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 301.962274][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 301.988884][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 302.009476][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 302.032106][ T7448] device veth0_macvtap entered promiscuous mode [ 302.060982][ T7448] device veth1_macvtap entered promiscuous mode [ 302.130856][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.149213][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.179672][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.197776][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.210600][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.233243][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.244339][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.257683][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.267991][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.279015][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.299419][ T7448] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 302.487269][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 302.498253][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 302.519003][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 302.543606][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 302.589410][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.603744][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.661622][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.705735][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.719031][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.733834][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.749657][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.762762][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.775573][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.786506][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.798172][ T7448] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 302.811079][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 302.830553][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 302.857340][ T7448] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.873784][ T7448] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.897481][ T7448] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.906543][ T7448] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.017958][ T4433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.031335][ T4433] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.052869][ T4282] Bluetooth: hci0: command 0x0419 tx timeout [ 303.070202][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 303.109115][ T4433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.121216][ T4433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.138344][ T7625] device syzkaller0 entered promiscuous mode [ 303.185149][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 303.772912][ T7651] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 304.177062][ T7674] loop5: detected capacity change from 0 to 128 [ 304.208690][ T7674] FAT-fs (loop5): error, corrupted directory (invalid entries) [ 304.233016][ T7674] FAT-fs (loop5): Filesystem has been set read-only [ 304.386497][ T7676] loop1: detected capacity change from 0 to 8192 [ 304.467805][ T7678] team0: No ports can be present during mode change [ 304.525569][ T7680] device syzkaller0 entered promiscuous mode [ 304.529716][ T7676] FAT-fs (loop1): error, clusters badly computed (2 != 1) [ 304.560975][ T7676] FAT-fs (loop1): Filesystem has been set read-only [ 304.627722][ T7682] netlink: 40 bytes leftover after parsing attributes in process `syz.4.960'. [ 304.722396][ T7686] process 'syz.5.961' launched './file0' with NULL argv: empty string added [ 305.623302][ T7704] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 306.473304][ T7722] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1907204400 (244122163200 ns) > initial count (169753853312 ns). Using initial count to start timer. [ 306.551455][ T7725] netlink: 40 bytes leftover after parsing attributes in process `syz.2.973'. [ 306.639283][ T7726] device syzkaller0 entered promiscuous mode [ 308.439711][ T7769] netlink: 40 bytes leftover after parsing attributes in process `syz.2.988'. [ 308.477658][ T7772] device syzkaller0 entered promiscuous mode [ 308.706210][ T7779] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1002'. [ 308.741002][ T7783] xt_hashlimit: overflow, rate too high: 0 [ 310.610465][ T7812] device syzkaller0 entered promiscuous mode [ 310.714798][ T7815] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1006'. [ 311.830190][ T7844] loop1: detected capacity change from 0 to 256 [ 311.863176][ T7844] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 311.887276][ T7844] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 312.127531][ T7856] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1021'. [ 312.201573][ T7858] device syzkaller0 entered promiscuous mode [ 313.865000][ T7894] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1033'. [ 313.893130][ T7890] loop4: detected capacity change from 0 to 764 [ 313.942103][ T7898] device syzkaller0 entered promiscuous mode [ 314.013038][ T7890] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 315.227325][ T7924] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1045'. [ 315.470187][ T7930] device syzkaller0 entered promiscuous mode [ 316.975781][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.981052][ T7971] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1060'. [ 316.982126][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.311675][ T7975] device syzkaller0 entered promiscuous mode [ 319.940653][ T8015] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1077'. [ 320.497610][ T8028] device syzkaller0 entered promiscuous mode [ 322.539414][ T8077] loop2: detected capacity change from 0 to 256 [ 322.921203][ T8088] device syzkaller0 entered promiscuous mode [ 323.591123][ T8104] loop5: detected capacity change from 0 to 128 [ 324.358374][ T8121] netlink: 'syz.2.1112': attribute type 11 has an invalid length. [ 324.380066][ T8121] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 325.406079][ T8147] device syzkaller0 entered promiscuous mode [ 326.485165][ T8176] overlayfs: missing 'lowerdir' [ 326.949860][ T8191] device syzkaller0 entered promiscuous mode [ 327.158570][ T8200] netlink: 'syz.5.1137': attribute type 7 has an invalid length. [ 327.184446][ T8200] netlink: 'syz.5.1137': attribute type 8 has an invalid length. [ 328.077404][ T8221] device syzkaller0 entered promiscuous mode [ 328.447185][ T8227] device syzkaller0 entered promiscuous mode [ 330.371301][ T8244] loop6: detected capacity change from 0 to 164 [ 330.491188][ T8244] syz.6.1153: attempt to access beyond end of device [ 330.491188][ T8244] loop6: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 330.547206][ T8244] syz.6.1153: attempt to access beyond end of device [ 330.547206][ T8244] loop6: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 330.602995][ T8256] loop4: detected capacity change from 0 to 1764 [ 330.750847][ T8259] device syzkaller0 entered promiscuous mode [ 330.872594][ T8263] loop6: detected capacity change from 0 to 1764 [ 331.237897][ T8275] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1166'. [ 332.531698][ T8308] device syzkaller0 entered promiscuous mode [ 333.049405][ T8328] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1182'. [ 333.816235][ T8346] device syzkaller0 entered promiscuous mode [ 334.167515][ T8359] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1195'. [ 334.712069][ T8376] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 334.811266][ T8376] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 335.763899][ T8392] device syzkaller0 entered promiscuous mode [ 335.921976][ T8394] autofs4:pid:8394:autofs_fill_super: called with bogus options [ 335.932817][ T8399] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1210'. [ 336.664939][ T8423] loop5: detected capacity change from 0 to 128 [ 336.738422][ T8423] loop5: detected capacity change from 128 to 0 [ 336.932141][ T8433] device syzkaller0 entered promiscuous mode [ 337.032323][ T8439] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1224'. [ 337.340901][ T8447] kvm [8446]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 337.384395][ T8447] kvm [8446]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 338.851790][ T8471] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1235'. [ 339.075159][ T8480] device syzkaller0 entered promiscuous mode [ 339.127584][ T8480] tipc: Enabling of bearer rejected, failed to enable media [ 339.789176][ T8505] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1247'. [ 340.312183][ T8518] device syzkaller0 entered promiscuous mode [ 340.535494][ T8518] tipc: Enabling of bearer rejected, failed to enable media [ 341.126187][ T8540] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1258'. [ 341.411699][ T8556] netlink: 'syz.4.1265': attribute type 8 has an invalid length. [ 341.501478][ T8554] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 341.720843][ T8563] device syzkaller0 entered promiscuous mode [ 341.927525][ T8563] tipc: Enabling of bearer rejected, failed to enable media [ 342.198261][ T8583] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1274'. [ 342.259404][ T8580] kvm [8579]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 342.312199][ T8580] kvm [8579]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 342.325962][ T8587] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1277'. [ 342.473893][ T8594] loop2: detected capacity change from 0 to 128 [ 343.004544][ T8613] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1286'. [ 343.075032][ T8612] device syzkaller0 entered promiscuous mode [ 343.220942][ T8617] tipc: Enabling of bearer rejected, failed to enable media [ 344.698983][ T8659] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1299'. [ 344.745393][ T8661] device syzkaller0 entered promiscuous mode [ 344.935649][ T8667] tipc: Enabling of bearer rejected, failed to enable media [ 345.188670][ T8679] af_packet: tpacket_rcv: packet too big, clamped from 36 to 4294967272. macoff=96 [ 346.443393][ T8706] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1315'. [ 347.178217][ T8719] device syzkaller0 entered promiscuous mode [ 347.274573][ T8719] tipc: Enabling of bearer rejected, failed to enable media [ 347.412591][ T8728] tmpfs: Bad value for 'mpol' [ 347.784622][ T8740] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1328'. [ 348.486687][ T8771] device syzkaller0 entered promiscuous mode [ 348.526452][ T8771] tipc: Enabling of bearer rejected, failed to enable media [ 348.861188][ T8787] loop2: detected capacity change from 0 to 7 [ 348.956186][ T8787] Dev loop2: unable to read RDB block 7 [ 348.974745][ T8787] loop2: unable to read partition table [ 348.999508][ T8787] loop2: partition table beyond EOD, truncated [ 349.026958][ T8787] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 349.064083][ T8791] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1344'. [ 349.569880][ T8806] xt_CT: You must specify a L4 protocol and not use inversions on it [ 350.056334][ T8820] device syzkaller0 entered promiscuous mode [ 350.184642][ T8820] tipc: Enabling of bearer rejected, failed to enable media [ 350.340072][ T8828] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1357'. [ 351.392937][ T27] kauditd_printk_skb: 19 callbacks suppressed [ 351.392951][ T27] audit: type=1326 audit(1764747886.986:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 351.434161][ T8854] kvm: pic: non byte read [ 351.439825][ T8854] kvm: pic: non byte read [ 351.445008][ T8854] kvm: pic: single mode not supported [ 351.495976][ T27] audit: type=1326 audit(1764747887.016:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 351.513379][ T8854] kvm: pic: non byte write [ 351.549544][ T8854] kvm: pic: non byte write [ 351.562749][ T27] audit: type=1326 audit(1764747887.016:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 351.595652][ T8854] kvm: pic: non byte write [ 351.604386][ T27] audit: type=1326 audit(1764747887.016:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 351.645948][ T8854] kvm: pic: non byte write [ 351.663193][ T8863] device syzkaller0 entered promiscuous mode [ 351.675719][ T27] audit: type=1326 audit(1764747887.026:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 351.713150][ T8854] kvm: pic: non byte write [ 351.717723][ T8854] kvm: pic: non byte write [ 351.722342][ T8854] kvm: pic: non byte write [ 351.754384][ T8854] kvm: pic: non byte write [ 351.781363][ T8854] kvm: pic: non byte write [ 351.782369][ T8863] tipc: Enabling of bearer rejected, failed to enable media [ 351.785874][ T8854] kvm: pic: non byte write [ 351.801870][ T27] audit: type=1326 audit(1764747887.026:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 351.835797][ T27] audit: type=1326 audit(1764747887.026:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 351.908628][ T27] audit: type=1326 audit(1764747887.026:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 351.932011][ T27] audit: type=1326 audit(1764747887.026:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 351.956972][ T27] audit: type=1326 audit(1764747887.026:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8858 comm="syz.6.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fde38f749 code=0x7ffc0000 [ 352.308171][ T8870] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1371'. [ 352.826885][ T8892] loop4: detected capacity change from 0 to 512 [ 352.921872][ T8894] device syzkaller0 entered promiscuous mode [ 353.337245][ T8909] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1387'. [ 354.275742][ T8939] device syzkaller0 entered promiscuous mode [ 354.950197][ T8949] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1400'. [ 356.121515][ T8976] device syzkaller0 entered promiscuous mode [ 356.275605][ T8985] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1412'. [ 357.844493][ T9020] device syzkaller0 entered promiscuous mode [ 359.162826][ T9036] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1427'. [ 359.237563][ T9043] loop4: detected capacity change from 0 to 128 [ 359.251380][ T9043] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 359.298665][ T9043] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 359.341379][ T9043] overlayfs: missing 'lowerdir' [ 359.391005][ T4430] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 359.684732][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 359.740075][ T9059] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 359.806014][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 359.872309][ C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 359.915707][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 359.987461][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 360.059533][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 360.096136][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 360.130519][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 360.149185][ T9063] fuse: Bad value for 'fd' [ 360.163381][ T9055] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 360.804252][ T9079] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1442'. [ 362.570293][ T9112] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1455'. [ 362.984223][ T9123] xt_TCPMSS: Only works on TCP SYN packets [ 363.227470][ T9129] device syzkaller0 entered promiscuous mode [ 363.614945][ T9142] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1466'. [ 365.755242][ T9175] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1479'. [ 368.454710][ T9202] loop4: detected capacity change from 0 to 764 [ 368.502545][ T9202] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 368.727883][ T9212] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1491'. [ 368.919315][ T9218] mmap: syz.1.1486 (9218) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 369.088537][ T9218] [ 369.090907][ T9218] ====================================================== [ 369.097924][ T9218] WARNING: possible circular locking dependency detected [ 369.104948][ T9218] syzkaller #0 Not tainted [ 369.109360][ T9218] ------------------------------------------------------ [ 369.116374][ T9218] syz.1.1486/9218 is trying to acquire lock: [ 369.122350][ T9218] ffff88807a3f1bd0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: process_measurement+0x33c/0x1a10 [ 369.133069][ T9218] [ 369.133069][ T9218] but task is already holding lock: [ 369.140415][ T9218] ffff888079bbbd58 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x17d/0x770 [ 369.150417][ T9218] [ 369.150417][ T9218] which lock already depends on the new lock. [ 369.150417][ T9218] [ 369.160800][ T9218] [ 369.160800][ T9218] the existing dependency chain (in reverse order) is: [ 369.169794][ T9218] [ 369.169794][ T9218] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 369.177328][ T9218] down_read_killable+0x4c/0x340 [ 369.182780][ T9218] mmap_read_lock_killable+0x1d/0x60 [ 369.188571][ T9218] lock_mm_and_find_vma+0x2b1/0x2f0 [ 369.194278][ T9218] do_user_addr_fault+0x2db/0xb10 [ 369.199803][ T9218] exc_page_fault+0x60/0x100 [ 369.204896][ T9218] asm_exc_page_fault+0x22/0x30 [ 369.210264][ T9218] fault_in_readable+0x13e/0x1f0 [ 369.215712][ T9218] fault_in_iov_iter_readable+0xbb/0x2e0 [ 369.221850][ T9218] generic_perform_write+0x1d2/0x560 [ 369.227638][ T9218] __generic_file_write_iter+0x172/0x430 [ 369.233780][ T9218] generic_file_write_iter+0xab/0x2e0 [ 369.239668][ T9218] vfs_write+0x44c/0x960 [ 369.244416][ T9218] ksys_write+0x143/0x240 [ 369.249253][ T9218] do_syscall_64+0x4c/0xa0 [ 369.254169][ T9218] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 369.260563][ T9218] [ 369.260563][ T9218] -> #0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}: [ 369.269227][ T9218] __lock_acquire+0x2cf8/0x7c50 [ 369.274592][ T9218] lock_acquire+0x1b4/0x490 [ 369.279613][ T9218] down_write+0x36/0x60 [ 369.284284][ T9218] process_measurement+0x33c/0x1a10 [ 369.289986][ T9218] ima_file_mmap+0x104/0x150 [ 369.295080][ T9218] __se_sys_remap_file_pages+0x53e/0x770 [ 369.301215][ T9218] do_syscall_64+0x4c/0xa0 [ 369.306135][ T9218] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 369.312528][ T9218] [ 369.312528][ T9218] other info that might help us debug this: [ 369.312528][ T9218] [ 369.322738][ T9218] Possible unsafe locking scenario: [ 369.322738][ T9218] [ 369.330165][ T9218] CPU0 CPU1 [ 369.335511][ T9218] ---- ---- [ 369.340853][ T9218] lock(&mm->mmap_lock); [ 369.345162][ T9218] lock(&sb->s_type->i_mutex_key#12); [ 369.353119][ T9218] lock(&mm->mmap_lock); [ 369.359951][ T9218] lock(&sb->s_type->i_mutex_key#12); [ 369.365399][ T9218] [ 369.365399][ T9218] *** DEADLOCK *** [ 369.365399][ T9218] [ 369.373529][ T9218] 1 lock held by syz.1.1486/9218: [ 369.378530][ T9218] #0: ffff888079bbbd58 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x17d/0x770 [ 369.388946][ T9218] [ 369.388946][ T9218] stack backtrace: [ 369.394832][ T9218] CPU: 1 PID: 9218 Comm: syz.1.1486 Not tainted syzkaller #0 [ 369.402180][ T9218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 369.412235][ T9218] Call Trace: [ 369.415499][ T9218] [ 369.418412][ T9218] dump_stack_lvl+0x168/0x22e [ 369.423078][ T9218] ? load_image+0x3b0/0x3b0 [ 369.427565][ T9218] ? show_regs_print_info+0x12/0x12 [ 369.432747][ T9218] ? print_circular_bug+0x12b/0x1a0 [ 369.437931][ T9218] check_noncircular+0x274/0x310 [ 369.442855][ T9218] ? add_chain_block+0x940/0x940 [ 369.447787][ T9218] ? lockdep_lock+0xdc/0x1e0 [ 369.452369][ T9218] ? _find_first_zero_bit+0xcf/0x100 [ 369.457647][ T9218] __lock_acquire+0x2cf8/0x7c50 [ 369.462490][ T9218] ? ima_match_policy+0x104/0x2100 [ 369.467584][ T9218] ? lock_chain_count+0x20/0x20 [ 369.472417][ T9218] ? verify_lock_unused+0x140/0x140 [ 369.477602][ T9218] ? ima_match_policy+0x207a/0x2100 [ 369.482788][ T9218] lock_acquire+0x1b4/0x490 [ 369.487283][ T9218] ? process_measurement+0x33c/0x1a10 [ 369.492648][ T9218] ? __might_sleep+0xd0/0xd0 [ 369.497225][ T9218] ? read_lock_is_recursive+0x10/0x10 [ 369.502587][ T9218] ? ima_get_action+0x71/0xa0 [ 369.507254][ T9218] down_write+0x36/0x60 [ 369.511400][ T9218] ? process_measurement+0x33c/0x1a10 [ 369.516773][ T9218] process_measurement+0x33c/0x1a10 [ 369.521963][ T9218] ? ima_file_mmap+0x150/0x150 [ 369.526711][ T9218] ? aa_file_perm+0x117/0xec0 [ 369.531371][ T9218] ? mtree_load+0xeb/0xa40 [ 369.535769][ T9218] ? mtree_load+0x90a/0xa40 [ 369.540260][ T9218] ? aa_get_current_label+0x110/0x1d0 [ 369.545614][ T9218] ? apparmor_current_getsecid_subj+0xb1/0x110 [ 369.551751][ T9218] ima_file_mmap+0x104/0x150 [ 369.556327][ T9218] ? ima_file_free+0x3e0/0x3e0 [ 369.561070][ T9218] ? common_file_perm+0x171/0x1c0 [ 369.566082][ T9218] ? bpf_lsm_mmap_file+0x5/0x10 [ 369.570909][ T9218] ? security_mmap_file+0x11b/0x180 [ 369.576090][ T9218] __se_sys_remap_file_pages+0x53e/0x770 [ 369.581706][ T9218] ? __x64_sys_remap_file_pages+0xc0/0xc0 [ 369.587413][ T9218] ? lock_chain_count+0x20/0x20 [ 369.592258][ T9218] ? lockdep_hardirqs_on+0x94/0x140 [ 369.597446][ T9218] ? __x64_sys_remap_file_pages+0x1c/0xc0 [ 369.603159][ T9218] do_syscall_64+0x4c/0xa0 [ 369.607568][ T9218] ? clear_bhb_loop+0x60/0xb0 [ 369.612225][ T9218] ? clear_bhb_loop+0x60/0xb0 [ 369.616884][ T9218] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 369.622756][ T9218] RIP: 0033:0x7f2419f8f749 [ 369.627163][ T9218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.646756][ T9218] RSP: 002b:00007f241aed0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 369.655147][ T9218] RAX: ffffffffffffffda RBX: 00007f241a1e6090 RCX: 00007f2419f8f749 [ 369.663101][ T9218] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00002000005fd000 [ 369.671053][ T9218] RBP: 00007f241a013f91 R08: 0000000000100000 R09: 0000000000000000 [ 369.679002][ T9218] R10: 000000000000000d R11: 0000000000000246 R12: 0000000000000000 [ 369.686953][ T9218] R13: 00007f241a1e6128 R14: 00007f241a1e6090 R15: 00007fff49759898 [ 369.694907][ T9218] [ 378.411432][ T4433] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.423177][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.423211][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.486896][ T4433] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.547041][ T4433] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.596710][ T4433] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.659025][ T4433] tipc: Left network mode