last executing test programs: 2.661773324s ago: executing program 0 (id=3464): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) listen(r0, 0x20000) 2.598570177s ago: executing program 0 (id=3466): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 2.499684556s ago: executing program 0 (id=3468): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.398593915s ago: executing program 0 (id=3470): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f00000003c0)={0x6, 'erspan0\x00', {0x7}, 0x2}) 2.234831516s ago: executing program 0 (id=3472): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) pwritev(r1, &(0x7f0000000380)=[{0x0}], 0x1, 0xf1, 0x5) 2.160860942s ago: executing program 0 (id=3473): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0xdfffffff, 0x5e490420, 0x2, 0x4ce, 0x0, 0x0, 0x0, 0x0, 0x2, 0x88}}, 0x50) syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) close_range(r0, 0xffffffffffffffff, 0x0) 1.777370231s ago: executing program 4 (id=3482): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x44) 1.726394802s ago: executing program 4 (id=3484): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008040000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) io_setup(0x6, &(0x7f0000000200)=0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) shutdown(r0, 0x0) 1.660690344s ago: executing program 3 (id=3485): vmsplice(0xffffffffffffffff, &(0x7f0000000c80)=[{&(0x7f0000000480)}, {&(0x7f00000004c0)="b90ce5c245c2b74a299ae862cfc4c1df42e642db6b942601b1a265597df4deddf98ba04b8a96aac85c03b03b41d3c7a8e4e4db6bf28c3ec6562e0d198408c546287a848e415ed3c26e88efe068ca28bc437b996b6179ad9cc3d6b57a", 0x5c}, {&(0x7f0000000740)="1f6654b305d7ec9058b96006c0feda07caae4b3df8a6dc20800a1145f3a0a9b483357cd1c7c3be3eb45a32905d7cc7203305c8f964661f7088ca7485cf54a2d9f1bad05198340930cffc095b7ea8562f4ea8d6adc6091efd709fd216c3eacdff806a76", 0x63}, {&(0x7f0000000bc0)="fc372101c53c7d792423ccb9921d7f660627813ad56acc6eb833b454223c8e3030550e382db7c8b300fa2e9b6b7a246a54361de4e01b72425169b7aae4be21d4db07734cab64ab5572f8589af3594c527fd3e8284aa8b49cb50b3bc53eae0e886cf0d7ba1bd2a594c57c0a8cdf60bee27e90ff940f6b3b970dba8cb7efbaa1d91c7ca48d61877ac450c63a3e6c5705d7bdd77b297906938d3c5c81a8d1c2d832ab29e4d2126041bc3a8119ca35ec936651e69d50692884", 0xb7}, {&(0x7f0000001800)="3fb0a734a6eae0c18e5d08b516067dac97ecf6b2c8e90cc3a79da2f00b42352a7534907fb7c9de5148690a25eb7e0d962a9ab02e2154d37f517b4792ab8bdc0126c8c5421e1c2703cec726fb02e5b59865897fd9271097c9df86dbf76b7647c6501332c28efb4e23df35ca2cd2493ea8f7ce4535be25110860a7ac95442f5d38965d3b7828dd254c249f1e4f14df7f35b2003d077759bf83e500983726643dc112702f1236f5ce8c96cc4643e2a133131e87bf79647d29f13cb6b9883033c98be47b199c9dbfa638eeacef8bf04897e9d1a8f29df2a0b1e819909f84c091fcac7f46242e9dc78e07011511dcd6574e1b9e67eaac2d6d58acdb87386cde359b177aa46b81762a111943a100a4695893b310238b12263229a718bd6b223a1fcbc3d5127185f327bccf32308d8359d56bf26df0cdfbe030767b141f1e848f00e12dfd7f4eb5050ee52c38b18108918693a6af7205bde9fa3da70ee00c199cab9939cee15a469ce64f4c241116397432977bcb180c9628ad6bd6ee53ba9a8174223062c81fde6ac855e00469022a3d9a5fabe16d0b018247db95ebf6b5e13ae1dfffa028db8ebf7491e185ab3d15b04a880a7ba58eae793c1d50c76b3712b19ad4e86741c34da995d23729696e823b302df82650f53d06f1f5c41dcfc761ce42b14e94b5661372cda72535c5f54ada3389554673a070811d9b762f4cbec6788c638ae1dd15f9349a5e3067f659de01a4b1a6a45a042a63f5bb11ad520c3c3c7612206affde2cec43afcd347a44e5e68ae50502416a765cb1fe37f8ac3620109532ec9b3fb3a62d8c595a4e27806041ca81fbf8326be21c56f4827da1da06d49cb1d25657a6aca8cabccb051795231f19583125c4942330a9a9f6e9c702217baa5d0caf5c98c36007feb43ff878a5188e0b4dcb12f641333d47a75c4cfcaeb6199c8574a6b0291ea94aa95c12f2b8c6ef7a44891f01039e563d706760a2a88cf811d91dad671ca9c760fc859298095cf042cbb6ad768173ba9d33dfd5feb2b19969c45562c91e1b2c3e19633b1fdc404d77634ed1bddd6d32518d26cdfc1baf17f49cc67685d76650aa3143758fa067ac9f8111a0567a765e8b9ae6217f8912ca2f9621bdf6a2e90a2da9bd9cddfd84d360e3c85c9dd0cd9e2bc95ed3fe0476e237644c266f073eebb8004d0a880d785fb0d05385ebe013863834e186935f95dde1fc9f63b3e10d2d7038247d45435e6850c1f6e26acddfd171d5887039d042ebdd2e43974a884aec79dc27764a5bf7e79ccbfd7c5779f4d68213d45e7d08a5fabb08cc19c8fb4f186a7f59de548d344ac04cf77a639a245b515989692b8e6460284826e3669ee9eda362827e9917da2373dcf12a4490ca159d4e503f2c197e7e20a494d68ce04ac99ba29ce1003c4d10454a3260644b65f6c12a0f191c59be204c188c2a5f7c52fe13d63963e3ad66382170415425fe1483a0719d7a88403a3c9407c3d5eeff0f4995b40355a3baba40c255e617fbfd94dece4a7984feab403622f4992f70109d74c3618e541ed837ff387dd8ed96f024d962e84c0bd00099dbe992ad697f207a71b6a02b3b65950347838556a48d17d6c83e1d8a31ba82ba7188bac1d40f57108e9ea54fcc551f5a27f1df6fae0da639482471885e975bf029d3370ab02285054e30d13a54bebfd227f5b43a37fce452449be72133e5292ae51c17a49e260c64e12756701f8c4aa8bc914e0dbb06964893e48c2985a015c13830223889eda497c9c9dd46c9e545a789ccecb78a17bf1e9170f8ee988fb756e996b9f0e28a82f5b09f1e3c02d1e3483864d5388e2dfed38f6f7b37dc0b70a577113f1da871cfc5747f25033584e4317c084bb5395661baac7c748902075554230518b8b0361629d2f8328698613ff9b89a71c5560ddd42ee02e92f8b70cef02c9bfef45dc5fd40ce0ba55edcac38ac395dfb3304e3f57e050b9dc1aac5775f32dda5434d4677220472fbba682e3f561a5451175fa4dcf53c57fc794dd1cc02918c3e06dfb54c91f249727b106b10baa1fa27bdf690350b3e831257ceb3539cb4249518ee190912c27cbf65667644917aa612f90e6b05ddd6b6afc7aaefcf3585ebd5e557435083c16f0c0374e097fc5d032e9f9003e27a1adc9d3bc4d18b40639298057f", 0x602}], 0x5, 0xa) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/profiling', 0x22042, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0xbfd1, 0x0) 1.488989778s ago: executing program 1 (id=3489): r0 = socket(0x11, 0x2, 0x0) setsockopt(r0, 0x107, 0x14, &(0x7f0000000000)="11106e00", 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'hsr0\x00'}) sendmmsg(r0, 0x0, 0x0, 0x8090) 1.379237986s ago: executing program 1 (id=3491): sched_setscheduler(0x0, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000440)='mmap_lock_acquire_returned\x00', r0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0) splice(r3, 0x0, r2, 0x0, 0x7f, 0xe) write(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x81362000) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x30, 0xffffffffffffffff, 0x7c528000) futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) 1.20833565s ago: executing program 1 (id=3494): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000000002000000e0"], 0x190) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="020000000000000002000000e001"], 0x190) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0) 980.956959ms ago: executing program 2 (id=3498): socket$kcm(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @private2, @loopback, [], "1e520b4c951ee12e"}}}}}}}, 0x0) 859.645698ms ago: executing program 2 (id=3499): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSIG(r0, 0x40045436, 0xf) 791.16133ms ago: executing program 2 (id=3500): r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000580)={'veth1_virt_wifi\x00'}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000140)=0x1de, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r2 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) fstat(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$netlink(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)={0x1c, 0x12, 0x1, 0x0, 0x0, "", [@nested={0xc, 0x2, 0x0, 0x0, [@typed={0x8, 0x0, 0x0, 0x0, @uid=r3}]}]}, 0x1c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x2) syz_emit_ethernet(0x4a, &(0x7f00000005c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0) 745.208279ms ago: executing program 3 (id=3501): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 740.522398ms ago: executing program 4 (id=3502): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, 0x0) pwritev(r1, &(0x7f00000002c0)=[{&(0x7f00000010c0)="aabf75aa76c3ada74bf44ac8955581057e1778604df77693559ffad6cc78741642e0f21c507a79c29daba641a268ce55abe36b0fa2268a6fffbb8016b62549418cd3f951d1850854ec210ea8034faf1626e616a36c6bc0c9b4372b0e28213019e3db182fd0858a17e87ff7a5dddc89594225d78441a533082ed3e8047f12269778c40721cacf71f32543874a345938224419dce2fd44b7a62c1d0d98a0cf23c2fc16894ba549a2edfb7e300f14c30f64429d25ea9b26b9fbf839fb039e46bc8dcf12d7ce62c8cbc9f0d5ffff56a577edd86949d10e6e37e31297ce4e5585bc3d3ac00acbeec51d8164359204a918b4d1de4514705d55e2105084aece8a83f28fb3e46eb4f24b966af622fcf31c4cb601f5a2b82d42a2172ad0b1939c585891940b81aa9c5c6cdb0676b998025ea4ac0fc18aa24fd5d562b1dd4f23e3ac63f0233fb4465c5e5a96599ecc0fd8dd7e7d48a8b96db03630613905fd610ceec2eb9b6962645bd959cb08493806bb6d0ccb067a048c7ec34cc3ab4aec1b8e4253de22949b0c9a9d1dec77d903d6018eafd0e81dc7090ea108057e631003da3104c2eb839bc8428be6a497a051b03b80c02d8f8efc20330853a81ba6e36c41fcbc63e2345075a99164f8108452c298a49da500c16ecd20fca9577814e657a767c5f310d0c8a71b134a995e40c7924ec6ffe956ab10ff39e3a07b28af2a668df944869bffd39494fa0150a7a46491659c0afb122c91a50d08bd50e014bc4c1f7c9ff3fd2d1d813cd0cbf1b3e5d10ed2ae103de7dfa77e76ff55f41f1e1804e4f06bd013ce28511e3469817b0154e58378345928071d63e474e4d8ac2d50c5f7626fc769b2e1c3b2534fec20a8440fd333e2220de76c21ddf83c0e6156f12dbef610a98a0500aaafc0278ceb32591a8c27d7f05cbb1718da94a95df19f72b8072ae01be8d19a3e34ae4cb059cecc5fd95cb1d9116ba62bf1b8926a919a9d88491e8516a5070cd5b74fc46d26e36c5742aaca351dc5c98f97f06e9d7cbc9c318b00a0e73829acaba560cbf0c67c4e60321eeac2e56d355ca483868e76a7e0397a5009a8c83825be2fbbb4fd48e1a0682fab5997ca24046008d5d48740b614bba2c4f48ccc6777ee90ab07b0e6181f52d64f24ec0ad43b2125d2464d55e977d6b7eb62e11c2cf418dccbe16644a3cc008f68e3fa83f73cdd4369cbd3789efe4802d02f364ecac04aa6868b0fa95ec1ed1d50f403d2ea5c7e201e2e5563d940466d77e0f1e3988abcf6b25aeeebb079d4da21e633e83e4b5c090957812ab84232f70ba420981628c74f0bf5e363ef017fa6c9157b844b36f6188e7955f992d587cde528b85315f825ee3d7c3db57db62bca9dfca8ab4014a672d43c3c462aba6de5f17ab252e5ced731a0f5ed018cbf766290c28b6ad4f1ef378c056291172c8ae0f24b7a50e28e6964f72ca1345a13223637b4ebdc19aecf4f93b4c4819ba4380ccd51595938f2255cb22d4d9b270ebb2367b8045d950e9201da4466f1adaa6d19d6387b971ad37505c64e6ffd7f4f04cffb72fde1f0c08912de1c890ba83532839963f527149d4ae501baabe834eb9dc4a2c42c646c4cfc1b735a0c60acdf8a54cc200733282169a8ec10e23b34e713f47eb5c8d18b1700bb4ca77a0c04b55ec546f1f90211906a90738bd3827e9ec5aa2b64cc28b67a0d3b33e4a210b3b4f9e115907f2e660ee849677a99fd3ea2a8bbaf07369fc036d51d2b4bdd94a6ab7421db4686aeabebc3679960286ea0444694bde2d76e69fda96bdbfde78d7345c7a143abab5d0412269d833c5e315d7705e691cc5ce6f70d7f22f762bd3cd2e25d40bc4e5af3e9ee651e1400daa8edf2e6e3d7026f1e22c88a15cb4fa909375999bcc34ef12d0a40b3f3cdcb0be3400edd8c04991ee8cd7778f88b54c517deb9c955d8a43a3606aeef44c6db656bab1164dddc312d1a2b74a520b988fb62fcf08de1b82e9093db5adca8222340257fffb5da79b82adb6f49473cef3a65cbb20a9ffe5760d1f4c6a3f3cc9db3eb1dd9eb44c6a84074f13feed4d45b47037280c7a096da61b397e8002093c6428d00d2a0d249d518636a8ae42f0778bddd723e8410209ca1ebce297d2d88781a378d0e7b8695080f2ec5f907f5cdbf1a8ae0b0d23b5239dd7bed96304cb561be61d68ff3ec90b6bf30f693fa2bb416d935f107e445eb0f492071df1cfcbc9e34173bf3feadfa3d64f99b078f603a5a504704625bd8d85e8a5454edfaf92b0ab95036c8aebc297f4fb8c51ff97740f82f5c220fcaeed0d77ee9007636dc70252d891f2a00ef010ac48153e5d5fd83f88b5c0010e41d312f368a660c50d1574d07242270b814f59abc8c25a26e5cb6ed8915eed0ed188c13f45045afe44e0d8a5e37e51bb7da9b715541c2b54fb5d2e827be94530b6fdd299d67898e89d3d68e0730375d9e8b425b06c61fe3e41b93eed3a239df5df59e6add4c8b8cf48c1b175bf912fc5a51798ed5647377e52a38792ff2263c426c40cc8602113f5664986858939d097f767d67b706053268a36c7f9903cf148a88d4012136ed96057c43922fafd67393afa0f4f245e9e1a8b53a27087bc8bde767208841c412a487cbf7fa9a83bee749a8f095bb35f8bd519766d428f246c47b8f50ffd52aacbdd84696fb7c5761b99a15b0809c3465e10ef658d3d2e26a5b018740ab4f64b76a414bf41184d3334af3f7c7f5349e55ad2e96669da6f6105b7c0a74d8448bea966656612982f86c55fcad791c2532dc1dbd27ddda624f75159ee40cb33fab8b4770a4947cad4d936aa5b7e94c0e57b793fe33aa8d5e896a2c28eb804471eb9aa17abf8c3eb72ef8223995376e5795b9bcd5d3307b557d27ab1cfa50d0eea759391ad9f6d62d1b1000278633e90cfbf3502e2a39f3b05b051ed1200d57c96a9eed32883733c22604a1b45dd2aa1a85a0777b3484bc500d2215f8a3d03c96de14125ed53db3413f08d7396dfd2897708a0cac7c98b61525646fb984fb2a7237238fee9e4cc7938ac8d5b7672007be062040b703fbadd4b249689edf00c0cabda644fd0ab2f608e91e5d59af827d0f48ffbffaa2854f62cbd895a6ccd0267f88f343a727c27156f72cd80a3834f327fd500a8fde965a59de1a7c1fea7d519b0e33535499970307eb6ea0158de51677c1ff711d6e288d070a4ea34fc3e9188398bdc4e4cf8bf79482acdae43ce11a01fd113c0fd67679c8cc1cc81051214a62a8da68a123e1bbda8d624262f795c1252f690e89d0abdefdecb0630b97635d87748581da0101c8fbe09362bc5d62685e8f8a81d24e1c25066460e4fea9fc3d8767112c6b084f9c17491f7d667132a5a00a55f93c974f6da6687b4b437a3a842aa9b0e07144e5f04ab32fe3e637ecb23078698b325b1de6ca629e535e8b69423dab9d25bcfb962b5dab26dc183ed4f305b39f4ef93832bb72d1a705c57937c34222ed878af19c20d220b2213e96618b5b784644da0dfceb639cbba8685a38091dd4ba285026d912b2ba97b592d06a1a8600f04149ac6c69e5714670275639357b2f2b40bc1180ac613a54429a17b81eb7d845ec5b4a6d31eea4de29e4591425a6ec94789370fff872352118768a6e477c3fc5978f7ffd430a50a201276faad56db177dab31e4d592c9156551bf4e472b43f0783b5848f5f51650dbc4e3da1d454f93004415f8dd454ff87997a351853d24123e6ff9c84a4193ef53c77b742204cf94370d3336d7c88b768a3d2766346801efade0baa37964c4fd10003f48fb51ccf669c185940b8e6387fc01e80e87a6bd219c5fd2437eb74fa7aa8e172c2a2cf33cc2e990323a8b14636906ca639c0d4c37f0735e227d48f752b72720f8961f60f3e14722b4cd3adc5fb233595929035d82d45ee4cfca3745303cea020aad4487e7bee26e34260e2783ad0fb0e6a3d38a6aa1ced141dbbc3291a7de961184c3c22f7f6235629cb59d68db14103f4db0956af921a312782052e79f0b88e0d8621966c229449dbac54637a34a519050d670b7203eb53407c24e2fe3ff2f82f57a3d266363fdab8d955a070c897eb9c807afcaca9c50ae0575e327c8158330c786750b608cd407e116b68391a743b36d3eabb05a0d4df0c723376dfb28e5d665cee44a75038ea309094446db302fcac6ebeebd8098f21a9dccf3058fc2790b28e1b752713029473a491dd76c6eb5bac47cc78e3aca0dde814f265751977a492ebf14c2c0b3a90000d9ff2137ed0fe79cc9fa2ac64d06dc1773058ebd83b746a8696e8777b3f267eb71545fb099419576d166b6b0279187f6233032b5c0e9170f699b1edeef6fa10081e5fe4c3e64499226a10dd1f474a2f3c7d136e4243116e0f620a46f1dcc69d90677675ea180fc7420150c2acdfa5c9880e8fb8bdcfbcd223c440515e5f35c0726ac8c027244b0d54fe8f66dec9b0dab14b8ac2893f2159e3fdb9c2443944072462afd57da8c7dde2e619c790bbec8dd73dfcbf8e366820a88829c28856596f6cc498849b00cbff3bb1e775ab92977804e494cb062d3815ff40ff0fbf092ba54ef50e269474ded2d2da15b998e63502f02d48461a9862bef3c7eb72c2b84a157e604236761d6b334708c0b3c91fa51ee0196ef6662e0134fd937cc5c5be1126a8b0b0190a5824eed558afae75a07612f3b290eddc7b57bb26a1e29a04059cc131a86a949702475244b918b822d11dcfa07d49d257d270a59032a8244f4b931ddd017836a4d8d6a2a3e78f4f343dd96a12e46b45150ac2e310c07c3fe88f2106ac01485fb3cb39fa0aca6e5c3e727cf1839b8546aa893d984977f5858a35f37b3488d83c048c33fd6339ac4cdc7560c60d53dc9f8e0bb54dff79523b5bd99699e23bb83165a83c7688b4fa2daedb96d6934ec3d876943023a20d181eb4864b71cda5555d63f2c9b88ffceda8d4c9ea83038072907ec881573a23901d87d965476e596663ba56cf36a9afcc8b47a1c5bc48f540f4c5d483c8228caf11ebb34f35b3248622f863da6ff3e96c8655e667edf5d908ad409b0bb20a4b80c2b109141ba4d02957d937289e889f858f3ae2eeb0b3961e840b06f55d3c95334391e623f3b2d22b6e9390c7a2554c3c4532df0df4bd0d0b4e36ed517218425c388b5e0b8e5bbc917f58df74d92f6230fa7b2c7eb8010f833ab02ca46e443b3093bbb75d533883850fe380482dee2260035a5414ccd4652ff947f71a8016fa425f6d7f9d29a313f12e83c8c7b89dd3f84f503bff1a01a31fa771f37500227a603ac805588ce49b9e405c0feafdc2a285213274f7e76561fcbc5868de9c844bacb649be31e219d10ee5b355ef3846a6633d53ea21d973673d856b18f59a237677bed37255e1a1113181e079dcf590d4be7909015ba4832b541a48f08d503178dab0f2f82b8f818bb5e304ff9d211f6edd8d200418a9e60c0449ed1644ef3cf61c667311474884f76d11f6cd95a1766fdd3b0444af4298d1b244dd89f7f6a48a49d0c1f8a4cb05e3b6bbfe4ff7a9960718b4e739d4ab056daf441046bbf030ea89d2dd16308355c2412ca444c4a7b59780e9ab74da2f7107230259b5d71b9d94b292ac7ea46060f24231727e9bf357b89d2aeebdb4db020d26d59ac9ddd17b81e4b9cb8f248f3c085020efd1a6403a1c852ba82543ca09d51fa5c6a2b9743a5becfc16b7fe2cdae1958494956c6bcf81aee662959aa742e0de61c252e3fbee94a5dd8f", 0xff55}, {&(0x7f0000000400)="9b2f7e9dd799fe2bb80020307877a48044bdf07025b476cc9127b6e1eff4f9fa6fa5d37f1aea08d69d9bcdf479048e3555947e65a377a8001e3d8bf10f2e7a5dafd0d19abf7200cc32ff58e90d413f6351ea9069253f916aeb15306392cd85d7cb00825ad0147d323c474d8b32f3d98fc3ac9092b4491263", 0x78}, {&(0x7f0000000dc0)="ddbf2011806e6720f319cf7328576c5012720676d84a00000000e9db12cfcf678d019c76b79320582d67d9d9e571b973616e6040781ec3f1b435b3f02989f94c0f97948d7eb40fa30d34ab7b60e54947269ebf42004d943feb7c6aaf40e305797c4d8ee50225934e0000000000002b84d3910adadd7baf16836512e01c6600bf3dba330f622a890b81cfe7e3f5198eaa479f8fb43b6cb29da01738d3c731118d05cc82b7018f2fb6b312aad5a940880f1c43ecb052624e41d8cbc7a05194ce7de7c588ea428b45847c723836ced51013b9e9c15813cdc50c07b5fceb3f16ff584cb3e676a5ebf4113730733e88e1f9fa3fc220dc2ee0233d330baca3677f75dab3d312f76067a9407f9c6c6af5e281bb728297e9bf53dca225c39b187f1b9b1c8a8f47be99061f8492d61b1d9164fbc3330a033b0aec34cb8e8b14b7dec5dbd7433a3e0b7b8094989b69943a14df82f603326dc70985f2e024e35e0ed3440d72a190623829558df3b4c69f80", 0x16c}, {&(0x7f0000000d00)="60cd1aa66b785e7173949b3ca0b96d182305dbc8da490593c5616809105f26e7830703675a32d203bfe396dc2abb07117746775ac0a9efc95ae38b96116a1bf7bb288cc9086dba45be3eeec21c1c6d427ebee1c15bff8e9397c806205fea2cd700ecb6a8eb15ed367357b7cd48cc52b99ca9ace5bf3e9c0f70a3aaca7cd4afdad1f9337812468c980394c7b346e0614f310c86ae148600eaf786ceba05cf825a29db1b00237b44861dd88d9202c496537c0d20aef64126178bf3bf351d", 0xbd}], 0x4, 0x8, 0x5) 559.622266ms ago: executing program 3 (id=3503): syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000208060001"], 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) 550.081617ms ago: executing program 4 (id=3504): syz_emit_ethernet(0x1f, &(0x7f0000000300)={@broadcast, @dev, @void, {@llc_tr={0x11, {@llc={0xc0, 0x1, "92", "91e6f2ac948ebd1ab369f15f0827"}}}}}, 0x0) 538.061322ms ago: executing program 3 (id=3505): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff810500000200000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) 375.792104ms ago: executing program 4 (id=3506): unshare(0x24020400) unshare(0x22020400) 375.467531ms ago: executing program 3 (id=3507): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc0000000000000000f1000000000000ac1414bb00000000000000ecffffffffffffff04000000000a006080"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0) 293.338589ms ago: executing program 2 (id=3508): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3d, 0xe, {{{}, {}, @broadcast, @broadcast}, 0x0, @default, 0x0, @void, @void, @void, @val={0x4, 0x6}, @void, @val={0x5, 0x3, {0x7, 0xf, 0x9}}, @void, @void, @void, @void, @void, @void, @val={0x76, 0x6, {0x1, 0x0, 0x19, 0x6}}}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HIDDEN_SSID={0x8}]}, 0x74}}, 0x0) 250.058007ms ago: executing program 1 (id=3509): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x38}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) 171.390677ms ago: executing program 4 (id=3510): syz_usb_connect(0x0, 0x41, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e518a708ac0501859d200000000109022f00"], 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e06000d08"], 0x9) 168.940544ms ago: executing program 3 (id=3511): vmsplice(0xffffffffffffffff, &(0x7f0000000c80)=[{&(0x7f0000000480)}, {&(0x7f00000004c0)="b90ce5c245c2b74a299ae862cfc4c1df42e642db6b942601b1a265597df4deddf98ba04b8a96aac85c03b03b41d3c7a8e4e4db6bf28c3ec6562e0d198408c546287a848e415ed3c26e88efe068ca28bc437b996b6179ad9cc3d6b57a", 0x5c}, {&(0x7f0000000740)="1f6654b305d7ec9058b96006c0feda07caae4b3df8a6dc20800a1145f3a0a9b483357cd1c7c3be3eb45a32905d7cc7203305c8f964661f7088ca7485cf54a2d9f1bad05198340930cffc095b7ea8562f4ea8d6adc6091efd709fd216c3eacdff806a76", 0x63}, {&(0x7f0000000bc0)="fc372101c53c7d792423ccb9921d7f660627813ad56acc6eb833b454223c8e3030550e382db7c8b300fa2e9b6b7a246a54361de4e01b72425169b7aae4be21d4db07734cab64ab5572f8589af3594c527fd3e8284aa8b49cb50b3bc53eae0e886cf0d7ba1bd2a594c57c0a8cdf60bee27e90ff940f6b3b970dba8cb7efbaa1d91c7ca48d61877ac450c63a3e6c5705d7bdd77b297906938d3c5c81a8d1c2d832ab29e4d2126041bc3a8119ca35ec936651e69d50692884", 0xb7}, {&(0x7f0000001800)="3fb0a734a6eae0c18e5d08b516067dac97ecf6b2c8e90cc3a79da2f00b42352a7534907fb7c9de5148690a25eb7e0d962a9ab02e2154d37f517b4792ab8bdc0126c8c5421e1c2703cec726fb02e5b59865897fd9271097c9df86dbf76b7647c6501332c28efb4e23df35ca2cd2493ea8f7ce4535be25110860a7ac95442f5d38965d3b7828dd254c249f1e4f14df7f35b2003d077759bf83e500983726643dc112702f1236f5ce8c96cc4643e2a133131e87bf79647d29f13cb6b9883033c98be47b199c9dbfa638eeacef8bf04897e9d1a8f29df2a0b1e819909f84c091fcac7f46242e9dc78e07011511dcd6574e1b9e67eaac2d6d58acdb87386cde359b177aa46b81762a111943a100a4695893b310238b12263229a718bd6b223a1fcbc3d5127185f327bccf32308d8359d56bf26df0cdfbe030767b141f1e848f00e12dfd7f4eb5050ee52c38b18108918693a6af7205bde9fa3da70ee00c199cab9939cee15a469ce64f4c241116397432977bcb180c9628ad6bd6ee53ba9a8174223062c81fde6ac855e00469022a3d9a5fabe16d0b018247db95ebf6b5e13ae1dfffa028db8ebf7491e185ab3d15b04a880a7ba58eae793c1d50c76b3712b19ad4e86741c34da995d23729696e823b302df82650f53d06f1f5c41dcfc761ce42b14e94b5661372cda72535c5f54ada3389554673a070811d9b762f4cbec6788c638ae1dd15f9349a5e3067f659de01a4b1a6a45a042a63f5bb11ad520c3c3c7612206affde2cec43afcd347a44e5e68ae50502416a765cb1fe37f8ac3620109532ec9b3fb3a62d8c595a4e27806041ca81fbf8326be21c56f4827da1da06d49cb1d25657a6aca8cabccb051795231f19583125c4942330a9a9f6e9c702217baa5d0caf5c98c36007feb43ff878a5188e0b4dcb12f641333d47a75c4cfcaeb6199c8574a6b0291ea94aa95c12f2b8c6ef7a44891f01039e563d706760a2a88cf811d91dad671ca9c760fc859298095cf042cbb6ad768173ba9d33dfd5feb2b19969c45562c91e1b2c3e19633b1fdc404d77634ed1bddd6d32518d26cdfc1baf17f49cc67685d76650aa3143758fa067ac9f8111a0567a765e8b9ae6217f8912ca2f9621bdf6a2e90a2da9bd9cddfd84d360e3c85c9dd0cd9e2bc95ed3fe0476e237644c266f073eebb8004d0a880d785fb0d05385ebe013863834e186935f95dde1fc9f63b3e10d2d7038247d45435e6850c1f6e26acddfd171d5887039d042ebdd2e43974a884aec79dc27764a5bf7e79ccbfd7c5779f4d68213d45e7d08a5fabb08cc19c8fb4f186a7f59de548d344ac04cf77a639a245b515989692b8e6460284826e3669ee9eda362827e9917da2373dcf12a4490ca159d4e503f2c197e7e20a494d68ce04ac99ba29ce1003c4d10454a3260644b65f6c12a0f191c59be204c188c2a5f7c52fe13d63963e3ad66382170415425fe1483a0719d7a88403a3c9407c3d5eeff0f4995b40355a3baba40c255e617fbfd94dece4a7984feab403622f4992f70109d74c3618e541ed837ff387dd8ed96f024d962e84c0bd00099dbe992ad697f207a71b6a02b3b65950347838556a48d17d6c83e1d8a31ba82ba7188bac1d40f57108e9ea54fcc551f5a27f1df6fae0da639482471885e975bf029d3370ab02285054e30d13a54bebfd227f5b43a37fce452449be72133e5292ae51c17a49e260c64e12756701f8c4aa8bc914e0dbb06964893e48c2985a015c13830223889eda497c9c9dd46c9e545a789ccecb78a17bf1e9170f8ee988fb756e996b9f0e28a82f5b09f1e3c02d1e3483864d5388e2dfed38f6f7b37dc0b70a577113f1da871cfc5747f25033584e4317c084bb5395661baac7c748902075554230518b8b0361629d2f8328698613ff9b89a71c5560ddd42ee02e92f8b70cef02c9bfef45dc5fd40ce0ba55edcac38ac395dfb3304e3f57e050b9dc1aac5775f32dda5434d4677220472fbba682e3f561a5451175fa4dcf53c57fc794dd1cc02918c3e06dfb54c91f249727b106b10baa1fa27bdf690350b3e831257ceb3539cb4249518ee190912c27cbf65667644917aa612f90e6b05ddd6b6afc7aaefcf3585ebd5e557435083c16f0c0374e097fc5d032e9f9003e27a1adc9d3bc4d18b40639298057f", 0x602}], 0x5, 0xa) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/profiling', 0x22042, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0xbfd1, 0x0) 137.351525ms ago: executing program 2 (id=3512): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) sendto$inet(r0, &(0x7f0000000740)="e1", 0x1, 0x40, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0x8c}], 0x1}, 0x10000) 124.995951ms ago: executing program 1 (id=3513): socket$inet_smc(0x2b, 0x1, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000001680)=[{&(0x7f0000000000)=@in={0x2, 0x0, @loopback}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000040)="9e", 0x1}], 0x1}], 0x1, 0xfc) 47.551927ms ago: executing program 1 (id=3514): bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) getpgid(0x0) mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r2, &(0x7f00000004c0)={0xa, 0x4e20, 0x3ffe, @loopback, 0x8}, 0x1c) 0s ago: executing program 2 (id=3515): syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000208060001"], 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r0, 0x1, 0x0, 0x6, @link_local}, 0x14) kernel console output (not intermixed with test programs): 12022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1839'. [ 456.502554][T12026] syzkaller0: entered promiscuous mode [ 456.508312][T12026] syzkaller0: entered allmulticast mode [ 458.445959][T12128] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1886'. [ 460.050971][T12196] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1910'. [ 460.156464][T12203] netlink: 'syz.4.1914': attribute type 10 has an invalid length. [ 460.186288][T12203] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 460.200231][T12204] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 460.446520][ T30] kauditd_printk_skb: 970 callbacks suppressed [ 460.455273][ T30] audit: type=1326 audit(1767280964.216:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 460.501178][ T30] audit: type=1326 audit(1767280964.216:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 460.551663][ T30] audit: type=1326 audit(1767280964.266:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 460.598586][ T30] audit: type=1326 audit(1767280964.266:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 460.667074][ T30] audit: type=1326 audit(1767280964.266:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 460.725718][ T30] audit: type=1326 audit(1767280964.266:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 460.788417][ T30] audit: type=1326 audit(1767280964.266:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 460.865153][ T30] audit: type=1326 audit(1767280964.266:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 460.919163][ T30] audit: type=1326 audit(1767280964.266:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 460.975406][ T30] audit: type=1326 audit(1767280964.266:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12220 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 461.858674][T12264] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1940'. [ 461.868001][T12264] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1940'. [ 462.350227][T12297] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1953'. [ 462.367533][T12297] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1953'. [ 462.951950][T12326] process 'syz.2.1967' launched './file1' with NULL argv: empty string added [ 462.982514][T12328] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1968'. [ 463.013774][T12328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1968'. [ 463.434535][T12352] +}[@: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 463.450683][T12352] CPU: 0 UID: 0 PID: 12352 Comm: +}[@ Not tainted syzkaller #0 PREEMPT(full) [ 463.450710][T12352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 463.450727][T12352] Call Trace: [ 463.450739][T12352] [ 463.450749][T12352] dump_stack_lvl+0xe8/0x150 [ 463.450791][T12352] warn_alloc+0x214/0x310 [ 463.450815][T12352] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 463.450848][T12352] ? __pfx_warn_alloc+0x10/0x10 [ 463.450873][T12352] ? kasan_save_track+0x4f/0x80 [ 463.450892][T12352] ? kasan_save_track+0x3e/0x80 [ 463.450908][T12352] ? __kasan_kmalloc+0x93/0xb0 [ 463.450926][T12352] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 463.450944][T12352] ? xskq_create+0x56/0x170 [ 463.450972][T12352] ? xsk_setsockopt+0x4dc/0x8d0 [ 463.450996][T12352] ? do_sock_setsockopt+0x17c/0x1b0 [ 463.451016][T12352] ? __ia32_sys_setsockopt+0x13f/0x1b0 [ 463.451036][T12352] ? __do_fast_syscall_32+0x1dc/0x560 [ 463.451063][T12352] __vmalloc_node_range_noprof+0x134/0x16a0 [ 463.451114][T12352] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 463.451141][T12352] ? __kasan_kmalloc+0x93/0xb0 [ 463.451196][T12352] vmalloc_user_noprof+0xad/0xf0 [ 463.451215][T12352] ? xskq_create+0xbf/0x170 [ 463.451244][T12352] xskq_create+0xbf/0x170 [ 463.451276][T12352] xsk_init_queue+0xb0/0x110 [ 463.451306][T12352] xsk_setsockopt+0x4dc/0x8d0 [ 463.451336][T12352] ? __pfx_xsk_setsockopt+0x10/0x10 [ 463.451364][T12352] ? __pfx_aa_sk_perm+0x10/0x10 [ 463.451391][T12352] ? aa_sock_opt_perm+0xff/0x1a0 [ 463.451424][T12352] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 463.451442][T12352] ? __pfx_xsk_setsockopt+0x10/0x10 [ 463.451469][T12352] do_sock_setsockopt+0x17c/0x1b0 [ 463.451495][T12352] __ia32_sys_setsockopt+0x13f/0x1b0 [ 463.451522][T12352] __do_fast_syscall_32+0x1dc/0x560 [ 463.451543][T12352] ? do_fast_syscall_32+0x34/0x80 [ 463.451570][T12352] do_fast_syscall_32+0x34/0x80 [ 463.451593][T12352] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 463.451624][T12352] RIP: 0023:0xf7fc6539 [ 463.451644][T12352] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 463.451661][T12352] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 463.451687][T12352] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000011b [ 463.451701][T12352] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004 [ 463.451712][T12352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 463.451723][T12352] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 463.451734][T12352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 463.451762][T12352] [ 463.451834][T12352] Mem-Info: [ 463.719604][T12352] active_anon:8986 inactive_anon:0 isolated_anon:0 [ 463.719604][T12352] active_file:12548 inactive_file:40012 isolated_file:0 [ 463.719604][T12352] unevictable:768 dirty:128 writeback:0 [ 463.719604][T12352] slab_reclaimable:10875 slab_unreclaimable:96779 [ 463.719604][T12352] mapped:32162 shmem:5207 pagetables:1106 [ 463.719604][T12352] sec_pagetables:0 bounce:0 [ 463.719604][T12352] kernel_misc_reclaimable:0 [ 463.719604][T12352] free:1311524 free_pcp:15367 free_cma:0 [ 463.807627][T12352] Node 0 active_anon:38344kB inactive_anon:0kB active_file:50192kB inactive_file:159848kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119448kB dirty:512kB writeback:0kB shmem:21492kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12452kB pagetables:4264kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 463.847376][T12352] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 464.009861][T12352] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 464.165099][T12352] lowmem_reserve[]: 0 2499 2501 2501 2501 [ 464.173360][T12352] Node 0 DMA32 free:1336068kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:37624kB inactive_anon:0kB active_file:50192kB inactive_file:159848kB unevictable:1536kB writepending:512kB zspages:0kB present:3129332kB managed:2559516kB mlocked:0kB bounce:0kB free_pcp:37424kB local_pcp:16800kB free_cma:0kB [ 464.215814][T12352] lowmem_reserve[]: 0 0 1 1 1 [ 464.237226][T12352] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 464.282376][T12352] lowmem_reserve[]: 0 0 0 0 0 [ 464.289008][T12352] Node 1 Normal free:3893860kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21032kB local_pcp:9152kB free_cma:0kB [ 464.323792][T12352] lowmem_reserve[]: 0 0 0 0 0 [ 464.331048][T12352] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 464.359084][T12352] Node 0 DMA32: 2544*4kB (UME) 1461*8kB (UME) 1090*16kB (UME) 217*32kB (UME) 32*64kB (UME) 68*128kB (ME) 51*256kB (UM) 12*512kB (UM) 9*1024kB (UME) 1*2048kB (U) 306*4096kB (UM) = 1340840kB [ 464.407038][T12352] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 464.431448][T12352] Node 1 Normal: 189*4kB (UE) 52*8kB (UME) 43*16kB (UME) 59*32kB (UME) 21*64kB (UME) 7*128kB (UME) 3*256kB (UM) 4*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 947*4096kB (M) = 3893860kB [ 464.467020][T12352] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 464.497033][T12352] Node 0 hugepages_total=6 hugepages_free=6 hugepages_surp=4 hugepages_size=2048kB [ 464.509306][T12352] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 464.530723][T12352] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 464.551284][T12352] 55665 total pagecache pages [ 464.575986][T12352] 0 pages in swap cache [ 464.592962][T12352] Free swap = 124996kB [ 464.607060][T12352] Total swap = 124996kB [ 464.611485][T12352] 2097051 pages RAM [ 464.615650][T12352] 0 pages HighMem/MovableOnly [ 464.621624][T12352] 425082 pages reserved [ 464.626094][T12352] 0 pages cma reserved [ 464.967504][T12393] tipc: Started in network mode [ 464.972492][T12393] tipc: Node identity , cluster identity 4711 [ 464.987315][T12393] tipc: Failed to obtain node identity [ 465.007055][T12393] tipc: Enabling of bearer rejected, failed to enable media [ 465.268250][T12404] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1988'. [ 466.500757][ T30] kauditd_printk_skb: 63 callbacks suppressed [ 466.500775][ T30] audit: type=1326 audit(1767280970.276:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12447 comm="syz.4.2012" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x0 [ 468.252905][ T30] audit: type=1400 audit(1767280972.026:1601): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=12467 comm="syz.3.2020" [ 468.633640][T12493] tipc: Started in network mode [ 468.656745][T12493] tipc: Node identity 4, cluster identity 4711 [ 468.678298][T12493] tipc: Node number set to 4 [ 469.033087][T12512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2037'. [ 469.093677][T12514] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2038'. [ 469.113481][T12514] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 469.124355][T12514] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 469.133622][T12514] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 469.141663][T12514] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 469.225113][T12523] tipc: Started in network mode [ 469.237259][T12523] tipc: Node identity 4, cluster identity 4711 [ 469.243481][T12523] tipc: Node number set to 4 [ 469.603487][ T30] audit: type=1326 audit(1767280973.376:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12546 comm="syz.3.2053" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 469.631186][ T30] audit: type=1326 audit(1767280973.376:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12546 comm="syz.3.2053" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 469.656264][ T30] audit: type=1326 audit(1767280973.386:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12546 comm="syz.3.2053" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 469.679221][ T30] audit: type=1326 audit(1767280973.386:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12546 comm="syz.3.2053" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 469.707043][ T30] audit: type=1326 audit(1767280973.386:1606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12546 comm="syz.3.2053" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 469.742461][ T30] audit: type=1326 audit(1767280973.386:1607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12546 comm="syz.3.2053" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 469.765498][ T30] audit: type=1326 audit(1767280973.386:1608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12546 comm="syz.3.2053" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 469.792951][ T30] audit: type=1326 audit(1767280973.386:1609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12546 comm="syz.3.2053" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 469.818672][T12551] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2055'. [ 469.834568][T12551] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2055'. [ 469.838464][T12553] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2056'. [ 469.971384][T12557] sch_tbf: peakrate 7 is lower than or equals to rate 19 ! [ 470.068331][T12561] netlink: 'syz.0.2060': attribute type 10 has an invalid length. [ 470.084792][T12561] team0: Failed to send options change via netlink (err -105) [ 470.092493][T12561] team0: Port device dummy0 added [ 470.101362][T12561] netlink: 'syz.0.2060': attribute type 10 has an invalid length. [ 470.110608][T12561] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 470.125232][T12561] team0: Failed to send options change via netlink (err -105) [ 470.144568][T12561] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 470.154413][T12561] team0: Port device dummy0 removed [ 470.164676][T12561] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 471.463918][T12613] ªªªªªª: renamed from wg2 (while UP) [ 471.699887][T12623] IPv6: NLM_F_CREATE should be specified when creating new route [ 471.721126][T12623] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 471.721198][T12623] IPv6: NLM_F_CREATE should be set when creating new route [ 471.832143][T12627] fuse: Bad value for 'rootmode' [ 471.939318][ T30] kauditd_printk_skb: 100 callbacks suppressed [ 471.939335][ T30] audit: type=1326 audit(1767280975.716:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.027964][ T30] audit: type=1326 audit(1767280975.746:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.086084][ T30] audit: type=1326 audit(1767280975.746:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.169659][ T30] audit: type=1326 audit(1767280975.746:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.220412][ T30] audit: type=1326 audit(1767280975.746:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.307054][ T30] audit: type=1326 audit(1767280975.746:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.329620][ T30] audit: type=1326 audit(1767280975.746:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.352348][ T30] audit: type=1326 audit(1767280975.746:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.374861][ T30] audit: type=1326 audit(1767280975.746:1718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.410563][ T30] audit: type=1326 audit(1767280975.746:1719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.1.2091" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 472.441151][T12651] syzkaller1: entered promiscuous mode [ 472.453086][T12651] syzkaller1: entered allmulticast mode [ 472.955639][T12674] program syz.0.2108 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 472.962745][T12673] syz_tun: entered promiscuous mode [ 472.988267][T12673] macvlan2: entered allmulticast mode [ 473.007347][T12673] syz_tun: entered allmulticast mode [ 473.034620][T12673] syz_tun: left allmulticast mode [ 473.046713][T12673] syz_tun: left promiscuous mode [ 473.632725][T12704] ªªªªªª: renamed from wg2 (while UP) [ 475.069672][T12737] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2133'. [ 475.251205][T12744] fuse: Unknown parameter 'use00000000000000000000' [ 475.694584][T12758] ALSA: seq fatal error: cannot create timer (-19) [ 476.003543][T12774] fuse: Unknown parameter 'use00000000000000000000' [ 476.452541][T12788] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2156'. [ 476.566464][T12787] tap0: tun_chr_ioctl cmd 1074025680 [ 476.635033][T12794] netlink: 'syz.1.2158': attribute type 10 has an invalid length. [ 476.653458][T12794] bridge0: port 2(bridge_slave_1) entered disabled state [ 476.661968][T12794] bridge0: port 1(bridge_slave_0) entered disabled state [ 476.707678][T12797] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2158'. [ 476.762503][T12794] bridge0: port 2(bridge_slave_1) entered blocking state [ 476.770409][T12794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 476.777973][T12794] bridge0: port 1(bridge_slave_0) entered blocking state [ 476.785131][T12794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 476.820231][T12801] fuse: Unknown parameter 'use00000000000000000000' [ 476.837883][T12794] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 476.858804][T12797] bridge_slave_1: left allmulticast mode [ 476.887198][T12797] bridge_slave_1: left promiscuous mode [ 476.921896][T12797] bridge0: port 2(bridge_slave_1) entered disabled state [ 476.981801][T12797] bridge_slave_0: left allmulticast mode [ 476.999891][T12797] bridge_slave_0: left promiscuous mode [ 477.019836][T12797] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.102391][T12797] bond0: (slave bridge0): Releasing backup interface [ 478.000817][T12831] fuse: Unknown parameter 'user_i00000000000000000000' [ 478.392490][ T30] kauditd_printk_skb: 127 callbacks suppressed [ 478.392509][ T30] audit: type=1326 audit(1767280982.166:1847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 478.490887][ T30] audit: type=1326 audit(1767280982.196:1848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 478.543337][ T30] audit: type=1326 audit(1767280982.216:1849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 478.594494][ T30] audit: type=1326 audit(1767280982.216:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 478.668937][ T30] audit: type=1326 audit(1767280982.216:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 478.724753][ T30] audit: type=1326 audit(1767280982.216:1852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 478.788360][ T30] audit: type=1326 audit(1767280982.216:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 478.849277][ T30] audit: type=1326 audit(1767280982.216:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 478.905641][ T30] audit: type=1326 audit(1767280982.216:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 478.955848][ T30] audit: type=1326 audit(1767280982.216:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.2182" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 479.060468][T12861] fuse: Unknown parameter 'user_i00000000000000000000' [ 479.314003][T12867] netlink: 'syz.2.2192': attribute type 13 has an invalid length. [ 480.155297][T12867] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.162744][T12867] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.395123][T12891] fuse: Unknown parameter 'user_i00000000000000000000' [ 480.917087][ T1004] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.044759][T12908] syzkaller0: entered promiscuous mode [ 481.070702][T12908] syzkaller0: entered allmulticast mode [ 481.088427][ T1004] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.401812][T12949] netlink: 'syz.3.2223': attribute type 1 has an invalid length. [ 482.492001][T12955] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 482.946253][T12977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2234'. [ 483.234048][T12989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2236'. [ 483.613282][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 483.613300][ T30] audit: type=1326 audit(1767280987.386:1877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 483.642231][ T30] audit: type=1326 audit(1767280987.406:1878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 483.678796][ T30] audit: type=1326 audit(1767280987.416:1879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 483.703196][ T30] audit: type=1326 audit(1767280987.416:1880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 483.725742][ T30] audit: type=1326 audit(1767280987.416:1881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 483.748671][ T30] audit: type=1326 audit(1767280987.416:1882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 483.770977][ T30] audit: type=1326 audit(1767280987.416:1883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 483.794181][ T30] audit: type=1326 audit(1767280987.416:1884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 483.817742][ T30] audit: type=1326 audit(1767280987.416:1885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 483.846475][ T30] audit: type=1326 audit(1767280987.416:1886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12998 comm="syz.1.2242" exe="/root/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 484.222548][ T1004] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.231699][ T1004] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.577553][T13017] syz.4.2249: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 484.617161][T13017] CPU: 0 UID: 0 PID: 13017 Comm: syz.4.2249 Not tainted syzkaller #0 PREEMPT(full) [ 484.617191][T13017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 484.617206][T13017] Call Trace: [ 484.617214][T13017] [ 484.617222][T13017] dump_stack_lvl+0xe8/0x150 [ 484.617256][T13017] warn_alloc+0x214/0x310 [ 484.617280][T13017] ? stack_trace_save+0x9c/0xe0 [ 484.617318][T13017] ? __pfx_warn_alloc+0x10/0x10 [ 484.617345][T13017] ? kasan_save_track+0x4f/0x80 [ 484.617364][T13017] ? kasan_save_track+0x3e/0x80 [ 484.617382][T13017] ? __kasan_kmalloc+0x93/0xb0 [ 484.617401][T13017] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 484.617420][T13017] ? xskq_create+0x56/0x170 [ 484.617449][T13017] ? xsk_setsockopt+0x4dc/0x8d0 [ 484.617473][T13017] ? do_sock_setsockopt+0x17c/0x1b0 [ 484.617494][T13017] ? __ia32_sys_setsockopt+0x13f/0x1b0 [ 484.617515][T13017] ? __do_fast_syscall_32+0x1dc/0x560 [ 484.617539][T13017] __vmalloc_node_range_noprof+0x134/0x16a0 [ 484.617589][T13017] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 484.617617][T13017] ? __kasan_kmalloc+0x93/0xb0 [ 484.617644][T13017] vmalloc_user_noprof+0xad/0xf0 [ 484.617664][T13017] ? xskq_create+0xbf/0x170 [ 484.617693][T13017] xskq_create+0xbf/0x170 [ 484.617725][T13017] xsk_init_queue+0xb0/0x110 [ 484.617755][T13017] xsk_setsockopt+0x4dc/0x8d0 [ 484.617791][T13017] ? __pfx_xsk_setsockopt+0x10/0x10 [ 484.617819][T13017] ? __pfx_aa_sk_perm+0x10/0x10 [ 484.617847][T13017] ? aa_sock_opt_perm+0xff/0x1a0 [ 484.617876][T13017] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 484.617895][T13017] ? __pfx_xsk_setsockopt+0x10/0x10 [ 484.617923][T13017] do_sock_setsockopt+0x17c/0x1b0 [ 484.617950][T13017] __ia32_sys_setsockopt+0x13f/0x1b0 [ 484.617977][T13017] __do_fast_syscall_32+0x1dc/0x560 [ 484.617998][T13017] ? lockdep_hardirqs_on+0x7b/0x110 [ 484.618016][T13017] ? do_fast_syscall_32+0x34/0x80 [ 484.618038][T13017] ? irqentry_exit+0x10f/0x660 [ 484.618061][T13017] do_fast_syscall_32+0x34/0x80 [ 484.618083][T13017] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 484.618108][T13017] RIP: 0023:0xf7fd3539 [ 484.618125][T13017] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 484.618144][T13017] RSP: 002b:00000000f54c655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 484.618164][T13017] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000011b [ 484.618178][T13017] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004 [ 484.618190][T13017] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 484.618201][T13017] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 484.618213][T13017] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 484.618243][T13017] [ 484.618375][T13017] Mem-Info: [ 484.987080][T13017] active_anon:9276 inactive_anon:0 isolated_anon:2025 [ 484.987080][T13017] active_file:12548 inactive_file:40020 isolated_file:0 [ 484.987080][T13017] unevictable:768 dirty:35 writeback:0 [ 484.987080][T13017] slab_reclaimable:10783 slab_unreclaimable:125959 [ 484.987080][T13017] mapped:33968 shmem:7511 pagetables:1089 [ 484.987080][T13017] sec_pagetables:0 bounce:0 [ 484.987080][T13017] kernel_misc_reclaimable:0 [ 484.987080][T13017] free:1281195 free_pcp:14414 free_cma:0 [ 485.080508][T13017] Node 0 active_anon:40904kB inactive_anon:0kB active_file:50192kB inactive_file:159880kB unevictable:1536kB isolated(anon):6200kB isolated(file):0kB mapped:137772kB dirty:140kB writeback:0kB shmem:30408kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12320kB pagetables:4296kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 485.149396][T13017] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 485.253888][T13017] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 485.359724][T13017] lowmem_reserve[]: 0 2499 2501 2501 2501 [ 485.385340][T13017] Node 0 DMA32 free:1206268kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33804kB inactive_anon:0kB active_file:50192kB inactive_file:159880kB unevictable:1536kB writepending:140kB zspages:0kB present:3129332kB managed:2559516kB mlocked:0kB bounce:0kB free_pcp:43240kB local_pcp:20516kB free_cma:0kB [ 485.464580][T13017] lowmem_reserve[]: 0 0 1 1 1 [ 485.477498][T13017] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 485.510462][T13017] lowmem_reserve[]: 0 0 0 0 0 [ 485.515265][T13017] Node 1 Normal free:3893860kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21032kB local_pcp:9152kB free_cma:0kB [ 485.620819][T13017] lowmem_reserve[]: 0 0 0 0 0 [ 485.638042][T13017] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 485.667590][T13017] Node 0 DMA32: 2*4kB (UE) 26*8kB (UE) 15*16kB (UME) 159*32kB (UME) 56*64kB (UME) 94*128kB (UME) 52*256kB (UM) 13*512kB (UM) 9*1024kB (UME) 2*2048kB (U) 277*4096kB (UM) = 1189032kB [ 485.693328][T13017] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 485.734687][T13017] Node 1 Normal: 189*4kB (UE) 52*8kB (UME) 43*16kB (UME) 59*32kB (UME) 21*64kB (UME) 7*128kB (UME) 3*256kB (UM) 4*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 947*4096kB (M) = 3893860kB [ 485.773311][T13017] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 485.787591][T13017] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=2 hugepages_size=2048kB [ 485.798461][T13017] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 485.809456][T13049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2261'. [ 485.832700][T13017] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 485.858806][T13017] 54975 total pagecache pages [ 485.869735][T13017] 0 pages in swap cache [ 485.883039][T13017] Free swap = 124996kB [ 485.901794][T13017] Total swap = 124996kB [ 485.916942][T13017] 2097051 pages RAM [ 485.925650][T13017] 0 pages HighMem/MovableOnly [ 485.939050][T13017] 425082 pages reserved [ 485.954433][T13017] 0 pages cma reserved [ 486.651279][T13081] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2273'. [ 487.857336][ T5923] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 488.027051][ T5923] usb 4-1: Using ep0 maxpacket: 8 [ 488.056518][ T5923] usb 4-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 488.106811][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.147056][ T5923] usb 4-1: Product: syz [ 488.157041][ T5923] usb 4-1: Manufacturer: syz [ 488.171891][ T5923] usb 4-1: SerialNumber: syz [ 488.194251][ T5923] usb 4-1: config 0 descriptor?? [ 488.219962][ T5923] option 4-1:0.0: GSM modem (1-port) converter detected [ 488.453214][ T5923] usb 4-1: USB disconnect, device number 31 [ 488.468814][ T5923] option 4-1:0.0: device disconnected [ 489.492161][T13144] netlink: 'syz.3.2300': attribute type 13 has an invalid length. [ 489.676004][T13144] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 490.252085][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 490.252103][ T30] audit: type=1326 audit(1767280994.026:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13162 comm="syz.1.2309" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x0 [ 490.369564][T13166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2310'. [ 490.397045][T13166] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 490.435666][T13166] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 490.476398][T13166] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 490.501553][T13166] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 491.650357][ T30] audit: type=1326 audit(1767280995.426:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 491.741797][ T30] audit: type=1326 audit(1767280995.426:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 491.829620][ T30] audit: type=1326 audit(1767280995.456:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 491.874559][ T30] audit: type=1326 audit(1767280995.456:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 491.971902][ T30] audit: type=1326 audit(1767280995.456:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 492.023858][ T30] audit: type=1326 audit(1767280995.456:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 492.103801][ T30] audit: type=1326 audit(1767280995.456:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 492.152288][ T30] audit: type=1326 audit(1767280995.456:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 492.267122][ T30] audit: type=1326 audit(1767280995.456:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=343 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 492.955738][T13214] syzkaller0: entered promiscuous mode [ 493.296834][T13218] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2334'. [ 493.769076][T13237] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2343'. [ 493.779813][T13237] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2343'. [ 493.806548][T13237] netlink: 'syz.4.2343': attribute type 10 has an invalid length. [ 493.815041][T13237] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.822420][T13237] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.882544][T13237] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.889775][T13237] bridge0: port 2(bridge_slave_1) entered forwarding state [ 493.897340][T13237] bridge0: port 1(bridge_slave_0) entered blocking state [ 493.904614][T13237] bridge0: port 1(bridge_slave_0) entered forwarding state [ 493.949079][T13237] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 493.962925][T13240] bridge0: port 3(syz_tun) entered blocking state [ 494.000404][T13245] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2346'. [ 494.016140][T13240] bridge0: port 3(syz_tun) entered disabled state [ 494.046812][T13240] syz_tun: entered allmulticast mode [ 494.069856][T13240] syz_tun: entered promiscuous mode [ 494.075994][T13240] bridge0: port 3(syz_tun) entered blocking state [ 494.082763][T13240] bridge0: port 3(syz_tun) entered forwarding state [ 494.536905][T13255] tipc: Started in network mode [ 494.554543][T13255] tipc: Node identity 4, cluster identity 4711 [ 494.575251][T13255] tipc: Node number set to 4 [ 495.144705][T13278] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2357'. [ 495.427285][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 495.427303][ T30] audit: type=1326 audit(1767280999.206:1960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13291 comm="syz.3.2359" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 495.617129][ T30] audit: type=1326 audit(1767280999.206:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13291 comm="syz.3.2359" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 495.686046][ T30] audit: type=1326 audit(1767280999.206:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13291 comm="syz.3.2359" exe="/root/syz-executor" sig=0 arch=40000003 syscall=263 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 495.797121][ T30] audit: type=1326 audit(1767280999.206:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13291 comm="syz.3.2359" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 495.922209][ T30] audit: type=1326 audit(1767280999.206:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13291 comm="syz.3.2359" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 496.014085][ T30] audit: type=1326 audit(1767280999.446:1965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13296 comm="syz.3.2363" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 496.127068][ T30] audit: type=1326 audit(1767280999.446:1966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13296 comm="syz.3.2363" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 496.256221][ T30] audit: type=1326 audit(1767280999.446:1967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13296 comm="syz.3.2363" exe="/root/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 496.349520][ T30] audit: type=1326 audit(1767280999.446:1968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13296 comm="syz.3.2363" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 496.443410][ T30] audit: type=1326 audit(1767280999.446:1969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13296 comm="syz.3.2363" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 496.854785][T13337] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2378'. [ 497.360392][T13354] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2381'. [ 497.631841][T13367] syzkaller0: entered promiscuous mode [ 497.637570][T13367] syzkaller0: entered allmulticast mode [ 497.733446][T13376] loop7: detected capacity change from 0 to 16384 [ 497.807644][T13376] loop7: detected capacity change from 16384 to 16383 [ 498.051330][T13388] netlink: 'syz.2.2393': attribute type 13 has an invalid length. [ 499.402189][T13388] gretap0: refused to change device tx_queue_len [ 499.418939][T13388] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 499.701767][T13444] usb usb1: usbfs: process 13444 (syz.4.2406) did not claim interface 0 before use [ 500.267823][T13471] tipc: New replicast peer: 255.255.255.255 [ 500.281576][T13471] tipc: Enabled bearer , priority 10 [ 500.403030][T13452] Set syz1 is full, maxelem 65536 reached [ 500.457938][T13474] syzkaller0: entered promiscuous mode [ 500.463451][T13474] syzkaller0: entered allmulticast mode [ 500.598127][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 500.598144][ T30] audit: type=1326 audit(1767281004.376:2029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 500.672691][ T30] audit: type=1326 audit(1767281004.406:2030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 500.696110][ T30] audit: type=1326 audit(1767281004.406:2031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 500.756015][ T30] audit: type=1326 audit(1767281004.406:2032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 500.813180][ T30] audit: type=1326 audit(1767281004.406:2033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 500.863802][ T30] audit: type=1326 audit(1767281004.406:2034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 500.909476][ T30] audit: type=1326 audit(1767281004.406:2035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 500.941169][ T30] audit: type=1326 audit(1767281004.406:2036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 500.991831][ T30] audit: type=1326 audit(1767281004.406:2037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 501.081932][ T30] audit: type=1326 audit(1767281004.406:2038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13485 comm="syz.0.2419" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 501.504391][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.510886][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.936444][T13559] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2450'. [ 503.124992][T13573] bridge_slave_0: left allmulticast mode [ 503.137075][T13573] bridge_slave_0: left promiscuous mode [ 503.148567][T13573] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.160050][T13573] bridge_slave_1: left allmulticast mode [ 503.165810][T13573] bridge_slave_1: left promiscuous mode [ 503.172132][T13573] bridge0: port 2(bridge_slave_1) entered disabled state [ 503.184156][T13575] netlink: 'syz.2.2457': attribute type 10 has an invalid length. [ 503.195947][T13575] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2457'. [ 503.206117][ T5895] hid_parser_main: 6 callbacks suppressed [ 503.206137][ T5895] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 503.220564][T13573] bond0: (slave bond_slave_0): Releasing backup interface [ 503.257783][ T5895] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 503.258100][T13573] bond0: (slave bond_slave_1): Releasing backup interface [ 503.312697][T13573] team0: Port device team_slave_0 removed [ 503.330713][T13573] team0: Port device team_slave_1 removed [ 503.349234][T13573] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 503.384289][T13575] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 503.852419][T13593] syzkaller0: entered promiscuous mode [ 503.858182][T13593] syzkaller0: entered allmulticast mode [ 506.083281][ T30] kauditd_printk_skb: 80 callbacks suppressed [ 506.083298][ T30] audit: type=1326 audit(1767281009.856:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.118211][ T30] audit: type=1326 audit(1767281009.856:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.123603][T13654] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 506.143150][ T30] audit: type=1326 audit(1767281009.856:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.186229][T13654] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 506.206171][T13654] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 506.220461][ T30] audit: type=1326 audit(1767281009.856:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.222955][T13654] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 506.294095][T13654] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 506.298204][ T30] audit: type=1326 audit(1767281009.856:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.311715][T13654] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 506.333076][T13654] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 506.341541][T13654] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 506.348831][ T30] audit: type=1326 audit(1767281009.856:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.373188][T13654] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 506.375653][ T30] audit: type=1326 audit(1767281009.856:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.405183][ T30] audit: type=1326 audit(1767281009.856:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.428375][ T30] audit: type=1326 audit(1767281009.856:2127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.447159][T13654] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 506.451150][ T30] audit: type=1326 audit(1767281009.856:2128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13660 comm="syz.2.2485" exe="/root/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 506.544318][T13675] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2491'. [ 506.886268][T13690] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2498'. [ 507.552519][T13707] Set syz1 is full, maxelem 65536 reached [ 507.590952][T13727] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2515'. [ 507.614521][T13727] 0ªX¹¦À: renamed from caif0 [ 507.652246][T13727] 0ªX¹¦À: entered allmulticast mode [ 507.660315][T13727] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 507.706160][T13733] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 508.147389][ T5842] Bluetooth: hci0: command 0x0406 tx timeout [ 508.217241][ T5842] Bluetooth: hci1: command 0x0406 tx timeout [ 508.297080][ T5842] Bluetooth: hci4: command 0x0406 tx timeout [ 508.377926][ T5842] Bluetooth: hci3: command 0x0406 tx timeout [ 508.384031][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 508.903220][T13807] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2552'. [ 509.485617][T13838] tipc: Enabling of bearer rejected, failed to enable media [ 509.823801][ T5895] IPVS: starting estimator thread 0... [ 509.927839][T13847] IPVS: using max 33 ests per chain, 79200 per kthread [ 510.218942][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 510.297059][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 510.357064][T13868] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2578'. [ 510.387352][ T5840] Bluetooth: hci4: command 0x0406 tx timeout [ 510.457072][ T5842] Bluetooth: hci3: command 0x0406 tx timeout [ 510.463157][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 511.974191][T13932] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2604'. [ 512.171640][T13943] syz_tun: entered allmulticast mode [ 512.199080][T13941] syz_tun: left allmulticast mode [ 512.980635][T13988] batadv_slave_0: Caught tx_queue_len zero misconfig [ 513.560412][T13970] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 513.566889][T13970] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 513.573093][T13970] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 513.579695][T13970] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 513.587312][T13970] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 514.048704][T14046] syzkaller0: entered promiscuous mode [ 514.270001][T14053] ebtables: wrong size: *len 120, entries_size 144, replsz 144 [ 514.777554][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 514.840005][T14077] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2661'. [ 514.972491][ T30] kauditd_printk_skb: 542 callbacks suppressed [ 514.972509][ T30] audit: type=1326 audit(1767281018.746:2671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14083 comm="syz.0.2667" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x0 [ 515.100300][ T30] audit: type=1326 audit(1767281018.876:2672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14065 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 515.144854][ T30] audit: type=1326 audit(1767281018.876:2674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14065 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 515.194529][ T30] audit: type=1326 audit(1767281018.876:2675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14065 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 515.242953][ T30] audit: type=1326 audit(1767281018.876:2676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14065 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 515.289569][ T30] audit: type=1326 audit(1767281018.876:2673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14065 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 515.334715][ T30] audit: type=1326 audit(1767281018.876:2677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14065 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=40000003 syscall=261 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 515.360074][ T30] audit: type=1326 audit(1767281018.876:2678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14065 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 515.382754][ T30] audit: type=1326 audit(1767281018.876:2679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14065 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 515.447140][ T30] audit: type=1326 audit(1767281018.876:2680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14065 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 515.589977][ T5842] Bluetooth: hci4: command 0x0406 tx timeout [ 515.596296][ T5842] Bluetooth: hci1: command 0x0406 tx timeout [ 515.657225][ T5842] Bluetooth: hci3: command 0x0406 tx timeout [ 515.657232][T13772] Bluetooth: hci2: command 0x0406 tx timeout [ 516.565257][T14143] ªªªªªª: renamed from wg2 (while UP) [ 516.799634][T14158] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2697'. [ 516.984871][T14163] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2699'. [ 517.000509][T14163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2699'. [ 517.478583][T14186] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2710'. [ 517.609572][T14194] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2712'. [ 517.924144][T14206] syzkaller0: entered promiscuous mode [ 518.181384][T14222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2726'. [ 518.326221][T14228] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2729'. [ 518.814709][T14254] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2742'. [ 519.476140][T14278] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2753'. [ 519.687279][ T5961] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 519.828842][ T5961] usb 5-1: device descriptor read/64, error -71 [ 520.072832][T14309] syzkaller0: entered promiscuous mode [ 520.097462][ T5961] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 520.227344][ T5961] usb 5-1: device descriptor read/64, error -71 [ 520.347517][ T5961] usb usb5-port1: attempt power cycle [ 520.697143][ T5961] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 520.748160][ T5961] usb 5-1: device descriptor read/8, error -71 [ 521.027297][ T5961] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 521.068365][ T5961] usb 5-1: device descriptor read/8, error -71 [ 521.126257][T14336] ªªªªªª: renamed from wg2 (while UP) [ 521.213118][ T5961] usb usb5-port1: unable to enumerate USB device [ 521.709789][ T30] kauditd_printk_skb: 48 callbacks suppressed [ 521.709806][ T30] audit: type=1326 audit(1767281025.486:2729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14352 comm="syz.0.2784" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 521.782021][ T30] audit: type=1326 audit(1767281025.486:2730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14352 comm="syz.0.2784" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 521.845182][ T30] audit: type=1326 audit(1767281025.516:2731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14352 comm="syz.0.2784" exe="/root/syz-executor" sig=0 arch=40000003 syscall=46 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 521.883863][ T30] audit: type=1326 audit(1767281025.516:2732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14352 comm="syz.0.2784" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 521.908807][ T30] audit: type=1326 audit(1767281025.516:2733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14352 comm="syz.0.2784" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 522.202341][ T30] audit: type=1326 audit(1767281025.976:2734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14380 comm="syz.1.2793" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 522.237819][ T30] audit: type=1326 audit(1767281025.976:2735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14380 comm="syz.1.2793" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 522.280917][ T30] audit: type=1326 audit(1767281025.976:2736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14380 comm="syz.1.2793" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 522.326305][ T30] audit: type=1326 audit(1767281025.976:2737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14380 comm="syz.1.2793" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 522.376534][ T30] audit: type=1326 audit(1767281025.976:2738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14380 comm="syz.1.2793" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x7ffc0000 [ 523.287889][T13772] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 523.298486][T13772] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 523.306609][T13772] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 523.314611][T13772] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 523.322631][T13772] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 524.303931][ T1004] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.390735][T14421] chnl_net:caif_netlink_parms(): no params data found [ 524.532204][ T1004] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.655803][ T1004] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.777074][ T5961] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 524.790422][ T1004] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.947178][ T5961] usb 3-1: Using ep0 maxpacket: 8 [ 524.971046][T14421] bridge0: port 1(bridge_slave_0) entered blocking state [ 524.971991][ T5961] usb 3-1: no configurations [ 524.997269][T14421] bridge0: port 1(bridge_slave_0) entered disabled state [ 525.011612][ T5961] usb 3-1: can't read configurations, error -22 [ 525.042945][T14421] bridge_slave_0: entered allmulticast mode [ 525.078886][T14421] bridge_slave_0: entered promiscuous mode [ 525.095122][T14421] bridge0: port 2(bridge_slave_1) entered blocking state [ 525.130052][T14421] bridge0: port 2(bridge_slave_1) entered disabled state [ 525.147627][T14421] bridge_slave_1: entered allmulticast mode [ 525.155383][T14421] bridge_slave_1: entered promiscuous mode [ 525.179291][ T5961] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 525.244540][T14421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 525.273894][T14421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 525.357225][ T5961] usb 3-1: Using ep0 maxpacket: 8 [ 525.363303][ T5961] usb 3-1: no configurations [ 525.382749][ T5961] usb 3-1: can't read configurations, error -22 [ 525.403350][ T5961] usb usb3-port1: attempt power cycle [ 525.418162][T13772] Bluetooth: hci5: command tx timeout [ 525.500947][T14421] team0: Port device team_slave_0 added [ 525.523644][T14421] team0: Port device team_slave_1 added [ 525.777597][ T5961] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 525.817989][ T5961] usb 3-1: Using ep0 maxpacket: 8 [ 525.826409][ T5961] usb 3-1: no configurations [ 525.852186][ T5961] usb 3-1: can't read configurations, error -22 [ 525.903013][T14478] __nla_validate_parse: 1 callbacks suppressed [ 525.903032][T14478] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2824'. [ 526.003032][ T5961] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 526.029492][ T5961] usb 3-1: Using ep0 maxpacket: 8 [ 526.041061][ T5961] usb 3-1: no configurations [ 526.055899][ T5961] usb 3-1: can't read configurations, error -22 [ 526.077553][ T5961] usb usb3-port1: unable to enumerate USB device [ 526.084443][ T1004] dvmrp8 (unregistering): left allmulticast mode [ 526.331625][ T1004] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 526.363870][ T1004] bond0 (unregistering): Released all slaves [ 526.517830][ T1004] tipc: Disabling bearer [ 526.538039][ T1004] tipc: Left network mode [ 526.540118][T14421] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 526.553158][T14421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 526.587544][T14421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 526.601716][T14421] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 526.631999][T14421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 526.665923][T14421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 526.818920][T14421] hsr_slave_0: entered promiscuous mode [ 526.835901][T14421] hsr_slave_1: entered promiscuous mode [ 526.853231][T14421] debugfs: 'hsr0' already exists in 'hsr' [ 526.864551][T14421] Cannot create hsr debugfs directory [ 526.887349][T14501] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001158 ! [ 526.997599][T14503] tipc: Enabling of bearer rejected, failed to enable media [ 527.109149][ T1004] hsr_slave_0: left promiscuous mode [ 527.127657][ T1004] hsr_slave_1: left promiscuous mode [ 527.155314][ T1004] veth1_macvtap: left promiscuous mode [ 527.167845][ T1004] veth0_macvtap: left promiscuous mode [ 527.180245][ T1004] veth1_vlan: left promiscuous mode [ 527.191241][ T1004] veth0_vlan: left promiscuous mode [ 527.497051][T13772] Bluetooth: hci5: command tx timeout [ 527.757996][ T30] kauditd_printk_skb: 372 callbacks suppressed [ 527.758014][ T30] audit: type=1326 audit(1767281031.536:3111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2837" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 527.803166][ T30] audit: type=1326 audit(1767281031.536:3112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2837" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 527.825900][ T30] audit: type=1326 audit(1767281031.536:3113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2837" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 527.852734][ T30] audit: type=1326 audit(1767281031.536:3114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2837" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 527.887528][ T30] audit: type=1326 audit(1767281031.536:3115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2837" exe="/root/syz-executor" sig=0 arch=40000003 syscall=180 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 527.913759][ T30] audit: type=1326 audit(1767281031.536:3116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2837" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 527.938031][ T30] audit: type=1326 audit(1767281031.536:3117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2837" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000 [ 528.311218][T14544] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2847'. [ 528.566551][ T30] audit: type=1326 audit(1767281032.336:3118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14553 comm="syz.4.2852" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 528.608457][ T30] audit: type=1326 audit(1767281032.336:3119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14553 comm="syz.4.2852" exe="/root/syz-executor" sig=0 arch=40000003 syscall=378 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 528.654295][ T30] audit: type=1326 audit(1767281032.336:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14553 comm="syz.4.2852" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 528.995670][T14523] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2838'. [ 529.587208][T13772] Bluetooth: hci5: command tx timeout [ 529.676887][T14604] ªªªªªª: renamed from wg2 (while UP) [ 530.169436][T14421] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 530.247327][T14421] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 530.280684][T14421] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 530.316000][T14421] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 530.612730][T14421] 8021q: adding VLAN 0 to HW filter on device bond0 [ 530.676837][T14421] 8021q: adding VLAN 0 to HW filter on device team0 [ 530.713975][ T3536] bridge0: port 1(bridge_slave_0) entered blocking state [ 530.721278][ T3536] bridge0: port 1(bridge_slave_0) entered forwarding state [ 530.772022][ T3536] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.779258][ T3536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 530.931900][T14421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 531.050484][T14421] veth0_vlan: entered promiscuous mode [ 531.102345][T14421] veth1_vlan: entered promiscuous mode [ 531.200172][T14421] veth0_macvtap: entered promiscuous mode [ 531.214809][T14673] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2889'. [ 531.238242][T14421] veth1_macvtap: entered promiscuous mode [ 531.273596][T14421] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 531.348178][T14421] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 531.369556][ T74] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.401705][ T74] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.433224][ T74] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.463289][ T74] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.483926][T14683] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2891'. [ 531.637319][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 531.657691][T13772] Bluetooth: hci5: command tx timeout [ 531.678898][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 531.789673][ T1004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 531.828611][ T1004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 532.658481][T14720] kernel profiling enabled (shift: 63) [ 532.664161][T14720] profiling shift: 63 too large [ 533.079260][T14734] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2908'. [ 533.472535][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 533.484097][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 533.492333][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 533.505735][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 533.515713][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 534.093846][T14770] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2925'. [ 534.733925][T14753] chnl_net:caif_netlink_parms(): no params data found [ 535.213533][T14803] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2937'. [ 535.553033][T14809] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2939'. [ 535.577469][T13772] Bluetooth: hci1: command tx timeout [ 536.781130][ T3789] bond0 (unregistering): Released all slaves [ 536.812714][T14753] bridge0: port 1(bridge_slave_0) entered blocking state [ 536.817184][T14828] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2947'. [ 536.828935][T14753] bridge0: port 1(bridge_slave_0) entered disabled state [ 536.849900][T14753] bridge_slave_0: entered allmulticast mode [ 536.860394][T14753] bridge_slave_0: entered promiscuous mode [ 536.898856][ T3789] tipc: Left network mode [ 536.949059][T14753] bridge0: port 2(bridge_slave_1) entered blocking state [ 536.959011][T14753] bridge0: port 2(bridge_slave_1) entered disabled state [ 536.987260][T14753] bridge_slave_1: entered allmulticast mode [ 536.999778][T14753] bridge_slave_1: entered promiscuous mode [ 537.101479][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 537.101497][ T30] audit: type=1326 audit(1767281040.876:3155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14831 comm="syz.4.2948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 537.186609][ T30] audit: type=1326 audit(1767281040.906:3156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14831 comm="syz.4.2948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 537.250630][ T30] audit: type=1326 audit(1767281040.906:3157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14831 comm="syz.4.2948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=247 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 537.291154][ T30] audit: type=1326 audit(1767281040.906:3158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14831 comm="syz.4.2948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 537.341744][T14753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 537.371859][ T30] audit: type=1326 audit(1767281040.906:3159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14831 comm="syz.4.2948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 537.440291][T14753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 537.482897][T14841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2950'. [ 537.658251][T13772] Bluetooth: hci1: command tx timeout [ 537.699486][ T3789] hsr_slave_0: left promiscuous mode [ 537.727186][ T3789] hsr_slave_1: left promiscuous mode [ 538.941158][T14749] Set syz1 is full, maxelem 65536 reached [ 539.152265][ T30] audit: type=1326 audit(1767281042.916:3160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14865 comm="syz.4.2959" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 539.178680][ T30] audit: type=1326 audit(1767281042.916:3161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14865 comm="syz.4.2959" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 539.224240][ T30] audit: type=1326 audit(1767281042.926:3162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14865 comm="syz.4.2959" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 539.253258][ T30] audit: type=1326 audit(1767281042.926:3163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14865 comm="syz.4.2959" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 539.295756][ T30] audit: type=1326 audit(1767281042.926:3164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14865 comm="syz.4.2959" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 539.429842][T14753] team0: Port device team_slave_0 added [ 539.472864][T14753] team0: Port device team_slave_1 added [ 539.569815][T14753] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.579651][T14753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 539.606202][T14753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.644748][T14753] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.657686][T14753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 539.714342][T14885] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 539.717041][T14753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 539.748159][T13772] Bluetooth: hci1: command tx timeout [ 539.902628][T14753] hsr_slave_0: entered promiscuous mode [ 539.924316][T14753] hsr_slave_1: entered promiscuous mode [ 540.922668][T14940] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2987'. [ 541.264313][T14753] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 541.295068][T14753] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 541.311892][T14753] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 541.357075][T14753] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 541.683685][T14753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.763241][T14753] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.792943][ T3789] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.800165][ T3789] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.828369][T13772] Bluetooth: hci1: command tx timeout [ 541.843225][ T3789] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.850434][ T3789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.053792][T14753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.213947][T14753] veth0_vlan: entered promiscuous mode [ 542.226121][T14753] veth1_vlan: entered promiscuous mode [ 542.328396][T14753] veth0_macvtap: entered promiscuous mode [ 542.339031][T14753] veth1_macvtap: entered promiscuous mode [ 542.361991][T14753] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.385246][T14753] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 542.411915][ T3789] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.433086][ T3789] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.449639][ T3789] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.470640][ T3789] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.631715][ T3789] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.660289][ T3789] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.759021][ T3874] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.796781][ T3874] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.679850][T15041] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3018'. [ 543.702524][ T30] kauditd_printk_skb: 41 callbacks suppressed [ 543.702541][ T30] audit: type=1326 audit(1767281047.476:3206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.3019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 543.751653][T15039] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 543.759199][T15039] IPv6: NLM_F_CREATE should be set when creating new route [ 543.773682][ T30] audit: type=1326 audit(1767281047.506:3207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.3019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 543.851855][ T30] audit: type=1326 audit(1767281047.506:3208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.3019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 543.928012][ T30] audit: type=1326 audit(1767281047.516:3209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.3019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 543.988050][ T30] audit: type=1326 audit(1767281047.526:3210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.3019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 544.033935][ T30] audit: type=1326 audit(1767281047.526:3211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.3019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 544.063849][ T30] audit: type=1326 audit(1767281047.526:3212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.3019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 544.136503][T15056] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 544.149441][ T30] audit: type=1326 audit(1767281047.526:3213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.3019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 544.183518][T15056] batadv_slave_0: entered promiscuous mode [ 544.196647][ T30] audit: type=1326 audit(1767281047.526:3214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.3019" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 544.237438][ T30] audit: type=1326 audit(1767281047.706:3215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3021" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 544.389082][T15062] pim6reg: entered allmulticast mode [ 544.447882][T15062] pim6reg: left allmulticast mode [ 546.204336][T14928] Set syz1 is full, maxelem 65536 reached [ 546.494878][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 546.504463][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 546.512996][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 546.521194][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 546.529207][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 546.620144][T15119] Set syz1 is full, maxelem 65536 reached [ 546.801667][T15145] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3061'. [ 547.270757][ T3874] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.493430][ T3874] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.599692][T15164] syzkaller0: entered promiscuous mode [ 547.605327][T15164] syzkaller0: entered allmulticast mode [ 548.479492][T15203] IPv6: Can't replace route, no match found [ 548.619889][T13772] Bluetooth: hci0: command tx timeout [ 548.914691][ T30] kauditd_printk_skb: 116 callbacks suppressed [ 548.914709][ T30] audit: type=1326 audit(1767281052.686:3332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 548.976159][ T30] audit: type=1326 audit(1767281052.686:3333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 548.981558][T15219] loop7: detected capacity change from 0 to 16384 [ 549.001747][ T30] audit: type=1326 audit(1767281052.686:3334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 549.049883][ T30] audit: type=1326 audit(1767281052.686:3335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 549.073179][ T30] audit: type=1326 audit(1767281052.686:3336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 549.096371][ T30] audit: type=1326 audit(1767281052.686:3337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 549.120226][ T30] audit: type=1326 audit(1767281052.686:3338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 549.146940][ T30] audit: type=1326 audit(1767281052.686:3339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 549.169639][ T30] audit: type=1326 audit(1767281052.686:3340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=100 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 549.192616][ T30] audit: type=1326 audit(1767281052.686:3341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15216 comm="syz.3.3093" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000 [ 549.268562][T15219] loop7: detected capacity change from 16384 to 16383 [ 550.096866][T15240] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3103'. [ 550.456227][ T3874] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.697531][T13772] Bluetooth: hci0: command tx timeout [ 550.721114][ T3874] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.823193][T15137] chnl_net:caif_netlink_parms(): no params data found [ 550.991625][T15262] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3113'. [ 552.011939][ T3874] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 552.033870][ T3874] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 552.056621][ T3874] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 552.078920][ T3874] bond0 (unregistering): Released all slaves [ 552.145796][T15275] syzkaller0: entered promiscuous mode [ 552.152858][T15275] syzkaller0: entered allmulticast mode [ 552.777482][T13772] Bluetooth: hci0: command tx timeout [ 554.081243][T15137] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.088845][ T3874] tipc: Left network mode [ 554.113785][T15137] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.125635][T15137] bridge_slave_0: entered allmulticast mode [ 554.135542][T15137] bridge_slave_0: entered promiscuous mode [ 554.145502][T15137] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.153932][T15137] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.162477][T15137] bridge_slave_1: entered allmulticast mode [ 554.170675][T15137] bridge_slave_1: entered promiscuous mode [ 554.292788][T15137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 554.325492][T15137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 554.345467][T15325] ªªªªªª: renamed from wg2 (while UP) [ 554.498590][ T3874] hsr_slave_0: left promiscuous mode [ 554.517474][ T3874] hsr_slave_1: left promiscuous mode [ 554.546313][ T3874] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 554.568502][ T3874] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 554.588229][ T3874] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 554.595666][ T3874] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 554.618505][ T3874] veth1_macvtap: left promiscuous mode [ 554.625947][ T3874] veth0_macvtap: left promiscuous mode [ 554.633309][ T3874] veth1_vlan: left promiscuous mode [ 554.640964][ T3874] veth0_vlan: left promiscuous mode [ 554.857786][T13772] Bluetooth: hci0: command tx timeout [ 555.249431][ T3874] team0 (unregistering): Port device team_slave_1 removed [ 555.285012][ T3874] team0 (unregistering): Port device team_slave_0 removed [ 555.430972][T15366] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 555.437630][T15366] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 555.459583][T15366] netlink: 'syz.3.3146': attribute type 1 has an invalid length. [ 555.695803][T15137] team0: Port device team_slave_0 added [ 555.752824][T15137] team0: Port device team_slave_1 added [ 555.934066][T15137] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 555.986910][T15137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 556.101355][T15137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 556.157790][T15137] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 556.189551][T15137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 556.228030][T15137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 556.484337][T15137] hsr_slave_0: entered promiscuous mode [ 556.493259][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 556.493276][ T30] audit: type=1326 audit(1767281060.266:3367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.4.3158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 556.544468][T15137] hsr_slave_1: entered promiscuous mode [ 556.578899][T15137] debugfs: 'hsr0' already exists in 'hsr' [ 556.584687][T15137] Cannot create hsr debugfs directory [ 556.621191][ T30] audit: type=1326 audit(1767281060.266:3368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.4.3158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 556.659637][ T30] audit: type=1326 audit(1767281060.296:3369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.4.3158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 556.667098][ T3874] IPVS: stop unused estimator thread 0... [ 556.704353][ T30] audit: type=1326 audit(1767281060.296:3370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.4.3158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 556.773646][ T30] audit: type=1326 audit(1767281060.296:3371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.4.3158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 556.797406][ T5961] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 556.827050][ T30] audit: type=1326 audit(1767281060.306:3372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.4.3158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=379 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 556.894056][ T30] audit: type=1326 audit(1767281060.336:3373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.4.3158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 556.967146][ T5961] usb 3-1: Using ep0 maxpacket: 8 [ 556.981246][ T5961] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 557.009994][ T5961] usb 3-1: config 179 has no interface number 0 [ 557.016621][ T5961] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 557.067328][ T5961] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 557.113835][ T5961] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 557.157021][ T5961] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 557.187088][ T5961] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 557.207103][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.252084][T15401] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 557.495974][ T5961] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4 [ 557.527961][ T5961] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2 [ 557.550061][ T5961] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 557.566013][ T30] audit: type=1326 audit(1767281061.336:3374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15400 comm="syz.2.3159" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 557.569913][ T5961] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 557.653720][ T5961] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 557.676683][T15424] syzkaller0: entered promiscuous mode [ 557.694395][ T30] audit: type=1326 audit(1767281061.336:3375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15400 comm="syz.2.3159" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 557.695342][ T5961] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 557.787915][ T5961] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 557.802021][ T30] audit: type=1326 audit(1767281061.396:3376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15400 comm="syz.2.3159" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 557.816470][ T5961] hid-generic 0000:3000000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 557.911397][ T24] usb 3-1: USB disconnect, device number 38 [ 557.991362][T15430] fido_id[15430]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 558.217934][T15443] netlink: 'syz.0.3170': attribute type 1 has an invalid length. [ 558.294184][T15443] 8021q: adding VLAN 0 to HW filter on device bond1 [ 558.336393][T15445] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 558.346151][T15445] bond1: (slave batadv1): making interface the new active one [ 558.360727][T15445] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 558.440665][T15137] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 558.485573][T15137] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 558.512846][T15443] netlink: 'syz.0.3170': attribute type 13 has an invalid length. [ 558.640538][T15137] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 558.936182][T15443] bridge0: port 2(bridge_slave_1) entered disabled state [ 558.944035][T15443] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.252562][T15443] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 559.729493][T15137] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 559.799974][ T3874] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.827294][ T3874] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.866201][ T3874] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.937826][ T3874] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.143989][T15137] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.213173][T15137] 8021q: adding VLAN 0 to HW filter on device team0 [ 560.259317][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.266596][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 560.324789][ T133] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.332075][ T133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 560.349757][T15507] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3186'. [ 560.650644][T15137] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 560.775733][T15519] tipc: Started in network mode [ 560.789897][T15519] tipc: Node identity 4, cluster identity 4711 [ 560.817161][T15519] tipc: Node number set to 4 [ 560.826792][T15137] veth0_vlan: entered promiscuous mode [ 560.882453][T15137] veth1_vlan: entered promiscuous mode [ 561.011018][T15137] veth0_macvtap: entered promiscuous mode [ 561.043310][T15137] veth1_macvtap: entered promiscuous mode [ 561.144048][T15137] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 561.184593][T15137] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 561.203857][T15534] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 561.210516][T15534] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 561.232752][ T3789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.241048][T15539] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3199'. [ 561.267460][ T3789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.291460][ T3789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.310651][ T3789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.433248][ T24] IPVS: starting estimator thread 0... [ 561.538012][T15547] IPVS: using max 33 ests per chain, 79200 per kthread [ 561.558443][ T133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.590590][ T133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.671774][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.708436][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.810059][T15562] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3210'. [ 561.829082][T15564] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3211'. [ 562.165994][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 562.184613][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 562.193577][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 562.207494][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 562.215883][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 562.487141][ T5902] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 562.558879][T15582] chnl_net:caif_netlink_parms(): no params data found [ 562.639272][ T5849] bridge0: port 3(syz_tun) entered disabled state [ 562.653211][ T5902] usb 3-1: Using ep0 maxpacket: 8 [ 562.663188][ T5902] usb 3-1: unable to get BOS descriptor or descriptor too short [ 562.678392][ T5902] usb 3-1: config 7 has an invalid interface number: 239 but max is 0 [ 562.688383][ T5849] syz_tun (unregistering): left allmulticast mode [ 562.696947][ T5849] syz_tun (unregistering): left promiscuous mode [ 562.704889][ T5849] bridge0: port 3(syz_tun) entered disabled state [ 562.718998][ T5902] usb 3-1: config 7 has no interface number 0 [ 562.759346][ T5902] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=3b.58 [ 562.777170][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.785217][ T5902] usb 3-1: Product: syz [ 562.802185][ T5902] usb 3-1: Manufacturer: syz [ 562.812035][ T5902] usb 3-1: SerialNumber: syz [ 562.831514][T15594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3222'. [ 562.871772][ T3789] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.943899][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.950478][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.976119][T15603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3224'. [ 563.055708][ T5902] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 563.075203][ T5902] dvb-usb: bulk message failed: -22 (2/0) [ 563.084420][ T5902] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 563.094566][ T5902] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 563.106595][ T5902] usb 3-1: media controller created [ 563.133607][ T5902] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 563.146712][ T3789] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.161050][ T5902] dvb-usb: bulk message failed: -22 (1/0) [ 563.166959][ T5902] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 563.185853][ T5902] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 563.190546][T15582] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.205915][ T5902] dvb-usb: schedule remote query interval to 50 msecs. [ 563.223701][T15582] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.230799][ T5902] dvb-usb: bulk message failed: -22 (2/0) [ 563.233150][ T5902] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 563.253121][T15582] bridge_slave_0: entered allmulticast mode [ 563.255396][ T5902] usb 3-1: USB disconnect, device number 39 [ 563.312122][T15582] bridge_slave_0: entered promiscuous mode [ 563.438614][ T5902] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 563.451697][ T3789] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.471549][T15617] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3230'. [ 563.498329][T15582] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.514718][T15582] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.524409][T15582] bridge_slave_1: entered allmulticast mode [ 563.537442][T15582] bridge_slave_1: entered promiscuous mode [ 563.552468][T15617] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.561851][T15617] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.684107][ T3789] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.745102][T15629] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3235'. [ 563.790541][T15582] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 563.826181][T15582] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 563.985744][T15582] team0: Port device team_slave_0 added [ 564.014827][T15582] team0: Port device team_slave_1 added [ 564.153564][T15646] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3243'. [ 564.172642][T15582] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 564.187627][T15582] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 564.240207][T15582] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 564.259618][T15644] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3242'. [ 564.271289][ T3789] bridge_slave_1: left allmulticast mode [ 564.278051][ T3789] bridge_slave_1: left promiscuous mode [ 564.295819][ T3789] bridge0: port 2(bridge_slave_1) entered disabled state [ 564.315248][ T5842] Bluetooth: hci3: command tx timeout [ 564.343476][ T3789] bridge_slave_0: left allmulticast mode [ 564.388870][ T3789] bridge_slave_0: left promiscuous mode [ 564.394702][ T3789] bridge0: port 1(bridge_slave_0) entered disabled state [ 564.845285][T15670] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 564.845305][T15670] IPv6: NLM_F_CREATE should be set when creating new route [ 565.104124][ T3789] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 565.307102][ T5917] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 565.360358][ T3789] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 565.387446][ T3789] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 565.403069][ T3789] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 565.413804][ T3789] bond0 (unregistering): Released all slaves [ 565.441010][T15582] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 565.448275][T15582] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 565.497556][ T5917] usb 4-1: Using ep0 maxpacket: 32 [ 565.527734][T15582] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 565.528836][ T5917] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 565.600869][ T3789] tipc: Left network mode [ 565.617070][ T5917] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 565.706676][ T5917] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 565.726147][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.783558][ T5917] hub 4-1:4.0: USB hub found [ 565.915200][T15582] hsr_slave_0: entered promiscuous mode [ 565.932974][T15582] hsr_slave_1: entered promiscuous mode [ 565.951857][T15582] debugfs: 'hsr0' already exists in 'hsr' [ 565.958937][T15582] Cannot create hsr debugfs directory [ 565.978656][ T5917] hub 4-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 566.191751][ T3789] hsr_slave_0: left promiscuous mode [ 566.219119][ T3789] hsr_slave_1: left promiscuous mode [ 566.235528][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 566.249495][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 566.278062][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 566.285490][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 566.338783][ T5895] usb 4-1: USB disconnect, device number 32 [ 566.368559][T15715] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 566.375430][T15715] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 566.376002][ T3789] veth1_macvtap: left promiscuous mode [ 566.394950][ T5842] Bluetooth: hci3: command tx timeout [ 566.427296][ T3789] veth0_macvtap: left promiscuous mode [ 566.443319][ T3789] veth1_vlan: left promiscuous mode [ 566.466412][ T3789] veth0_vlan: left promiscuous mode [ 567.258758][ T3789] team0 (unregistering): Port device team_slave_1 removed [ 567.294693][ T3789] team0 (unregistering): Port device team_slave_0 removed [ 568.457123][ T5842] Bluetooth: hci3: command tx timeout [ 568.537525][T15774] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 568.543996][T15774] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 568.810969][T15582] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 568.868310][T15582] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 568.906655][T15582] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 568.936488][T15582] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 569.257576][T15582] 8021q: adding VLAN 0 to HW filter on device bond0 [ 569.315952][T15582] 8021q: adding VLAN 0 to HW filter on device team0 [ 569.379940][ T1004] bridge0: port 1(bridge_slave_0) entered blocking state [ 569.387265][ T1004] bridge0: port 1(bridge_slave_0) entered forwarding state [ 569.431375][ T1004] bridge0: port 2(bridge_slave_1) entered blocking state [ 569.438591][ T1004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 569.599103][T15582] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 569.751742][T15582] veth0_vlan: entered promiscuous mode [ 569.807973][T15582] veth1_vlan: entered promiscuous mode [ 569.924229][T15582] veth0_macvtap: entered promiscuous mode [ 569.958473][T15582] veth1_macvtap: entered promiscuous mode [ 570.110041][T15582] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 570.189837][T15582] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 570.211876][ T3789] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.255167][ T3789] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.283912][ T3789] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.293481][ T3789] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.537142][ T5842] Bluetooth: hci3: command tx timeout [ 570.801345][ T3789] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.810375][ T3789] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.972015][ T1004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 571.003053][ T1004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 571.321997][T15849] netlink: 'syz.4.3214': attribute type 13 has an invalid length. [ 571.414237][T15853] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3311'. [ 571.510440][T15849] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.518353][T15849] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.684650][T15849] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 571.703421][T15849] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 572.276911][T13772] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 572.287447][T13772] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 572.295350][T13772] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 572.305732][T13772] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 572.314259][T13772] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 572.358045][T15853] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 572.426237][ T3874] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.453362][ T3874] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.465506][ T3874] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.474818][ T3874] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.190593][ T133] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.516504][ T133] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.731179][ T133] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.900809][ T133] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.121689][T15868] chnl_net:caif_netlink_parms(): no params data found [ 574.181154][ T133] bridge_slave_1: left allmulticast mode [ 574.186932][ T133] bridge_slave_1: left promiscuous mode [ 574.193093][ T133] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.203708][ T133] bridge_slave_0: left allmulticast mode [ 574.210130][ T133] bridge_slave_0: left promiscuous mode [ 574.216008][ T133] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.378636][ T5842] Bluetooth: hci2: command tx timeout [ 574.676218][T15761] Set syz1 is full, maxelem 65536 reached [ 574.873049][T15938] sctp: [Deprecated]: syz.2.3339 (pid 15938) Use of struct sctp_assoc_value in delayed_ack socket option. [ 574.873049][T15938] Use struct sctp_sack_info instead [ 575.026785][ T133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 575.052321][ T133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 575.068389][ T133] bond0 (unregistering): Released all slaves [ 575.421694][T15868] bridge0: port 1(bridge_slave_0) entered blocking state [ 575.435102][T15868] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.444245][T15868] bridge_slave_0: entered allmulticast mode [ 575.455773][T15868] bridge_slave_0: entered promiscuous mode [ 575.487600][ T133] hsr_slave_0: left promiscuous mode [ 575.493876][ T133] hsr_slave_1: left promiscuous mode [ 575.542627][ T133] veth1_macvtap: left promiscuous mode [ 575.548399][ T133] veth0_macvtap: left promiscuous mode [ 575.554227][ T133] veth1_vlan: left promiscuous mode [ 575.561162][ T133] veth0_vlan: left promiscuous mode [ 576.047295][ T5924] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 576.153749][ T133] team0 (unregistering): Port device team_slave_1 removed [ 576.193363][ T133] team0 (unregistering): Port device team_slave_0 removed [ 576.202285][ T5924] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 576.225134][ T5924] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 576.236080][ T5924] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 576.245429][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.263534][ T5924] usb 5-1: config 0 descriptor?? [ 576.458124][ T5842] Bluetooth: hci2: command tx timeout [ 576.731314][ T5924] cm6533_jd 0003:0D8C:0022.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 576.784732][T15868] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.792121][T15868] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.817589][T15868] bridge_slave_1: entered allmulticast mode [ 576.828974][T15868] bridge_slave_1: entered promiscuous mode [ 576.910650][T15868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 576.952714][T15868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 576.983570][ T5923] usb 5-1: USB disconnect, device number 37 [ 577.087730][T15868] team0: Port device team_slave_0 added [ 577.095232][T15868] team0: Port device team_slave_1 added [ 577.193582][T15868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 577.205302][T15868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 577.231826][T15868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 577.245204][T15868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 577.250393][ T133] IPVS: stop unused estimator thread 0... [ 577.252872][T15868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 577.284708][T15868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 577.399093][T15868] hsr_slave_0: entered promiscuous mode [ 577.406152][T15868] hsr_slave_1: entered promiscuous mode [ 577.413474][T15868] debugfs: 'hsr0' already exists in 'hsr' [ 577.430975][T15868] Cannot create hsr debugfs directory [ 577.437083][T14684] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 577.632341][T14684] usb 2-1: unable to get BOS descriptor or descriptor too short [ 577.650459][T14684] usb 2-1: not running at top speed; connect to a high speed hub [ 577.682141][T14684] usb 2-1: config 8 has an invalid interface number: 98 but max is 0 [ 577.703817][T14684] usb 2-1: config 8 has no interface number 0 [ 577.725254][T14684] usb 2-1: config 8 interface 98 has no altsetting 0 [ 577.750364][T14684] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0105, bcdDevice=5a.a0 [ 577.778405][T14684] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.803447][T14684] usb 2-1: Product: syz [ 577.815570][T14684] usb 2-1: Manufacturer: syz [ 577.823085][ T5842] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 577.832717][ T5842] Bluetooth: hci0: Injecting HCI hardware error event [ 577.842941][T13772] Bluetooth: hci0: hardware error 0x00 [ 577.855499][T16026] pim6reg: entered allmulticast mode [ 577.862773][T14684] usb 2-1: SerialNumber: syz [ 577.962828][T16018] Set syz1 is full, maxelem 65536 reached [ 578.129188][T14684] dvb-usb: found a 'Terratec Cinergy S2 USB BOX' in warm state. [ 578.159902][T14684] dw2102: su3000_power_ctrl: 1, initialized 0 [ 578.166044][T14684] dvb-usb: bulk message failed: -22 (2/0) [ 578.212066][T14684] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 578.245208][T14684] dvb-usb: Terratec Cinergy S2 USB BOX error while loading driver (-19) [ 578.275770][T14684] usb 2-1: USB disconnect, device number 24 [ 578.530188][T15868] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 578.537139][ T5842] Bluetooth: hci2: command tx timeout [ 578.571032][T15868] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 578.615863][T15868] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 578.655964][T15868] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 579.073766][T15868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 579.199106][T15868] 8021q: adding VLAN 0 to HW filter on device team0 [ 579.245706][ T133] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.252882][ T133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.343575][ T133] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.350820][ T133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.666478][T15868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 579.814990][T16096] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 579.831214][T14684] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 579.853039][T15868] veth0_vlan: entered promiscuous mode [ 579.870915][T14684] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 579.897852][T13772] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 579.906245][T14684] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz0 [ 579.940148][T15868] veth1_vlan: entered promiscuous mode [ 580.115843][T15868] veth0_macvtap: entered promiscuous mode [ 580.174355][T15868] veth1_macvtap: entered promiscuous mode [ 580.213308][T15868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 580.260991][T15868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 580.319872][ T133] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.353781][ T133] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.409224][ T133] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.497557][ T60] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.618103][T13772] Bluetooth: hci2: command tx timeout [ 580.845547][ T133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 580.886791][ T133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 580.992388][ T133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 581.037236][ T133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 581.647502][ T5923] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 581.831628][ T5923] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 581.863145][ T5923] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 581.882060][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.906113][ T5923] usb 4-1: Product: syz [ 581.919761][ T5923] usb 4-1: Manufacturer: syz [ 581.928992][ T5923] usb 4-1: SerialNumber: syz [ 582.029830][T16166] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3413'. [ 582.048311][T14684] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 582.243699][T14684] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 582.266782][T14684] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 582.297100][T14684] usb 2-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 582.306218][T14684] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.338673][T14684] usb 2-1: config 0 descriptor?? [ 582.599665][ T5923] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 582.606074][ T5923] cdc_ncm 4-1:1.0: bind() failure [ 582.615835][ T5923] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 582.623270][ T5923] cdc_ncm 4-1:1.1: bind() failure [ 582.770409][T14684] hid-led 0003:1294:1320.0006: hidraw0: USB HID vff.fe Device [HID 1294:1320] on usb-dummy_hcd.1-1/input0 [ 582.796550][T14684] hid-led 0003:1294:1320.0006: Riso Kagaku Webmail Notifier initialized [ 582.833389][T16194] ptrace attach of "./syz-executor exec"[14753] was attempted by "./syz-executor exec"[16194] [ 582.954082][ T5941] usb 2-1: USB disconnect, device number 25 [ 582.967939][ T6072] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 582.977409][ T6072] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 582.987957][ T1004] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 583.622925][ T5923] IPVS: starting estimator thread 0... [ 583.707041][T16215] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3431'. [ 583.727282][T16211] IPVS: using max 35 ests per chain, 84000 per kthread [ 584.417116][T14684] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 584.532353][ T5923] usb 4-1: USB disconnect, device number 33 [ 584.569376][T14684] usb 5-1: Using ep0 maxpacket: 8 [ 584.591699][T14684] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 584.601671][T14684] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.612128][T14684] usb 5-1: Product: syz [ 584.616330][T14684] usb 5-1: Manufacturer: syz [ 584.621543][T14684] usb 5-1: SerialNumber: syz [ 584.631894][T14684] usb 5-1: config 0 descriptor?? [ 584.646423][T14684] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 584.766293][T16252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3449'. [ 584.779125][T16252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3449'. [ 585.010239][ T5923] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 585.178186][ T5923] usb 4-1: Using ep0 maxpacket: 32 [ 585.206129][ T5923] usb 4-1: config 0 has an invalid interface number: 134 but max is 0 [ 585.215412][ T5923] usb 4-1: config 0 has no interface number 0 [ 585.226482][ T5923] usb 4-1: New USB device found, idVendor=10b8, idProduct=1fa0, bcdDevice=cd.3b [ 585.236189][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.246956][ T5923] usb 4-1: Product: syz [ 585.251588][ T5923] usb 4-1: Manufacturer: syz [ 585.256289][ T5923] usb 4-1: SerialNumber: syz [ 585.268257][T14684] gspca_sonixj: reg_w1 err -71 [ 585.277561][T14684] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 585.286478][ T5923] usb 4-1: config 0 descriptor?? [ 585.307675][T14684] usb 5-1: USB disconnect, device number 38 [ 585.461564][ T5961] IPVS: starting estimator thread 0... [ 585.524106][ T5923] dvb-usb: found a 'DiBcom STK8096GP reference design' in warm state. [ 585.548218][ T5923] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 585.558382][T16287] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3465'. [ 585.559412][ T5923] dvbdev: DVB: registering new adapter (DiBcom STK8096GP reference design) [ 585.568934][T16283] IPVS: using max 29 ests per chain, 69600 per kthread [ 585.578750][ T5923] usb 4-1: media controller created [ 585.631525][ T5923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 585.740318][ T5923] DVB: Unable to find symbol dib8000_attach() [ 585.747244][ T5923] dvb-usb: no frontend was attached by 'DiBcom STK8096GP reference design' [ 585.751802][T16295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.848198][ T5923] rc_core: IR keymap rc-dib0700-rc5 not found [ 585.857257][ T5923] Registered IR keymap rc-empty [ 585.863955][ T5923] dvb-usb: could not initialize remote control. [ 585.871567][ T5923] dvb-usb: DiBcom STK8096GP reference design successfully initialized and connected. [ 585.874921][T16295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.897821][ T5923] usb 4-1: USB disconnect, device number 34 [ 585.942976][T16295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.972010][T16295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.988491][ T5923] dvb-usb: DiBcom STK8096GP reference design successfully deinitialized and disconnected. [ 586.209557][T16317] netlink: 6 bytes leftover after parsing attributes in process `syz.4.3478'. [ 586.220508][T16317] bridge: RTM_NEWNEIGH with invalid ether address [ 586.228764][T16317] netlink: 6 bytes leftover after parsing attributes in process `syz.4.3478'. [ 586.237947][T16317] bridge: RTM_NEWNEIGH with invalid ether address [ 586.440427][T16329] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3483'. [ 586.800515][T16347] netlink: 'syz.2.3492': attribute type 12 has an invalid length. [ 586.937615][T16353] netlink: 'syz.1.3494': attribute type 27 has an invalid length. [ 587.327828][T16353] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 587.393149][T16353] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 587.741512][ T60] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.754164][ T60] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.795915][ T60] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.824658][ T60] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.838571][T16391] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3507'. [ 588.137407][ T5842] ================================================================== [ 588.145522][ T5842] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2b0 [ 588.153112][ T5842] Write of size 4 at addr ffff8880353dc010 by task kworker/u9:7/5842 [ 588.161202][ T5842] [ 588.163544][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: kworker/u9:7 Not tainted syzkaller #0 PREEMPT(full) [ 588.163559][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 588.163568][ T5842] Workqueue: hci1 hci_cmd_sync_work [ 588.163584][ T5842] Call Trace: [ 588.163590][ T5842] [ 588.163596][ T5842] dump_stack_lvl+0xe8/0x150 [ 588.163611][ T5842] print_report+0xca/0x240 [ 588.163622][ T5842] ? hci_conn_drop+0x34/0x2b0 [ 588.163634][ T5842] kasan_report+0x118/0x150 [ 588.163646][ T5842] ? hci_conn_valid+0x21/0x230 [ 588.163658][ T5842] ? hci_conn_drop+0x34/0x2b0 [ 588.163670][ T5842] kasan_check_range+0x2b0/0x2c0 [ 588.163683][ T5842] hci_conn_drop+0x34/0x2b0 [ 588.163694][ T5842] ? __pfx_le_read_features_complete+0x10/0x10 [ 588.163705][ T5842] hci_cmd_sync_work+0x262/0x400 [ 588.163716][ T5842] ? process_scheduled_works+0x9ef/0x1770 [ 588.163727][ T5842] process_scheduled_works+0xad1/0x1770 [ 588.163742][ T5842] ? __pfx_process_scheduled_works+0x10/0x10 [ 588.163752][ T5842] ? do_raw_spin_lock+0x121/0x290 [ 588.163769][ T5842] worker_thread+0x8a0/0xda0 [ 588.163785][ T5842] kthread+0x711/0x8a0 [ 588.163798][ T5842] ? __pfx_worker_thread+0x10/0x10 [ 588.163808][ T5842] ? __pfx_kthread+0x10/0x10 [ 588.163821][ T5842] ? _raw_spin_unlock_irq+0x23/0x50 [ 588.163836][ T5842] ? __pfx_kthread+0x10/0x10 [ 588.163848][ T5842] ret_from_fork+0x510/0xa50 [ 588.163858][ T5842] ? __pfx_ret_from_fork+0x10/0x10 [ 588.163867][ T5842] ? __switch_to+0xc9e/0x1480 [ 588.163881][ T5842] ? __pfx_kthread+0x10/0x10 [ 588.163894][ T5842] ret_from_fork_asm+0x1a/0x30 [ 588.163911][ T5842] [ 588.163915][ T5842] [ 588.167066][T13772] Bluetooth: hci1: command 0x2016 tx timeout [ 588.173361][ T5842] Allocated by task 13772: [ 588.173376][ T5842] kasan_save_track+0x3e/0x80 [ 588.173399][ T5842] __kasan_kmalloc+0x93/0xb0 [ 588.341675][ T5842] __kmalloc_cache_noprof+0x3e2/0x700 [ 588.347042][ T5842] __hci_conn_add+0x3c5/0x1b30 [ 588.351809][ T5842] le_conn_complete_evt+0x6f6/0x1420 [ 588.357259][ T5842] hci_le_enh_conn_complete_evt+0x189/0x4a0 [ 588.363152][ T5842] hci_event_packet+0x78f/0x1260 [ 588.368092][ T5842] hci_rx_work+0x3ee/0x1060 [ 588.372624][ T5842] process_scheduled_works+0xad1/0x1770 [ 588.378171][ T5842] worker_thread+0x8a0/0xda0 [ 588.382746][ T5842] kthread+0x711/0x8a0 [ 588.386823][ T5842] ret_from_fork+0x510/0xa50 [ 588.391398][ T5842] ret_from_fork_asm+0x1a/0x30 [ 588.396154][ T5842] [ 588.398479][ T5842] Freed by task 13772: [ 588.402550][ T5842] kasan_save_track+0x3e/0x80 [ 588.407245][ T5842] kasan_save_free_info+0x46/0x50 [ 588.412282][ T5842] __kasan_slab_free+0x5c/0x80 [ 588.417047][ T5842] kfree+0x1c0/0x660 [ 588.421035][ T5842] device_release+0x9e/0x1d0 [ 588.425621][ T5842] kobject_put+0x228/0x570 [ 588.430201][ T5842] hci_conn_del+0xc36/0x1240 [ 588.434788][ T5842] hci_disconn_complete_evt+0x64e/0x950 [ 588.440335][ T5842] hci_event_packet+0x7e3/0x1260 [ 588.445275][ T5842] hci_rx_work+0x3ee/0x1060 [ 588.449779][ T5842] process_scheduled_works+0xad1/0x1770 [ 588.455334][ T5842] worker_thread+0x8a0/0xda0 [ 588.459928][ T5842] kthread+0x711/0x8a0 [ 588.463989][ T5842] ret_from_fork+0x510/0xa50 [ 588.468565][ T5842] ret_from_fork_asm+0x1a/0x30 [ 588.473324][ T5842] [ 588.475632][ T5842] The buggy address belongs to the object at ffff8880353dc000 [ 588.475632][ T5842] which belongs to the cache kmalloc-8k of size 8192 [ 588.489754][ T5842] The buggy address is located 16 bytes inside of [ 588.489754][ T5842] freed 8192-byte region [ffff8880353dc000, ffff8880353de000) [ 588.503544][ T5842] [ 588.505854][ T5842] The buggy address belongs to the physical page: [ 588.512246][ T5842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x353d8 [ 588.520994][ T5842] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 588.529486][ T5842] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 588.537462][ T5842] page_type: f5(slab) [ 588.541448][ T5842] raw: 00fff00000000040 ffff88813ffa7280 0000000000000000 dead000000000001 [ 588.550035][ T5842] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 588.558619][ T5842] head: 00fff00000000040 ffff88813ffa7280 0000000000000000 dead000000000001 [ 588.567280][ T5842] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 588.575938][ T5842] head: 00fff00000000003 ffffea0000d4f601 00000000ffffffff 00000000ffffffff [ 588.584596][ T5842] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 588.593261][ T5842] page dumped because: kasan: bad access detected [ 588.599769][ T5842] page_owner tracks the page as allocated [ 588.605486][ T5842] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 14520, tgid 14519 (syz.2.2837), ts 527760083905, free_ts 527708146630 [ 588.627024][ T5842] post_alloc_hook+0x234/0x290 [ 588.631793][ T5842] get_page_from_freelist+0x24e0/0x2580 [ 588.637333][ T5842] __alloc_frozen_pages_noprof+0x181/0x370 [ 588.643163][ T5842] alloc_pages_mpol+0x232/0x4a0 [ 588.648005][ T5842] allocate_slab+0x86/0x3b0 [ 588.652501][ T5842] ___slab_alloc+0xe53/0x1820 [ 588.657168][ T5842] __slab_alloc+0x65/0x100 [ 588.661579][ T5842] __kmalloc_cache_noprof+0x41e/0x700 [ 588.666936][ T5842] audit_log_d_path+0xb8/0x1a0 [ 588.671688][ T5842] audit_log_d_path_exe+0x42/0x70 [ 588.676698][ T5842] audit_log_task+0x2b3/0x3c0 [ 588.681365][ T5842] audit_seccomp+0x86/0x190 [ 588.685854][ T5842] __seccomp_filter+0xcf0/0x1e20 [ 588.690792][ T5842] syscall_trace_enter+0xaa/0x160 [ 588.695891][ T5842] __do_fast_syscall_32+0x1bf/0x560 [ 588.701080][ T5842] do_fast_syscall_32+0x34/0x80 [ 588.705932][ T5842] page last free pid 14517 tgid 14517 stack trace: [ 588.712417][ T5842] __free_frozen_pages+0xbc8/0xd30 [ 588.717519][ T5842] __put_partials+0x146/0x170 [ 588.722205][ T5842] __slab_free+0x294/0x320 [ 588.726627][ T5842] qlist_free_all+0x97/0x100 [ 588.731214][ T5842] kasan_quarantine_reduce+0x148/0x160 [ 588.736662][ T5842] __kasan_slab_alloc+0x22/0x80 [ 588.741503][ T5842] kmem_cache_alloc_noprof+0x37d/0x710 [ 588.746954][ T5842] ptlock_alloc+0x20/0x70 [ 588.751280][ T5842] pte_alloc_one+0x7a/0x370 [ 588.755772][ T5842] do_pte_missing+0x1162/0x3330 [ 588.760611][ T5842] handle_mm_fault+0x1b26/0x32b0 [ 588.765551][ T5842] do_user_addr_fault+0xa7c/0x1380 [ 588.770650][ T5842] exc_page_fault+0x71/0xd0 [ 588.775139][ T5842] asm_exc_page_fault+0x26/0x30 [ 588.779977][ T5842] [ 588.782283][ T5842] Memory state around the buggy address: [ 588.787894][ T5842] ffff8880353dbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 588.795958][ T5842] ffff8880353dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 588.804024][ T5842] >ffff8880353dc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 588.812087][ T5842] ^ [ 588.816756][ T5842] ffff8880353dc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 588.824808][ T5842] ffff8880353dc100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 588.832853][ T5842] ================================================================== [ 588.847052][ T5842] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 588.854285][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: kworker/u9:7 Not tainted syzkaller #0 PREEMPT(full) [ 588.863758][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 588.873829][ T5842] Workqueue: hci1 hci_cmd_sync_work [ 588.879052][ T5842] Call Trace: [ 588.882340][ T5842] [ 588.885283][ T5842] vpanic+0x1e0/0x670 [ 588.889278][ T5842] panic+0xb9/0xc0 [ 588.893035][ T5842] ? __pfx_panic+0x10/0x10 [ 588.897465][ T5842] ? preempt_schedule_common+0x83/0xd0 [ 588.902938][ T5842] ? hci_conn_drop+0x34/0x2b0 [ 588.907619][ T5842] check_panic_on_warn+0x89/0xb0 [ 588.912657][ T5842] ? hci_conn_drop+0x34/0x2b0 [ 588.917445][ T5842] end_report+0x6f/0x140 [ 588.921732][ T5842] kasan_report+0x129/0x150 [ 588.926255][ T5842] ? hci_conn_valid+0x21/0x230 [ 588.931031][ T5842] ? hci_conn_drop+0x34/0x2b0 [ 588.935723][ T5842] kasan_check_range+0x2b0/0x2c0 [ 588.940678][ T5842] hci_conn_drop+0x34/0x2b0 [ 588.945187][ T5842] ? __pfx_le_read_features_complete+0x10/0x10 [ 588.951345][ T5842] hci_cmd_sync_work+0x262/0x400 [ 588.956290][ T5842] ? process_scheduled_works+0x9ef/0x1770 [ 588.962000][ T5842] process_scheduled_works+0xad1/0x1770 [ 588.967547][ T5842] ? __pfx_process_scheduled_works+0x10/0x10 [ 588.973517][ T5842] ? do_raw_spin_lock+0x121/0x290 [ 588.978541][ T5842] worker_thread+0x8a0/0xda0 [ 588.983126][ T5842] kthread+0x711/0x8a0 [ 588.987190][ T5842] ? __pfx_worker_thread+0x10/0x10 [ 588.992286][ T5842] ? __pfx_kthread+0x10/0x10 [ 588.996865][ T5842] ? _raw_spin_unlock_irq+0x23/0x50 [ 589.002076][ T5842] ? __pfx_kthread+0x10/0x10 [ 589.006667][ T5842] ret_from_fork+0x510/0xa50 [ 589.011257][ T5842] ? __pfx_ret_from_fork+0x10/0x10 [ 589.016376][ T5842] ? __switch_to+0xc9e/0x1480 [ 589.021065][ T5842] ? __pfx_kthread+0x10/0x10 [ 589.025708][ T5842] ret_from_fork_asm+0x1a/0x30 [ 589.030914][ T5842] [ 589.034296][ T5842] Kernel Offset: disabled [ 589.038605][ T5842] Rebooting in 86400 seconds..