last executing test programs: 7m7.046721207s ago: executing program 2 (id=3): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80a80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x5, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000240)="0f01092273b932810f00000026660fc7b30600000065360fc75832660f388168008fc978e38e0f000000c4e2050dac89740bf4d3b805000000b9000000800f01d9c4e155768e00100000", 0x4a}], 0x1, 0x0, 0x0, 0x0) signalfd4(r3, &(0x7f0000000040)={[0x1]}, 0x8, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) 7m6.73991567s ago: executing program 0 (id=1): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) close(r0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b80000001d0001"], 0xb8}}, 0x0) 7m6.454696176s ago: executing program 0 (id=7): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 7m6.294886032s ago: executing program 2 (id=8): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x80, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 7m6.078183778s ago: executing program 2 (id=9): mkdir(&(0x7f0000002880)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000100), 0x80000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000009702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000002404000000ffffffd404000020000000b7040000100000207207f0ff00000000850000002f000000b70000000a00000095000000000000006458c2c62fca868f0399d909a63396c113943219aab9d607000000cb3924b611f5969f62c28b22edf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa8a23f1740637c48468766af54043000000ec44631ac2622cdcae18c3d14bfbe96dd87235b44174f7c034318508f49f09781dc7a2cfbb9a0f119e31975f551557f05dc2dc2739e2e735d0ab961dac07f4f6d8aa1c3f16765d427c0e01000000fe4c16737d50d2a4bfc463450d524eacf2b734b0289c7a3a16eeca71296746681d61af491e4fa734318e0d72b8dbbc2b2b869af2f87903000000b6ecc7de09a2257e908cd92e664fa7aba7f07474863333c460e34caf0806a7e2575a56fba3eadd8efbd5dae6c024585d972b1bf8c4e872bba38160be9e92b6ddb90fc51b894917b50876b5708e64e70f7d8225da90ce9bc019084873ed07c0c59c4ba053fe77e0d37ccc3318da2e9fefaf025527e734ed1de5d12b4c56ca3b03dc121086061d1f26821a428d28eefa22ead6a3dab9388da53263b81ebe6be197a48a63440000a356240c4e2df57457000100000000000000000000008d2516510b29804b3cc034c19cef0d773f01064709edd63a185cbab8456c25283b9514b220fe401503ff536478088eb9fd932a0703a7bf9ea40429b2d49177824f210a69f8e5227fd32e7d5a2c7ecf57ac64509224090000000000000096e5a55d2c805bf725b9d14756c8cfa292aae0872866cf9fe063317741a0db9081d4393a7f9bcc0917d60a11b4a9ece831660ce625de441cef915eba31255d163f7033045ceb97f8ea006efc5b84f75ca1fb74c9faef444eb12f46b435de87feb2f7f2d7fb659395e4b38178b5c67e6ac100000000000000001b2e77bd5de136fa1bec1a26c622bb9662d9ee70147acc5605aa2318855cb8b918000000c5f265dcb5dce05f94ea051c4e8dcdf37d01ad7aff64f84ce32b841c799f47c2949725285fc50f1dd3f5e264023082eec752704c1f598151aa7d29e0d79522df196278acf327a74777d1f658f50c27020198770ff8ebef9df1b750d56d4d195ad7a267c46b3348b0e03ed33b5bca13cafc304dc6da78d20f029742d8d2f36acfdd331081ca00c1d5c8b7bed2ef603d6e7f1764246aab2d7d531559a971939a038055ac28625ec837f824ff537cd67993a3589be73a18680da50287b9e962b1a0235c290346a21ca5de55c49c78e411c791617000ef8df75411a5d300000000000000e0ffffff004deb8d49806823655735bd6deb49edb2e42f4ed9e6e9080366660b847bf03c144f6796920726dcf29e9a6c808459e82cbb0000000000000000000000000000000000006b5530865aaa7aa6171f66f2bca881a4201588427bb65ed3d5e7a74e9b5ece44067d4a9875a310bc7ec42b844b9eb3c9083560ef5c92b8a01188d615efbf70893d2eaf76517e990021fa5020a71023bca1194ad87cade480ba3dce8f57294e31ca24a8d181210bb6d18ff2c58293c2e314a7447ed3a1c870908aa8e3b33e6a94c7381bce9fa71dcbb758451f247e38d80d66e03d7564a5cddfaf06574b05cefb2670f30c2d501ee625ce3ffc08f15b53d28ce552c1807bc6866f06098a0e5517068aa48f2a82496fe83ee85218fe7f52b48742c7055f2a144c13e9c54be60b0a4f979ef7eb216897875946dc6ca1571930b1cf7c93de103f5289f782ae538e02612c717a76c787a873936eb8dcf1bfe581cc8ef965a0424bc140939e3274e251e519d188f6af680402c49458065dccfcb4f0d4f2ec9cf6fb3cf0a1807e34fb8d0108007734c1d2bc6a9d32d2560a88bad976b6000100002b712e632eeca810fb73fc8aaef94acf8bde18b9149cadc688254eabbe91f943592ccf68e717bcc6852828bd621e3a9dcb1cc6f1a6d1915200d95087838c2dc0a002c3aa554f725b965714144652cdc14761b0236f1a05b7f50f4149057e63d713103b5a6c2919161efc165a2e6981d76d29c95ad9f180135fb8962f59495fd33be3a6d35274941790bc1bd9da5e9c67c39de2c9f6fe35b8f528edbd8ea2a77dccdc3fe247feb121d9440a3ea9012a9d23a7e3110b0f25c5f8bf803d688de4d92b5dfdbd69fb8b426b55c10ba01b5f18b10cce8de3369300000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x29, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 7m3.888957447s ago: executing program 0 (id=18): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2081c80, 0x0) open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x9801) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') r1 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r1, r0, 0x0, 0x80000000) 7m3.687066802s ago: executing program 0 (id=20): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000000)='debugfs\x00', 0x200000, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0x20002078) 7m3.393278475s ago: executing program 0 (id=23): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x2, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) 7m3.04426284s ago: executing program 32 (id=23): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x2, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) 6m50.815620838s ago: executing program 33 (id=9): mkdir(&(0x7f0000002880)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000100), 0x80000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000009702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000002404000000ffffffd404000020000000b7040000100000207207f0ff00000000850000002f000000b70000000a00000095000000000000006458c2c62fca868f0399d909a63396c113943219aab9d607000000cb3924b611f5969f62c28b22edf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa8a23f1740637c48468766af54043000000ec44631ac2622cdcae18c3d14bfbe96dd87235b44174f7c034318508f49f09781dc7a2cfbb9a0f119e31975f551557f05dc2dc2739e2e735d0ab961dac07f4f6d8aa1c3f16765d427c0e01000000fe4c16737d50d2a4bfc463450d524eacf2b734b0289c7a3a16eeca71296746681d61af491e4fa734318e0d72b8dbbc2b2b869af2f87903000000b6ecc7de09a2257e908cd92e664fa7aba7f07474863333c460e34caf0806a7e2575a56fba3eadd8efbd5dae6c024585d972b1bf8c4e872bba38160be9e92b6ddb90fc51b894917b50876b5708e64e70f7d8225da90ce9bc019084873ed07c0c59c4ba053fe77e0d37ccc3318da2e9fefaf025527e734ed1de5d12b4c56ca3b03dc121086061d1f26821a428d28eefa22ead6a3dab9388da53263b81ebe6be197a48a63440000a356240c4e2df57457000100000000000000000000008d2516510b29804b3cc034c19cef0d773f01064709edd63a185cbab8456c25283b9514b220fe401503ff536478088eb9fd932a0703a7bf9ea40429b2d49177824f210a69f8e5227fd32e7d5a2c7ecf57ac64509224090000000000000096e5a55d2c805bf725b9d14756c8cfa292aae0872866cf9fe063317741a0db9081d4393a7f9bcc0917d60a11b4a9ece831660ce625de441cef915eba31255d163f7033045ceb97f8ea006efc5b84f75ca1fb74c9faef444eb12f46b435de87feb2f7f2d7fb659395e4b38178b5c67e6ac100000000000000001b2e77bd5de136fa1bec1a26c622bb9662d9ee70147acc5605aa2318855cb8b918000000c5f265dcb5dce05f94ea051c4e8dcdf37d01ad7aff64f84ce32b841c799f47c2949725285fc50f1dd3f5e264023082eec752704c1f598151aa7d29e0d79522df196278acf327a74777d1f658f50c27020198770ff8ebef9df1b750d56d4d195ad7a267c46b3348b0e03ed33b5bca13cafc304dc6da78d20f029742d8d2f36acfdd331081ca00c1d5c8b7bed2ef603d6e7f1764246aab2d7d531559a971939a038055ac28625ec837f824ff537cd67993a3589be73a18680da50287b9e962b1a0235c290346a21ca5de55c49c78e411c791617000ef8df75411a5d300000000000000e0ffffff004deb8d49806823655735bd6deb49edb2e42f4ed9e6e9080366660b847bf03c144f6796920726dcf29e9a6c808459e82cbb0000000000000000000000000000000000006b5530865aaa7aa6171f66f2bca881a4201588427bb65ed3d5e7a74e9b5ece44067d4a9875a310bc7ec42b844b9eb3c9083560ef5c92b8a01188d615efbf70893d2eaf76517e990021fa5020a71023bca1194ad87cade480ba3dce8f57294e31ca24a8d181210bb6d18ff2c58293c2e314a7447ed3a1c870908aa8e3b33e6a94c7381bce9fa71dcbb758451f247e38d80d66e03d7564a5cddfaf06574b05cefb2670f30c2d501ee625ce3ffc08f15b53d28ce552c1807bc6866f06098a0e5517068aa48f2a82496fe83ee85218fe7f52b48742c7055f2a144c13e9c54be60b0a4f979ef7eb216897875946dc6ca1571930b1cf7c93de103f5289f782ae538e02612c717a76c787a873936eb8dcf1bfe581cc8ef965a0424bc140939e3274e251e519d188f6af680402c49458065dccfcb4f0d4f2ec9cf6fb3cf0a1807e34fb8d0108007734c1d2bc6a9d32d2560a88bad976b6000100002b712e632eeca810fb73fc8aaef94acf8bde18b9149cadc688254eabbe91f943592ccf68e717bcc6852828bd621e3a9dcb1cc6f1a6d1915200d95087838c2dc0a002c3aa554f725b965714144652cdc14761b0236f1a05b7f50f4149057e63d713103b5a6c2919161efc165a2e6981d76d29c95ad9f180135fb8962f59495fd33be3a6d35274941790bc1bd9da5e9c67c39de2c9f6fe35b8f528edbd8ea2a77dccdc3fe247feb121d9440a3ea9012a9d23a7e3110b0f25c5f8bf803d688de4d92b5dfdbd69fb8b426b55c10ba01b5f18b10cce8de3369300000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x29, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 6m33.100342013s ago: executing program 3 (id=135): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x2) 6m30.242704569s ago: executing program 3 (id=141): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xa}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0x2, 0x3}]}}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) 6m28.413828679s ago: executing program 3 (id=149): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$SNDCTL_SEQ_TESTMIDI(r0, 0x40045108, &(0x7f0000000200)) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0) ioctl$SNDCTL_SEQ_RESET(r1, 0x5100) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$SNDCTL_SEQ_RESET(r1, 0x5100) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={0xffffffffffffffff}) close_range(r3, 0xffffffffffffffff, 0x0) 6m28.26068029s ago: executing program 3 (id=151): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) unshare(0x2c020400) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 6m27.996344189s ago: executing program 3 (id=152): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) lseek(r0, 0x359, 0x4) 6m27.514797376s ago: executing program 3 (id=156): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r2, @ANYBLOB="07005b0036ea250066d0c124c3e7b76e16f1bdbf847f9d7dfb09"], 0x24}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="2e003300d0000000ffffffffffff080211000000505050505050"], 0x4c}}, 0x0) 6m27.073963806s ago: executing program 34 (id=156): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r2, @ANYBLOB="07005b0036ea250066d0c124c3e7b76e16f1bdbf847f9d7dfb09"], 0x24}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="2e003300d0000000ffffffffffff080211000000505050505050"], 0x4c}}, 0x0) 4m5.661813471s ago: executing program 1 (id=780): mkdir(&(0x7f0000000180)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)={0x10}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mknodat(r1, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000040)='./file1\x00', 0x121340, 0x1c5) 4m5.548797416s ago: executing program 1 (id=781): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x1fc0}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0xffff}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x3}, 0x0, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x4000080) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 4m4.136817649s ago: executing program 1 (id=786): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) recvfrom$unix(r2, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0) poll(&(0x7f00000002c0)=[{r1, 0x7700}], 0x1, 0x38b7) 4m3.957639992s ago: executing program 1 (id=789): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@name={0x1e, 0x2, 0x1, {{0x42, 0x1}, 0x3}}, 0x10) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}, 0x3}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x201}}, 0x10) r2 = socket$tipc(0x1e, 0x4, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x83f}, 0x10) bind$tipc(r0, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10, 0x0}, 0x0) 4m3.655830708s ago: executing program 1 (id=792): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000440)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20020, 0x0) 4m3.335842855s ago: executing program 1 (id=796): socket$inet6(0xa, 0x3, 0x6) syz_init_net_socket$netrom(0x6, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d37, 0x0, 0x0, 0x0, 0x0) 3m48.228686365s ago: executing program 35 (id=796): socket$inet6(0xa, 0x3, 0x6) syz_init_net_socket$netrom(0x6, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d37, 0x0, 0x0, 0x0, 0x0) 2m29.982937647s ago: executing program 4 (id=120): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000000201fd"], 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) 2m8.720159463s ago: executing program 4 (id=120): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000000201fd"], 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) 1m43.435192513s ago: executing program 4 (id=120): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000000201fd"], 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) 1m14.488171547s ago: executing program 4 (id=120): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000000201fd"], 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) 47.418055356s ago: executing program 4 (id=120): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000000201fd"], 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) 20.697568221s ago: executing program 4 (id=120): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000000201fd"], 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) 5.488355492s ago: executing program 6 (id=1649): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x800) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000000)={0x51, 0xe000, 0x104, {0xfff, 0x8002}, {0x4, 0x6}, @cond=[{0x3, 0x800, 0x8, 0x7ff, 0x3, 0x3}, {0x9, 0x4, 0xb2aa, 0xfff8, 0x3, 0xffff}]}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0030"], 0xb8}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) 3.73737343s ago: executing program 7 (id=1657): syz_io_uring_setup(0x7ee9, &(0x7f00000001c0)={0x0, 0xeaba, 0x0, 0x1}, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf, @void, @value}, 0x94) 3.64397002s ago: executing program 5 (id=1658): syz_open_procfs(0x0, &(0x7f0000000580)='mountinfo\x00') r0 = syz_io_uring_setup(0x1062, &(0x7f0000000140)={0x0, 0x4f0c, 0x400}, &(0x7f0000000480)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x47f5, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x151) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 3.586810318s ago: executing program 8 (id=1659): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = io_uring_setup(0x5b77, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x400000, 0x137}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r3, 0x402, 0x4) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r4, 0x402, 0x4) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r5, 0x402, 0x4) close_range(r2, 0xffffffffffffffff, 0x0) 3.535008404s ago: executing program 6 (id=1660): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) open(0x0, 0x0, 0x0) r1 = socket(0x2b, 0x1, 0x0) listen(r1, 0x0) ioctl$sock_TIOCOUTQ(r1, 0x894b, 0x0) 3.45552998s ago: executing program 7 (id=1661): r0 = io_uring_setup(0xdac, &(0x7f0000000180)) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r1, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0xfdef}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={0x0}, 0x18) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}, 0x1, 0x1000000000000}, 0x0) 3.365418846s ago: executing program 8 (id=1662): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x4e22, @multicast2}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x67, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback=0xe0000002}, "00186371ae9b1c03"}}}}}, 0x0) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @remote, @local}, 0xc) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') preadv(r3, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/179, 0xb3}], 0x1, 0x5, 0x6) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x8002, 0x0) 3.280312326s ago: executing program 7 (id=1663): openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket$isdn_base(0x22, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 3.22620191s ago: executing program 5 (id=1664): open(0x0, 0x4c37e, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000300)={0x14, r2, 0x1}, 0x14}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r3, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00', {}, 0x40}) 3.041561011s ago: executing program 5 (id=1665): openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x2, 0x2ff7afedf}, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000100)=0x9, 0x4) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)={0x14, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x20000810) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x50}}, 0x4008840) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r3, 0x0, 0x60, &(0x7f0000000040), 0x50) 2.925427093s ago: executing program 7 (id=1666): io_uring_setup(0x4822, &(0x7f0000000180)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) r1 = semget$private(0x0, 0x4000000009, 0x208) semop(r1, &(0x7f00000002c0)=[{0x1, 0x8698, 0x1000}], 0x1) semop(r1, &(0x7f0000000000)=[{0x0, 0xfffb}, {0x1, 0x0, 0x800}], 0x2) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000040)=[0x9, 0x7]) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000100)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f00000010c0)=0xffff) recvmsg(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000002600)=""/4096, 0x1000}], 0x1}, 0x0) 2.918603318s ago: executing program 8 (id=1667): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0xf3a, 0x0) socket$nl_route(0x10, 0x3, 0x0) getpeername$packet(r3, 0x0, 0x0) tee(r3, r1, 0x8, 0x0) write$binfmt_script(r4, 0x0, 0xfffffe48) 2.658152803s ago: executing program 5 (id=1668): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x4, 0xfffffffd) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000280)={0x6, 0x66c, 0x0, 'queue1\x00'}) write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) 2.507048254s ago: executing program 6 (id=1669): r0 = msgget$private(0x0, 0x790) msgsnd(r0, &(0x7f0000000800)=ANY=[@ANYRES8=0xffffffffffffffff], 0x401, 0x0) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYRES16=r1], 0x401, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000780)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x102, 0x2}, 0x0, 0x0, 0x200, 0x7, 0xfffffffffffff734, 0x40, 0x5, 0x4, 0x0, 0x344c}) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) msgsnd(r0, &(0x7f0000000180)={0x3}, 0x8, 0x0) r2 = syz_open_procfs(0x0, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x1, 0x0, 0x1, 0x10, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89d0080b8785d9600010000939d44b100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0xb6, 0x200]}}) msgctl$IPC_RMID(r0, 0x0) 2.364311067s ago: executing program 5 (id=1670): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0x77, 0x101301) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000180)={'veth0_virt_wifi\x00', &(0x7f0000000140)=@ethtool_pauseparam={0x13, 0x2, 0xfffffffd, 0x6}}) 2.069525976s ago: executing program 6 (id=1671): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r4, &(0x7f0000000180), 0x40010) 1.319301882s ago: executing program 7 (id=1672): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r0, 0x0, 0x0) socket$qrtr(0x2a, 0x2, 0x0) socket$qrtr(0x2a, 0x2, 0x0) userfaultfd(0x80001) ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r2 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.309073498s ago: executing program 8 (id=1673): r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) mkdir(&(0x7f0000000140)='./control\x00', 0x0) close(r0) r1 = inotify_init1(0x0) fcntl$setstatus(r0, 0x4, 0x2c00) r2 = gettid() fcntl$setown(r0, 0x8, r2) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8) inotify_add_watch(r1, &(0x7f0000000180)='./control\x00', 0xa4000960) rmdir(&(0x7f0000000100)='./control\x00') 1.244114977s ago: executing program 6 (id=1674): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.154887407s ago: executing program 5 (id=1675): syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) syz_open_dev$MSR(0x0, 0x0, 0x0) chdir(0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0xc, 0xa031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x19) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) 935.369733ms ago: executing program 8 (id=1676): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0xfffffffffffffed1) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) openat$zero(0xffffffffffffff9c, 0x0, 0x100, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x2, 0x76bb, 0x1000}], 0x1, 0x0) 118.566057ms ago: executing program 8 (id=1677): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$inet(0x2, 0x3, 0x5) getsockopt$inet_mreqsrc(r4, 0x0, 0x40, 0x0, &(0x7f0000000040)=0x54) 66.781597ms ago: executing program 7 (id=1678): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10) clock_settime(0x0, &(0x7f0000000180)={0x77359400}) 0s ago: executing program 6 (id=1679): syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$xdp(0x2c, 0x3, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x60a42, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$key(0xf, 0x3, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYRES32=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f0000000000)) kernel console output (not intermixed with test programs): =9051 comm="syz.5.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 280.809666][ T29] audit: type=1326 audit(1740750237.299:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9051 comm="syz.5.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 280.849834][ T29] audit: type=1326 audit(1740750237.319:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9051 comm="syz.5.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 280.880633][ T29] audit: type=1326 audit(1740750237.329:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9051 comm="syz.5.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 280.902114][ T29] audit: type=1326 audit(1740750237.369:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9051 comm="syz.5.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 281.081181][ T53] hsr_slave_0: left promiscuous mode [ 281.130064][ T53] hsr_slave_1: left promiscuous mode [ 281.136082][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 281.144225][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 281.154822][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 281.169740][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 281.232612][ T53] veth1_macvtap: left promiscuous mode [ 281.238217][ T53] veth0_macvtap: left promiscuous mode [ 281.287147][ T53] veth1_vlan: left promiscuous mode [ 281.299086][ T53] veth0_vlan: left promiscuous mode [ 281.761127][ T9072] kvm: pic: non byte write [ 282.059683][ T5836] Bluetooth: hci0: command tx timeout [ 282.562967][ T53] team0 (unregistering): Port device team_slave_1 removed [ 282.706710][ T53] team0 (unregistering): Port device team_slave_0 removed [ 283.168536][ T9094] netlink: 4 bytes leftover after parsing attributes in process `syz.7.851'. [ 283.664828][ T9103] overlayfs: failed to clone upperpath [ 283.754160][ T9094] bridge_slave_1: left allmulticast mode [ 283.790551][ T9094] bridge_slave_1: left promiscuous mode [ 283.821515][ T9094] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.863113][ T9094] bridge_slave_0: left allmulticast mode [ 283.881707][ T9094] bridge_slave_0: left promiscuous mode [ 283.889516][ T9094] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.149783][ T5836] Bluetooth: hci0: command tx timeout [ 284.253856][ T9029] chnl_net:caif_netlink_parms(): no params data found [ 285.381193][ T9029] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.391132][ T9029] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.398393][ T9029] bridge_slave_0: entered allmulticast mode [ 285.406264][ T9029] bridge_slave_0: entered promiscuous mode [ 285.430059][ T9029] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.456645][ T9029] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.478376][ T9029] bridge_slave_1: entered allmulticast mode [ 285.510882][ T9029] bridge_slave_1: entered promiscuous mode [ 285.588674][ T9029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.632595][ T9029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 285.702856][ T9139] netlink: 4 bytes leftover after parsing attributes in process `syz.7.865'. [ 285.756826][ T9029] team0: Port device team_slave_0 added [ 285.768260][ T9029] team0: Port device team_slave_1 added [ 285.825728][ T9029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.833855][ T9029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.878797][ T9029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.909661][ T9029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.918025][ T9029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.968864][ T9144] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 285.981439][ T9029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 286.084338][ T9029] hsr_slave_0: entered promiscuous mode [ 286.098362][ T9029] hsr_slave_1: entered promiscuous mode [ 286.105045][ T9029] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 286.141954][ T9029] Cannot create hsr debugfs directory [ 286.229669][ T5836] Bluetooth: hci0: command tx timeout [ 287.502825][ T9029] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 287.566307][ T9029] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 287.633461][ T9029] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 287.753488][ T9029] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 287.947788][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 287.947808][ T29] audit: type=1107 audit(1740750244.679:109): pid=9199 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 288.065067][ T9029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.224524][ T8378] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.228735][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 288.246049][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 288.255583][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 288.265403][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 288.274872][ T5827] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 288.291142][ T9029] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.298092][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 288.351143][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.358426][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 288.403100][ T8378] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.433705][ T8376] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.440909][ T8376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.525733][ T8378] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.651852][ T8378] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.830699][ T25] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 290.009684][ T25] usb 7-1: Using ep0 maxpacket: 32 [ 290.029028][ T25] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 290.046952][ T25] usb 7-1: config 0 has no interface number 0 [ 290.059672][ T25] usb 7-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 290.080204][ T25] usb 7-1: config 0 interface 1 has no altsetting 0 [ 290.098489][ T25] usb 7-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 290.117849][ T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.131274][ T8378] bond0 (unregistering): Released all slaves [ 290.146169][ T25] usb 7-1: Product: syz [ 290.151066][ T25] usb 7-1: Manufacturer: syz [ 290.155702][ T25] usb 7-1: SerialNumber: syz [ 290.171453][ T25] usb 7-1: config 0 descriptor?? [ 290.174938][ T9209] chnl_net:caif_netlink_parms(): no params data found [ 290.261807][ T9029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.525767][ T5827] Bluetooth: hci1: command tx timeout [ 290.597181][ T25] cx231xx 7-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 290.627308][ T25] cx231xx 7-1:0.1: Failed to read PCB config [ 290.655513][ T25] cx231xx 7-1:0.1: probe with driver cx231xx failed with error -71 [ 290.750784][ T25] usb 7-1: USB disconnect, device number 10 [ 290.866478][ T9209] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.877010][ T9209] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.885510][ T9209] bridge_slave_0: entered allmulticast mode [ 290.894660][ T9209] bridge_slave_0: entered promiscuous mode [ 290.993502][ T9209] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.006669][ T9209] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.025502][ T9209] bridge_slave_1: entered allmulticast mode [ 291.038156][ T9209] bridge_slave_1: entered promiscuous mode [ 291.129805][ T25] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 291.248573][ T9209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 291.306502][ T9209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 291.319865][ T25] usb 7-1: Using ep0 maxpacket: 32 [ 291.339748][ T25] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 291.359150][ T25] usb 7-1: config 0 has no interface number 0 [ 291.382176][ T25] usb 7-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 291.400163][ T25] usb 7-1: config 0 interface 1 has no altsetting 0 [ 291.400204][ T8378] hsr_slave_0: left promiscuous mode [ 291.422202][ T25] usb 7-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 291.437112][ T8378] hsr_slave_1: left promiscuous mode [ 291.443288][ T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.463060][ T25] usb 7-1: Product: syz [ 291.472070][ T25] usb 7-1: Manufacturer: syz [ 291.487495][ T25] usb 7-1: SerialNumber: syz [ 291.512952][ T25] usb 7-1: config 0 descriptor?? [ 291.526684][ T8378] veth1_macvtap: left promiscuous mode [ 291.532563][ T8378] veth0_macvtap: left promiscuous mode [ 291.538357][ T8378] veth1_vlan: left promiscuous mode [ 291.544051][ T8378] veth0_vlan: left promiscuous mode [ 291.905174][ T25] cx231xx 7-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 291.917140][ T25] cx231xx 7-1:0.1: bad scenario!!!!! [ 291.917140][ T25] config_info=0 [ 291.935235][ T25] cx231xx 7-1:0.1: Failed to read PCB config [ 292.495640][ T5910] usb 7-1: USB disconnect, device number 11 [ 292.921282][ T5827] Bluetooth: hci1: command tx timeout [ 293.587814][ T9283] __vm_enough_memory: pid: 9283, comm: syz.6.904, bytes: 21200346771456 not enough memory for the allocation [ 294.419182][ T9278] netdevsim netdevsim7 : renamed from netdevsim0 (while UP) [ 294.451883][ T9209] team0: Port device team_slave_0 added [ 294.462295][ T9209] team0: Port device team_slave_1 added [ 294.568857][ T9209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 294.595661][ T9209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.635412][ T9209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 294.658703][ T9029] veth0_vlan: entered promiscuous mode [ 294.904205][ T9209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 294.928353][ T9209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.955777][ T5827] Bluetooth: hci1: command tx timeout [ 294.979811][ T9209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 295.094581][ T9029] veth1_vlan: entered promiscuous mode [ 295.167342][ T9209] hsr_slave_0: entered promiscuous mode [ 295.200633][ T9209] hsr_slave_1: entered promiscuous mode [ 295.228187][ T9209] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 295.248984][ T9209] Cannot create hsr debugfs directory [ 296.981295][ T9315] syzkaller0: entered promiscuous mode [ 296.986998][ T9315] syzkaller0: entered allmulticast mode [ 297.006964][ T9029] veth0_macvtap: entered promiscuous mode [ 297.016918][ T9029] veth1_macvtap: entered promiscuous mode [ 297.022948][ T5827] Bluetooth: hci1: command tx timeout [ 297.064653][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.085632][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.111754][ T9029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.174806][ T29] audit: type=1804 audit(1740750254.909:110): pid=9344 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.925" name="file0" dev="tmpfs" ino=1013 res=1 errno=0 [ 298.349432][ T29] audit: type=1326 audit(1740750255.079:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9347 comm="syz.7.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8387d8d169 code=0x7ffc0000 [ 298.373381][ T29] audit: type=1326 audit(1740750255.079:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9347 comm="syz.7.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8387d8d169 code=0x7ffc0000 [ 298.397578][ T29] audit: type=1326 audit(1740750255.109:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9347 comm="syz.7.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8387d8d169 code=0x7ffc0000 [ 298.421673][ T29] audit: type=1326 audit(1740750255.109:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9347 comm="syz.7.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8387d8d169 code=0x7ffc0000 [ 298.444454][ T29] audit: type=1326 audit(1740750255.109:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9347 comm="syz.7.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8387d8d169 code=0x7ffc0000 [ 298.473342][ T29] audit: type=1326 audit(1740750255.129:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9347 comm="syz.7.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8387d8d169 code=0x7ffc0000 [ 298.501431][ T29] audit: type=1326 audit(1740750255.129:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9347 comm="syz.7.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8387d8d169 code=0x7ffc0000 [ 298.530820][ T29] audit: type=1326 audit(1740750255.129:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9347 comm="syz.7.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8387d8d169 code=0x7ffc0000 [ 298.552736][ T29] audit: type=1326 audit(1740750255.129:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9347 comm="syz.7.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f8387d8d169 code=0x7ffc0000 [ 300.745285][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.764545][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.784757][ T9029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.825236][ T9029] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.855538][ T9029] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.877677][ T9029] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.893031][ T9029] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.950957][ T9209] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 301.002843][ T9209] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 301.045724][ T9209] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 301.075065][ T9209] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 301.166076][ T8372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.186421][ T8372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.238906][ T8372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.257950][ T8372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.309768][ T25] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 301.329439][ T9209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.355137][ T9209] 8021q: adding VLAN 0 to HW filter on device team0 [ 301.368931][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.376069][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.431819][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.439019][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.471919][ T25] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 301.486772][ T25] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 301.531362][ T25] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 301.554807][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.613140][ T9367] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 301.634251][ T25] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 301.882557][ T9176] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.914595][ T5906] usb 7-1: USB disconnect, device number 12 [ 302.029220][ T9209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 302.118377][ T9176] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.247001][ T9176] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.298833][ T9209] veth0_vlan: entered promiscuous mode [ 302.328945][ T9176] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.352318][ T9209] veth1_vlan: entered promiscuous mode [ 302.377332][ T9209] veth0_macvtap: entered promiscuous mode [ 302.387076][ T9209] veth1_macvtap: entered promiscuous mode [ 302.404798][ T9209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.415642][ T9209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.425712][ T9209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.436277][ T9209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.447544][ T9209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 302.474932][ T9209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.488706][ T9209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.498936][ T9209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.510609][ T9209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.521570][ T9209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 302.537030][ T9209] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.546770][ T9209] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.556070][ T9209] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.565563][ T9209] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.670425][ T9176] bridge_slave_1: left allmulticast mode [ 302.676222][ T9176] bridge_slave_1: left promiscuous mode [ 302.698204][ T9176] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.716641][ T9176] bridge_slave_0: left allmulticast mode [ 302.722551][ T9176] bridge_slave_0: left promiscuous mode [ 302.728368][ T9176] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.104308][ T9176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.117433][ T9176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.128185][ T9176] bond0 (unregistering): Released all slaves [ 303.152829][ T8378] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.181557][ T8378] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.390886][ T9188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.415302][ T9188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.675418][ T9388] netlink: 'syz.7.936': attribute type 4 has an invalid length. [ 304.055052][ T9176] hsr_slave_0: left promiscuous mode [ 304.072786][ T9176] hsr_slave_1: left promiscuous mode [ 304.081030][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 304.099120][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 304.103639][ T9176] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.117053][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 304.125977][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 304.134844][ T5836] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 304.145291][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 304.187425][ T9176] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.352108][ T9176] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.375433][ T9176] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.481648][ T9176] veth1_macvtap: left promiscuous mode [ 304.488618][ T9176] veth0_macvtap: left promiscuous mode [ 304.502246][ T9176] veth1_vlan: left promiscuous mode [ 304.508857][ T9176] veth0_vlan: left promiscuous mode [ 304.564727][ T9404] block nbd8: shutting down sockets [ 304.590830][ T9406] overlayfs: failed to clone upperpath [ 304.652324][ T9406] Invalid ELF header magic: != ELF [ 306.222212][ T5836] Bluetooth: hci0: command tx timeout [ 306.828703][ T9176] team0 (unregistering): Port device team_slave_1 removed [ 306.882592][ T9176] team0 (unregistering): Port device team_slave_0 removed [ 307.395100][ T9421] geneve2: entered promiscuous mode [ 307.402024][ T9421] geneve2: entered allmulticast mode [ 307.588697][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 307.588720][ T29] audit: type=1804 audit(1740750264.319:140): pid=9436 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.953" name="/newroot/204/file0" dev="tmpfs" ino=1109 res=1 errno=0 [ 307.699723][ T29] audit: type=1804 audit(1740750264.359:141): pid=9436 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.953" name="/newroot/204/file0" dev="tmpfs" ino=1109 res=1 errno=0 [ 307.986292][ T9448] netlink: 16186 bytes leftover after parsing attributes in process `syz.6.955'. [ 308.309858][ T5836] Bluetooth: hci0: command tx timeout [ 308.892054][ T9464] netlink: 'syz.6.960': attribute type 2 has an invalid length. [ 308.911038][ T9464] netlink: 16 bytes leftover after parsing attributes in process `syz.6.960'. [ 308.914968][ T9400] chnl_net:caif_netlink_parms(): no params data found [ 309.164138][ T9400] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.194558][ T9400] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.209066][ T9400] bridge_slave_0: entered allmulticast mode [ 309.217799][ T9400] bridge_slave_0: entered promiscuous mode [ 309.275659][ T9400] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.298023][ T9400] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.317632][ T9400] bridge_slave_1: entered allmulticast mode [ 309.335914][ T9400] bridge_slave_1: entered promiscuous mode [ 309.403674][ T9400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.432253][ T9400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.607398][ T9400] team0: Port device team_slave_0 added [ 309.626804][ T9400] team0: Port device team_slave_1 added [ 309.695278][ T9400] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 309.720216][ T9400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.761290][ T9400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 309.776073][ T9400] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 309.783452][ T9400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.845295][ T9400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 309.937873][ T9400] hsr_slave_0: entered promiscuous mode [ 309.946036][ T9400] hsr_slave_1: entered promiscuous mode [ 309.956063][ T9400] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 309.964468][ T9400] Cannot create hsr debugfs directory [ 309.970586][ T25] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 310.144169][ T25] usb 7-1: config 5 has an invalid interface number: 171 but max is 0 [ 310.161328][ T25] usb 7-1: config 5 has no interface number 0 [ 310.183009][ T25] usb 7-1: New USB device found, idVendor=0411, idProduct=0012, bcdDevice=2f.00 [ 310.199423][ T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.218543][ T25] usb 7-1: Product: syz [ 310.232292][ T25] usb 7-1: Manufacturer: syz [ 310.237394][ T25] usb 7-1: SerialNumber: syz [ 310.383082][ T5836] Bluetooth: hci0: command tx timeout [ 310.680665][ T25] rtl8150 7-1:5.171: couldn't find required endpoints [ 310.689741][ T25] rtl8150 7-1:5.171: probe with driver rtl8150 failed with error -5 [ 310.767187][ T25] usb 7-1: USB disconnect, device number 13 [ 311.424236][ T9503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 311.486406][ T9400] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 311.541833][ T9400] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 311.586678][ T9400] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 311.632035][ T9400] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 311.862756][ T9400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 311.927322][ T9400] 8021q: adding VLAN 0 to HW filter on device team0 [ 311.965985][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.973306][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 311.994297][ T9173] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.001541][ T9173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.018959][ T9516] netlink: 'syz.7.978': attribute type 16 has an invalid length. [ 312.026996][ T9516] netlink: 'syz.7.978': attribute type 17 has an invalid length. [ 312.066442][ T9516] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 312.131169][ T9520] veth0_to_team: entered promiscuous mode [ 312.137209][ T9520] veth0_to_team: entered allmulticast mode [ 312.461002][ T5836] Bluetooth: hci0: command tx timeout [ 312.613683][ T9400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.050307][ T9548] /dev/nullb0: Can't lookup blockdev [ 314.701139][ T9550] overlayfs: failed to clone upperpath [ 315.940415][ T9552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 317.072262][ T9400] veth0_vlan: entered promiscuous mode [ 317.092670][ T9400] veth1_vlan: entered promiscuous mode [ 317.189505][ T9400] veth0_macvtap: entered promiscuous mode [ 317.208974][ T9575] geneve0: entered allmulticast mode [ 317.223353][ T9577] netlink: 8 bytes leftover after parsing attributes in process `syz.8.994'. [ 317.232509][ T9577] netlink: 4 bytes leftover after parsing attributes in process `syz.8.994'. [ 317.242917][ T9400] veth1_macvtap: entered promiscuous mode [ 317.260129][ T9577] netlink: 'syz.8.994': attribute type 1 has an invalid length. [ 317.267821][ T9577] netlink: 16 bytes leftover after parsing attributes in process `syz.8.994'. [ 317.287085][ T9400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.330786][ T9400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.341337][ T9400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.384479][ T9400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.394768][ T5836] Bluetooth: hci2: unexpected event for opcode 0x0c5b [ 317.403146][ T9400] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 317.415535][ T9400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.426530][ T9400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.436879][ T9400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.449001][ T9400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.461806][ T9400] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 317.487719][ T9400] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.510966][ T9400] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.529786][ T9400] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.549771][ T9400] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.582984][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.590221][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.796600][ T8378] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.847363][ T8378] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.997412][ T3570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.006514][ T3570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.257061][ T9590] vlan2: entered allmulticast mode [ 318.422698][ T9593] netlink: 'syz.7.993': attribute type 12 has an invalid length. [ 319.242373][ T9172] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.778207][ T9172] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.074024][ T9172] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.136591][ T9172] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.252165][ T9172] bridge_slave_1: left allmulticast mode [ 320.259173][ T9172] bridge_slave_1: left promiscuous mode [ 320.265462][ T9172] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.274912][ T9172] bridge_slave_0: left allmulticast mode [ 320.281387][ T9172] bridge_slave_0: left promiscuous mode [ 320.287101][ T9172] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.646439][ T9172] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 320.658049][ T9172] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 320.668942][ T9172] bond0 (unregistering): Released all slaves [ 320.961725][ T9172] hsr_slave_0: left promiscuous mode [ 320.967541][ T9172] hsr_slave_1: left promiscuous mode [ 320.976496][ T9172] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 320.984450][ T9172] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 320.992458][ T9172] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 321.000186][ T9172] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 321.071009][ T9172] veth1_macvtap: left promiscuous mode [ 321.076607][ T9172] veth0_macvtap: left promiscuous mode [ 321.104693][ T9172] veth1_vlan: left promiscuous mode [ 321.121239][ T9172] veth0_vlan: left promiscuous mode [ 322.361031][ T29] audit: type=1804 audit(1740750279.079:142): pid=9619 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.8.1008" name="/newroot/15/bus/bus" dev="overlay" ino=107 res=1 errno=0 [ 322.368687][ T9619] Invalid ELF header magic: != ELF [ 322.787212][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 322.798353][ T5827] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 322.816637][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 322.837079][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 322.850328][ T5827] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 322.859122][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 325.034328][ T5827] Bluetooth: hci0: command tx timeout [ 325.871328][ T9172] team0 (unregistering): Port device team_slave_1 removed [ 326.095261][ T9172] team0 (unregistering): Port device team_slave_0 removed [ 327.119789][ T5827] Bluetooth: hci0: command tx timeout [ 329.190543][ T5827] Bluetooth: hci0: command tx timeout [ 330.523925][ T9713] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1039'. [ 331.788872][ T9630] chnl_net:caif_netlink_parms(): no params data found [ 331.801068][ T5827] Bluetooth: hci0: command tx timeout [ 333.732523][ T9630] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.769465][ T9630] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.795307][ T9630] bridge_slave_0: entered allmulticast mode [ 333.837180][ T9630] bridge_slave_0: entered promiscuous mode [ 334.004768][ T9630] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.072741][ T9630] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.123509][ T9630] bridge_slave_1: entered allmulticast mode [ 334.153050][ T9630] bridge_slave_1: entered promiscuous mode [ 334.220847][ T9630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 334.233170][ T9630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 334.702659][ T9630] team0: Port device team_slave_0 added [ 334.713541][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880257ed400: rx timeout, send abort [ 334.721916][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880257eec00: rx timeout, send abort [ 334.730460][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880257ed400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 334.744880][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880257eec00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 334.845191][ T9630] team0: Port device team_slave_1 added [ 336.148991][ T9630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 336.211715][ T9630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.295103][ T9630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 336.360215][ T9630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 336.375218][ T9630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.412355][ T9764] overlayfs: failed to clone upperpath [ 336.438315][ T9630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 336.631377][ T9630] hsr_slave_0: entered promiscuous mode [ 336.638560][ T9630] hsr_slave_1: entered promiscuous mode [ 336.645567][ T9630] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 336.770467][ T9630] Cannot create hsr debugfs directory [ 337.309761][ T5876] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 337.511919][ T5876] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 337.548772][ T5876] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 337.788199][ T5876] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 338.652314][ T5876] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.665815][ T9774] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 338.676774][ T5876] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 338.964409][ T5907] usb 9-1: USB disconnect, device number 2 [ 339.387131][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 339.704733][ T9799] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1064'. [ 340.201159][ T9630] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 340.425635][ T9630] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 340.533951][ T9630] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 340.554605][ T9630] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 340.853274][ T9630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 340.883740][ T9630] 8021q: adding VLAN 0 to HW filter on device team0 [ 340.901666][ T9183] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.908833][ T9183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 340.972080][ T9816] netlink: 'syz.7.1069': attribute type 3 has an invalid length. [ 340.980509][ T9816] netlink: 'syz.7.1069': attribute type 3 has an invalid length. [ 340.994948][ T9816] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1069'. [ 341.095299][ T9173] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.102564][ T9173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 342.408076][ T9630] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 342.479705][ T9630] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 342.715695][ T9832] fuse: Bad value for 'rootmode' [ 343.084809][ T9630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 343.185090][ T9841] netlink: 4696 bytes leftover after parsing attributes in process `syz.8.1077'. [ 343.194924][ T9841] netlink: 4696 bytes leftover after parsing attributes in process `syz.8.1077'. [ 343.204417][ T9841] netlink: 328 bytes leftover after parsing attributes in process `syz.8.1077'. [ 344.601391][ T9630] veth0_vlan: entered promiscuous mode [ 344.617544][ T9630] veth1_vlan: entered promiscuous mode [ 344.661650][ T9630] veth0_macvtap: entered promiscuous mode [ 344.678313][ T9630] veth1_macvtap: entered promiscuous mode [ 344.706214][ T9630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.758574][ T9630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.774347][ T9630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.809325][ T9630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.072300][ T9630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 345.094757][ T9630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.128635][ T9630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.161241][ T9630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.407335][ T9630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.997516][ T9630] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 346.032372][ T9630] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.070052][ T9630] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.097490][ T9630] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.141429][ T9630] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.409408][ T9169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.465538][ T9169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.567286][ T1115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.579873][ T1115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.105642][ T9169] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.271841][ T9169] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.361943][ T9169] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.457819][ T9169] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.694981][ T9169] bridge_slave_1: left allmulticast mode [ 348.705586][ T9169] bridge_slave_1: left promiscuous mode [ 348.714064][ T9169] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.723953][ T9169] bridge_slave_0: left allmulticast mode [ 348.730104][ T9169] bridge_slave_0: left promiscuous mode [ 348.736116][ T9169] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.185056][ T9169] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 349.196819][ T9169] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 349.207120][ T9169] bond0 (unregistering): Released all slaves [ 349.518769][ T9169] hsr_slave_0: left promiscuous mode [ 349.537450][ T9169] hsr_slave_1: left promiscuous mode [ 349.543494][ T9169] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 349.551183][ T9169] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 349.559014][ T9169] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 349.566930][ T9169] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 349.596858][ T9169] veth1_macvtap: left promiscuous mode [ 349.602524][ T9169] veth0_macvtap: left promiscuous mode [ 349.608157][ T9169] veth1_vlan: left promiscuous mode [ 349.619728][ T9169] veth0_vlan: left promiscuous mode [ 350.318087][ T9910] overlayfs: failed to clone upperpath [ 350.818958][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 350.831896][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 350.865718][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 350.878257][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 350.890145][ T5836] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 350.905835][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 352.608304][ T9169] team0 (unregistering): Port device team_slave_1 removed [ 352.649804][ T909] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 352.786487][ T9169] team0 (unregistering): Port device team_slave_0 removed [ 352.850803][ T909] usb 9-1: Using ep0 maxpacket: 8 [ 352.890845][ T909] usb 9-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=a8.17 [ 352.921740][ T909] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.956505][ T909] usb 9-1: Product: syz [ 352.963897][ T909] usb 9-1: Manufacturer: syz [ 352.983267][ T909] usb 9-1: SerialNumber: syz [ 353.032443][ T5827] Bluetooth: hci0: command tx timeout [ 353.056051][ T909] usb 9-1: config 0 descriptor?? [ 353.098402][ T909] hub 9-1:0.0: bad descriptor, ignoring hub [ 353.117822][ T909] hub 9-1:0.0: probe with driver hub failed with error -5 [ 353.253676][ T909] gspca_main: jeilinj-2.14.0 probing 0979:0270 [ 354.085781][ T909] usb 9-1: USB disconnect, device number 3 [ 354.658270][ T9917] chnl_net:caif_netlink_parms(): no params data found [ 354.995197][ T9917] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.010596][ T9917] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.129969][ T5827] Bluetooth: hci0: command tx timeout [ 355.182025][ T9917] bridge_slave_0: entered allmulticast mode [ 355.327412][ T9917] bridge_slave_0: entered promiscuous mode [ 355.979851][ T9917] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.016137][ T9917] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.084520][ T9917] bridge_slave_1: entered allmulticast mode [ 356.097657][ T9917] bridge_slave_1: entered promiscuous mode [ 357.189603][ T5827] Bluetooth: hci0: command tx timeout [ 357.227849][ T9987] Cannot find add_set index 0 as target [ 357.463622][ T9917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 357.498798][ T9917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 357.545470][ T5827] Bluetooth: hci4: SCO packet for unknown connection handle 201 [ 357.718120][ T9917] team0: Port device team_slave_0 added [ 357.755338][ T9917] team0: Port device team_slave_1 added [ 357.842991][ T9917] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 357.857821][ T9917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 357.897929][ T9917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 357.921561][ T9917] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 357.929360][ T9917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 357.962565][ T9917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 358.080340][ T9917] hsr_slave_0: entered promiscuous mode [ 358.098549][ T9917] hsr_slave_1: entered promiscuous mode [ 358.107788][ T9917] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 358.124151][ T9917] Cannot create hsr debugfs directory [ 358.162533][T10012] overlayfs: failed to clone upperpath [ 358.351993][T10016] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1132'. [ 358.366085][T10016] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1132'. [ 358.374388][T10010] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 358.377655][T10016] netlink: 44 bytes leftover after parsing attributes in process `syz.8.1132'. [ 358.391391][T10010] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 358.399806][T10010] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 358.405996][T10010] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 358.424481][T10010] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 358.437486][T10010] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 358.459920][T10010] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 358.471869][T10010] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 358.478359][T10010] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 358.491243][T10010] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 358.545344][T10024] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1136'. [ 358.559358][T10024] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1136'. [ 358.926381][ T9917] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 359.201344][ T9917] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 359.283187][ T9917] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 359.373116][ T9917] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 359.541701][ T9917] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.597074][ T9917] 8021q: adding VLAN 0 to HW filter on device team0 [ 360.157592][ T9173] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.164809][ T9173] bridge0: port 1(bridge_slave_0) entered forwarding state [ 360.174047][ T9173] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.181181][ T9173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 360.389610][ T5836] Bluetooth: hci4: command 0x0c1a tx timeout [ 360.460060][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 360.466185][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 360.472739][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout [ 360.539667][ T5827] Bluetooth: hci0: command 0x0405 tx timeout [ 360.572662][ T29] audit: type=1326 audit(1740750317.299:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 360.730839][ T29] audit: type=1326 audit(1740750317.349:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 360.843804][ T29] audit: type=1326 audit(1740750317.349:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 361.031327][ T29] audit: type=1326 audit(1740750317.349:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 361.062288][ T9917] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.118412][ T29] audit: type=1326 audit(1740750317.349:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 361.208932][ T29] audit: type=1326 audit(1740750317.349:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 361.284567][ T29] audit: type=1326 audit(1740750317.349:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 361.332674][ T29] audit: type=1326 audit(1740750317.349:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 361.356378][T10074] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1153'. [ 361.408392][ T29] audit: type=1326 audit(1740750317.349:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 361.466266][ T29] audit: type=1326 audit(1740750317.349:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10048 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 362.793136][T10088] overlayfs: failed to clone upperpath [ 362.809928][ T5827] Bluetooth: hci3: command 0x0406 tx timeout [ 362.816371][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 362.823006][ T5832] Bluetooth: hci0: command 0x0405 tx timeout [ 363.132822][ T9917] veth0_vlan: entered promiscuous mode [ 363.216206][ T9917] veth1_vlan: entered promiscuous mode [ 363.312993][ T9917] veth0_macvtap: entered promiscuous mode [ 363.347690][ T9917] veth1_macvtap: entered promiscuous mode [ 363.360394][ T5876] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 363.375830][ T9917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 363.388631][ T9917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 363.400248][ T9917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 363.453264][ T9917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 363.472118][ T9917] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 363.543383][ T9917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 363.563923][ T5876] usb 9-1: config 0 has an invalid interface number: 64 but max is 0 [ 363.575641][ T5876] usb 9-1: config 0 has no interface number 0 [ 363.588708][ T9917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 363.590952][ T5876] usb 9-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 363.619426][ T9917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 363.621425][ T5876] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.636368][ T9917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 363.658078][ T9917] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 363.687857][ T9917] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.731701][ T9917] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.745464][ T9917] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.757599][ T9917] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.852282][ T5876] usb 9-1: Product: syz [ 363.856594][ T5876] usb 9-1: Manufacturer: syz [ 363.883746][ T5876] usb 9-1: SerialNumber: syz [ 363.932436][ T5876] usb 9-1: config 0 descriptor?? [ 364.003943][ T9174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.023804][ T9174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.087797][ T9169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.107289][ T9169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.158782][ T5876] usb 9-1: Found UVC 0.08 device syz (046d:0823) [ 364.179185][ T5876] usb 9-1: No valid video chain found. [ 364.197504][ T5876] usb 9-1: USB disconnect, device number 4 [ 364.334875][T10114] overlayfs: failed to clone upperpath [ 364.382479][ T5906] Process accounting resumed [ 365.682830][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 366.352438][ T9172] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.722188][ T9172] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.152975][ T9172] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.208842][ T9172] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.343308][ T9172] bridge_slave_1: left allmulticast mode [ 368.349020][ T9172] bridge_slave_1: left promiscuous mode [ 368.355282][ T9172] bridge0: port 2(bridge_slave_1) entered disabled state [ 368.365679][ T9172] bridge_slave_0: left allmulticast mode [ 368.371772][ T9172] bridge_slave_0: left promiscuous mode [ 368.377454][ T9172] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.747181][ T9172] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 368.758594][ T9172] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 368.769510][ T9172] bond0 (unregistering): Released all slaves [ 369.098740][ T9172] hsr_slave_0: left promiscuous mode [ 369.107718][ T9172] hsr_slave_1: left promiscuous mode [ 369.121671][ T9172] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 369.159852][ T9172] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 369.238906][ T9172] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 369.260531][ T9172] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 369.343536][ T9172] veth1_macvtap: left promiscuous mode [ 369.349341][ T9172] veth0_macvtap: left promiscuous mode [ 369.394787][ T9172] veth1_vlan: left promiscuous mode [ 369.438102][ T9172] veth0_vlan: left promiscuous mode [ 370.471481][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 370.481920][ T5827] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 370.491134][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 370.499081][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 370.507090][ T5827] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 370.516332][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 370.576157][ T5827] Bluetooth: hci4: SCO packet for unknown connection handle 201 [ 370.938444][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 370.938465][ T29] audit: type=1804 audit(1740750327.669:166): pid=10179 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.1188" name="/newroot/257/bus/bus" dev="overlay" ino=1436 res=1 errno=0 [ 370.963258][T10179] Invalid ELF header len 8 [ 371.349837][ T9172] team0 (unregistering): Port device team_slave_1 removed [ 371.388866][ T29] audit: type=1326 audit(1740750328.109:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10163 comm="syz.5.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7fc00000 [ 371.425647][ T29] audit: type=1326 audit(1740750328.109:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10163 comm="syz.5.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efc93d8d169 code=0x7fc00000 [ 371.486052][ T29] audit: type=1326 audit(1740750328.109:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10163 comm="syz.5.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7fc00000 [ 371.520538][ T9172] team0 (unregistering): Port device team_slave_0 removed [ 371.530387][ T29] audit: type=1326 audit(1740750328.109:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10163 comm="syz.5.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7fc00000 [ 371.565722][ T29] audit: type=1326 audit(1740750328.109:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10163 comm="syz.5.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7fc00000 [ 371.593928][ T29] audit: type=1326 audit(1740750328.109:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10163 comm="syz.5.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7fc00000 [ 371.616422][ T29] audit: type=1326 audit(1740750328.109:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10163 comm="syz.5.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7fc00000 [ 371.642798][ T29] audit: type=1326 audit(1740750328.109:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10163 comm="syz.5.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7fc00000 [ 371.664900][ T29] audit: type=1326 audit(1740750328.109:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10163 comm="syz.5.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7fc00000 [ 372.680048][ T5832] Bluetooth: hci0: command tx timeout [ 373.229772][ T47] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 373.440176][ T47] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 373.454699][ T47] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.500334][ T47] usb 7-1: config 0 descriptor?? [ 373.521292][ T47] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 374.364769][ T5832] Bluetooth: hci4: unexpected event for opcode 0x1003 [ 374.391196][ T5832] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 374.618808][T10222] xt_TPROXY: Can be used only with -p tcp or -p udp [ 374.700106][ T5832] Bluetooth: hci0: command tx timeout [ 374.943124][T10223] netlink: 'syz.7.1199': attribute type 1 has an invalid length. [ 375.301708][ T47] gspca_stv06xx: I2C: Read error writing address: -71 [ 375.320733][ T47] usb 7-1: USB disconnect, device number 14 [ 375.344608][T10223] 8021q: adding VLAN 0 to HW filter on device bond1 [ 375.472042][T10226] bond1: (slave veth3): Enslaving as an active interface with a down link [ 375.555081][T10227] bond1: (slave vlan1): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 375.759153][T10240] overlayfs: failed to clone upperpath [ 375.908245][T10161] chnl_net:caif_netlink_parms(): no params data found [ 376.137258][T10251] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.207274][T10263] syzkaller0: tun_chr_ioctl cmd 1074812118 [ 376.287763][T10257] syzkaller0: tun_chr_ioctl cmd 1074025681 [ 376.357241][T10251] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.406189][T10161] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.426095][T10161] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.443917][T10161] bridge_slave_0: entered allmulticast mode [ 376.461048][T10161] bridge_slave_0: entered promiscuous mode [ 376.536805][T10251] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.591782][T10161] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.610182][T10161] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.617476][T10161] bridge_slave_1: entered allmulticast mode [ 376.781498][ T5832] Bluetooth: hci0: command tx timeout [ 376.939194][T10161] bridge_slave_1: entered promiscuous mode [ 377.244816][T10284] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1214'. [ 377.246441][T10251] netdevsim netdevsim7  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.773799][T10161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 377.966579][T10161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 377.991062][T10291] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 378.086144][T10161] team0: Port device team_slave_0 added [ 378.099392][T10161] team0: Port device team_slave_1 added [ 378.173232][T10295] vlan0: entered promiscuous mode [ 378.179627][T10295] vlan0: entered allmulticast mode [ 378.210331][T10299] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1217'. [ 378.227873][T10161] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 378.243796][T10161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.288193][ T5832] Bluetooth: hci2: unexpected event for opcode 0x2031 [ 378.300904][T10161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 378.382281][ T5832] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 378.391529][ T5832] Bluetooth: hci4: Injecting HCI hardware error event [ 378.401909][ T5836] Bluetooth: hci4: hardware error 0x00 [ 378.426200][T10251] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.435605][T10161] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 378.446516][T10161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.473408][T10161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 378.526829][T10251] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.633289][T10251] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.652894][T10161] hsr_slave_0: entered promiscuous mode [ 378.659180][T10161] hsr_slave_1: entered promiscuous mode [ 378.674521][T10161] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 378.682856][T10161] Cannot create hsr debugfs directory [ 378.769062][T10251] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.870389][ T5832] Bluetooth: hci0: command tx timeout [ 379.710951][ T909] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 379.730357][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.737627][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.897735][ T909] usb 7-1: Using ep0 maxpacket: 8 [ 379.927126][ T909] usb 7-1: config 0 has an invalid interface number: 130 but max is 0 [ 379.960764][ T909] usb 7-1: config 0 has no interface number 0 [ 379.985710][ T909] usb 7-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56 [ 380.001784][ T909] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.017766][ T909] usb 7-1: Product: syz [ 380.027653][ T909] usb 7-1: Manufacturer: syz [ 380.037055][ T909] usb 7-1: SerialNumber: syz [ 380.054991][ T909] usb 7-1: config 0 descriptor?? [ 380.067326][ T909] as10x_usb: device has been detected [ 380.074209][ T909] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e)) [ 380.128260][ T909] usb 7-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))... [ 380.239659][ T47] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 380.329246][T10161] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 380.358337][T10161] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 380.376016][T10161] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 380.392539][ T909] as10x_usb: error during firmware upload part1 [ 380.403403][T10161] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 380.418326][ T909] Registered device PCTV Systems picoStick (74e) [ 380.419857][ T47] usb 9-1: Using ep0 maxpacket: 32 [ 380.431005][ T909] usb 7-1: USB disconnect, device number 15 [ 380.465557][ T5836] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 380.481727][ T47] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 380.497458][ T47] usb 9-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 380.506824][ T47] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.514916][ T47] usb 9-1: Product: syz [ 380.519198][ T47] usb 9-1: Manufacturer: syz [ 380.523916][ T47] usb 9-1: SerialNumber: syz [ 380.531317][ T47] usb 9-1: config 0 descriptor?? [ 380.537262][T10320] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 380.555716][ T47] hub 9-1:0.0: bad descriptor, ignoring hub [ 380.569634][ T47] hub 9-1:0.0: probe with driver hub failed with error -5 [ 380.583684][ T909] Unregistered device PCTV Systems picoStick (74e) [ 380.585773][ T909] as10x_usb: device has been disconnected [ 380.592917][ T47] input: syz syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input10 [ 380.735329][T10161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 380.789463][T10161] 8021q: adding VLAN 0 to HW filter on device team0 [ 380.818978][ T9183] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.826215][ T9183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 380.918171][ T9174] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.925402][ T9174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 381.088688][T10321] hfs: unable to load iocharset "io#harset" [ 381.249960][ T909] usb 9-1: USB disconnect, device number 5 [ 381.250225][ C1] usbtouchscreen 9-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 381.260730][T10333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 381.756022][T10161] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 381.873849][T10345] netlink: zone id is out of range [ 381.900856][T10345] netlink: set zone limit has 8 unknown bytes [ 381.932621][T10345] netlink: del zone limit has 4 unknown bytes [ 382.299821][ T5836] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 382.308646][ T5836] Bluetooth: hci2: Injecting HCI hardware error event [ 382.319995][ T5836] Bluetooth: hci2: hardware error 0x00 [ 382.379712][T10161] veth0_vlan: entered promiscuous mode [ 382.401142][T10161] veth1_vlan: entered promiscuous mode [ 382.437770][T10161] veth0_macvtap: entered promiscuous mode [ 382.447095][T10161] veth1_macvtap: entered promiscuous mode [ 382.482082][T10161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 382.518013][T10161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.550110][T10161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 382.570930][T10161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.603912][T10161] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 382.715517][T10161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 382.909660][T10161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.950769][T10161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 382.969800][T10161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.987640][T10161] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 383.767497][T10161] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.814254][T10161] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.849821][T10161] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.884137][T10161] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.059738][ T5836] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 385.309219][ T9183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.341757][ T9183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.399131][ T9173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.427084][ T9173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 387.134532][T10392] 9pnet_fd: p9_fd_create_tcp (10392): problem connecting socket to 127.0.0.1 [ 387.469299][ T9183] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.567605][T10406] overlayfs: failed to clone upperpath [ 387.626100][T10410] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1251'. [ 387.679146][ T9183] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.787009][ T9183] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.848217][ T9183] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.960735][ T9183] bridge_slave_1: left allmulticast mode [ 387.966739][ T9183] bridge_slave_1: left promiscuous mode [ 387.975747][ T9183] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.984851][ T9183] bridge_slave_0: left allmulticast mode [ 387.991657][ T9183] bridge_slave_0: left promiscuous mode [ 387.997368][ T9183] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.342076][ T9183] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 388.353672][ T9183] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 388.366155][ T9183] bond0 (unregistering): Released all slaves [ 388.698511][ T9183] hsr_slave_0: left promiscuous mode [ 388.709499][ T9183] hsr_slave_1: left promiscuous mode [ 388.715733][ T9183] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 388.728093][ T9183] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 388.736320][ T9183] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 388.744753][ T9183] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 388.773070][ T9183] veth1_macvtap: left promiscuous mode [ 388.778644][ T9183] veth0_macvtap: left promiscuous mode [ 388.784599][ T9183] veth1_vlan: left promiscuous mode [ 388.790428][ T9183] veth0_vlan: left promiscuous mode [ 389.341098][T10413] netlink: 'syz.5.1253': attribute type 1 has an invalid length. [ 389.379080][ T9183] team0 (unregistering): Port device team_slave_1 removed [ 389.561079][T10423] overlayfs: failed to clone upperpath [ 389.640043][ T9183] team0 (unregistering): Port device team_slave_0 removed [ 389.955006][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 389.976493][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 389.986038][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 390.774551][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 390.784727][ T5832] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 390.801436][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 391.696791][T10456] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1266'. [ 392.553864][T10413] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 392.570139][T10420] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 392.760403][T10470] IPVS: length: 24 != 3576 [ 392.859920][ T5836] Bluetooth: hci0: command tx timeout [ 393.312875][T10479] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1273'. [ 395.010030][ T5832] Bluetooth: hci0: command tx timeout [ 396.587901][T10427] chnl_net:caif_netlink_parms(): no params data found [ 397.487271][T10427] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.520138][T10427] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.535753][T10427] bridge_slave_0: entered allmulticast mode [ 397.544415][T10427] bridge_slave_0: entered promiscuous mode [ 397.575188][T10427] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.605978][T10427] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.607466][T10521] overlayfs: failed to clone upperpath [ 397.636907][T10427] bridge_slave_1: entered allmulticast mode [ 397.667793][T10427] bridge_slave_1: entered promiscuous mode [ 397.749708][ T5836] Bluetooth: hci0: command tx timeout [ 397.846174][T10427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 397.892663][T10427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 397.975282][T10528] overlayfs: failed to clone upperpath [ 398.058505][T10427] team0: Port device team_slave_0 added [ 398.121529][T10427] team0: Port device team_slave_1 added [ 398.423164][T10427] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 398.473970][T10427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.263756][T10427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 399.452045][T10427] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 399.551768][T10427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.820017][ T5836] Bluetooth: hci0: command tx timeout [ 399.899987][T10427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 400.307424][T10427] hsr_slave_0: entered promiscuous mode [ 400.320876][T10427] hsr_slave_1: entered promiscuous mode [ 400.337408][T10427] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 400.368504][T10427] Cannot create hsr debugfs directory [ 401.478332][T10564] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1298'. [ 401.948707][T10576] Invalid logical block size (-2) [ 402.835888][T10427] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 402.971509][T10427] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 403.016986][T10427] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 403.051125][T10427] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 403.938968][T10427] 8021q: adding VLAN 0 to HW filter on device bond0 [ 404.324010][T10427] 8021q: adding VLAN 0 to HW filter on device team0 [ 405.049482][ T9172] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.056695][ T9172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 405.164042][ T9174] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.171234][ T9174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.675173][T10427] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 409.119341][T10649] overlayfs: failed to clone upperpath [ 409.298490][T10427] veth0_vlan: entered promiscuous mode [ 409.338215][T10427] veth1_vlan: entered promiscuous mode [ 409.855825][T10427] veth0_macvtap: entered promiscuous mode [ 409.908061][T10427] veth1_macvtap: entered promiscuous mode [ 410.022470][T10427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.055531][T10427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.066845][T10427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.078064][T10427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.091008][T10427] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 410.108501][T10427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.125729][T10427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.163869][T10427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.216517][T10427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.256274][T10671] netlink: 'syz.5.1324': attribute type 10 has an invalid length. [ 410.273994][T10427] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 410.335737][T10671] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1324'. [ 410.347793][T10427] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.370533][T10427] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.379312][T10427] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.399570][T10427] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.454464][T10673] batman_adv: batadv0: Adding interface: dummy0 [ 410.463379][T10673] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.494145][T10677] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1325'. [ 410.517106][T10673] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 410.533982][T10671] batadv0: entered promiscuous mode [ 410.539262][T10671] batadv0: entered allmulticast mode [ 410.557449][T10671] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 410.569137][T10671] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 410.719080][ T9183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.737297][ T9183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 410.767929][ T9174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.776153][ T9174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.004425][T10685] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 411.801686][T10698] overlayfs: failed to clone upperpath [ 411.852912][T10698] overlayfs: failed to clone upperpath [ 413.573395][ T9174] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.712068][ T9174] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.070824][ T9174] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.163719][ T9174] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.335633][ T9174] bridge_slave_1: left allmulticast mode [ 414.342501][ T9174] bridge_slave_1: left promiscuous mode [ 414.348211][ T9174] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.357433][ T9174] bridge_slave_0: left allmulticast mode [ 414.363572][ T9174] bridge_slave_0: left promiscuous mode [ 414.369281][ T9174] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.757970][ T9174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 414.768912][ T9174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 414.779251][ T9174] bond0 (unregistering): Released all slaves [ 415.089258][ T9174] hsr_slave_0: left promiscuous mode [ 415.095207][ T9174] hsr_slave_1: left promiscuous mode [ 415.104023][ T9174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 415.111730][ T9174] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 415.119382][ T9174] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 415.128081][ T9174] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 415.155095][ T9174] veth1_macvtap: left promiscuous mode [ 415.160997][ T9174] veth0_macvtap: left promiscuous mode [ 415.166569][ T9174] veth1_vlan: left promiscuous mode [ 415.172562][ T9174] veth0_vlan: left promiscuous mode [ 415.650965][T10727] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1339'. [ 415.660283][T10727] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1339'. [ 416.592673][T10731] netlink: 48 bytes leftover after parsing attributes in process `syz.7.1340'. [ 416.604770][T10731] netlink: 4696 bytes leftover after parsing attributes in process `syz.7.1340'. [ 416.614003][T10731] netlink: 4696 bytes leftover after parsing attributes in process `syz.7.1340'. [ 416.623269][T10731] netlink: 328 bytes leftover after parsing attributes in process `syz.7.1340'. [ 417.395702][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 417.406300][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 417.415270][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 417.423359][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 417.434167][ T5832] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 417.441980][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 417.549993][T10742] capability: warning: `syz.8.1343' uses 32-bit capabilities (legacy support in use) [ 417.627725][ T9174] team0 (unregistering): Port device team_slave_1 removed [ 417.798756][ T9174] team0 (unregistering): Port device team_slave_0 removed [ 419.516589][ T5836] Bluetooth: hci0: command tx timeout [ 419.761121][T10727] vlan2: entered allmulticast mode [ 421.459138][T10763] hub 6-0:1.0: USB hub found [ 421.469635][T10763] hub 6-0:1.0: 1 port detected [ 421.591668][ T5836] Bluetooth: hci0: command tx timeout [ 422.418869][T10739] chnl_net:caif_netlink_parms(): no params data found [ 422.582824][T10739] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.661509][T10739] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.679213][T10739] bridge_slave_0: entered allmulticast mode [ 422.730398][T10739] bridge_slave_0: entered promiscuous mode [ 422.841760][T10739] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.913817][T10739] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.935467][T10739] bridge_slave_1: entered allmulticast mode [ 422.947538][T10739] bridge_slave_1: entered promiscuous mode [ 423.105605][T10739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 423.140898][T10739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 423.296934][T10739] team0: Port device team_slave_0 added [ 423.309140][T10788] overlayfs: failed to clone upperpath [ 423.324564][T10739] team0: Port device team_slave_1 added [ 423.397433][T10739] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 423.409791][T10739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 423.565205][T10739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 423.671938][ T5836] Bluetooth: hci0: command tx timeout [ 423.967977][T10739] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 424.045952][T10739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.110251][T10739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 425.582876][T10739] hsr_slave_0: entered promiscuous mode [ 425.597602][T10739] hsr_slave_1: entered promiscuous mode [ 425.614437][T10739] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 425.626760][T10739] Cannot create hsr debugfs directory [ 425.774738][ T5836] Bluetooth: hci0: command tx timeout [ 428.455224][T10739] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 429.609647][T10739] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 429.702619][T10739] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 430.065514][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 430.065559][ T29] audit: type=1326 audit(1740750386.669:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10834 comm="syz.5.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 430.696425][T10739] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 430.847676][ T29] audit: type=1326 audit(1740750386.669:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10834 comm="syz.5.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efc93d8bad0 code=0x7ffc0000 [ 430.937625][ T29] audit: type=1326 audit(1740750386.669:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10834 comm="syz.5.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 430.993126][ T29] audit: type=1326 audit(1740750386.679:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10834 comm="syz.5.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 431.074453][T10739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.421412][T10739] 8021q: adding VLAN 0 to HW filter on device team0 [ 431.454432][ T9174] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.461656][ T9174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 431.557444][ T8361] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.564670][ T8361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 432.479123][T10739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 434.305169][T10739] veth0_vlan: entered promiscuous mode [ 434.375810][T10739] veth1_vlan: entered promiscuous mode [ 434.457028][T10739] veth0_macvtap: entered promiscuous mode [ 434.471528][T10739] veth1_macvtap: entered promiscuous mode [ 434.494884][T10739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.511872][T10739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.527389][T10739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.543489][T10739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.567762][T10739] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 434.600001][T10739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.627177][T10739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.638652][T10739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.649444][T10739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.671498][T10739] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 434.722456][T10739] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.789692][T10739] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.798572][T10739] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.808412][T10739] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.879543][ T9172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 435.887923][ T9172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 436.091720][ T9172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 436.135957][ T9172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 439.023957][T10939] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1397'. [ 439.171131][T10939] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1397'. [ 439.187748][T10939] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1397'. [ 440.959743][ T29] audit: type=1804 audit(1740750397.689:187): pid=10950 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.8.1401" name="bus" dev="ramfs" ino=39866 res=1 errno=0 [ 440.993588][ T8361] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.004984][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 441.012080][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.331480][ T8361] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.362124][ T5906] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 441.638006][ T8361] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.716690][T10962] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1405'. [ 441.796783][ T5906] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 441.879753][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.972448][ T8361] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.045973][ T5906] usb 7-1: config 0 descriptor?? [ 442.616198][ T8361] bridge_slave_1: left allmulticast mode [ 442.629753][ T8361] bridge_slave_1: left promiscuous mode [ 442.635625][ T8361] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.665809][ T8361] bridge_slave_0: left allmulticast mode [ 442.671722][ T8361] bridge_slave_0: left promiscuous mode [ 442.677487][ T8361] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.723759][ T5906] elan 0003:04F3:0755.0004: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0 [ 442.943445][ T5906] usb 7-1: USB disconnect, device number 16 [ 443.182390][ T8361] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 443.193803][ T8361] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 443.204364][ T8361] bond0 (unregistering): Released all slaves [ 443.871709][T10981] overlayfs: failed to clone upperpath [ 445.690769][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 445.707882][ T8361] hsr_slave_0: left promiscuous mode [ 445.714125][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 445.724120][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 445.735993][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 445.744833][ T5832] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 445.753638][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 445.799742][ T8361] hsr_slave_1: left promiscuous mode [ 445.811214][ T8361] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 445.829267][ T8361] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 445.844358][ T8361] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 445.852207][ T8361] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 445.883448][ T8361] veth1_macvtap: left promiscuous mode [ 445.889879][ T8361] veth0_macvtap: left promiscuous mode [ 445.895585][ T8361] veth1_vlan: left promiscuous mode [ 445.901192][ T8361] veth0_vlan: left promiscuous mode [ 446.061388][T11001] futex_wake_op: syz.6.1416 tries to shift op by 32; fix this program [ 446.540548][T11012] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1420'. [ 448.327687][ T5832] Bluetooth: hci0: command tx timeout [ 449.439808][T11048] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1432'. [ 449.554410][ T8361] team0 (unregistering): Port device team_slave_1 removed [ 449.731674][ T8361] team0 (unregistering): Port device team_slave_0 removed [ 450.744612][ T5832] Bluetooth: hci0: command tx timeout [ 450.782743][T11054] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1434'. [ 452.001522][T11071] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 452.789724][ T5832] Bluetooth: hci0: command tx timeout [ 454.860040][ T5832] Bluetooth: hci0: command tx timeout [ 454.983450][T11122] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 455.292905][T10998] chnl_net:caif_netlink_parms(): no params data found [ 455.938541][T10998] bridge0: port 1(bridge_slave_0) entered blocking state [ 455.978391][T10998] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.013317][T10998] bridge_slave_0: entered allmulticast mode [ 456.027226][T10998] bridge_slave_0: entered promiscuous mode [ 456.060104][T10998] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.067267][T10998] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.136062][T10998] bridge_slave_1: entered allmulticast mode [ 456.147360][T10998] bridge_slave_1: entered promiscuous mode [ 456.384219][T11155] overlayfs: failed to clone upperpath [ 456.419997][T10998] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 456.617314][T10998] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 456.761609][T10998] team0: Port device team_slave_0 added [ 456.807765][T10998] team0: Port device team_slave_1 added [ 457.271909][T10998] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 457.278950][T10998] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 457.457516][T11189] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1471'. [ 457.466677][T10998] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 457.541617][T10998] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 457.562882][T10998] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 457.882837][T10998] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 458.336591][T10998] hsr_slave_0: entered promiscuous mode [ 458.376830][T10998] hsr_slave_1: entered promiscuous mode [ 458.417371][T10998] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 458.443650][T10998] Cannot create hsr debugfs directory [ 460.400212][ T29] audit: type=1800 audit(1740750417.129:188): pid=11222 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.8.1484" name="SYSV798dd834" dev="tmpfs" ino=0 res=0 errno=0 [ 460.631998][T11225] overlayfs: failed to clone upperpath [ 460.717786][T11229] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1486'. [ 461.112435][T10998] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 461.127325][T10998] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 461.153262][T10998] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 461.187239][T10998] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 461.327917][T11242] netlink: 'syz.5.1492': attribute type 27 has an invalid length. [ 461.400139][T10998] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.467064][T10998] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.499265][ T8369] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.506635][ T8369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.533543][T11244] overlayfs: failed to resolve './file1': -2 [ 461.572823][ T8369] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.580033][ T8369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.954976][T10998] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.442787][T11279] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1499'. [ 464.902187][T10998] veth0_vlan: entered promiscuous mode [ 464.978382][T10998] veth1_vlan: entered promiscuous mode [ 465.101696][T10998] veth0_macvtap: entered promiscuous mode [ 465.137344][T10998] veth1_macvtap: entered promiscuous mode [ 465.203202][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.235376][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.256300][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.270039][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.287682][T10998] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 465.297416][T11290] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 465.305401][T11290] IPv6: NLM_F_CREATE should be set when creating new route [ 465.320352][T11290] lo: entered allmulticast mode [ 465.329456][T11290] tunl0: entered allmulticast mode [ 465.336914][T11290] gre0: entered allmulticast mode [ 465.358057][T11290] gretap0: entered allmulticast mode [ 465.393271][T11290] erspan0: entered allmulticast mode [ 465.409173][T11290] ip_vti0: entered allmulticast mode [ 465.416868][T11290] ip6_vti0: entered allmulticast mode [ 465.434820][T11290] sit0: entered allmulticast mode [ 465.444170][T11290] ip6tnl0: entered allmulticast mode [ 465.452188][T11290] ip6gre0: entered allmulticast mode [ 465.464390][T11290] ip6gretap0: entered allmulticast mode [ 465.472431][T11290] vcan0: entered allmulticast mode [ 465.478431][T11290] bond0: entered allmulticast mode [ 465.484173][T11290] bond_slave_0: entered allmulticast mode [ 465.490297][T11290] bond_slave_1: entered allmulticast mode [ 465.501935][T11290] team0: entered allmulticast mode [ 465.508392][T11290] team_slave_0: entered allmulticast mode [ 465.514735][T11290] team_slave_1: entered allmulticast mode [ 465.526453][T11290] dummy0: entered allmulticast mode [ 465.534682][T11290] nlmon0: entered allmulticast mode [ 465.541976][T11290] caif0: entered allmulticast mode [ 465.547350][T11290] batadv0: entered allmulticast mode [ 465.555723][T11290] veth0: entered allmulticast mode [ 465.563681][T11290] veth1: entered allmulticast mode [ 465.572663][T11290] wg0: entered allmulticast mode [ 465.581796][T11290] wg1: entered allmulticast mode [ 465.588360][T11290] veth0_to_bridge: entered allmulticast mode [ 465.596803][T11290] bridge_slave_0: entered allmulticast mode [ 465.605401][T11290] veth1_to_bridge: entered allmulticast mode [ 465.614324][T11290] bridge_slave_1: entered allmulticast mode [ 465.623271][T11290] veth0_to_bond: entered allmulticast mode [ 465.632845][T11290] veth1_to_bond: entered allmulticast mode [ 465.642772][T11290] veth0_to_team: left promiscuous mode [ 465.650950][T11290] veth1_to_team: entered allmulticast mode [ 465.668770][T11290] veth0_to_batadv: entered allmulticast mode [ 465.695967][T11290] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 465.703857][T11290] batadv_slave_0: entered allmulticast mode [ 465.713031][T11290] veth1_to_batadv: entered allmulticast mode [ 465.721954][T11290] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 465.731253][T11290] batadv_slave_1: entered allmulticast mode [ 465.740261][T11290] xfrm0: entered allmulticast mode [ 465.748182][T11290] veth0_to_hsr: entered allmulticast mode [ 465.756906][T11290] hsr_slave_0: entered allmulticast mode [ 465.769360][T11290] veth1_to_hsr: entered allmulticast mode [ 465.783909][T11290] hsr_slave_1: entered allmulticast mode [ 465.792583][T11290] hsr0: entered allmulticast mode [ 465.800827][T11290] veth1_virt_wifi: entered allmulticast mode [ 465.810391][T11290] veth0_virt_wifi: entered allmulticast mode [ 465.818848][T11290] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 465.827127][T11290] veth1_vlan: entered allmulticast mode [ 465.835491][T11290] veth0_vlan: entered allmulticast mode [ 465.850685][T11290] vlan0: entered allmulticast mode [ 465.858686][T11290] macvlan0: entered allmulticast mode [ 465.868779][T11290] macvlan1: entered allmulticast mode [ 465.879058][T11290] ipvlan0: entered allmulticast mode [ 465.885287][T11290] ipvlan1: entered allmulticast mode [ 465.891562][T11290] veth1_macvtap: entered allmulticast mode [ 465.901318][T11290] veth0_macvtap: entered allmulticast mode [ 465.913592][T11290] macvtap0: entered allmulticast mode [ 465.930920][T11290] macsec0: entered allmulticast mode [ 465.962321][T11290] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.971308][T11290] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.981141][T11290] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.991533][T11290] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.041750][T11290] geneve1: entered allmulticast mode [ 466.094685][T11290] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode [ 466.116035][T11301] overlayfs: failed to clone upperpath [ 466.136567][T11290] gre1: entered allmulticast mode [ 466.145386][T11290] bridge1: entered allmulticast mode [ 466.167078][T11290] bridge2: entered allmulticast mode [ 466.185548][T11290] bond1: entered allmulticast mode [ 466.209152][T11290] veth2: entered allmulticast mode [ 466.228135][T11290] veth3: entered allmulticast mode [ 466.241664][T11290] netdevsim netdevsim7 eth0: entered allmulticast mode [ 466.259731][T11290] netdevsim netdevsim7 eth1: entered allmulticast mode [ 466.266749][T11290] netdevsim netdevsim7 eth2: entered allmulticast mode [ 466.289792][T11290] netdevsim netdevsim7 eth3: entered allmulticast mode [ 466.304744][T10998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 466.329637][T10998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 466.351047][T10998] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 466.392256][T10998] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.418315][T10998] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.450186][T10998] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.458974][T10998] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.791966][ T9173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 466.837437][ T9173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 466.860952][T11316] x_tables: duplicate underflow at hook 1 [ 467.562445][ T9175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.589995][ T9175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.522475][ T9175] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.539731][T11336] nbd6: detected capacity change from 0 to 18 [ 468.672316][T11226] block nbd6: Send control failed (result -89) [ 468.747329][T11226] block nbd6: Request send failed, requeueing [ 468.857748][ T5832] block nbd6: Receive control failed (result -107) [ 468.921143][ T26] block nbd6: Dead connection, failed to find a fallback [ 468.928839][ T26] block nbd6: shutting down sockets [ 468.938925][ T26] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 468.952919][ T26] Buffer I/O error on dev nbd6, logical block 0, async page read [ 468.984411][T11226] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 469.159827][T11226] Buffer I/O error on dev nbd6, logical block 0, async page read [ 469.168063][T11226] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 469.217482][T11226] Buffer I/O error on dev nbd6, logical block 0, async page read [ 469.228009][T11226] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 469.237465][T11226] Buffer I/O error on dev nbd6, logical block 0, async page read [ 469.361352][T11226] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 469.389869][T11226] Buffer I/O error on dev nbd6, logical block 0, async page read [ 469.397903][T11226] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 469.412539][T11226] Buffer I/O error on dev nbd6, logical block 0, async page read [ 469.420565][T11226] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 469.429838][T11226] Buffer I/O error on dev nbd6, logical block 0, async page read [ 469.439051][T11226] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 469.457051][T11226] Buffer I/O error on dev nbd6, logical block 0, async page read [ 469.458776][ T9175] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.466016][T11342] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 469.492837][T11342] Buffer I/O error on dev nbd6, logical block 0, async page read [ 469.503215][T11226] ldm_validate_partition_table(): Disk read failed. [ 469.511674][T11226] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 469.521061][T11226] Buffer I/O error on dev nbd6, logical block 0, async page read [ 469.529244][T11226] Dev nbd6: unable to read RDB block 0 [ 469.535969][T11226] nbd6: unable to read partition table [ 469.542167][T11226] nbd6: partition table beyond EOD, truncated [ 469.574355][T11226] ldm_validate_partition_table(): Disk read failed. [ 469.600733][T11226] Dev nbd6: unable to read RDB block 0 [ 469.606645][T11226] nbd6: unable to read partition table [ 469.617096][T11226] nbd6: partition table beyond EOD, truncated [ 469.618499][ T9175] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.718388][ T9175] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.834115][ T9175] bridge_slave_1: left allmulticast mode [ 469.844224][ T9175] bridge_slave_1: left promiscuous mode [ 469.854802][ T9175] bridge0: port 2(bridge_slave_1) entered disabled state [ 469.865137][ T9175] bridge_slave_0: left allmulticast mode [ 469.873606][ T9175] bridge_slave_0: left promiscuous mode [ 469.879286][ T9175] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.238698][ T9175] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 470.250505][ T9175] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 470.261458][ T9175] bond0 (unregistering): Released all slaves [ 470.537900][ T9175] hsr_slave_0: left promiscuous mode [ 470.564317][ T9175] hsr_slave_1: left promiscuous mode [ 470.570454][ T9175] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 470.577878][ T9175] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 470.586801][ T9175] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 470.594361][ T9175] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 470.617757][ T9175] veth1_macvtap: left promiscuous mode [ 470.623692][ T9175] veth0_macvtap: left promiscuous mode [ 470.629312][ T9175] veth1_vlan: left promiscuous mode [ 470.634774][ T9175] veth0_vlan: left promiscuous mode [ 471.083433][ T9175] team0 (unregistering): Port device team_slave_1 removed [ 471.128454][ T9175] team0 (unregistering): Port device team_slave_0 removed [ 473.189691][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 473.231533][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 473.241142][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 473.259282][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 473.270588][ T5836] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 473.280358][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 473.599937][T11369] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1533'. [ 474.595876][T11381] Process accounting resumed [ 474.605868][T11366] chnl_net:caif_netlink_parms(): no params data found [ 474.953974][T11366] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.100973][T11366] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.253778][T11366] bridge_slave_0: entered allmulticast mode [ 475.359996][ T5836] Bluetooth: hci0: command tx timeout [ 475.500844][T11366] bridge_slave_0: entered promiscuous mode [ 475.508947][T11366] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.519737][T11366] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.527005][T11366] bridge_slave_1: entered allmulticast mode [ 475.534884][T11366] bridge_slave_1: entered promiscuous mode [ 475.623735][T11366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.646861][T11366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 475.833085][T11408] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1545'. [ 475.875078][T11407] team0: No ports can be present during mode change [ 477.797253][ T5836] Bluetooth: hci0: command tx timeout [ 479.236746][T11408] team0 (unregistering): Port device team_slave_0 removed [ 479.279780][T11408] team0 (unregistering): Port device team_slave_1 removed [ 479.348459][T11366] team0: Port device team_slave_0 added [ 479.377826][T11366] team0: Port device team_slave_1 added [ 479.455639][T11366] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.485722][T11366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.569782][T11366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 480.569711][ T5836] Bluetooth: hci0: command tx timeout [ 480.590182][T11366] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 480.652252][T11366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 480.966608][T11366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 481.170419][T11366] hsr_slave_0: entered promiscuous mode [ 481.202112][T11366] hsr_slave_1: entered promiscuous mode [ 481.251819][T11366] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 481.299678][T11366] Cannot create hsr debugfs directory [ 482.619657][ T5836] Bluetooth: hci0: command tx timeout [ 483.826034][T11366] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 483.866196][T11366] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 483.909810][T11366] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 483.934051][T11366] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 484.291410][T11366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 484.362690][T11366] 8021q: adding VLAN 0 to HW filter on device team0 [ 484.382921][ T1115] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.390126][ T1115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 484.473914][ T9170] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.481142][ T9170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 486.578579][T11512] overlayfs: failed to clone lowerpath [ 486.698791][T11366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 489.089205][T11366] veth0_vlan: entered promiscuous mode [ 489.510261][T11366] veth1_vlan: entered promiscuous mode [ 490.010180][T11366] veth0_macvtap: entered promiscuous mode [ 490.070038][T11366] veth1_macvtap: entered promiscuous mode [ 490.105756][T11366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 490.116442][ T47] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 490.150789][T11366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.190806][T11366] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 490.271743][T11366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 490.309690][T11366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.337813][T11366] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 490.413268][T11366] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.422218][T11366] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.431090][ T47] usb 7-1: Using ep0 maxpacket: 8 [ 490.436318][T11366] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.445774][T11366] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.459195][ T47] usb 7-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=a8.17 [ 490.471182][ T47] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.479233][ T47] usb 7-1: Product: syz [ 490.507269][ T47] usb 7-1: Manufacturer: syz [ 490.544116][ T47] usb 7-1: SerialNumber: syz [ 490.599271][ T47] usb 7-1: config 0 descriptor?? [ 490.743104][ T47] hub 7-1:0.0: bad descriptor, ignoring hub [ 490.846771][ T47] hub 7-1:0.0: probe with driver hub failed with error -5 [ 491.369162][T11555] vlan0: entered promiscuous mode [ 491.379226][ T47] gspca_main: jeilinj-2.14.0 probing 0979:0270 [ 491.391587][T11555] ip6gre0: entered promiscuous mode [ 491.421116][ T47] usb 7-1: USB disconnect, device number 17 [ 491.442876][T11555] ip6gre0: left promiscuous mode [ 491.592342][ T8378] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 491.637255][ T8378] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 491.730801][ T9183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 491.764962][ T9183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 494.594676][T11585] syz_tun: entered allmulticast mode [ 495.144340][ T9170] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.181419][T11584] syz_tun: left allmulticast mode [ 495.281160][ T9170] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.371637][ T9170] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.442721][ T9170] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.552793][ T9170] bridge_slave_1: left allmulticast mode [ 495.558501][ T9170] bridge_slave_1: left promiscuous mode [ 495.566918][ T9170] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.576310][ T9170] bridge_slave_0: left allmulticast mode [ 495.582397][ T9170] bridge_slave_0: left promiscuous mode [ 495.588435][ T9170] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.015897][ T9170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 496.027314][ T9170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 496.037569][ T9170] bond0 (unregistering): Released all slaves [ 496.339350][ T9170] hsr_slave_0: left promiscuous mode [ 496.351116][ T9170] hsr_slave_1: left promiscuous mode [ 496.357124][ T9170] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 496.369958][ T9170] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 496.380483][ T9170] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 496.387920][ T9170] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 496.413249][ T9170] veth1_macvtap: left promiscuous mode [ 496.418795][ T9170] veth0_macvtap: left promiscuous mode [ 496.424511][ T9170] veth1_vlan: left promiscuous mode [ 496.429975][ T9170] veth0_vlan: left promiscuous mode [ 496.886013][ T9170] team0 (unregistering): Port device team_slave_1 removed [ 496.934268][ T9170] team0 (unregistering): Port device team_slave_0 removed [ 497.723465][T11613] netlink: 'syz.8.1607': attribute type 4 has an invalid length. [ 497.951237][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 497.971312][T11616] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1608'. [ 497.982610][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 497.991052][T11616] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1608'. [ 498.000813][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 498.019389][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 498.043120][ T5832] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 498.051157][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 500.146695][ T5836] Bluetooth: hci0: command tx timeout [ 500.362055][T11635] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1622'. [ 501.072959][T11640] openvswitch: netlink: IPv4 tunnel dst address is zero [ 501.904294][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.910869][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.131352][T11643] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1614'. [ 502.221367][ T5836] Bluetooth: hci0: command tx timeout [ 502.383889][T11615] chnl_net:caif_netlink_parms(): no params data found [ 502.681416][T11666] overlayfs: failed to clone upperpath [ 502.690332][T11615] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.707174][T11615] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.723133][T11615] bridge_slave_0: entered allmulticast mode [ 502.740404][T11615] bridge_slave_0: entered promiscuous mode [ 502.755300][T11615] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.773010][T11615] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.788821][T11615] bridge_slave_1: entered allmulticast mode [ 502.814349][T11615] bridge_slave_1: entered promiscuous mode [ 504.274932][T11615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 504.330600][ T5836] Bluetooth: hci0: command tx timeout [ 504.402980][T11615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 504.429444][T11678] netlink: 36 bytes leftover after parsing attributes in process `syz.8.1627'. [ 504.438550][T11678] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1627'. [ 504.447972][T11678] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1627'. [ 504.612935][T11615] team0: Port device team_slave_0 added [ 504.629933][T11688] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1631'. [ 504.642347][T11615] team0: Port device team_slave_1 added [ 504.688162][T11615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 504.695920][T11615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 504.760700][T11615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 504.804864][T11615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 504.819613][T11615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 504.876460][T11615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 505.164400][T11615] hsr_slave_0: entered promiscuous mode [ 505.179160][T11615] hsr_slave_1: entered promiscuous mode [ 505.202522][T11615] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 505.266548][T11701] netlink: ct family unspecified [ 505.271790][T11701] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 506.049950][T11615] Cannot create hsr debugfs directory [ 506.392607][ T5836] Bluetooth: hci0: command tx timeout [ 509.504469][T11727] netlink: 'syz.8.1644': attribute type 4 has an invalid length. [ 509.777139][T11731] overlayfs: failed to clone upperpath [ 510.236680][T11735] bridge: RTM_NEWNEIGH with invalid ether address [ 510.257487][ T29] audit: type=1326 audit(1740750466.989:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 510.530766][ T29] audit: type=1326 audit(1740750467.009:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc93d29359 code=0x7ffc0000 [ 510.552856][ T29] audit: type=1326 audit(1740750467.019:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 510.575785][ T29] audit: type=1326 audit(1740750467.019:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 510.603183][T11744] overlayfs: failed to clone upperpath [ 510.688614][T11745] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1648'. [ 510.697993][T11745] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1648'. [ 510.985183][ T29] audit: type=1326 audit(1740750467.019:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc93d29359 code=0x7ffc0000 [ 511.503619][ T29] audit: type=1326 audit(1740750467.019:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 511.528918][ T29] audit: type=1326 audit(1740750467.029:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc93d29359 code=0x7ffc0000 [ 511.553642][ T29] audit: type=1326 audit(1740750467.029:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 511.600464][ T29] audit: type=1326 audit(1740750467.049:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc93d29359 code=0x7ffc0000 [ 511.622362][ T29] audit: type=1326 audit(1740750467.049:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11736 comm="syz.5.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc93d8d169 code=0x7ffc0000 [ 511.694304][T11750] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1653'. [ 511.794629][T11615] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 511.880965][T11615] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 511.902611][T11615] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 511.946896][T11615] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 512.205874][T11615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 512.247699][T11615] 8021q: adding VLAN 0 to HW filter on device team0 [ 512.266345][T11768] overlayfs: failed to clone upperpath [ 512.412020][ T8369] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.419286][ T8369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 512.491285][ T3570] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.498495][ T3570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.257481][T11615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 514.433259][T11615] veth0_vlan: entered promiscuous mode [ 514.532028][T11615] veth1_vlan: entered promiscuous mode [ 514.581989][T11615] veth0_macvtap: entered promiscuous mode [ 514.594293][T11615] veth1_macvtap: entered promiscuous mode [ 514.610901][T11615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.632383][T11615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.654183][T11615] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 514.682018][T11615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 514.749599][T11615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.800850][T11615] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 514.852289][T11615] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.664903][T11615] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.684696][T11615] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.698134][T11615] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.679462][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 621.686553][ C1] rcu: 0-...!: (1 GPs behind) idle=7b94/1/0x4000000000000000 softirq=65651/65652 fqs=0 [ 621.697827][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6154/1:b..l P11824/1:b..l [ 621.707015][ C1] rcu: (detected by 1, t=10505 jiffies, g=63749, q=2054 ncpus=2) [ 621.714848][ C1] Sending NMI from CPU 1 to CPUs 0: [ 621.714889][ C0] NMI backtrace for cpu 0 [ 621.714908][ C0] CPU: 0 UID: 0 PID: 11838 Comm: syz.7.1678 Not tainted 6.14.0-rc4-syzkaller-00199-g76544811c850 #0 [ 621.714927][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 621.714939][ C0] RIP: 0010:lock_acquire+0x113/0x550 [ 621.714968][ C0] Code: 4d 28 89 0e 00 0f 84 f9 02 00 00 48 c7 c0 10 f6 3b 90 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 ff 02 00 00 83 3d ad 43 9f 0e 00 <0f> 84 42 01 00 00 65 8b 05 10 d8 65 7e 85 c0 0f 85 8f 01 00 00 65 [ 621.714982][ C0] RSP: 0018:ffffc90000007b40 EFLAGS: 00000002 [ 621.714996][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff819cb224 [ 621.715007][ C0] RDX: 0000000000000000 RSI: ffffffff8c801b20 RDI: ffffffff8c801ae0 [ 621.715019][ C0] RBP: ffffc90000007c88 R08: ffffffff903bc377 R09: 1ffffffff207786e [ 621.715032][ C0] R10: dffffc0000000000 R11: fffffbfff207786f R12: 1ffff92000000f70 [ 621.715049][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000 [ 621.715060][ C0] FS: 00007f8388bc86c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 621.715074][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 621.715085][ C0] CR2: 0000001b2f815ff8 CR3: 000000005a226000 CR4: 00000000003526f0 [ 621.715099][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 621.715109][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 621.715119][ C0] Call Trace: [ 621.715127][ C0] [ 621.715138][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 621.715158][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 621.715182][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 621.715199][ C0] ? nmi_handle+0x2a/0x5a0 [ 621.715231][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 621.715250][ C0] ? nmi_handle+0x14f/0x5a0 [ 621.715272][ C0] ? nmi_handle+0x2a/0x5a0 [ 621.715296][ C0] ? lock_acquire+0x113/0x550 [ 621.715317][ C0] ? default_do_nmi+0x63/0x160 [ 621.715333][ C0] ? exc_nmi+0x123/0x1f0 [ 621.715349][ C0] ? end_repeat_nmi+0xf/0x53 [ 621.715375][ C0] ? lock_acquire+0xd4/0x550 [ 621.715398][ C0] ? lock_acquire+0x113/0x550 [ 621.715419][ C0] ? lock_acquire+0x113/0x550 [ 621.715442][ C0] ? lock_acquire+0x113/0x550 [ 621.715463][ C0] [ 621.715468][ C0] [ 621.715474][ C0] ? advance_sched+0xa02/0xca0 [ 621.715494][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 621.715520][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 621.715538][ C0] ? taprio_set_budgets+0x32c/0x370 [ 621.715557][ C0] ? advance_sched+0xa02/0xca0 [ 621.715574][ C0] ? advance_sched+0xa02/0xca0 [ 621.715594][ C0] _raw_spin_lock_irq+0xd3/0x120 [ 621.715613][ C0] ? __hrtimer_run_queues+0x670/0xd30 [ 621.715629][ C0] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 621.715653][ C0] __hrtimer_run_queues+0x670/0xd30 [ 621.715695][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 621.715711][ C0] ? sched_clock+0x4a/0x70 [ 621.715730][ C0] ? read_tsc+0x9/0x20 [ 621.715747][ C0] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 621.715774][ C0] hrtimer_interrupt+0x403/0xa40 [ 621.715805][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 621.715832][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 621.715854][ C0] [ 621.715860][ C0] [ 621.715866][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 621.715890][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 621.715911][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 2e 2d 23 f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 13 1e 8c f5 65 8b 05 54 90 00 74 85 c0 74 43 48 c7 04 24 0e 36 [ 621.715925][ C0] RSP: 0018:ffffc90004f67ba0 EFLAGS: 00000206 [ 621.715940][ C0] RAX: f93cfb8124f73500 RBX: 1ffff920009ecf78 RCX: ffffffff819d2aaa [ 621.715953][ C0] RDX: dffffc0000000000 RSI: ffffffff8c2aa4a0 RDI: 0000000000000001 [ 621.715964][ C0] RBP: ffffc90004f67c30 R08: ffffffff94513847 R09: 1ffffffff28a2708 [ 621.715977][ C0] R10: dffffc0000000000 R11: fffffbfff28a2709 R12: dffffc0000000000 [ 621.715990][ C0] R13: 1ffff920009ecf74 R14: ffffc90004f67bc0 R15: 0000000000000246 [ 621.716007][ C0] ? mark_lock+0x9a/0x360 [ 621.716035][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 621.716063][ C0] ? read_tsc+0x9/0x20 [ 621.716085][ C0] clock_was_set+0x686/0x810 [ 621.716115][ C0] ? __pfx_clock_was_set+0x10/0x10 [ 621.716142][ C0] ? do_settimeofday64+0x328/0x5e0 [ 621.716162][ C0] ? timekeeping_update_from_shadow+0x2b6/0x350 [ 621.716186][ C0] do_settimeofday64+0x343/0x5e0 [ 621.716210][ C0] ? __pfx_do_settimeofday64+0x10/0x10 [ 621.716230][ C0] ? qca_recv_acl_data+0x24/0xe0 [ 621.716265][ C0] ? capable+0x89/0xe0 [ 621.716282][ C0] ? security_settime64+0x74/0x280 [ 621.716303][ C0] __x64_sys_clock_settime+0x23a/0x280 [ 621.716328][ C0] ? __pfx___x64_sys_clock_settime+0x10/0x10 [ 621.716350][ C0] ? trace_sys_enter+0x74/0x120 [ 621.716374][ C0] ? rcu_is_watching+0x15/0xb0 [ 621.716390][ C0] ? trace_sys_enter+0x25/0x120 [ 621.716417][ C0] do_syscall_64+0xf3/0x230 [ 621.716439][ C0] ? clear_bhb_loop+0x35/0x90 [ 621.716463][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.716485][ C0] RIP: 0033:0x7f8387d8d169 [ 621.716505][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.716518][ C0] RSP: 002b:00007f8388bc8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3 [ 621.716551][ C0] RAX: ffffffffffffffda RBX: 00007f8387fa6160 RCX: 00007f8387d8d169 [ 621.716564][ C0] RDX: 0000000000000000 RSI: 0000400000000180 RDI: 0000000000000000 [ 621.716603][ C0] RBP: 00007f8387e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 621.716614][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 621.716624][ C0] R13: 0000000000000000 R14: 00007f8387fa6160 R15: 00007ffc8647eca8 [ 621.716645][ C0] [ 621.716881][ C1] task:syz.5.1675 state:R running task stack:23824 pid:11824 tgid:11821 ppid:5975 task_flags:0x400140 flags:0x00004002 [ 622.302033][ C1] Call Trace: [ 622.305336][ C1] [ 622.308293][ C1] __schedule+0x18bc/0x4c40 [ 622.312848][ C1] ? __pfx___schedule+0x10/0x10 [ 622.317762][ C1] ? preempt_schedule+0xe1/0xf0 [ 622.322643][ C1] preempt_schedule_common+0x84/0xd0 [ 622.327958][ C1] preempt_schedule+0xe1/0xf0 [ 622.332675][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 622.338075][ C1] ? set_pte_range+0x3e5/0x750 [ 622.342877][ C1] preempt_schedule_thunk+0x1a/0x30 [ 622.348116][ C1] _raw_spin_unlock+0x3e/0x50 [ 622.352816][ C1] finish_fault+0xa76/0x11d0 [ 622.357451][ C1] ? __pfx_finish_fault+0x10/0x10 [ 622.362501][ C1] ? __pfx_lock_release+0x10/0x10 [ 622.367568][ C1] ? __do_fault+0x24e/0x390 [ 622.372109][ C1] __handle_mm_fault+0x4c6f/0x70f0 [ 622.377248][ C1] ? mark_lock+0x9a/0x360 [ 622.381646][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 622.387143][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 622.392201][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 622.397272][ C1] ? follow_page_pte+0x25a/0x1460 [ 622.402326][ C1] ? follow_page_pte+0x86a/0x1460 [ 622.407378][ C1] ? __pfx_lock_release+0x10/0x10 [ 622.412438][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 622.417687][ C1] ? __pfx___might_resched+0x10/0x10 [ 622.423014][ C1] handle_mm_fault+0x2c1/0x7e0 [ 622.427811][ C1] __get_user_pages+0x1a92/0x4140 [ 622.432898][ C1] ? __pfx___get_user_pages+0x10/0x10 [ 622.438297][ C1] ? __pfx_mt_find+0x10/0x10 [ 622.442938][ C1] populate_vma_page_range+0x264/0x330 [ 622.448426][ C1] ? __pfx_populate_vma_page_range+0x10/0x10 [ 622.454432][ C1] ? userfaultfd_unmap_complete+0x30c/0x360 [ 622.460384][ C1] __mm_populate+0x27a/0x460 [ 622.465008][ C1] ? __pfx___mm_populate+0x10/0x10 [ 622.470153][ C1] vm_mmap_pgoff+0x303/0x430 [ 622.474777][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 622.479912][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 622.486271][ C1] ? do_syscall_64+0x100/0x230 [ 622.491066][ C1] ? ksys_mmap_pgoff+0xdf/0x720 [ 622.495941][ C1] ? __x64_sys_mmap+0x7f/0x140 [ 622.500736][ C1] do_syscall_64+0xf3/0x230 [ 622.505270][ C1] ? clear_bhb_loop+0x35/0x90 [ 622.509983][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.515920][ C1] RIP: 0033:0x7efc93d8d169 [ 622.520354][ C1] RSP: 002b:00007efc94ba6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 622.528791][ C1] RAX: ffffffffffffffda RBX: 00007efc93fa6160 RCX: 00007efc93d8d169 [ 622.536787][ C1] RDX: 000000000000000c RSI: 0000000000800000 RDI: 0000400000800000 [ 622.544775][ C1] RBP: 00007efc93e0e2a0 R08: ffffffffffffffff R09: 0000000000000000 [ 622.552769][ C1] R10: 000000000000a031 R11: 0000000000000246 R12: 0000000000000000 [ 622.560756][ C1] R13: 0000000000000000 R14: 00007efc93fa6160 R15: 00007ffddf5e5c38 [ 622.568763][ C1] [ 622.571803][ C1] task:syz-executor state:R running task stack:20544 pid:6154 tgid:6154 ppid:6138 task_flags:0x400140 flags:0x00004000 [ 622.585321][ C1] Call Trace: [ 622.588624][ C1] [ 622.591576][ C1] __schedule+0x18bc/0x4c40 [ 622.596135][ C1] ? __pfx___schedule+0x10/0x10 [ 622.601016][ C1] ? mark_lock+0x9a/0x360 [ 622.605409][ C1] ? preempt_schedule+0xe1/0xf0 [ 622.610285][ C1] preempt_schedule_common+0x84/0xd0 [ 622.615597][ C1] preempt_schedule+0xe1/0xf0 [ 622.620305][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 622.625702][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 622.631642][ C1] ? __page_table_check_ptes_set+0x30f/0x410 [ 622.637660][ C1] ? copy_pmd_range+0x6d81/0x77b0 [ 622.642715][ C1] preempt_schedule_thunk+0x1a/0x30 [ 622.647951][ C1] _raw_spin_unlock+0x3e/0x50 [ 622.652653][ C1] copy_pmd_range+0x6ddc/0x77b0 [ 622.657548][ C1] ? is_bpf_text_address+0x26/0x2a0 [ 622.662795][ C1] ? mas_destroy+0x1979/0x1fc0 [ 622.667587][ C1] ? __pfx_copy_pmd_range+0x10/0x10 [ 622.672823][ C1] ? look_up_lock_class+0x77/0x170 [ 622.677964][ C1] ? register_lock_class+0x102/0x980 [ 622.683284][ C1] ? __pfx_mas_destroy+0x10/0x10 [ 622.688249][ C1] ? mark_lock+0x9a/0x360 [ 622.692621][ C1] ? __lock_acquire+0x1397/0x2100 [ 622.697708][ C1] copy_page_range+0x99f/0xe90 [ 622.702537][ C1] ? __pfx_copy_page_range+0x10/0x10 [ 622.707859][ C1] ? __pfx_up_write+0x10/0x10 [ 622.712557][ C1] ? __asan_memset+0x23/0x50 [ 622.717179][ C1] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 622.723976][ C1] ? vma_interval_tree_insert_after+0x259/0x2b0 [ 622.730253][ C1] copy_mm+0x1269/0x2160 [ 622.734545][ C1] ? __pfx_copy_mm+0x10/0x10 [ 622.739177][ C1] ? __init_rwsem+0x122/0x160 [ 622.743875][ C1] ? copy_signal+0x51c/0x640 [ 622.748490][ C1] copy_process+0x17d1/0x3cf0 [ 622.753208][ C1] ? copy_process+0x9fa/0x3cf0 [ 622.758004][ C1] ? __pfx_copy_process+0x10/0x10 [ 622.763069][ C1] kernel_clone+0x223/0x870 [ 622.767608][ C1] ? reacquire_held_locks+0x3eb/0x690 [ 622.773003][ C1] ? vma_end_read+0x18/0x170 [ 622.777626][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 622.782688][ C1] ? __pfx_reacquire_held_locks+0x10/0x10 [ 622.788526][ C1] __x64_sys_clone+0x267/0x2e0 [ 622.793413][ C1] ? __pfx___x64_sys_clone+0x10/0x10 [ 622.798746][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 622.805108][ C1] ? exc_page_fault+0x590/0x8b0 [ 622.809991][ C1] ? do_syscall_64+0xb6/0x230 [ 622.814703][ C1] do_syscall_64+0xf3/0x230 [ 622.819239][ C1] ? clear_bhb_loop+0x35/0x90 [ 622.823953][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.829880][ C1] RIP: 0033:0x7f5bccf839d3 [ 622.834348][ C1] RSP: 002b:00007ffdf9586f18 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 622.842795][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5bccf839d3 [ 622.850806][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 622.858817][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 622.866815][ C1] R10: 0000555568d957d0 R11: 0000000000000246 R12: 0000000000000000 [ 622.874818][ C1] R13: 00000000000927c0 R14: 000000000007dd4f R15: 00007ffdf95870b0 [ 622.882836][ C1] [ 622.885875][ C1] rcu: rcu_preempt kthread starved for 10505 jiffies! g63749 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 622.897088][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 622.907075][ C1] rcu: RCU grace-period kthread stack dump: [ 622.912976][ C1] task:rcu_preempt state:R running task stack:24944 pid:17 tgid:17 ppid:2 task_flags:0x208040 flags:0x00004000 [ 622.926497][ C1] Call Trace: [ 622.929814][ C1] [ 622.932763][ C1] __schedule+0x18bc/0x4c40 [ 622.937296][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 622.943231][ C1] ? __pfx___schedule+0x10/0x10 [ 622.948138][ C1] ? __pfx_lock_release+0x10/0x10 [ 622.953199][ C1] ? __pfx___mod_timer+0x10/0x10 [ 622.958160][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 622.964556][ C1] ? schedule+0x90/0x320 [ 622.968829][ C1] schedule+0x14b/0x320 [ 622.973016][ C1] schedule_timeout+0x15a/0x290 [ 622.977888][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 622.983280][ C1] ? __pfx_process_timeout+0x10/0x10 [ 622.988597][ C1] ? prepare_to_swait_event+0x330/0x350 [ 622.994174][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 622.999403][ C1] rcu_gp_fqs_loop+0x2df/0x1330 [ 623.004284][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 623.009514][ C1] ? rcu_gp_init+0x1256/0x1630 [ 623.014316][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 623.019286][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 623.025472][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 623.030802][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 623.036028][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 623.040652][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 623.045882][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 623.051801][ C1] ? __kthread_parkme+0x169/0x1d0 [ 623.056855][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 623.062087][ C1] kthread+0x7a9/0x920 [ 623.066185][ C1] ? __pfx_kthread+0x10/0x10 [ 623.070807][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 623.076038][ C1] ? __pfx_kthread+0x10/0x10 [ 623.080663][ C1] ? __pfx_kthread+0x10/0x10 [ 623.085287][ C1] ? __pfx_kthread+0x10/0x10 [ 623.089907][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 623.095139][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 623.100363][ C1] ? __pfx_kthread+0x10/0x10 [ 623.104985][ C1] ret_from_fork+0x4b/0x80 [ 623.109428][ C1] ? __pfx_kthread+0x10/0x10 [ 623.114052][ C1] ret_from_fork_asm+0x1a/0x30 [ 623.118853][ C1] [ 623.121885][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 623.128221][ C1] CPU: 1 UID: 0 PID: 8361 Comm: kworker/u8:11 Not tainted 6.14.0-rc4-syzkaller-00199-g76544811c850 #0 [ 623.139167][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 623.149238][ C1] Workqueue: events_unbound toggle_allocation_gate [ 623.155779][ C1] RIP: 0010:smp_call_function_many_cond+0x1ba4/0x2d30 [ 623.162560][ C1] Code: 03 84 c0 75 7e 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 30 f5 0b 00 41 83 e4 01 4c 8b 64 24 68 75 07 e8 e0 f0 0b 00 eb 41 f3 90 <48> b8 00 00 00 00 00 fc ff df 0f b6 04 03 84 c0 75 11 41 f7 45 00 [ 623.182182][ C1] RSP: 0018:ffffc90002f77640 EFLAGS: 00000293 [ 623.188272][ C1] RAX: ffffffff81b5ce25 RBX: 1ffff110170c8c75 RCX: ffff888026211e00 [ 623.196255][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 623.204243][ C1] RBP: ffffc90002f77840 R08: ffffffff81b5cdf0 R09: 1ffffffff28a2708 [ 623.212232][ C1] R10: dffffc0000000000 R11: fffffbfff28a2709 R12: ffff8880b873f9c8 [ 623.220219][ C1] R13: ffff8880b86463a8 R14: ffff8880b873f9c0 R15: 0000000000000000 [ 623.228209][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 623.237173][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 623.243775][ C1] CR2: 00007f0197a3967b CR3: 000000000e938000 CR4: 00000000003526f0 [ 623.251766][ C1] DR0: 0000000000000000 DR1: 00000000ffff000b DR2: 0000000000000000 [ 623.259760][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 623.267772][ C1] Call Trace: [ 623.271064][ C1] [ 623.273927][ C1] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 623.280291][ C1] ? print_other_cpu_stall+0x1481/0x15c0 [ 623.285971][ C1] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 623.291810][ C1] ? __pfx___bpf_trace_rcu_utilization+0x10/0x10 [ 623.298172][ C1] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 623.304438][ C1] ? rcu_sched_clock_irq+0xa26/0x10e0 [ 623.309846][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 623.315509][ C1] ? update_process_times+0x242/0x2f0 [ 623.320911][ C1] ? tick_nohz_handler+0x37c/0x500 [ 623.326055][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 623.331544][ C1] ? __hrtimer_run_queues+0x551/0xd30 [ 623.336958][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 623.342700][ C1] ? sched_clock+0x4a/0x70 [ 623.347138][ C1] ? read_tsc+0x9/0x20 [ 623.351232][ C1] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 623.357334][ C1] ? hrtimer_interrupt+0x403/0xa40 [ 623.362494][ C1] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 623.368687][ C1] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 623.374521][ C1] [ 623.377482][ C1] [ 623.380435][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 623.386626][ C1] ? smp_call_function_many_cond+0x1b90/0x2d30 [ 623.392807][ C1] ? smp_call_function_many_cond+0x1bc5/0x2d30 [ 623.398987][ C1] ? smp_call_function_many_cond+0x1ba4/0x2d30 [ 623.405174][ C1] ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0 [ 623.411274][ C1] ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0 [ 623.417370][ C1] ? __pfx___text_poke+0x10/0x10 [ 623.422335][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 623.428687][ C1] ? __pfx___might_resched+0x10/0x10 [ 623.434002][ C1] ? __pfx___mutex_trylock_common+0x10/0x10 [ 623.439926][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 623.444974][ C1] on_each_cpu_cond_mask+0x3f/0x80 [ 623.450110][ C1] text_poke_bp_batch+0x352/0xb30 [ 623.455158][ C1] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 623.461177][ C1] ? arch_jump_label_transform_apply+0x17/0x30 [ 623.467356][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 623.472938][ C1] ? arch_jump_label_transform_queue+0x9b/0x100 [ 623.479213][ C1] text_poke_finish+0x30/0x50 [ 623.483909][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 623.489917][ C1] static_key_enable_cpuslocked+0x136/0x260 [ 623.495838][ C1] static_key_enable+0x1a/0x20 [ 623.500628][ C1] toggle_allocation_gate+0xbc/0x260 [ 623.505941][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 623.511869][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 623.518236][ C1] ? process_scheduled_works+0x9c6/0x18e0 [ 623.523978][ C1] process_scheduled_works+0xabe/0x18e0 [ 623.529577][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 623.535593][ C1] ? assign_work+0x364/0x3d0 [ 623.540217][ C1] worker_thread+0x870/0xd30 [ 623.544862][ C1] ? __kthread_parkme+0x169/0x1d0 [ 623.549916][ C1] ? __pfx_worker_thread+0x10/0x10 [ 623.555047][ C1] kthread+0x7a9/0x920 [ 623.559141][ C1] ? __pfx_kthread+0x10/0x10 [ 623.563759][ C1] ? __pfx_worker_thread+0x10/0x10 [ 623.568896][ C1] ? __pfx_kthread+0x10/0x10 [ 623.573513][ C1] ? __pfx_kthread+0x10/0x10 [ 623.578134][ C1] ? __pfx_kthread+0x10/0x10 [ 623.582748][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 623.588253][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 623.593476][ C1] ? __pfx_kthread+0x10/0x10 [ 623.598093][ C1] ret_from_fork+0x4b/0x80 [ 623.602533][ C1] ? __pfx_kthread+0x10/0x10 [ 623.607155][ C1] ret_from_fork_asm+0x1a/0x30 [ 623.611957][ C1]