last executing test programs: 2.589490217s ago: executing program 3 (id=1636): socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ffc000/0x2000)=nil], &(0x7f0000000540), 0x0, 0x0) socket$netlink(0x10, 0x3, 0x4) socket$phonet_pipe(0x23, 0x5, 0x2) mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') pwritev2(0xffffffffffffffff, &(0x7f0000000980)=[{&(0x7f0000000500)="be", 0x1}], 0x1, 0x5, 0xa, 0x14) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r2, 0x9c3fa077fa966179, 0x12, 0x2000000, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800) 2.530297938s ago: executing program 1 (id=1637): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r2, {0x86dd, 0x8}, {}, {0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @mcast1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x260580e9}, 0x810) 2.36198268s ago: executing program 3 (id=1638): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4, 0x103) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x3}, @printk={@s, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0xc}, 0x94) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x30) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r3, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r2, 0x0, r1, 0x0, 0x1, 0xa) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000084000000060a010400000000000000000100000008000b40000000005c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000240001800b0001007470726f78790000140002800800024000000011080001400000000a0900010073797a30"], 0xf8}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010001fff0000fdde633c003600000000", @ANYRESHEX, @ANYBLOB="000000000a4400001c0012800e00010069703665727370616e000000080002800400120008000a00", @ANYRESOCT=r4, @ANYRESDEC=r0], 0x44}}, 0x0) 2.310492879s ago: executing program 1 (id=1639): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x64, r4, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0x48, 0x2, 0x0, 0x1, [{0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000401}, 0x4c004) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x7, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0xa1ff, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r1, 0x1, 0x0, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}, 0x1, 0x0, 0x3000000}, 0x0) 2.240195297s ago: executing program 1 (id=1640): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{0x0}], 0x1}}], 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008011}, 0x4004) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="cb"], 0x8) sendmsg$inet6(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="1138", 0x2}], 0x1}, 0x4004000) 2.188754142s ago: executing program 1 (id=1641): syz_emit_ethernet(0x7a, &(0x7f00000009c0)={@random="856b1200ff00", @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "381f34", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88a8, 0x0, 0x8035}, {}, {}, {}, {0x8, 0x22eb, 0x700}}}}}}}, 0x0) 2.140086945s ago: executing program 1 (id=1643): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r3, 0xf505, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0xaaa9, 0x0, 0x0, 0x41100, 0x70, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x7, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440), 0x0, 0x10, 0x4}, 0x94) fsetxattr$trusted_overlay_redirect(r6, 0x0, 0x0, 0x0, 0x1) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'veth0_to_batadv\x00', {0x1}, 0x2a}) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') r7 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r7, 0x0, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1, &(0x7f00000000c0)={@dev={0xfe, 0x80, '\x00', 0x34}, r1}, 0x14) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r8, 0x40605346, &(0x7f0000000280)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x78, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfd9fb, {0x0, 0x0, 0x0, 0x0, 0x2017, 0x42005}, [@IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @IFLA_GRE_ENCAP_LIMIT={0x5, 0xb, 0x82}, @IFLA_GRE_LOCAL={0x14, 0x6, @mcast2}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}]}}}, @IFLA_TXQLEN={0x8, 0xd, 0xffffffff}]}, 0x78}, 0x1, 0x0, 0x0, 0x1}, 0x8004002) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$P9_RMKNOD(r9, &(0x7f0000000100)={0x14, 0x13, 0x1, {0x8, 0x4, 0x7}}, 0x14) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) 1.557477442s ago: executing program 2 (id=1645): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'hsr0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="640000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="ffc30000000000003c0012800c0001006d6163766c616e002c0002800a000900ffffbfffffff00000a000400aaaaaaaaaabb00000600020001000000440003000000000008000500", @ANYRES32=r1], 0x64}}, 0x0) r3 = openat$uinput(0xffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_SET_MSCBIT(r3, 0x40045568, 0x3e) 1.460317238s ago: executing program 3 (id=1646): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210283ac141440e0", 0x0, 0x11, 0x60000000, 0xa405, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) 1.380529621s ago: executing program 2 (id=1647): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) setreuid(0xee01, 0xffffffffffffffff) (async) setreuid(0xee00, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) (async, rerun: 32) r3 = socket$unix(0x1, 0x5, 0x0) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x72bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) (async, rerun: 32) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48) (rerun: 32) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000004000000000000000300000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000200850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0xfca804a0, 0x10, 0x10, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async, rerun: 32) r7 = socket$unix(0x1, 0x2, 0x0) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x1, 0x3}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) r9 = socket(0x10, 0x3, 0x0) r10 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d40)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x65, 0x2, 0x100003, 0x17, 0xd, 0x8, 0x2}}, @TCA_CHOKE_STAB={0x104, 0x2, "10b05b994454f56882723cc46747ec8d41e0f0fd987b941c906f1ea4701f1a93a1ad71ef6c80124a8aa386228a9b793f6d6e065c53255846f8aa02c882fce1a29c1c2221f54817876dc7db5d93f42ebdd76fdf89f0b4280c845ed2699cfc1875a277f3ba693ba80c20f414c124d1823561b82f75c594d5db1a8b1b6e258eb4c3bb637da30012cf6529560ded7e22653dddb564d112171537f88d36da3ed63439fb21240b93dda228e99270fefa4ad829529d3c684eadc3016456b7da0f15e9dee01b64171429f68dba4f0382f317eaac9ae61a3a0c87e0eceab723013af474405167e17c51a0b2959d4f0bb949c72ccb3c8ffa0a8db39a704c27e41e64a4aa70"}]}}]}, 0x14c}}, 0x0) (async, rerun: 64) r12 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) (rerun: 64) ioctl$PPPIOCNEWUNIT(r12, 0xc004743e, &(0x7f0000000180)=0x4000000) (async) ioctl$PPPIOCSFLAGS1(r12, 0x40047459, &(0x7f0000000080)=0x6100204) (async) pwritev(r12, &(0x7f0000000a80)=[{&(0x7f0000000540)="00214797357e0e8d442441e9beae583d48ac340dc69d54af976b6a7c18c4907ed175462f18ec0e16ad9f57abed3bad46320d0d4abf7c3a617f1b2fbe8b338d1fce4490668ce9faadcf6b44b9906eeb59241caa04a1bf2399f37a7f221861e3580bdf025cb470613b79119f1c9fe8b9ee5d1f41b6af7d12a2ba71c7a74727cece06221eadc4d7137811e483a94c1164f4496f0fe1829f55cd2d91b74aeee64bc05e7014dbb599bad1be2d8ced5b1a3131", 0xb0}, {&(0x7f00000004c0)="7c2cbe025ee9322704f45bcead62e3a1a53117e0", 0x14}], 0x2, 0x4739, 0x1) (async) preadv(r12, &(0x7f0000000400)=[{&(0x7f0000000140)=""/176, 0xb0}, {&(0x7f0000000200)=""/19, 0x13}], 0x2, 0x6, 0x1) 1.380416043s ago: executing program 3 (id=1648): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000001000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021cc0300000c0a010300000000000000000700000008000440000000020900010073797a3000000000a40303"], 0x450}}, 0x0) 1.268718938s ago: executing program 0 (id=1649): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{0x0}], 0x1}}], 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008011}, 0x4004) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="cb"], 0x8) sendmsg$inet6(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="1138", 0x2}], 0x1}, 0x4004000) 1.268405147s ago: executing program 3 (id=1650): pipe2(&(0x7f0000001cc0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = openat$cdrom(0xffffff9c, &(0x7f0000000140), 0x880, 0x0) ioctl$CDROMREADAUDIO(r7, 0x530e, 0x0) setsockopt$inet_mreq(r6, 0x0, 0x20, &(0x7f0000000180)={@remote, @local}, 0x8) close(r5) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, 0x0, 0x0) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011000a0101010000000000000000000000007f000001000000000000000000000000fc02000000000000000000000000000100000000000000000000000000000001"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x0) flistxattr(r3, 0x0, 0x0) r10 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000000c0)=0x5) ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000200)=0xfd) ioctl$TCSETSW2(r10, 0x402c542c, &(0x7f0000000040)={0xfffffff8, 0x401, 0xfffffffd, 0xc4cf, 0x7, "0441920887e87fcb367800000000080100", 0x4, 0x200}) ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000140)=0x8) ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000001c0)=0xa) ioctl$RTC_WKALM_SET(r3, 0x4028700f, &(0x7f0000000140)={0x2, 0x0, {0x0, 0x5, 0x0, 0x18, 0x0, 0x5c, 0x4}}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x406, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0xffffffffffffffe8, 0x0, 0x0, 0x6}, 0xf) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x800000, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend}, {@access_client}]}}) 1.222671083s ago: executing program 0 (id=1651): socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000080)={@local, @empty}, &(0x7f00000000c0)=0xc) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x4, 0x3, 0x0, 0x101, 0x30, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, 0x8, 0x8, 0x5, 0x7}}) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x64, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x7000000}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x30, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x64}}, 0x0) 1.140250371s ago: executing program 0 (id=1652): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0xf5ffffff, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, {0x1c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x2000094}, 0x80) 1.088765891s ago: executing program 0 (id=1653): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x4000, 0x0, {{{@in=@rand_addr=0x64010100, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffc, 0x0, 0x0, 0xbffe, 0x0, 0xa0}, {@in6=@loopback, 0x0, 0x33}, @in6=@dev={0xfe, 0x80, '\x00', 0x40}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffed, 0x3}, {0x0, 0x0, 0x1, 0xfffbfffffffffffe}, {0x1000000, 0x0, 0x796}, 0x0, 0x0, 0x0, 0x2, 0x2, 0xe55286f1921f7492}, 0x0, 0x1a0b1}}, 0xf8}, 0x1, 0x0, 0x0, 0x40040}, 0x8000) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e000ff80000000000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0) 1.088511948s ago: executing program 0 (id=1654): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x54, 0x2c, 0xf3f, 0x70fd2c, 0x25dfdbbd, {0x0, 0x0, 0x0, 0x0, {0xc, 0xc}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x2, 0x8, 0x1}, {0x0, 0x4}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20041090}, 0x4880) syz_open_dev$mouse(&(0x7f0000000340), 0x0, 0x8042) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x822f01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005400e50100000000fdffffff07000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="0100dd867f"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100013a1cd27ca9cd040042802d00018006000d3d9f5e3d4700", @ANYRES32=r4, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x4048051}, 0xc000) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x8, 0x32, 0xffffffffffffffff, 0x6931b000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xb, 0x400}, 0x48) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') read$char_usb(r5, &(0x7f0000000080)=""/139, 0x8b) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000040), 0x20000009, 0x100) ioctl$BLKSSZGET(r6, 0x1268, &(0x7f0000000080)) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r7, 0x0) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) 1.03614273s ago: executing program 2 (id=1655): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000000040)={0xf, {"a2e3ad214fc752f90b5e094f4bf70e0dd038e7ff7fc6e5539b1b4d078b089b3b0838721a0890e0878f0e1ac6e7049b3d6c959b4c9a240d9b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d075d0736cd3b78130daa1fd8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f0000000c558cdc0a3621c56cea8d20fa911afe40db6ebe8cac64289fd3da232f1b5dbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146680400416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d483d4675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb53682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516ab68032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d95f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e08d4db9d76864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251aec29b32f8210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ac015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67784f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a700d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) 927.705ms ago: executing program 1 (id=1656): landlock_create_ruleset(&(0x7f0000000000)={0x1814, 0x2, 0x2}, 0x18, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) getpgid(0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="016f080003032a0000000000000000813ecae13acbd30000004531a075bc000000008490783fffff20ac1414aa00000000000000000517f48c357bde1df0133046776b2a7cfd7f4afc47d4961b7d8d5e0200000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8a00000590780018050a07fffff8000000000000"], 0x42) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000480), 0x0, 0x0, 0x0, 0x11}}], 0x1, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xff, 0x0, 0xfffffe0000000001, 0xfa11, 0xfffffffc}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1f) r5 = socket$inet6(0xa, 0x3, 0x3c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x20, 0x1, 0x0, 0x25dfdbfb, "", [@nested={0x101, 0x117, 0x0, 0x1, [@typed={0xc, 0x16, 0x0, 0x0, @u64=0xfac06}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c", @typed={0x4, 0xeb}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x20, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x5000, 0x1, @remote, 0x5}, 0x1c) writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005000)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r8 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r8, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) 927.388426ms ago: executing program 2 (id=1657): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) ioctl$SNDCTL_SYNTH_ID(r0, 0xc08c5114, &(0x7f00000003c0)={"637bf629b5896eeb77e137c6e7f24b7891d6f012acc9fe23b2a34566bb56", 0x2, 0x1, 0x0, 0x101, 0x81, 0x5, 0x1, 0x6, [0x5, 0x4, 0x1, 0x401, 0x3, 0x2ab9, 0x4e2edc8b, 0x80000001, 0x8, 0x7, 0x3, 0x4, 0x7ef, 0xc, 0xffff0000, 0x2, 0x6, 0x7, 0x6]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) syz_io_uring_setup(0x48, &(0x7f0000000300)={0x0, 0xf20f, 0x40, 0x2, 0x1b}, &(0x7f0000000100), &(0x7f00000000c0), &(0x7f0000000000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_procs(r2, 0x0, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', 0x0}) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000ff0000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r5}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001100010025bd7000ffdbdf2500000000", @ANYRES32=r8], 0x20}, 0x1, 0x0, 0x0, 0xc881}, 0x8080) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000001000010027bd700000000000000000", @ANYRES32=r4, @ANYBLOB="004100000000000014002b8008000100", @ANYRES32=r6], 0x34}}, 0x4008000) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r10, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r10, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8010) r11 = socket$nl_rdma(0x10, 0x3, 0x14) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@map=r0, 0x36, 0x0, 0x1, &(0x7f00000001c0)=[0x0], 0x1, 0x0, &(0x7f0000000480)=[0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000005c0)={@fallback=r9, r0, 0x36, 0x0, 0x0, @void, @value=r0, @void, @void, r12}, 0x20) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810) 819.445614ms ago: executing program 0 (id=1658): io_uring_setup(0x937, &(0x7f00000002c0)={0x0, 0x32b6, 0x80, 0x0, 0x35d}) socket$packet(0x11, 0x2, 0x300) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_rdma(0x10, 0x3, 0x14) openat$sysfs(0xffffffffffffff9c, 0x0, 0x202, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x20, 0x3b, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}}, 0xc000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001206", 0x2e}], 0x1}, 0x48000) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfff933201}, 0x14) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000280), 0x80010a, 0x1cb600) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82803, 0x8e) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000080)={r6, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1d, 0x14, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5d69098c8b534464c516bdd8a0f350000e35abdb80e38f5eb010001", "32d8cc263d9e234b02000000000000004a6783cdd3dfe7800b2d7b6aa54cc5001fcaed1e831fa79a000000020000000000000400", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x8, 0x5]}}) ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x400) bpf$PROG_LOAD(0x5, 0x0, 0x0) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x0, 0x1) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000007000000140001800500020001000000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 599.105847ms ago: executing program 3 (id=1659): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{0x0}], 0x1}}], 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008011}, 0x4004) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="cb"], 0x8) sendmsg$inet6(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="1138", 0x2}], 0x1}, 0x4004000) 170.382554ms ago: executing program 2 (id=1660): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000200)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000140)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x8, @loopback, 0x2}, r1}}, 0x30) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000380)={0x7, 0x8, 0xfa00, {r1, 0xe4}}, 0x10) r2 = socket(0x40000000015, 0x5, 0x0) connect$l2tp6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x0, 0x2}, 0x20) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') sendfile(r3, r3, &(0x7f0000000000)=0x2eb4, 0x7ff) ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(r3, 0x800c4151, &(0x7f0000000340)={0x0, &(0x7f0000000240)="ec32730acec16d990b0baa315834f13a533c77e8d48abfccdd9e5f0e2545c5cdd07d6fd74c895c8fd1bc37789d67290a160b88914bf9c8d7ee70056e6ee0ff9c9dd6412a5934258c3c6c6b786d53109e6674a6635afb09b56517105d6d79122d70718cc2a46627be12eac8f577ad0c08b6c565ceb292fd983356b04c44438ab830f143fe6a8ff929f33f3a0793bd5a5c2819cfc160a70b57976f7461fd32f0a302208a7036a9fb4a4cad2965aa97d46d2b54e95c5096c1136355f2c85871ea3f49756b96e931e0", 0xc7}) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f00000001c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000180), r1}}, 0x18) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000200), 0x13f, 0x4}}, 0x20) (async) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000140)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x8, @loopback, 0x2}, r1}}, 0x30) (async) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000380)={0x7, 0x8, 0xfa00, {r1, 0xe4}}, 0x10) (async) socket(0x40000000015, 0x5, 0x0) (async) connect$l2tp6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x0, 0x2}, 0x20) (async) syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') (async) sendfile(r3, r3, &(0x7f0000000000)=0x2eb4, 0x7ff) (async) ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(r3, 0x800c4151, &(0x7f0000000340)={0x0, &(0x7f0000000240)="ec32730acec16d990b0baa315834f13a533c77e8d48abfccdd9e5f0e2545c5cdd07d6fd74c895c8fd1bc37789d67290a160b88914bf9c8d7ee70056e6ee0ff9c9dd6412a5934258c3c6c6b786d53109e6674a6635afb09b56517105d6d79122d70718cc2a46627be12eac8f577ad0c08b6c565ceb292fd983356b04c44438ab830f143fe6a8ff929f33f3a0793bd5a5c2819cfc160a70b57976f7461fd32f0a302208a7036a9fb4a4cad2965aa97d46d2b54e95c5096c1136355f2c85871ea3f49756b96e931e0", 0xc7}) (async) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f00000001c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000180), r1}}, 0x18) (async) 0s ago: executing program 2 (id=1661): sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000800) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000001100)=ANY=[@ANYBLOB="1c0000f500000000000000000000fc04000045"], 0x58) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:34162' (ED25519) to the list of known hosts. [ 48.765763][ T5702] cgroup: Unknown subsys name 'net' [ 48.897021][ T5702] cgroup: Unknown subsys name 'cpuset' [ 48.901027][ T5702] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 50.033782][ T5702] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.429273][ T5737] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.433274][ T5737] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.438496][ T5737] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.440138][ T5750] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.440335][ T5751] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.442083][ T5751] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.442515][ T5737] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.442920][ T5752] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.443358][ T5737] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.444513][ T5752] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.445563][ T5750] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.445902][ T5750] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.446515][ T5737] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.447068][ T5750] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.447634][ T5750] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.447957][ T5751] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.448285][ T5750] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.449613][ T5750] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.456805][ T5737] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.483640][ T5737] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 55.055851][ T5740] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.059659][ T5740] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.062500][ T5740] bridge_slave_0: entered allmulticast mode [ 55.066482][ T5740] bridge_slave_0: entered promiscuous mode [ 55.103212][ T5740] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.106926][ T5740] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.109237][ T5740] bridge_slave_1: entered allmulticast mode [ 55.112372][ T5740] bridge_slave_1: entered promiscuous mode [ 55.222441][ T5740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.235204][ T5740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.243799][ T5735] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.247663][ T5735] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.250496][ T5735] bridge_slave_0: entered allmulticast mode [ 55.253189][ T5735] bridge_slave_0: entered promiscuous mode [ 55.256528][ T5735] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.258821][ T5735] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.261120][ T5735] bridge_slave_1: entered allmulticast mode [ 55.263721][ T5735] bridge_slave_1: entered promiscuous mode [ 55.266481][ T5743] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.268754][ T5743] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.271042][ T5743] bridge_slave_0: entered allmulticast mode [ 55.273776][ T5743] bridge_slave_0: entered promiscuous mode [ 55.276952][ T5743] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.279283][ T5743] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.281644][ T5743] bridge_slave_1: entered allmulticast mode [ 55.284381][ T5743] bridge_slave_1: entered promiscuous mode [ 55.316374][ T5740] team0: Port device team_slave_0 added [ 55.340885][ T5740] team0: Port device team_slave_1 added [ 55.343276][ T5739] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.346137][ T5739] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.348523][ T5739] bridge_slave_0: entered allmulticast mode [ 55.352292][ T5739] bridge_slave_0: entered promiscuous mode [ 55.357343][ T5739] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.360513][ T5739] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.363636][ T5739] bridge_slave_1: entered allmulticast mode [ 55.367893][ T5739] bridge_slave_1: entered promiscuous mode [ 55.375651][ T5735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.380987][ T5743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.388561][ T5743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.423007][ T5735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.438140][ T5740] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.441180][ T5740] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.450709][ T5740] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.455451][ T5740] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.457801][ T5740] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.466487][ T5740] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.471620][ T5739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.477090][ T5739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.508304][ T5735] team0: Port device team_slave_0 added [ 55.524398][ T5743] team0: Port device team_slave_0 added [ 55.528133][ T5735] team0: Port device team_slave_1 added [ 55.540072][ T5743] team0: Port device team_slave_1 added [ 55.560010][ T5739] team0: Port device team_slave_0 added [ 55.570567][ T5739] team0: Port device team_slave_1 added [ 55.590031][ T5735] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.593029][ T5735] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.603860][ T5735] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.634360][ T5740] hsr_slave_0: entered promiscuous mode [ 55.637766][ T5740] hsr_slave_1: entered promiscuous mode [ 55.640941][ T5735] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.643199][ T5735] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.654467][ T5735] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.664138][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.666743][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.676278][ T5743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.695704][ T5739] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.698688][ T5739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.709022][ T5739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.716480][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.720153][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.730997][ T5743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.741061][ T5739] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.744014][ T5739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.752544][ T5739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.821235][ T5735] hsr_slave_0: entered promiscuous mode [ 55.823957][ T5735] hsr_slave_1: entered promiscuous mode [ 55.826402][ T5735] debugfs: 'hsr0' already exists in 'hsr' [ 55.828425][ T5735] Cannot create hsr debugfs directory [ 55.851782][ T5743] hsr_slave_0: entered promiscuous mode [ 55.854988][ T5743] hsr_slave_1: entered promiscuous mode [ 55.858071][ T5743] debugfs: 'hsr0' already exists in 'hsr' [ 55.860662][ T5743] Cannot create hsr debugfs directory [ 55.916691][ T5739] hsr_slave_0: entered promiscuous mode [ 55.919590][ T5739] hsr_slave_1: entered promiscuous mode [ 55.922150][ T5739] debugfs: 'hsr0' already exists in 'hsr' [ 55.924063][ T5739] Cannot create hsr debugfs directory [ 56.191122][ T5740] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.200473][ T5740] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 56.204372][ T5740] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.210686][ T5740] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 56.215092][ T5740] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.221658][ T5740] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 56.235342][ T5740] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.242174][ T5740] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 56.276722][ T5735] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 56.282066][ T5735] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 56.288804][ T5735] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 56.295250][ T5735] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 56.298918][ T5735] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 56.305260][ T5735] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 56.324030][ T5735] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 56.331386][ T5735] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 56.377393][ T5743] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 56.383866][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 56.387962][ T5743] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 56.393848][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 56.403350][ T5743] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 56.410215][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 56.426488][ T5743] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 56.431983][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 56.476707][ T5739] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 56.482645][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 56.487667][ T5739] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 56.493598][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 56.505557][ T5737] Bluetooth: hci1: command tx timeout [ 56.505594][ T5749] Bluetooth: hci2: command tx timeout [ 56.506900][ T5742] Bluetooth: hci0: command tx timeout [ 56.507004][ T5742] Bluetooth: hci3: command tx timeout [ 56.507554][ T5739] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 56.522312][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 56.527178][ T5739] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 56.534595][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 56.606815][ T5740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.620094][ T5735] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.648504][ T5735] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.653567][ T5740] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.665454][ T5743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.674107][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.676704][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.680958][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.683337][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.691378][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.694309][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.702564][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.704989][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.722980][ T5743] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.742329][ T5739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.749382][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.751875][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.759171][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.762067][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.776191][ T5739] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.786977][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.790058][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.830402][ T1156] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.833705][ T1156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.086823][ T5735] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.114478][ T5735] veth0_vlan: entered promiscuous mode [ 57.122142][ T5743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.127727][ T5740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.131851][ T5735] veth1_vlan: entered promiscuous mode [ 57.177840][ T5739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.189912][ T5735] veth0_macvtap: entered promiscuous mode [ 57.198579][ T5735] veth1_macvtap: entered promiscuous mode [ 57.219556][ T5740] veth0_vlan: entered promiscuous mode [ 57.231322][ T5743] veth0_vlan: entered promiscuous mode [ 57.239878][ T5735] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.245226][ T5735] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.261349][ T5740] veth1_vlan: entered promiscuous mode [ 57.267391][ T5743] veth1_vlan: entered promiscuous mode [ 57.271450][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.275552][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.283271][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.288006][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.323095][ T5739] veth0_vlan: entered promiscuous mode [ 57.343078][ T5739] veth1_vlan: entered promiscuous mode [ 57.353177][ T5743] veth0_macvtap: entered promiscuous mode [ 57.368337][ T5740] veth0_macvtap: entered promiscuous mode [ 57.372907][ T5743] veth1_macvtap: entered promiscuous mode [ 57.385163][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.385177][ T5740] veth1_macvtap: entered promiscuous mode [ 57.388968][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.427561][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.432015][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.433020][ T5740] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.436305][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.439698][ T5739] veth0_macvtap: entered promiscuous mode [ 57.452164][ T5740] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.457499][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.470665][ T5739] veth1_macvtap: entered promiscuous mode [ 57.473982][ T77] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.478701][ T77] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.481796][ T5735] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 57.496463][ T77] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.501096][ T77] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.510604][ T5739] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.516233][ T77] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.519649][ T77] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.529833][ T77] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.551324][ T77] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.567970][ T5739] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.586162][ T59] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.590084][ T59] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.604485][ T59] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.607623][ T59] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.653101][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.656416][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.666115][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.670920][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.692876][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.696911][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.701718][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.705421][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.723403][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.730692][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.770300][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.779910][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.135221][ T5896] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 58.177254][ T5897] openvswitch: netlink: Flow actions attr not present in new flow. [ 58.584283][ T5749] Bluetooth: hci2: command tx timeout [ 58.594492][ T5737] Bluetooth: hci3: command tx timeout [ 58.597401][ T5750] Bluetooth: hci0: command tx timeout [ 58.599771][ T5749] Bluetooth: hci1: command tx timeout [ 59.986670][ T5915] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 60.046724][ T5919] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 60.131083][ T5919] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 60.444768][ T5926] lo speed is unknown, defaulting to 1000 [ 60.449295][ T5926] lo speed is unknown, defaulting to 1000 [ 60.464923][ T5926] lo speed is unknown, defaulting to 1000 [ 60.470412][ T5927] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 60.475198][ T5927] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 60.480929][ T5927] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 60.491840][ T5927] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 60.514945][ T5927] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 60.664570][ T5750] Bluetooth: hci0: command tx timeout [ 60.666546][ T5742] Bluetooth: hci2: command tx timeout [ 60.668409][ T5737] Bluetooth: hci3: command tx timeout [ 60.670498][ T5749] Bluetooth: hci1: command tx timeout [ 61.248726][ T5926] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 61.255992][ T5926] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 61.274389][ T5926] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 61.310175][ T5926] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 61.357243][ T5926] lo speed is unknown, defaulting to 1000 [ 61.370992][ T5926] lo speed is unknown, defaulting to 1000 [ 61.378700][ T5926] lo speed is unknown, defaulting to 1000 [ 61.382607][ T5926] lo speed is unknown, defaulting to 1000 [ 62.014744][ T5925] siw: device registration error -23 [ 62.117763][ T5925] smbdirect: ib_dev[syz2] removed [ 62.210862][ T5936] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 62.380707][ T5944] vlan2: entered promiscuous mode [ 62.382927][ T5944] bridge0: entered promiscuous mode [ 62.754307][ T5749] Bluetooth: hci1: command tx timeout [ 62.754860][ T5742] Bluetooth: hci2: command tx timeout [ 62.756105][ T5749] Bluetooth: hci3: command tx timeout [ 62.756120][ T5749] Bluetooth: hci0: command tx timeout [ 63.111260][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.144052][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 63.182104][ T5952] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 63.184303][ T5952] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 63.188494][ T5952] vhci_hcd vhci_hcd.0: Device attached [ 63.347854][ T5951] ip6tnl0: entered promiscuous mode [ 63.354484][ T5951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17'. [ 63.358828][ T5955] lo speed is unknown, defaulting to 1000 [ 63.360918][ T5955] lo speed is unknown, defaulting to 1000 [ 63.366584][ T5955] lo speed is unknown, defaulting to 1000 [ 63.374078][ T5955] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 63.378653][ T5955] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 63.467843][ T5955] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 63.494334][ T53] usb 44-1: SetAddress Request (2) to port 0 [ 63.499104][ T5955] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 63.499761][ T53] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 63.556005][ T5955] lo speed is unknown, defaulting to 1000 [ 63.567708][ T5955] lo speed is unknown, defaulting to 1000 [ 63.600568][ T5955] lo speed is unknown, defaulting to 1000 [ 63.648381][ T5955] lo speed is unknown, defaulting to 1000 [ 63.887606][ T5953] vhci_hcd: connection reset by peer [ 63.896803][ T46] vhci_hcd vhci_hcd.3: stop threads [ 63.899935][ T46] vhci_hcd vhci_hcd.3: release socket [ 63.905859][ T46] vhci_hcd vhci_hcd.3: disconnect device [ 63.907181][ T5972] Illegal XDP return value 4294967294 on prog (id 4) dev N/A, expect packet loss! [ 63.950860][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.954861][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.213281][ T40] audit: type=1400 audit(1778604749.457:2): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="\" pid=5982 comm="syz.2.27" [ 64.219480][ T5974] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.247489][ T5984] siw: device registration error -23 [ 64.326192][ T5979] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.386488][ T5979] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 64.417518][ T5980] ip6tnl0: entered promiscuous mode [ 64.423987][ T5980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26'. [ 64.430152][ T1161] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.435259][ T1161] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.449994][ T1161] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.453059][ T1161] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.982983][ T6004] syz.0.32 uses obsolete (PF_INET,SOCK_PACKET) [ 65.267680][ T6014] netlink: 8 bytes leftover after parsing attributes in process `syz.0.35'. [ 65.272460][ T6014] siw: device registration error -23 [ 65.321452][ T5995] orangefs_mount: mount request failed with -4 [ 65.425720][ T6025] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.428323][ T6025] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.478280][ T6025] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.484102][ T6025] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.570199][ T181] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.573775][ T181] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.578066][ T181] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.581987][ T181] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.729266][ T6082] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 66.778543][ T6075] Zero length message leads to an empty skb [ 66.945034][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.47'. [ 67.098235][ T6055] netlink: 4 bytes leftover after parsing attributes in process `syz.1.43'. [ 67.124351][ T34] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 67.127067][ T6105] ip6tnl0: left promiscuous mode [ 67.245474][ T6105] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.248417][ T6105] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.280405][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.285374][ T6123] process 'syz.2.52' launched './file1' with NULL argv: empty string added [ 67.287237][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.292690][ T34] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 67.297327][ T34] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 67.300699][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.310303][ T34] usb 8-1: config 0 descriptor?? [ 67.335590][ T6105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.343253][ T6129] ======================================================= [ 67.343253][ T6129] WARNING: The mand mount option has been deprecated and [ 67.343253][ T6129] and is ignored by this kernel. Remove the mand [ 67.343253][ T6129] option from the mount to silence this warning. [ 67.343253][ T6129] ======================================================= [ 67.358547][ T6129] i2c i2c-1: dtv_property_process_set: SET cmd 0x74360740 undefined [ 67.415845][ T77] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.415950][ T1315] syz0: Port: 1 Link DOWN [ 67.419760][ T77] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.425628][ T77] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.429793][ T77] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.476023][ T6137] openvswitch: netlink: Flow actions attr not present in new flow. [ 67.748037][ T34] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 67.973116][ T6160] ip6tnl0: entered promiscuous mode [ 67.975405][ T6160] netlink: 8 bytes leftover after parsing attributes in process `syz.1.58'. [ 67.988451][ T6160] siw: device registration error -23 [ 68.112199][ T6162] capability: warning: `syz.3.48' uses deprecated v2 capabilities in a way that may be insecure [ 68.697333][ T53] usb 44-1: device descriptor read/8, error -110 [ 68.942288][ T6181] ip6tnl0: left promiscuous mode [ 68.958636][ T6186] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 68.961467][ T6186] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 68.966249][ T6186] vhci_hcd vhci_hcd.0: Device attached [ 68.993841][ T6187] vhci_hcd: connection closed [ 68.995290][ T46] vhci_hcd vhci_hcd.0: stop threads [ 68.999011][ T46] vhci_hcd vhci_hcd.0: release socket [ 69.000955][ T46] vhci_hcd vhci_hcd.0: disconnect device [ 69.125534][ T53] usb usb44-port1: attempt power cycle [ 69.373520][ T6175] netlink: 4 bytes leftover after parsing attributes in process `syz.2.60'. [ 69.518235][ T6213] netlink: 52 bytes leftover after parsing attributes in process `syz.2.64'. [ 69.704854][ T53] usb usb44-port1: unable to enumerate USB device [ 69.788231][ T6224] new mount options do not match the existing superblock, will be ignored [ 70.912538][ T39] usb 8-1: reset high-speed USB device number 2 using dummy_hcd [ 71.783487][ T6252] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 72.120703][ T5744] usb 8-1: USB disconnect, device number 2 [ 72.762604][ T6263] bond1: entered promiscuous mode [ 72.892620][ T6270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.80'. [ 73.447580][ T6288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.84'. [ 74.268008][ T6303] openvswitch: netlink: Flow actions attr not present in new flow. [ 76.036661][ T1434] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.042552][ T1434] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.068791][ T6316] netlink: 'syz.1.93': attribute type 1 has an invalid length. [ 76.072269][ T6316] nbd: error processing sock list [ 78.409330][ T6338] netlink: 4 bytes leftover after parsing attributes in process `syz.0.99'. [ 80.101507][ T6393] netlink: 4 bytes leftover after parsing attributes in process `syz.0.109'. [ 80.202900][ T6431] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 80.293396][ T6434] netlink: 'syz.0.117': attribute type 7 has an invalid length. [ 80.296863][ T6434] netlink: 'syz.0.117': attribute type 8 has an invalid length. [ 80.301915][ T6434] Invalid argument reading file caps for ./file0 [ 80.631424][ T6446] lo speed is unknown, defaulting to 1000 [ 80.739610][ T6446] netlink: 132 bytes leftover after parsing attributes in process `syz.0.121'. [ 80.896071][ T6452] ip6tnl0: left promiscuous mode [ 80.923045][ T6452] vlan2: left promiscuous mode [ 80.924806][ T6452] bridge0: left promiscuous mode [ 80.955885][ T5747] lo speed is unknown, defaulting to 1000 [ 81.002520][ T6450] ceph: No mds server is up or the cluster is laggy [ 81.011833][ T5747] libceph: connect (1)[c::]:6789 error -101 [ 81.019246][ T5747] libceph: mon0 (1)[c::]:6789 connect error [ 81.286415][ T6459] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size. [ 81.467479][ T6459] i2c i2c-1: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 81.592380][ T6471] netlink: 12 bytes leftover after parsing attributes in process `syz.3.126'. [ 81.597318][ T6471] netlink: 8 bytes leftover after parsing attributes in process `syz.3.126'. [ 81.658634][ T6475] netlink: 32 bytes leftover after parsing attributes in process `syz.3.128'. [ 82.177114][ T6478] netlink: 6 bytes leftover after parsing attributes in process `syz.2.129'. [ 82.180009][ T6478] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.182609][ T6478] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.297619][ T6481] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.327562][ T6482] ip6tnl0: entered promiscuous mode [ 82.329928][ T6482] netlink: 8 bytes leftover after parsing attributes in process `syz.3.130'. [ 82.354886][ T6482] siw: device registration error -23 [ 82.544027][ T6484] bridge_slave_0: left allmulticast mode [ 82.546372][ T6484] bridge_slave_0: left promiscuous mode [ 82.548527][ T6484] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.555610][ T6484] bridge_slave_1: left allmulticast mode [ 82.557889][ T6484] bridge_slave_1: left promiscuous mode [ 82.559837][ T6484] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.572437][ T6484] bond0: (slave bond_slave_0): Releasing backup interface [ 82.578273][ T6484] bond0: (slave bond_slave_1): Releasing backup interface [ 82.590063][ T6484] team0: Port device team_slave_0 removed [ 82.597489][ T6484] team0: Port device team_slave_1 removed [ 82.600522][ T6484] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 82.611819][ T6485] team0: Mode changed to "activebackup" [ 82.647390][ T6484] vlan0: entered promiscuous mode [ 82.654551][ T6484] team0: Port device vlan0 added [ 82.663321][ T6484] tipc: Started in network mode [ 82.665945][ T6484] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 82.668641][ T6484] tipc: Enabled bearer , priority 0 [ 82.876938][ T6490] netlink: 'syz.0.134': attribute type 1 has an invalid length. [ 82.906875][ T6490] bond2: entered promiscuous mode [ 82.908877][ T6490] 8021q: adding VLAN 0 to HW filter on device bond2 [ 82.963660][ T6490] 8021q: adding VLAN 0 to HW filter on device bond2 [ 82.966990][ T6490] bond2: (slave vti0): The slave device specified does not support setting the MAC address [ 82.972514][ T6490] bond2: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 82.985060][ T6490] bond2: (slave vti0): making interface the new active one [ 82.987480][ T6490] vti0: entered promiscuous mode [ 82.990858][ T6490] bond2: (slave vti0): Enslaving as an active interface with an up link [ 83.145905][ T6496] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 83.522991][ T6502] program syz.0.138 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 83.691117][ T5747] tipc: Node number set to 11578026 [ 84.197025][ T6535] netlink: 8 bytes leftover after parsing attributes in process `syz.1.139'. [ 84.205635][ T6513] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 84.492239][ T6547] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 84.556830][ T6549] openvswitch: netlink: Flow actions attr not present in new flow. [ 84.734247][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 86.085442][ T6574] netlink: 20 bytes leftover after parsing attributes in process `syz.2.151'. [ 86.098794][ T6574] netlink: 36 bytes leftover after parsing attributes in process `syz.2.151'. [ 86.248217][ T6580] syzkaller0: entered promiscuous mode [ 86.251276][ T6580] syzkaller0: entered allmulticast mode [ 86.319797][ T29] cfg80211: failed to load regulatory.db [ 86.411643][ T5742] Bluetooth: hci3: Malformed Event: 0x02 [ 87.026457][ T6590] ip6tnl0: entered promiscuous mode [ 87.028261][ T6590] netlink: 8 bytes leftover after parsing attributes in process `syz.1.155'. [ 87.067400][ T6590] siw: device registration error -23 [ 88.110728][ T6609] syz_tun: entered promiscuous mode [ 88.113839][ T6609] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 88.332225][ T6616] siw: device registration error -23 [ 89.315936][ T6622] netlink: 8 bytes leftover after parsing attributes in process `syz.1.165'. [ 89.321991][ T6622] siw: device registration error -23 [ 90.219446][ T6646] netlink: 20 bytes leftover after parsing attributes in process `syz.1.170'. [ 90.311579][ T6650] netlink: 52 bytes leftover after parsing attributes in process `syz.3.172'. [ 90.564352][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 90.734442][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 90.760304][ T10] usb 6-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 90.771896][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.776949][ T10] usb 6-1: Product: syz [ 90.778378][ T10] usb 6-1: Manufacturer: syz [ 90.780243][ T10] usb 6-1: SerialNumber: syz [ 90.786395][ T10] usb 6-1: config 0 descriptor?? [ 90.790863][ T10] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 90.795511][ T10] dvb-usb: bulk message failed: -22 (4/0) [ 90.798228][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 90.802015][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 90.803972][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 90.812897][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 90.816987][ T10] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 90.819685][ T10] usb 6-1: media controller created [ 90.829724][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 90.841472][ T10] usb 6-1: selecting invalid altsetting 3 [ 90.843558][ T10] ttusb2: set interface to alts=3 failed [ 90.875561][ T10] DVB: Unable to find symbol tda10086_attach() [ 90.877748][ T10] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 90.881213][ T10] dvb-usb: bulk message failed: -22 (4/0) [ 90.883106][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 90.885707][ T6663] ip6tnl0: entered promiscuous mode [ 90.886861][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 90.890203][ T6663] netlink: 8 bytes leftover after parsing attributes in process `syz.2.178'. [ 90.891714][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 90.897782][ T10] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 90.997634][ T10] usb 6-1: USB disconnect, device number 2 [ 91.060904][ T10] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 91.257232][ T6702] netlink: 8 bytes leftover after parsing attributes in process `syz.3.185'. [ 91.262089][ T6702] netlink: 8 bytes leftover after parsing attributes in process `syz.3.185'. [ 91.298072][ T6702] loop4: detected capacity change from 0 to 7 [ 91.374649][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 91.382483][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 91.388771][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 91.395616][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 91.402289][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 91.613200][ T6722] warning: `syz.1.189' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 91.780898][ T6707] netlink: 4 bytes leftover after parsing attributes in process `syz.0.188'. [ 91.849697][ T6730] netlink: 'syz.0.190': attribute type 3 has an invalid length. [ 92.116998][ T6739] netlink: 8 bytes leftover after parsing attributes in process `syz.1.191'. [ 92.133398][ T6739] siw: device registration error -23 [ 93.083205][ T6756] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 93.088702][ T6756] overlayfs: overlapping lowerdir path [ 93.367969][ T6784] bridge_slave_0: left allmulticast mode [ 93.369883][ T6784] bridge_slave_0: left promiscuous mode [ 93.372966][ T6784] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.379804][ T6784] bridge_slave_1: left allmulticast mode [ 93.390786][ T6784] bridge_slave_1: left promiscuous mode [ 93.392668][ T6784] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.403253][ T6784] bond0: (slave bond_slave_0): Releasing backup interface [ 93.407135][ T6784] bond0: (slave bond_slave_1): Releasing backup interface [ 93.412669][ T6784] team0: Port device team_slave_0 removed [ 93.437942][ T6784] team0: Port device team_slave_1 removed [ 93.440740][ T6784] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.446615][ T6784] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 93.453150][ T6789] team0: Mode changed to "activebackup" [ 93.470588][ T6784] vlan0: entered promiscuous mode [ 93.477224][ T6784] tipc: Started in network mode [ 93.479359][ T6784] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 93.482691][ T6784] tipc: Enabled bearer , priority 0 [ 93.520760][ T6799] openvswitch: netlink: Flow actions attr not present in new flow. [ 93.626642][ T6764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.198'. [ 93.700825][ T6809] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 94.494316][ T34] tipc: Node number set to 11578026 [ 95.095562][ T6851] netlink: 'syz.0.218': attribute type 1 has an invalid length. [ 95.106962][ T6851] bond3: entered promiscuous mode [ 95.108919][ T6851] 8021q: adding VLAN 0 to HW filter on device bond3 [ 95.140961][ T6849] netlink: 156 bytes leftover after parsing attributes in process `syz.1.217'. [ 95.275293][ T6859] bond1: left promiscuous mode [ 95.278382][ T6859] bond2: left promiscuous mode [ 95.279956][ T6859] vti0: left promiscuous mode [ 95.359763][ T6859] bond3: left promiscuous mode [ 95.684883][ T6868] binder: Unknown parameter 'a}Òµ²R0' [ 96.641578][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.224'. [ 96.964372][ T34] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 97.114261][ T34] usb 5-1: Invalid ep0 maxpacket: 16 [ 97.254400][ T34] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 97.425136][ T34] usb 5-1: Invalid ep0 maxpacket: 16 [ 97.511813][ T6890] netlink: 8 bytes leftover after parsing attributes in process `syz.3.227'. [ 97.521981][ T6890] siw: device registration error -23 [ 98.228350][ T34] usb usb5-port1: attempt power cycle [ 98.574304][ T34] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 98.594719][ T34] usb 5-1: Invalid ep0 maxpacket: 16 [ 98.724365][ T34] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 98.751431][ T6904] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 98.754748][ T34] usb 5-1: Invalid ep0 maxpacket: 16 [ 98.758752][ T34] usb usb5-port1: unable to enumerate USB device [ 99.076581][ T6908] ip6tnl0: left promiscuous mode [ 99.092022][ T6908] tipc: Resetting bearer [ 99.176862][ T6908] vlan0: left promiscuous mode [ 99.248176][ T5841] lo speed is unknown, defaulting to 1000 [ 99.248187][ T59] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.250793][ T5841] syz2: Port: 1 Link DOWN [ 99.262531][ T59] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.271608][ T59] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.278818][ T59] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.805753][ T6911] ip6tnl0: entered promiscuous mode [ 99.807928][ T6911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.233'. [ 99.906153][ T40] audit: type=1326 audit(1778604785.157:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 99.915397][ T40] audit: type=1326 audit(1778604785.157:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=435 compat=1 ip=0xf72094d0 code=0x7ffc0000 [ 99.929111][ T40] audit: type=1326 audit(1778604785.157:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 99.951536][ T40] audit: type=1326 audit(1778604785.167:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 99.969251][ T40] audit: type=1326 audit(1778604785.187:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 99.989564][ T40] audit: type=1326 audit(1778604785.187:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=311 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 99.992513][ T6923] netlink: 'syz.2.235': attribute type 39 has an invalid length. [ 100.005620][ T40] audit: type=1326 audit(1778604785.187:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 100.015876][ T40] audit: type=1326 audit(1778604785.187:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=175 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 100.024968][ T40] audit: type=1326 audit(1778604785.187:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 100.033899][ T40] audit: type=1326 audit(1778604785.187:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.236" exe="/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 100.873567][ T6945] ip6tnl0: left promiscuous mode [ 101.022841][ T6950] siw: device registration error -23 [ 101.166071][ T6955] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 101.237572][ T6957] netlink: 'syz.1.246': attribute type 4 has an invalid length. [ 102.392147][ T6990] netlink: 20 bytes leftover after parsing attributes in process `syz.0.258'. [ 102.393641][ T6988] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 103.388116][ T7004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.259'. [ 103.545150][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 103.694301][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 103.703950][ T10] usb 5-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 103.708470][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.711992][ T10] usb 5-1: Product: syz [ 103.713790][ T10] usb 5-1: Manufacturer: syz [ 103.716276][ T10] usb 5-1: SerialNumber: syz [ 103.722863][ T10] usb 5-1: config 0 descriptor?? [ 103.739663][ T10] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 103.743004][ T10] dvb-usb: bulk message failed: -22 (4/0) [ 103.745899][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 103.750274][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 103.752704][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 103.769454][ T7031] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 103.985323][ T6990] Bluetooth: MGMT ver 1.23 [ 104.004137][ T7034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.262'. [ 104.324330][ T5744] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 104.494261][ T5744] usb 6-1: Using ep0 maxpacket: 16 [ 104.506595][ T5744] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 104.509931][ T5744] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 104.513509][ T5744] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 104.539844][ T5744] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 104.548967][ T5744] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.567570][ T5744] usb 6-1: Product: syz [ 104.568983][ T5744] usb 6-1: Manufacturer: syz [ 104.576434][ T5744] usb 6-1: SerialNumber: syz [ 104.627341][ T5744] usb 6-1: 0:2 : does not exist [ 104.692456][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 104.703891][ T10] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 104.708679][ T10] usb 5-1: media controller created [ 104.716606][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 104.729109][ T10] usb 5-1: selecting invalid altsetting 3 [ 104.731468][ T10] ttusb2: set interface to alts=3 failed [ 104.808038][ T10] DVB: Unable to find symbol tda10086_attach() [ 104.809997][ T10] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 104.817175][ T10] dvb-usb: bulk message failed: -22 (4/0) [ 104.818969][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 104.823555][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 104.830761][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 104.834017][ T10] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 104.843794][ T10] usb 5-1: USB disconnect, device number 6 [ 104.889319][ T10] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 105.069796][ T7052] 2žÿ: renamed from team_slave_1 [ 105.252168][ T7054] bridge_slave_0: left allmulticast mode [ 105.254029][ T7054] bridge_slave_0: left promiscuous mode [ 105.257041][ T7054] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.263209][ T7054] bridge_slave_1: left allmulticast mode [ 105.265357][ T7054] bridge_slave_1: left promiscuous mode [ 105.267231][ T7054] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.274697][ T7054] bond0: (slave bond_slave_0): Releasing backup interface [ 105.281195][ T7054] bond0: (slave bond_slave_1): Releasing backup interface [ 105.289652][ T7054] team0: Port device team_slave_0 removed [ 105.297520][ T7054] team0: Port device team_slave_1 removed [ 105.302568][ T7054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.310667][ T7054] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 105.319299][ T7056] team0: Mode changed to "activebackup" [ 105.342002][ T7057] vlan0: entered promiscuous mode [ 105.347908][ T7058] tipc: Started in network mode [ 105.349866][ T7058] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 105.353079][ T7058] tipc: Enabled bearer , priority 0 [ 105.364740][ T7060] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 106.001561][ T7084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.274'. [ 106.356220][ T34] tipc: Node number set to 11578026 [ 106.373769][ T7081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.276'. [ 106.466709][ T7107] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 106.469023][ T7107] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 106.473049][ T7107] vhci_hcd vhci_hcd.0: Device attached [ 106.485954][ T7108] vhci_hcd: connection closed [ 106.486340][ T59] vhci_hcd vhci_hcd.3: stop threads [ 106.491005][ T59] vhci_hcd vhci_hcd.3: release socket [ 106.493701][ T59] vhci_hcd vhci_hcd.3: disconnect device [ 106.798994][ T7118] netlink: 16 bytes leftover after parsing attributes in process `syz.0.281'. [ 106.802108][ T7118] openvswitch: netlink: Flow actions attr not present in new flow. [ 106.890329][ T29] usb 6-1: USB disconnect, device number 3 [ 107.161488][ T7134] openvswitch: netlink: Flow actions attr not present in new flow. [ 107.277045][ T7130] lo speed is unknown, defaulting to 1000 [ 107.836542][ T7122] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 107.838729][ T7122] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 107.841422][ T7122] vhci_hcd vhci_hcd.0: Device attached [ 108.064293][ T7157] openvswitch: netlink: Flow actions attr not present in new flow. [ 108.114672][ T29] usb 38-1: SetAddress Request (2) to port 0 [ 108.119874][ T29] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 108.213196][ T7143] vhci_hcd: connection reset by peer [ 108.216778][ T103] vhci_hcd vhci_hcd.0: stop threads [ 108.220613][ T103] vhci_hcd vhci_hcd.0: release socket [ 108.224923][ T103] vhci_hcd vhci_hcd.0: disconnect device [ 108.372235][ T7148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.288'. [ 108.477079][ T7177] netlink: 'syz.2.290': attribute type 1 has an invalid length. [ 108.491326][ T7177] bond1: entered promiscuous mode [ 108.494112][ T7177] 8021q: adding VLAN 0 to HW filter on device bond1 [ 108.534932][ T7177] 8021q: adding VLAN 0 to HW filter on device bond1 [ 108.537860][ T7177] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 108.541131][ T7177] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 108.547082][ T7177] bond1: (slave vti0): making interface the new active one [ 108.550058][ T7177] vti0: entered promiscuous mode [ 108.554991][ T7177] bond1: (slave vti0): Enslaving as an active interface with an up link [ 109.049514][ T7199] netlink: 156 bytes leftover after parsing attributes in process `syz.0.298'. [ 109.191210][ T7206] netlink: 8 bytes leftover after parsing attributes in process `syz.3.301'. [ 109.195303][ T7206] netlink: 8 bytes leftover after parsing attributes in process `syz.3.301'. [ 109.313437][ T7211] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 109.930317][ T7220] netlink: 8 bytes leftover after parsing attributes in process `syz.0.307'. [ 109.977260][ T7226] netlink: 52 bytes leftover after parsing attributes in process `syz.0.308'. [ 110.052755][ T7235] netlink: 600 bytes leftover after parsing attributes in process `syz.0.311'. [ 110.061676][ T7221] could not allocate digest TFM handle sha384-ce [ 111.430128][ T7277] openvswitch: netlink: Flow actions attr not present in new flow. [ 111.610064][ T7286] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 111.614544][ T7286] block device autoloading is deprecated and will be removed. [ 112.054723][ T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 112.166153][ T7304] qnx4: unable to read the superblock [ 112.225330][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 112.231681][ T10] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.237803][ T10] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.243040][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 112.246083][ T10] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 112.249402][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.261740][ T10] usb 6-1: config 0 descriptor?? [ 112.265557][ T7308] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 112.655607][ T7323] ip6tnl0: entered promiscuous mode [ 112.658138][ T7323] netlink: 8 bytes leftover after parsing attributes in process `syz.2.333'. [ 113.225090][ T29] usb 38-1: device descriptor read/8, error -110 [ 113.395549][ T10] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 113.397806][ T10] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 113.400151][ T10] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 113.402416][ T10] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 113.404717][ T10] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 113.408387][ T10] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 113.480544][ T7340] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 113.615412][ T29] usb usb38-port1: attempt power cycle [ 113.836392][ T7342] netlink: 4 bytes leftover after parsing attributes in process `syz.1.340'. [ 113.849830][ T7350] siw: device registration error -23 [ 113.867622][ T10] usb 6-1: USB disconnect, device number 4 [ 113.909361][ T7349] ip6tnl0: entered promiscuous mode [ 113.911810][ T7349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.337'. [ 114.025134][ T7356] netlink: 12 bytes leftover after parsing attributes in process `syz.2.341'. [ 114.051430][ T7358] netlink: 20 bytes leftover after parsing attributes in process `syz.3.343'. [ 114.137287][ T7362] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 114.185758][ T29] usb usb38-port1: unable to enumerate USB device [ 114.249412][ T7372] netlink: 8 bytes leftover after parsing attributes in process `syz.2.345'. [ 115.095270][ T7385] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 115.316995][ T7396] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 115.394443][ T40] kauditd_printk_skb: 36 callbacks suppressed [ 115.394456][ T40] audit: type=1326 audit(1778604800.637:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.418175][ T40] audit: type=1326 audit(1778604800.647:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.434325][ T40] audit: type=1326 audit(1778604800.647:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.447652][ T40] audit: type=1326 audit(1778604800.657:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.459698][ T40] audit: type=1326 audit(1778604800.657:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.465997][ T7400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.355'. [ 115.484353][ T40] audit: type=1326 audit(1778604800.687:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.493563][ T40] audit: type=1326 audit(1778604800.687:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.514355][ T40] audit: type=1326 audit(1778604800.687:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=283 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.525717][ T40] audit: type=1326 audit(1778604800.697:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.542894][ T40] audit: type=1326 audit(1778604800.697:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.350" exe="/syz-executor" sig=0 arch=40000003 syscall=287 compat=1 ip=0xf7fc6fcc code=0x7ffc0000 [ 115.767973][ T7411] netlink: 40 bytes leftover after parsing attributes in process `syz.0.358'. [ 115.771871][ T7411] nbd: must specify at least one socket [ 115.916990][ T7417] vlan2: entered promiscuous mode [ 115.918950][ T7417] bridge0: entered promiscuous mode [ 116.258916][ T7432] netlink: 8 bytes leftover after parsing attributes in process `syz.0.360'. [ 116.287972][ T7432] siw: device registration error -23 [ 116.639098][ T7435] syzkaller0: entered promiscuous mode [ 116.641034][ T7435] syzkaller0: entered allmulticast mode [ 118.208793][ T7486] netlink: 88 bytes leftover after parsing attributes in process `syz.0.379'. [ 121.107516][ T7503] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'. [ 121.114430][ T7503] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'. [ 121.201336][ T7506] netlink: 4 bytes leftover after parsing attributes in process `syz.2.385'. [ 121.249941][ T7510] netlink: 4 bytes leftover after parsing attributes in process `syz.2.387'. [ 121.255994][ T7510] netlink: 4 bytes leftover after parsing attributes in process `syz.2.387'. [ 121.261808][ T7510] netlink: 104 bytes leftover after parsing attributes in process `syz.2.387'. [ 121.271114][ T7510] netlink: 104 bytes leftover after parsing attributes in process `syz.2.387'. [ 121.501314][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.3.388'. [ 121.514709][ T7517] siw: device registration error -23 [ 122.270446][ T7528] netlink: 8 bytes leftover after parsing attributes in process `syz.2.389'. [ 122.685166][ T7550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.397'. [ 123.053296][ T5842] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 124.204364][ T5842] usb 7-1: Using ep0 maxpacket: 32 [ 124.218521][ T5842] usb 7-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 124.221926][ T7563] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 124.222564][ T5842] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.229170][ T7565] team0: Unable to change to the same mode the team is in [ 124.232184][ T5842] usb 7-1: Product: syz [ 124.236381][ T5842] usb 7-1: Manufacturer: syz [ 124.237470][ T7563] tipc: Enabling of bearer rejected, already enabled [ 124.238501][ T5842] usb 7-1: SerialNumber: syz [ 124.252140][ T5842] usb 7-1: config 0 descriptor?? [ 124.259675][ T5842] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 124.262734][ T5842] dvb-usb: bulk message failed: -22 (4/0) [ 124.265473][ T5842] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 124.269021][ T5842] dvb-usb: bulk message failed: -22 (5/0) [ 124.270895][ T5842] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 124.279438][ T5842] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 124.282123][ T7567] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 124.283571][ T5842] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 124.291081][ T5842] usb 7-1: media controller created [ 124.431296][ T5842] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 124.638237][ T5842] usb 7-1: selecting invalid altsetting 3 [ 124.640871][ T5842] ttusb2: set interface to alts=3 failed [ 124.717800][ T5842] DVB: Unable to find symbol tda10086_attach() [ 124.720497][ T5842] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 124.725213][ T5842] dvb-usb: bulk message failed: -22 (4/0) [ 124.727049][ T5842] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 124.730895][ T5842] dvb-usb: bulk message failed: -22 (5/0) [ 124.732828][ T5842] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 124.736323][ T5842] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 124.746304][ T5842] usb 7-1: USB disconnect, device number 2 [ 124.788165][ T5842] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 126.775405][ T7604] __nla_validate_parse: 3 callbacks suppressed [ 126.775422][ T7604] netlink: 4 bytes leftover after parsing attributes in process `syz.2.413'. [ 127.243409][ T7613] netlink: 'syz.2.417': attribute type 1 has an invalid length. [ 127.281936][ T7613] bond2: entered promiscuous mode [ 127.287828][ T7613] 8021q: adding VLAN 0 to HW filter on device bond2 [ 128.123456][ T7642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.425'. [ 128.139691][ T7642] siw: device registration error -23 [ 128.648700][ T7649] openvswitch: netlink: Flow actions attr not present in new flow. [ 128.655862][ T7646] comedi comedi2: dt2814: I/O base address or length out of range [ 129.705960][ T7664] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 130.341003][ T7684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.436'. [ 130.385507][ T7684] siw: device registration error -23 [ 131.224995][ T7691] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 132.216670][ T7709] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 132.899436][ T5742] block nbd0: Receive control failed (result -32) [ 132.950978][ T7727] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 132.953463][ T7728] tipc: Resetting bearer [ 133.277237][ T7740] netlink: 20 bytes leftover after parsing attributes in process `syz.3.453'. [ 133.290425][ T7740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.453'. [ 133.377086][ T7750] netlink: 20 bytes leftover after parsing attributes in process `syz.2.452'. [ 133.449301][ T7746] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.456'. [ 133.525777][ T7761] netlink: 24 bytes leftover after parsing attributes in process `syz.1.461'. [ 133.644338][ T5842] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 133.960231][ T7781] syzkaller1: entered promiscuous mode [ 133.976537][ T7781] syzkaller1: entered allmulticast mode [ 134.275018][ T7779] ip6t_REJECT: ECHOREPLY is not supported [ 134.704335][ T5842] usb 7-1: Using ep0 maxpacket: 32 [ 134.710174][ T5842] usb 7-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 134.713499][ T5842] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.716443][ T5842] usb 7-1: Product: syz [ 134.718109][ T5842] usb 7-1: Manufacturer: syz [ 134.719853][ T5842] usb 7-1: SerialNumber: syz [ 134.722953][ T5842] usb 7-1: config 0 descriptor?? [ 134.727723][ T5842] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 134.730298][ T5842] dvb-usb: bulk message failed: -22 (4/0) [ 134.732134][ T5842] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 134.735760][ T5842] dvb-usb: bulk message failed: -22 (5/0) [ 134.738103][ T5842] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 134.744723][ T5842] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 134.749881][ T5842] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 134.753352][ T5842] usb 7-1: media controller created [ 135.037334][ T7759] syz.0.459 (7759) used greatest stack depth: 19288 bytes left [ 135.392591][ T5842] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 135.408676][ T7795] netlink: 36 bytes leftover after parsing attributes in process `syz.3.470'. [ 135.409162][ T5842] usb 7-1: selecting invalid altsetting 3 [ 135.414563][ T5842] ttusb2: set interface to alts=3 failed [ 135.446918][ T5842] DVB: Unable to find symbol tda10086_attach() [ 135.449554][ T5842] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 135.455740][ T5842] dvb-usb: bulk message failed: -22 (4/0) [ 135.458216][ T5842] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 135.463556][ T5842] dvb-usb: bulk message failed: -22 (5/0) [ 135.467214][ T5842] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 135.472372][ T5842] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 135.482145][ T5842] usb 7-1: USB disconnect, device number 3 [ 135.531132][ T5842] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 135.988477][ T7817] netlink: 8 bytes leftover after parsing attributes in process `syz.0.477'. [ 136.004440][ T7817] siw: device registration error -23 [ 136.009007][ T7827] syzkaller0: entered promiscuous mode [ 136.010951][ T7827] syzkaller0: entered allmulticast mode [ 137.091254][ T7832] syz.2.480 (7832) used greatest stack depth: 18968 bytes left [ 137.291164][ T7846] netlink: 12 bytes leftover after parsing attributes in process `syz.1.486'. [ 137.295134][ T7846] netlink: 8 bytes leftover after parsing attributes in process `syz.1.486'. [ 137.387250][ T7860] siw: device registration error -23 [ 137.424013][ T7862] netlink: 24 bytes leftover after parsing attributes in process `syz.1.491'. [ 137.428776][ T7862] batadv_slave_1: entered promiscuous mode [ 137.467149][ T1434] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.473226][ T1434] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.619406][ T7850] lo speed is unknown, defaulting to 1000 [ 137.926008][ T7874] siw: device registration error -23 [ 138.024881][ T1357] libceph: connect (1)[c::]:6789 error -101 [ 138.065575][ T1357] libceph: mon0 (1)[c::]:6789 connect error [ 138.194630][ T7854] ceph: No mds server is up or the cluster is laggy [ 138.824514][ T7895] tc_dump_action: action bad kind [ 139.775308][ T7909] __nla_validate_parse: 1 callbacks suppressed [ 139.775359][ T7909] netlink: 8 bytes leftover after parsing attributes in process `syz.0.504'. [ 139.793925][ T7909] siw: device registration error -23 [ 140.617214][ T7929] netlink: 20 bytes leftover after parsing attributes in process `syz.2.510'. [ 141.977737][ T5756] udevd[5756]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 142.034386][ T7931] netlink: 20 bytes leftover after parsing attributes in process `syz.2.510'. [ 142.039933][ T7931] workqueue: Failed to create a rescuer kthread for wq "nbd64-recv": -EINTR [ 142.040060][ T7931] block (null): Could not allocate knbd recv work queue. [ 142.088196][ T7931] nbd: failed to add new device [ 142.209863][ T7937] FAULT_INJECTION: forcing a failure. [ 142.209863][ T7937] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 142.214771][ T7937] CPU: 0 UID: 0 PID: 7937 Comm: syz.2.512 Tainted: G L syzkaller #0 PREEMPT(full) [ 142.214789][ T7937] Tainted: [L]=SOFTLOCKUP [ 142.214793][ T7937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 142.214799][ T7937] Call Trace: [ 142.214802][ T7937] [ 142.214806][ T7937] dump_stack_lvl+0x100/0x190 [ 142.214824][ T7937] should_fail_ex.cold+0x5/0xa [ 142.214839][ T7937] _copy_from_iter+0x1f4/0x1690 [ 142.214853][ T7937] ? aa_file_perm+0x7f3/0x14d0 [ 142.214868][ T7937] ? __pfx__copy_from_iter+0x10/0x10 [ 142.214885][ T7937] ? __pfx_aa_file_perm+0x10/0x10 [ 142.214905][ T7937] vhost_chr_write_iter+0xcb/0x1190 [ 142.214920][ T7937] ? find_held_lock+0x2b/0x80 [ 142.214934][ T7937] ? get_pid_task+0xfc/0x250 [ 142.214951][ T7937] ? __pfx_vhost_chr_write_iter+0x10/0x10 [ 142.214967][ T7937] ? bpf_lsm_file_permission+0x9/0x10 [ 142.214978][ T7937] ? security_file_permission+0x76/0x210 [ 142.214991][ T7937] ? rw_verify_area+0xce/0x6d0 [ 142.215003][ T7937] vfs_write+0x6ac/0x1070 [ 142.215016][ T7937] ? __pfx_vhost_vsock_chr_write_iter+0x10/0x10 [ 142.215031][ T7937] ? __pfx_vfs_write+0x10/0x10 [ 142.215042][ T7937] ? find_held_lock+0x2b/0x80 [ 142.215064][ T7937] ksys_write+0x12a/0x250 [ 142.215081][ T7937] ? __pfx_ksys_write+0x10/0x10 [ 142.215093][ T7937] ? ksys_write+0x1ac/0x250 [ 142.215105][ T7937] ? rcu_is_watching+0x12/0xc0 [ 142.215121][ T7937] __do_fast_syscall_32+0xe7/0x950 [ 142.215138][ T7937] ? lockdep_hardirqs_on+0x78/0x100 [ 142.215155][ T7937] do_fast_syscall_32+0x32/0x70 [ 142.215172][ T7937] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 142.215186][ T7937] RIP: 0023:0xf702efcc [ 142.215195][ T7937] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 142.215205][ T7937] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 142.215219][ T7937] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380 [ 142.215225][ T7937] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 142.215231][ T7937] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 142.215237][ T7937] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 142.215243][ T7937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 142.215256][ T7937] [ 142.345776][ T7926] fuseblk: Unknown parameter 'gro9up_id' [ 142.457258][ T7952] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 142.550541][ T7962] netlink: 20 bytes leftover after parsing attributes in process `syz.1.516'. [ 142.566972][ T7964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.514'. [ 142.780999][ T7946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.513'. [ 142.814476][ T1357] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 142.984448][ T1357] usb 6-1: Using ep0 maxpacket: 32 [ 142.992481][ T1357] usb 6-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 142.996841][ T1357] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.000303][ T1357] usb 6-1: Product: syz [ 143.002204][ T1357] usb 6-1: Manufacturer: syz [ 143.004736][ T1357] usb 6-1: SerialNumber: syz [ 143.008980][ T1357] usb 6-1: config 0 descriptor?? [ 143.015034][ T1357] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 143.018530][ T1357] dvb-usb: bulk message failed: -22 (4/0) [ 143.021225][ T1357] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 143.026386][ T1357] dvb-usb: bulk message failed: -22 (5/0) [ 143.028880][ T1357] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 143.037374][ T1357] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 143.041627][ T1357] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 143.045334][ T1357] usb 6-1: media controller created [ 143.056383][ T1357] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 143.069232][ T1357] usb 6-1: selecting invalid altsetting 3 [ 143.072098][ T1357] ttusb2: set interface to alts=3 failed [ 143.101968][ T1357] DVB: Unable to find symbol tda10086_attach() [ 143.104738][ T1357] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 143.109004][ T1357] dvb-usb: bulk message failed: -22 (4/0) [ 143.111609][ T1357] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 143.115959][ T1357] dvb-usb: bulk message failed: -22 (5/0) [ 143.118595][ T1357] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 143.123401][ T1357] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 143.178968][ T7984] netlink: 52 bytes leftover after parsing attributes in process `syz.2.520'. [ 143.215294][ T1357] usb 6-1: USB disconnect, device number 5 [ 143.274436][ T1357] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 143.422769][ T7990] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 143.453784][ T7994] netlink: 600 bytes leftover after parsing attributes in process `syz.2.524'. [ 145.294901][ T8014] netlink: 'syz.2.529': attribute type 2 has an invalid length. [ 145.372120][ T8016] loop6: detected capacity change from 0 to 8 [ 145.433231][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.2.533'. [ 145.447186][ T8016] loop6: detected capacity change from 8 to 0 [ 145.493287][ T8023] openvswitch: netlink: Flow actions attr not present in new flow. [ 145.731900][ T8033] can0: slcan on ttyS3. [ 145.835600][ T8032] can0 (unregistered): slcan off ttyS3. [ 145.957092][ T8045] syzkaller0: entered promiscuous mode [ 145.960672][ T8045] syzkaller0: entered allmulticast mode [ 146.124803][ T8058] netlink: 'syz.2.547': attribute type 1 has an invalid length. [ 146.182396][ T8059] Bluetooth: MGMT ver 1.23 [ 146.532318][ T8061] netlink: 'syz.3.548': attribute type 10 has an invalid length. [ 146.538998][ T8061] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 146.890372][ T8068] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 147.050580][ T8070] openvswitch: netlink: Flow actions attr not present in new flow. [ 148.739967][ T5737] Bluetooth: hci2: hardware error 0x00 [ 148.749161][ T8094] netlink: 44 bytes leftover after parsing attributes in process `syz.0.557'. [ 148.836101][ T8093] batadv_slave_1: entered promiscuous mode [ 148.866918][ T8092] batadv_slave_1: left promiscuous mode [ 148.993217][ T8101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.558'. [ 149.004086][ T8101] siw: device registration error -23 [ 149.785422][ T8118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 150.659633][ T8129] syzkaller0: entered promiscuous mode [ 150.662630][ T8129] syzkaller0: entered allmulticast mode [ 150.757408][ T5742] block nbd1: Receive control failed (result -32) [ 150.824335][ T5737] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 150.828758][ T8135] netlink: 84 bytes leftover after parsing attributes in process `syz.2.568'. [ 151.135293][ T8142] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 151.137404][ T8142] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 151.144071][ T8142] vhci_hcd vhci_hcd.0: Device attached [ 151.414386][ T4821] usb 38-1: SetAddress Request (6) to port 0 [ 151.417407][ T4821] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd [ 151.670991][ T8143] vhci_hcd: connection reset by peer [ 151.673696][ T46] vhci_hcd vhci_hcd.0: stop threads [ 151.675792][ T46] vhci_hcd vhci_hcd.0: release socket [ 151.678204][ T46] vhci_hcd vhci_hcd.0: disconnect device [ 152.551418][ T8160] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 152.906837][ T5737] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 155.303686][ T8170] netlink: 8 bytes leftover after parsing attributes in process `syz.3.580'. [ 155.309415][ T8170] siw: device registration error -23 [ 155.888774][ T8193] tipc: Resetting bearer [ 155.983445][ T8195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.988130][ T8195] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.991876][ T8195] tipc: Resetting bearer [ 156.000074][ T8195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.102078][ T8195] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 156.106538][ T8195] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 156.120700][ T8195] veth1_vlan: left promiscuous mode [ 156.126353][ T8195] veth1_vlan: entered promiscuous mode [ 156.132783][ T8195] veth1_macvtap: left promiscuous mode [ 156.135573][ T8195] veth0_macvtap: left promiscuous mode [ 156.138558][ T8195] veth0_macvtap: entered promiscuous mode [ 156.141670][ T8195] veth1_macvtap: entered promiscuous mode [ 156.149495][ T8195] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 156.153274][ T8195] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 156.157432][ T8195] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 156.160975][ T8195] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 156.504404][ T4821] usb 38-1: device descriptor read/8, error -110 [ 156.786407][ T8213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.587'. [ 156.896781][ T4821] usb usb38-port1: attempt power cycle [ 157.093269][ T8201] netlink: 8 bytes leftover after parsing attributes in process `syz.2.581'. [ 157.098132][ T181] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.103993][ T181] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.107896][ T181] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.116268][ T181] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.290144][ T8239] netlink: 8 bytes leftover after parsing attributes in process `syz.2.590'. [ 157.478835][ T4821] usb usb38-port1: unable to enumerate USB device [ 157.552196][ T8249] netlink: 156 bytes leftover after parsing attributes in process `syz.1.594'. [ 157.603661][ T8252] netlink: 'syz.1.595': attribute type 1 has an invalid length. [ 157.617628][ T8252] bond1: entered promiscuous mode [ 157.619730][ T8252] 8021q: adding VLAN 0 to HW filter on device bond1 [ 157.687850][ T8252] 8021q: adding VLAN 0 to HW filter on device bond1 [ 157.692329][ T8252] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 157.696741][ T8252] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 157.703474][ T8252] bond1: (slave vti0): making interface the new active one [ 157.706760][ T8252] vti0: entered promiscuous mode [ 157.710092][ T8252] bond1: (slave vti0): Enslaving as an active interface with an up link [ 157.802259][ T8263] netlink: 72 bytes leftover after parsing attributes in process `syz.3.598'. [ 158.097120][ T8289] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 158.099375][ T8289] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 158.103045][ T8289] vhci_hcd vhci_hcd.0: Device attached [ 158.329347][ T8284] atomic_op ffff888070056998 conn xmit_atomic 0000000000000000 [ 158.334414][ T4821] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 158.374311][ T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 158.545858][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 158.642018][ T8316] netlink: 8 bytes leftover after parsing attributes in process `syz.3.605'. [ 158.681997][ T8316] siw: device registration error -23 [ 158.907203][ T8321] netlink: 148 bytes leftover after parsing attributes in process `syz.1.606'. [ 158.961365][ T8289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.989962][ T8289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.001538][ T8326] FAT-fs (nullb0): bogus number of reserved sectors [ 159.004056][ T8326] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 159.018047][ T8327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.023351][ T8328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.026584][ T8327] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.029415][ T8328] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.050985][ T8290] vhci_hcd: connection closed [ 159.055120][ T1156] vhci_hcd vhci_hcd.2: stop threads [ 159.064280][ T1156] vhci_hcd vhci_hcd.2: release socket [ 159.068206][ T1156] vhci_hcd vhci_hcd.2: disconnect device [ 159.075886][ T4821] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 159.244742][ T24] usb 7-1: unable to get BOS descriptor or descriptor too short [ 159.505199][ T24] usb 7-1: no configurations [ 159.506759][ T24] usb 7-1: can't read configurations, error -22 [ 159.864979][ T8349] netlink: 100 bytes leftover after parsing attributes in process `syz.0.613'. [ 160.644356][ T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 160.767777][ T8381] openvswitch: netlink: Flow actions attr not present in new flow. [ 160.804331][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 160.810913][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.815106][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.818206][ T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 160.822483][ T24] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 160.826930][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.832149][ T24] usb 7-1: config 0 descriptor?? [ 161.298732][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 161.302469][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 161.305914][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 161.308610][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 161.311186][ T24] shield 0003:0955:7214.0004: unknown main item tag 0x0 [ 161.326450][ T24] input: HID 0955:7214 Haptics as /devices/virtual/input/input9 [ 161.387830][ T24] shield 0003:0955:7214.0004: Registered Thunderstrike controller [ 161.390644][ T24] shield 0003:0955:7214.0004: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 161.425879][ T8408] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 162.392933][ T5843] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 162.399779][ T5843] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 162.404456][ T24] usb 7-1: USB disconnect, device number 6 [ 162.407423][ T5843] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 162.418795][ T5843] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 163.126887][ T8400] netlink: 4 bytes leftover after parsing attributes in process `syz.1.629'. [ 163.182384][ T8423] syzkaller0: entered promiscuous mode [ 163.184879][ T8423] syzkaller0: entered allmulticast mode [ 163.192563][ T8423] 0: reclassify loop, rule prio 0, protocol 800 [ 163.641949][ T8434] netlink: 84 bytes leftover after parsing attributes in process `syz.1.641'. [ 163.656917][ T8436] netlink: 84 bytes leftover after parsing attributes in process `syz.1.641'. [ 163.738340][ T24] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 163.753919][ T40] kauditd_printk_skb: 25 callbacks suppressed [ 163.753931][ T40] audit: type=1326 audit(1778604850.001:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 163.772006][ T40] audit: type=1326 audit(1778604850.011:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 163.776185][ T24] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz1] on syz0 [ 163.786433][ T40] audit: type=1326 audit(1778604850.011:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 163.798232][ T40] audit: type=1326 audit(1778604850.011:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x80000) [ 163.815291][ T40] audit: type=1326 audit(1778604850.011:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 163.831429][ T40] audit: type=1326 audit(1778604850.031:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 163.837031][ T8446] mmap: syz.2.644 (8446) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 163.846187][ T40] audit: type=1326 audit(1778604850.051:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 163.855630][ T40] audit: type=1326 audit(1778604850.061:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 163.862746][ T1126] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 163.865067][ T1126] ata1: failed to read log page 10h (errno=-5) [ 163.867019][ T1126] ata1.00: exception Emask 0x1 SAct 0xc000 SErr 0x0 action 0x0 [ 163.874087][ T40] audit: type=1326 audit(1778604850.061:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 163.881198][ T1126] ata1.00: irq_stat 0x41000000 [ 163.882888][ T1126] ata1.00: failed command: READ FPDMA QUEUED [ 163.884339][ T40] audit: type=1326 audit(1778604850.061:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.637" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 163.885297][ T1126] ata1.00: cmd 60/00:70:9e:9d:03/04:00:00:00:00/40 tag 14 ncq dma 524288 in [ 163.885297][ T1126] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 163.900073][ T1126] ata1.00: status: { DRDY } [ 163.903364][ T1126] ata1.00: error: { ABRT } [ 163.905030][ T1126] ata1.00: failed command: READ FPDMA QUEUED [ 163.907483][ T1126] ata1.00: cmd 60/38:78:ae:a1:03/03:00:00:00:00/40 tag 15 ncq dma 421888 in [ 163.907483][ T1126] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 163.919543][ T1126] ata1.00: status: { DRDY } [ 163.921227][ T1126] ata1.00: error: { ABRT } [ 163.925642][ T1126] ata1.00: configured for UDMA/100 [ 163.927686][ T1126] sd 0:0:0:0: [sda] tag#14 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 163.936371][ T8449] tipc: Enabled bearer , priority 0 [ 163.938681][ T1126] sd 0:0:0:0: [sda] tag#14 Sense Key : Aborted Command [current] [ 163.944864][ T8449] syzkaller0: entered promiscuous mode [ 163.947136][ T1126] sd 0:0:0:0: [sda] tag#14 Add. Sense: No additional sense information [ 163.952479][ T1126] sd 0:0:0:0: [sda] tag#14 CDB: Read(10) 28 00 00 03 9d 9e 00 04 00 00 [ 163.955472][ T8449] syzkaller0: entered allmulticast mode [ 163.957625][ T1126] I/O error, dev sda, sector 236958 op 0x0:(READ) flags 0x80700 phys_seg 33 prio class 2 [ 163.963793][ T1126] sd 0:0:0:0: [sda] tag#15 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 163.971375][ T1126] sd 0:0:0:0: [sda] tag#15 Sense Key : Aborted Command [current] [ 163.974968][ T1126] sd 0:0:0:0: [sda] tag#15 Add. Sense: No additional sense information [ 163.980327][ T1126] sd 0:0:0:0: [sda] tag#15 CDB: Read(10) 28 00 00 03 a1 ae 00 03 38 00 [ 163.984362][ T1126] I/O error, dev sda, sector 237998 op 0x0:(READ) flags 0x80700 phys_seg 27 prio class 2 [ 164.056628][ T1126] ata1: EH complete [ 164.154321][ T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 164.223941][ T8446] tipc: Resetting bearer [ 164.231508][ T8445] tipc: Resetting bearer [ 164.245043][ T8445] tipc: Disabling bearer [ 164.304402][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 164.312563][ T24] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 164.321043][ T24] usb 6-1: config 0 has no interface number 0 [ 164.323685][ T24] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 164.336577][ T24] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 164.367971][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.382227][ T8455] x_tables: duplicate underflow at hook 1 [ 164.389737][ T24] usb 6-1: config 0 descriptor?? [ 164.394007][ T24] iowarrior 6-1:0.1: no interrupt-in endpoint found [ 164.595568][ T8441] netlink: 'syz.1.643': attribute type 1 has an invalid length. [ 164.614990][ T24] usb 6-1: USB disconnect, device number 6 [ 164.980056][ T8459] netlink: 4 bytes leftover after parsing attributes in process `syz.2.646'. [ 165.803309][ T8494] netlink: 20 bytes leftover after parsing attributes in process `syz.1.650'. [ 166.013803][ T8498] syzkaller0: entered promiscuous mode [ 166.016116][ T8498] syzkaller0: entered allmulticast mode [ 166.293719][ T8507] netlink: 20 bytes leftover after parsing attributes in process `syz.3.654'. [ 166.449011][ T8503] Invalid argument reading file caps for ./file0 [ 166.907059][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.655'. [ 167.129812][ T8540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.656'. [ 167.140691][ T8540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.656'. [ 167.158715][ T8539] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.419262][ T8545] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 169.946750][ T8572] overlayfs: failed to resolve './file1': -2 [ 170.247892][ T8584] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 170.258363][ T8584] team0: No ports can be present during mode change [ 170.261283][ T8584] vlan0: entered promiscuous mode [ 170.289411][ T8580] loop4: detected capacity change from 0 to 7 [ 170.291858][ T8586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.666'. [ 170.500399][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 170.508133][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 170.516605][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 170.523488][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 170.530516][ T5756] Buffer I/O error on dev loop4, logical block 0, async page read [ 170.557494][ T8590] hugetlbfs: syz.2.670 (8590): Using mlock ulimits for SHM_HUGETLB is obsolete [ 171.117994][ T8600] netlink: 8 bytes leftover after parsing attributes in process `syz.3.672'. [ 171.132103][ T8600] siw: device registration error -23 [ 172.070752][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 172.070763][ T40] audit: type=1326 audit(1778604857.731:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.091042][ T40] audit: type=1326 audit(1778604857.741:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.098282][ T40] audit: type=1326 audit(1778604857.741:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.129540][ T40] audit: type=1326 audit(1778604858.381:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.184757][ T40] audit: type=1326 audit(1778604858.441:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.194003][ T40] audit: type=1326 audit(1778604858.441:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.205100][ T40] audit: type=1326 audit(1778604858.451:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.264585][ T40] audit: type=1326 audit(1778604858.481:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=283 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.280346][ T40] audit: type=1326 audit(1778604858.481:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.289935][ T40] audit: type=1326 audit(1778604858.481:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.1.671" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 172.530121][ T8613] lo speed is unknown, defaulting to 1000 [ 173.501503][ T8611] kAFS: unable to lookup cell '(,c¾ûL' [ 173.924352][ T29] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 174.085681][ T29] usb 7-1: config index 0 descriptor too short (expected 45, got 36) [ 174.088569][ T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.092098][ T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.095693][ T29] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 174.100598][ T29] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 174.103558][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.107754][ T29] usb 7-1: config 0 descriptor?? [ 174.453172][ T8636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.679'. [ 174.475428][ T8636] siw: device registration error -23 [ 174.909059][ T8651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.682'. [ 174.919591][ T8651] siw: device registration error -23 [ 175.092499][ T29] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd [ 175.126979][ T29] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 175.254456][ T8659] netlink: 'syz.1.683': attribute type 153 has an invalid length. [ 175.257312][ T8659] netlink: 156 bytes leftover after parsing attributes in process `syz.1.683'. [ 175.277027][ T5843] usb 7-1: USB disconnect, device number 7 [ 177.703716][ T8674] fido_id[8674]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb7/7-1/report_descriptor': No such file or directory [ 177.914842][ T8677] trusted_key: encrypted_key: keyword 'load±|óÊ“.V§í' not recognized [ 177.923531][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.0.688'. [ 177.994755][ T40] kauditd_printk_skb: 21 callbacks suppressed [ 177.994771][ T40] audit: type=1804 audit(1778604864.241:127): pid=8683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.687" name="/newroot/175/file0" dev="tmpfs" ino=962 res=1 errno=0 [ 178.005554][ T8682] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 178.008145][ T8682] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 178.011747][ T8682] vhci_hcd vhci_hcd.0: Device attached [ 178.024374][ T8684] vhci_hcd: connection closed [ 178.024611][ T59] vhci_hcd vhci_hcd.3: stop threads [ 178.030421][ T59] vhci_hcd vhci_hcd.3: release socket [ 178.032180][ T59] vhci_hcd vhci_hcd.3: disconnect device [ 178.132875][ T8679] uprobe: syz.1.687:8679 failed to unregister, leaking uprobe [ 178.236429][ T8695] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 178.341348][ T8701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.690'. [ 178.367378][ T8701] siw: device registration error -23 [ 180.505320][ T5737] Bluetooth: hci1: command 0x0406 tx timeout [ 180.751061][ T8717] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 181.553456][ T8737] netlink: 72 bytes leftover after parsing attributes in process `syz.0.703'. [ 182.609371][ T8754] nfs: Deprecated parameter 'nointr' [ 182.611347][ T8754] nfs: Unknown parameter 'fscontext' [ 183.620465][ T8770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.713'. [ 183.750077][ T8792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.714'. [ 184.123604][ T8800] netlink: 228 bytes leftover after parsing attributes in process `syz.0.717'. [ 184.127318][ T8800] netlink: 228 bytes leftover after parsing attributes in process `syz.0.717'. [ 185.100624][ T8811] netlink: 4 bytes leftover after parsing attributes in process `syz.0.719'. [ 185.596937][ T8852] siw: device registration error -23 [ 186.397761][ T8862] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 186.564875][ T40] audit: type=1326 audit(1778604873.815:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8851 comm="syz.2.725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 186.577694][ T40] audit: type=1326 audit(1778604873.835:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8851 comm="syz.2.725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 186.588512][ T40] audit: type=1326 audit(1778604873.835:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8851 comm="syz.2.725" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 186.598833][ T40] audit: type=1326 audit(1778604873.855:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8851 comm="syz.2.725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 186.658577][ T8863] pim6reg: entered allmulticast mode [ 186.675448][ T40] audit: type=1326 audit(1778604873.915:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8851 comm="syz.2.725" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702efcc code=0x7ffc0000 [ 186.686916][ T8869] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1ùà^!‚lü1Ü*ø$pOcÚÉ”ÎÜr$åG—•µ [ 186.802413][ T8870] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”ÎÜr$åG—•µ' [ 186.822226][ T8870] CPU: 1 UID: 0 PID: 8870 Comm: syz.3.729 Tainted: G L syzkaller #0 PREEMPT(full) [ 186.822266][ T8870] Tainted: [L]=SOFTLOCKUP [ 186.822271][ T8870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 186.822278][ T8870] Call Trace: [ 186.822282][ T8870] [ 186.822288][ T8870] dump_stack_lvl+0x100/0x190 [ 186.822308][ T8870] sysfs_warn_dup.cold+0x1c/0x28 [ 186.822328][ T8870] sysfs_do_create_link_sd+0x113/0x140 [ 186.822344][ T8870] sysfs_create_link+0x61/0xc0 [ 186.822358][ T8870] device_add+0x675/0x1950 [ 186.822376][ T8870] ? __pfx_device_add+0x10/0x10 [ 186.822391][ T8870] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 186.822425][ T8870] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 186.822442][ T8870] wiphy_register+0x1edd/0x2d90 [ 186.822458][ T8870] ? __rtnl_unlock+0xb9/0xf0 [ 186.822479][ T8870] ? __pfx_wiphy_register+0x10/0x10 [ 186.822496][ T8870] ? __asan_memset+0x23/0x50 [ 186.822516][ T8870] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 186.822536][ T8870] ieee80211_register_hw+0x3055/0x4570 [ 186.822563][ T8870] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 186.822582][ T8870] ? __pfx___debug_object_init+0x10/0x10 [ 186.822603][ T8870] ? find_held_lock+0x2b/0x80 [ 186.822619][ T8870] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 186.822636][ T8870] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 186.822653][ T8870] ? __hrtimer_setup+0x208/0x330 [ 186.822667][ T8870] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 186.822691][ T8870] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 186.822707][ T8870] ? __asan_memcpy+0x3c/0x60 [ 186.822726][ T8870] hwsim_new_radio_nl+0xc5f/0x1370 [ 186.822739][ T8870] ? rcu_is_watching+0x12/0xc0 [ 186.822753][ T8870] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 186.822771][ T8870] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 186.822791][ T8870] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 186.822813][ T8870] genl_family_rcv_msg_doit+0x214/0x300 [ 186.822833][ T8870] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 186.822852][ T8870] ? genl_get_cmd+0x3e7/0x760 [ 186.822910][ T8870] ? bpf_lsm_capable+0x9/0x10 [ 186.822924][ T8870] ? security_capable+0x80/0x260 [ 186.822944][ T8870] ? ns_capable+0xd2/0xf0 [ 186.822961][ T8870] genl_rcv_msg+0x560/0x800 [ 186.822982][ T8870] ? __pfx_genl_rcv_msg+0x10/0x10 [ 186.823007][ T8870] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 186.823035][ T8870] netlink_rcv_skb+0x159/0x420 [ 186.823064][ T8870] ? __pfx_genl_rcv_msg+0x10/0x10 [ 186.823094][ T8870] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 186.823133][ T8870] ? netlink_deliver_tap+0x1ae/0xcc0 [ 186.823164][ T8870] genl_rcv+0x28/0x40 [ 186.823190][ T8870] netlink_unicast+0x585/0x850 [ 186.823223][ T8870] ? __pfx_netlink_unicast+0x10/0x10 [ 186.823258][ T8870] netlink_sendmsg+0x8b0/0xda0 [ 186.823293][ T8870] ? __pfx_netlink_sendmsg+0x10/0x10 [ 186.823324][ T8870] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 186.823358][ T8870] ____sys_sendmsg+0x9e1/0xb70 [ 186.823381][ T8870] ? __pfx_netlink_sendmsg+0x10/0x10 [ 186.823411][ T8870] ? __pfx_____sys_sendmsg+0x10/0x10 [ 186.823442][ T8870] ? try_to_wake_up+0x5f6/0x1900 [ 186.823473][ T8870] ___sys_sendmsg+0x190/0x1e0 [ 186.823501][ T8870] ? __pfx____sys_sendmsg+0x10/0x10 [ 186.823525][ T8870] ? futex_private_hash_put+0x107/0x1c0 [ 186.823558][ T8870] ? find_held_lock+0x2b/0x80 [ 186.823599][ T8870] __sys_sendmsg+0x170/0x220 [ 186.823623][ T8870] ? __pfx___sys_sendmsg+0x10/0x10 [ 186.823659][ T8870] ? rcu_is_watching+0x12/0xc0 [ 186.823685][ T8870] __do_fast_syscall_32+0xe7/0x950 [ 186.823711][ T8870] do_fast_syscall_32+0x32/0x70 [ 186.823730][ T8870] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 186.823746][ T8870] RIP: 0023:0xf7fc6fcc [ 186.823758][ T8870] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 186.823769][ T8870] RSP: 002b:00000000f544450c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 186.823781][ T8870] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000100 [ 186.823788][ T8870] RDX: 0000000004000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 186.823796][ T8870] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 186.823802][ T8870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 186.823809][ T8870] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 186.823825][ T8870] [ 187.016821][ T8851] pim6reg: left allmulticast mode [ 187.612519][ T8881] netlink: 'syz.3.733': attribute type 11 has an invalid length. [ 189.667444][ T8946] loop4: detected capacity change from 0 to 7 [ 189.804929][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 189.843268][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 189.882370][ T8957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.746'. [ 189.888673][ T8924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.743'. [ 189.931079][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 189.953198][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 189.978375][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 190.369843][ T8963] netlink: 20 bytes leftover after parsing attributes in process `syz.1.749'. [ 190.829335][ T8970] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 190.848179][ T8970] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 191.196206][ T8976] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 191.199345][ T8976] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 191.211030][ T8976] vhci_hcd vhci_hcd.0: Device attached [ 191.378769][ T8985] netlink: 28 bytes leftover after parsing attributes in process `syz.0.753'. [ 191.381744][ T8985] netlink: 28 bytes leftover after parsing attributes in process `syz.0.753'. [ 191.382853][ T8983] ./bus: Can't lookup blockdev [ 191.494707][ T4821] usb 44-1: SetAddress Request (6) to port 0 [ 191.501060][ T4821] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd [ 191.619164][ T8977] vhci_hcd: connection reset by peer [ 191.623702][ T59] vhci_hcd vhci_hcd.3: stop threads [ 191.628438][ T59] vhci_hcd vhci_hcd.3: release socket [ 191.633922][ T59] vhci_hcd vhci_hcd.3: disconnect device [ 192.092269][ T9007] bridge_slave_0: left allmulticast mode [ 192.095126][ T9007] bridge_slave_0: left promiscuous mode [ 192.097482][ T9007] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.262565][ T9009] loop4: detected capacity change from 0 to 7 [ 192.899885][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 192.903549][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 192.907967][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 192.911697][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 192.916004][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 192.921950][ T9007] bridge_slave_1: left allmulticast mode [ 192.924181][ T9007] bridge_slave_1: left promiscuous mode [ 192.926950][ T9007] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.947835][ T9007] bond0: (slave bond_slave_0): Releasing backup interface [ 192.959723][ T9007] bond0: (slave bond_slave_1): Releasing backup interface [ 192.966789][ T9007] team0: Port device team_slave_0 removed [ 192.970899][ T9007] team0: Port device team_slave_1 removed [ 192.974395][ T9007] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.978016][ T9007] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 192.984008][ T9010] vlan0: entered promiscuous mode [ 193.035222][ T9017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.765'. [ 193.035962][ T9016] netlink: 44 bytes leftover after parsing attributes in process `syz.1.766'. [ 193.181472][ T9026] netlink: 'syz.2.769': attribute type 10 has an invalid length. [ 193.185928][ T9026] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 193.190548][ T9026] team0: Port device netdevsim1 added [ 194.132908][ T9039] netlink: 104 bytes leftover after parsing attributes in process `syz.0.771'. [ 194.137680][ T9038] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 194.373229][ T9043] A link change request failed with some changes committed already. Interface sit1 may have been left with an inconsistent configuration, please check. [ 194.471015][ T9050] netlink: 6 bytes leftover after parsing attributes in process `syz.0.777'. [ 194.518526][ T9052] netlink: 20 bytes leftover after parsing attributes in process `syz.0.778'. [ 195.604312][ T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 195.774301][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 195.783683][ T10] usb 5-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 195.786863][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.789562][ T10] usb 5-1: Product: syz [ 195.791055][ T10] usb 5-1: Manufacturer: syz [ 195.792715][ T10] usb 5-1: SerialNumber: syz [ 195.796400][ T10] usb 5-1: config 0 descriptor?? [ 195.800713][ T10] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 195.803287][ T10] dvb-usb: bulk message failed: -22 (4/0) [ 195.805330][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 195.808944][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 195.811218][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 195.816559][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 196.145092][ T10] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 196.150040][ T10] usb 5-1: media controller created [ 196.160470][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 196.169394][ T10] usb 5-1: selecting invalid altsetting 3 [ 196.171312][ T10] ttusb2: set interface to alts=3 failed [ 196.305465][ T10] DVB: Unable to find symbol tda10086_attach() [ 196.314621][ T10] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 196.326418][ T9063] netlink: 124 bytes leftover after parsing attributes in process `syz.1.780'. [ 196.333353][ T10] dvb-usb: bulk message failed: -22 (4/0) [ 196.336535][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 196.341553][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 196.344043][ T9063] netlink: 124 bytes leftover after parsing attributes in process `syz.1.780'. [ 196.348581][ T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 196.353075][ T10] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 196.362773][ T10] usb 5-1: USB disconnect, device number 7 [ 196.421512][ T10] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 196.430747][ T9065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.782'. [ 196.584319][ T9074] netlink: 124 bytes leftover after parsing attributes in process `syz.1.786'. [ 196.585255][ T4821] usb 44-1: device descriptor read/8, error -110 [ 197.638165][ T4821] usb usb44-port1: attempt power cycle [ 198.034314][ T9094] siw: device registration error -23 [ 198.646357][ T4821] usb usb44-port1: unable to enumerate USB device [ 198.908397][ T1434] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.910965][ T1434] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.987198][ T9121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.794'. [ 199.010470][ T9121] siw: device registration error -23 [ 199.182266][ T9104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.789'. [ 199.656667][ T9144] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 199.689168][ T9146] netlink: 600 bytes leftover after parsing attributes in process `syz.2.798'. [ 199.790563][ T9151] sg_read: process 566 (syz.3.801) changed security contexts after opening file descriptor, this is not allowed. [ 200.545703][ T9169] loop4: detected capacity change from 0 to 7 [ 200.623761][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 200.628645][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 200.632087][ C3] Buffer I/O error on dev loop4, logical block 0, async page read [ 200.650711][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 200.653961][ C3] Buffer I/O error on dev loop4, logical block 0, async page read [ 200.661143][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 200.664816][ C3] Buffer I/O error on dev loop4, logical block 0, async page read [ 200.669120][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 200.672641][ C3] Buffer I/O error on dev loop4, logical block 0, async page read [ 200.680668][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 200.683846][ C3] Buffer I/O error on dev loop4, logical block 0, async page read [ 201.145263][ T9180] kernel profiling enabled (shift: 9) [ 201.448739][ T40] audit: type=1804 audit(1778604888.695:133): pid=9187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.810" name="/newroot/207/file0" dev="tmpfs" ino=1152 res=1 errno=0 [ 201.504678][ T40] audit: type=1804 audit(1778604888.705:134): pid=9187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.810" name="/newroot/207/file0" dev="tmpfs" ino=1152 res=1 errno=0 [ 202.587243][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.812'. [ 203.067301][ T9237] overlayfs: failed lookup in lower (newroot/208, name='file0', err=-40): overlapping layers [ 203.199762][ T9247] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 203.273725][ T9250] lo speed is unknown, defaulting to 1000 [ 203.367665][ T9250] netlink: 132 bytes leftover after parsing attributes in process `syz.3.823'. [ 203.527542][ T9245] loop4: detected capacity change from 0 to 7 [ 203.698670][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 203.727076][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 203.768584][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 203.793381][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 203.832433][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 204.109029][ T9263] syz_tun: entered allmulticast mode [ 204.118565][ T9263] dvmrp8: entered allmulticast mode [ 204.698728][ T9275] team0: Device vlan0 failed to change mtu [ 204.772301][ T9279] netlink: 24 bytes leftover after parsing attributes in process `syz.2.831'. [ 204.841829][ T9281] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 204.887957][ T9285] netlink: 20 bytes leftover after parsing attributes in process `syz.2.833'. [ 204.929346][ T9289] netlink: 'syz.1.834': attribute type 10 has an invalid length. [ 204.976088][ T9289] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 205.056320][ T9292] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 205.070833][ T9292] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 205.095971][ T9293] loop4: detected capacity change from 0 to 7 [ 205.244409][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 205.249793][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 205.739386][ T9303] netlink: 292 bytes leftover after parsing attributes in process `syz.1.837'. [ 205.743053][ T9303] netlink: 288 bytes leftover after parsing attributes in process `syz.1.837'. [ 205.874339][ T29] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 205.915885][ T9305] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 205.917702][ T9307] loop7: detected capacity change from 0 to 7 [ 205.982666][ T9307] Dev loop7: unable to read RDB block 7 [ 205.989864][ T9307] loop7: unable to read partition table [ 205.994079][ T9307] loop7: partition table beyond EOD, truncated [ 205.997388][ T9307] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 206.294546][ T9322] netlink: 16 bytes leftover after parsing attributes in process `syz.1.845'. [ 206.302647][ T9322] netlink: 16 bytes leftover after parsing attributes in process `syz.1.845'. [ 206.336892][ T9319] syz.1.845 (9319): drop_caches: 2 [ 206.799882][ T29] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 206.939018][ T29] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 206.944422][ T29] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 206.945296][ T9259] syz_tun: left allmulticast mode [ 206.966746][ T29] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 206.972418][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 206.975171][ T29] usb 5-1: Product: syz [ 206.976725][ T29] usb 5-1: Manufacturer: syz [ 206.978250][ T29] usb 5-1: SerialNumber: syz [ 207.161381][ T9331] netlink: 'syz.1.848': attribute type 160 has an invalid length. [ 207.173515][ T9331] netlink: 8 bytes leftover after parsing attributes in process `syz.1.848'. [ 207.206604][ T9335] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 207.251313][ T29] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 207.261611][ T9337] netlink: 4 bytes leftover after parsing attributes in process `syz.1.852'. [ 207.522204][ T29] usb 5-1: USB disconnect, device number 8 [ 207.529069][ T29] usblp0: removed [ 207.579321][ T9350] netlink: 'syz.1.857': attribute type 15 has an invalid length. [ 207.666196][ T9355] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 207.965624][ T9366] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 208.317616][ T9375] __nla_validate_parse: 2 callbacks suppressed [ 208.317629][ T9375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.863'. [ 208.330184][ T9375] siw: device registration error -23 [ 209.257740][ T9405] netlink: 12 bytes leftover after parsing attributes in process `syz.0.868'. [ 209.261470][ T9405] netlink: 8 bytes leftover after parsing attributes in process `syz.0.868'. [ 209.374781][ T9395] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 209.378018][ T9395] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 209.380181][ T9415] binder: 9408:9415 ioctl c0285840 80000000 returned -22 [ 209.390419][ T9395] vhci_hcd vhci_hcd.0: Device attached [ 209.665267][ T10] usb 42-1: SetAddress Request (2) to port 0 [ 209.670499][ T10] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 209.757485][ T9427] ./bus: Can't lookup blockdev [ 209.950096][ T9394] netlink: 4 bytes leftover after parsing attributes in process `syz.1.864'. [ 210.267811][ T9413] vhci_hcd: connection reset by peer [ 210.271226][ T59] vhci_hcd vhci_hcd.2: stop threads [ 210.273059][ T59] vhci_hcd vhci_hcd.2: release socket [ 210.275555][ T59] vhci_hcd vhci_hcd.2: disconnect device [ 211.223041][ T9447] netlink: 28 bytes leftover after parsing attributes in process `syz.0.876'. [ 211.227908][ T9447] netlink: 28 bytes leftover after parsing attributes in process `syz.0.876'. [ 212.510611][ T9458] netlink: 176 bytes leftover after parsing attributes in process `syz.2.879'. [ 212.519404][ T9458] netlink: 'syz.2.879': attribute type 2 has an invalid length. [ 212.744458][ T9472] overlayfs: upper fs does not support file handles, falling back to index=off. [ 212.852966][ T9475] input: syz0 as /devices/virtual/input/input14 [ 212.882214][ T9479] netlink: 'syz.2.886': attribute type 3 has an invalid length. [ 213.001443][ T29] IPVS: starting estimator thread 0... [ 213.013728][ T9484] gretap1: entered promiscuous mode [ 213.017000][ T9484] batman_adv: batadv0: Adding interface: gretap1 [ 213.019995][ T9484] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 213.030232][ T9484] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 213.114377][ T9486] IPVS: using max 43 ests per chain, 103200 per kthread [ 213.691512][ T9509] netlink: 16 bytes leftover after parsing attributes in process `syz.2.897'. [ 213.906931][ T9514] netlink: 24 bytes leftover after parsing attributes in process `syz.1.899'. [ 214.498293][ T9521] loop4: detected capacity change from 0 to 7 [ 214.558276][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 214.565130][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 214.568029][ C3] buffer_io_error: 5 callbacks suppressed [ 214.568038][ C3] Buffer I/O error on dev loop4, logical block 0, async page read [ 214.606353][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 214.623306][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 214.660962][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 214.682729][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 214.754411][ T10] usb 42-1: device descriptor read/8, error -110 [ 215.166692][ T10] usb usb42-port1: attempt power cycle [ 215.211426][ T9526] libceph: resolve '.‹R¯HÖe'ì»Ë /Ïâµüë1ýC¸ £~—1W–쯑ë¨eþxEA®ÁþeSb{~Rð' (ret=-3): failed [ 215.276554][ T9529] netlink: 52 bytes leftover after parsing attributes in process `syz.0.904'. [ 215.734818][ T10] usb usb42-port1: unable to enumerate USB device [ 215.942202][ T9563] netlink: 272 bytes leftover after parsing attributes in process `syz.3.916'. [ 216.493518][ T9580] netlink: 8 bytes leftover after parsing attributes in process `syz.3.922'. [ 216.527249][ T9580] siw: device registration error -23 [ 216.910492][ T9586] netlink: 600 bytes leftover after parsing attributes in process `syz.2.923'. [ 217.235075][ T9592] siw: device registration error -23 [ 217.325195][ T9594] netlink: 200 bytes leftover after parsing attributes in process `syz.1.927'. [ 217.387401][ T9598] netlink: 48 bytes leftover after parsing attributes in process `syz.1.928'. [ 217.421747][ T9598] bond3: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms [ 217.429620][ T9598] netlink: 48 bytes leftover after parsing attributes in process `syz.1.928'. [ 217.432521][ T9598] bond3: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms [ 217.721852][ T9612] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 217.729694][ T1357] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 217.750395][ T9612] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 217.886526][ T1357] usb 6-1: config 0 has an invalid interface number: 50 but max is 0 [ 217.893657][ T1357] usb 6-1: config 0 has no interface number 0 [ 217.896900][ T1357] usb 6-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 217.907143][ T1357] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 217.910640][ T1357] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.916333][ T1357] usb 6-1: Product: syz [ 217.918208][ T1357] usb 6-1: Manufacturer: syz [ 217.922586][ T1357] usb 6-1: SerialNumber: syz [ 217.932779][ T1357] usb 6-1: config 0 descriptor?? [ 217.942990][ T1357] yurex 6-1:0.50: USB YUREX device now attached to Yurex #0 [ 218.012843][ T9618] xt_bpf: check failed: parse error [ 218.153430][ T1357] usb 6-1: USB disconnect, device number 7 [ 218.158302][ T1357] yurex 6-1:0.50: USB YUREX #0 now disconnected [ 218.949082][ T9637] can0: slcan on ttyS3. [ 219.028219][ T9637] can0 (unregistered): slcan off ttyS3. [ 219.384766][ T1357] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 219.535939][ T1357] usb 5-1: config 0 has no interfaces? [ 219.540138][ T1357] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 219.544439][ T1357] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.548194][ T1357] usb 5-1: Product: syz [ 219.549904][ T1357] usb 5-1: Manufacturer: syz [ 219.551599][ T1357] usb 5-1: SerialNumber: syz [ 219.555313][ T1357] usb 5-1: config 0 descriptor?? [ 219.791804][ T1357] usb 5-1: USB disconnect, device number 9 [ 220.565579][ T9666] evm: overlay not supported [ 220.736961][ T9672] FAULT_INJECTION: forcing a failure. [ 220.736961][ T9672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 220.744462][ T9672] CPU: 3 UID: 0 PID: 9672 Comm: syz.1.949 Tainted: G L syzkaller #0 PREEMPT(full) [ 220.744497][ T9672] Tainted: [L]=SOFTLOCKUP [ 220.744501][ T9672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 220.744508][ T9672] Call Trace: [ 220.744512][ T9672] [ 220.744517][ T9672] dump_stack_lvl+0x100/0x190 [ 220.744534][ T9672] should_fail_ex.cold+0x5/0xa [ 220.744550][ T9672] _copy_from_user+0x2e/0xd0 [ 220.744562][ T9672] move_addr_to_kernel+0x65/0x170 [ 220.744581][ T9672] __sys_connect+0xb5/0x170 [ 220.744592][ T9672] ? __pfx___sys_connect+0x10/0x10 [ 220.744609][ T9672] ? ksys_write+0x1ac/0x250 [ 220.744625][ T9672] __ia32_sys_connect+0x71/0xb0 [ 220.744636][ T9672] ? lockdep_hardirqs_on+0x78/0x100 [ 220.744653][ T9672] __do_fast_syscall_32+0xe7/0x950 [ 220.744670][ T9672] ? lockdep_hardirqs_on+0x78/0x100 [ 220.744692][ T9672] do_fast_syscall_32+0x32/0x70 [ 220.744711][ T9672] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 220.744725][ T9672] RIP: 0023:0xf6fdefcc [ 220.744735][ T9672] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 220.744746][ T9672] RSP: 002b:00000000f53ac50c EFLAGS: 00000292 ORIG_RAX: 000000000000016a [ 220.744758][ T9672] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000000 [ 220.744766][ T9672] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 220.744772][ T9672] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 220.744779][ T9672] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 220.744785][ T9672] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 220.744800][ T9672] [ 221.738628][ T9685] netlink: 20 bytes leftover after parsing attributes in process `syz.0.953'. [ 221.742585][ T9685] ip6tnl0: entered allmulticast mode [ 221.792285][ T9685] siw: device registration error -23 [ 221.989633][ T9692] syzkaller0: entered promiscuous mode [ 221.991735][ T9692] syzkaller0: entered allmulticast mode [ 222.149455][ T9695] input: syz1 as /devices/virtual/input/input17 [ 222.161012][ T9695] netlink: 20 bytes leftover after parsing attributes in process `syz.2.956'. [ 222.738222][ T9699] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 222.813299][ T9699] netlink: 12 bytes leftover after parsing attributes in process `syz.1.955'. [ 223.009297][ T9715] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 223.446546][ T9722] 8021q: adding VLAN 0 to HW filter on device bond1 [ 224.242164][ T9744] openvswitch: netlink: Flow actions attr not present in new flow. [ 224.484105][ T9749] netlink: 32 bytes leftover after parsing attributes in process `syz.3.969'. [ 224.487453][ T9749] netlink: 32 bytes leftover after parsing attributes in process `syz.3.969'. [ 224.770255][ T9749] netlink: 32 bytes leftover after parsing attributes in process `syz.3.969'. [ 224.773087][ T9749] netlink: 32 bytes leftover after parsing attributes in process `syz.3.969'. [ 224.936785][ T9749] netlink: 32 bytes leftover after parsing attributes in process `syz.3.969'. [ 224.939713][ T9749] netlink: 32 bytes leftover after parsing attributes in process `syz.3.969'. [ 225.646139][ T9785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.975'. [ 225.889326][ T9796] loop4: detected capacity change from 0 to 7 [ 225.898230][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 225.901754][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 225.904886][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 226.245698][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 226.248829][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 226.258949][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 226.267297][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 226.800959][ T9813] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 227.339434][ T9816] syzkaller0: entered promiscuous mode [ 227.345647][ T9816] syzkaller0: entered allmulticast mode [ 227.669674][ T9827] __nla_validate_parse: 1 callbacks suppressed [ 227.669687][ T9827] netlink: 8 bytes leftover after parsing attributes in process `syz.3.988'. [ 227.972953][ T9834] sctp: [Deprecated]: syz.2.990 (pid 9834) Use of struct sctp_assoc_value in delayed_ack socket option. [ 227.972953][ T9834] Use struct sctp_sack_info instead [ 228.428001][ T9849] input: syz0 as /devices/virtual/input/input18 [ 228.725273][ T1357] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 228.884587][ T9867] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1003'. [ 228.974097][ T1357] usb 6-1: unable to get BOS descriptor or descriptor too short [ 228.987854][ T1357] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 228.999493][ T1357] usb 6-1: can't read configurations, error -71 [ 229.592534][ T9881] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1006'. [ 229.598876][ T9881] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1006'. [ 229.606540][ T9882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1007'. [ 229.754290][ T9890] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1008'. [ 229.849827][ T9897] netlink: 'syz.1.1010': attribute type 10 has an invalid length. [ 229.854946][ T9897] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 229.859363][ T9897] team0: Port device netdevsim1 added [ 230.460795][ T9907] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1012'. [ 230.662629][ T9907] lo speed is unknown, defaulting to 1000 [ 232.435714][ T9919] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1014'. [ 232.496939][ T9920] siw: device registration error -23 [ 233.079161][ T9924] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 233.169661][ T9927] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1016'. [ 233.349553][ T9938] netlink: 140 bytes leftover after parsing attributes in process `syz.3.1020'. [ 233.445620][ T9946] siw: device registration error -23 [ 233.631917][ T9952] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1022'. [ 233.636580][ T9952] ip6tnl0: entered allmulticast mode [ 233.673020][ T9952] siw: device registration error -23 [ 234.610275][ T9964] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 234.861865][ T9965] siw: device registration error -23 [ 234.862919][ T9970] ip6tnl0: left allmulticast mode [ 234.876064][ T9970] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1027'. [ 235.075782][ T9985] nbd: socks must be embedded in a SOCK_ITEM attr [ 235.079201][ T9985] block nbd2: shutting down sockets [ 235.372427][T10014] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 235.377138][T10006] loop4: detected capacity change from 0 to 7 [ 235.381862][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 235.385690][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 235.388963][T10014] team0: Unable to change to the same mode the team is in [ 235.389445][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 235.418191][ T9972] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1024'. [ 235.590251][T10022] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1035'. [ 235.637440][T10024] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 235.885490][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 235.891783][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 235.899270][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 235.907326][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 236.150100][T10037] ip6tnl0: left allmulticast mode [ 236.230589][T10038] siw: device registration error -23 [ 236.282413][T10037] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1038'. [ 236.573354][T10042] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1041'. [ 236.577610][T10042] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1041'. [ 236.582172][T10042] FAULT_INJECTION: forcing a failure. [ 236.582172][T10042] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.597174][T10042] CPU: 0 UID: 0 PID: 10042 Comm: syz.2.1041 Tainted: G L syzkaller #0 PREEMPT(full) [ 236.597204][T10042] Tainted: [L]=SOFTLOCKUP [ 236.597210][T10042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 236.597221][T10042] Call Trace: [ 236.597227][T10042] [ 236.597234][T10042] dump_stack_lvl+0x100/0x190 [ 236.597261][T10042] should_fail_ex.cold+0x5/0xa [ 236.597286][T10042] _copy_to_user+0x32/0xd0 [ 236.597307][T10042] simple_read_from_buffer+0xcb/0x170 [ 236.597331][T10042] proc_fail_nth_read+0x1af/0x230 [ 236.597360][T10042] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 236.597389][T10042] ? rw_verify_area+0xce/0x6d0 [ 236.597408][T10042] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 236.597435][T10042] vfs_read+0x1e4/0xb30 [ 236.597465][T10042] ? __pfx_vfs_read+0x10/0x10 [ 236.597484][T10042] ? find_held_lock+0x2b/0x80 [ 236.597506][T10042] ? __fget_files+0x215/0x3d0 [ 236.597533][T10042] ? __fget_files+0x21f/0x3d0 [ 236.597561][T10042] ksys_read+0x12a/0x250 [ 236.597581][T10042] ? __pfx_ksys_read+0x10/0x10 [ 236.597599][T10042] ? rcu_is_watching+0x12/0xc0 [ 236.597622][T10042] ? rcu_is_watching+0x12/0xc0 [ 236.597646][T10042] do_int80_emulation+0x141/0x700 [ 236.597677][T10042] asm_int80_emulation+0x1a/0x20 [ 236.597695][T10042] RIP: 0023:0xf716616b [ 236.597710][T10042] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 236.597726][T10042] RSP: 002b:00000000f541d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 236.597743][T10042] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f541d5d0 [ 236.597754][T10042] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 236.597763][T10042] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 236.597773][T10042] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 236.597782][T10042] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 236.597806][T10042] [ 237.006385][T10055] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 237.063858][T10022] lo speed is unknown, defaulting to 1000 [ 237.097886][T10061] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 237.122562][T10061] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 237.587488][T10070] loop4: detected capacity change from 0 to 7 [ 237.662437][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 237.675236][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.679229][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 237.692792][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.696745][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 237.700741][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.704530][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 237.709314][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.712799][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 237.718529][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.722300][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 237.869193][T10082] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1054'. [ 237.884459][T10085] netlink: 'syz.1.1055': attribute type 21 has an invalid length. [ 238.288860][ T40] audit: type=1804 audit(1778604926.538:135): pid=10095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1057" name="/newroot/270/file0" dev="tmpfs" ino=1435 res=1 errno=0 [ 238.310546][ T40] audit: type=1804 audit(1778604926.538:136): pid=10095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1057" name="/newroot/270/file0" dev="tmpfs" ino=1435 res=1 errno=0 [ 239.348373][T10127] siw: device registration error -23 [ 239.797799][T10104] __nla_validate_parse: 1 callbacks suppressed [ 239.798163][T10104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1058'. [ 240.683821][T10149] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1066'. [ 240.714607][T10151] 9p: Bad value for 'wfdno' [ 240.765470][T10154] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 240.768056][T10154] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 240.774546][T10154] vhci_hcd vhci_hcd.0: Device attached [ 240.792323][T10157] /dev/sr0: Can't open blockdev [ 241.044540][ T5747] usb 42-1: SetAddress Request (6) to port 0 [ 241.046811][ T5747] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd [ 241.206840][T10163] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1069'. [ 241.210592][T10163] netlink: 'syz.3.1069': attribute type 1 has an invalid length. [ 241.274084][T10167] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1069'. [ 241.333439][T10155] vhci_hcd: connection reset by peer [ 241.336885][ T13] vhci_hcd vhci_hcd.2: stop threads [ 241.340522][ T13] vhci_hcd vhci_hcd.2: release socket [ 241.347432][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 241.784034][T10199] openvswitch: netlink: Flow actions attr not present in new flow. [ 241.864427][ T5744] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 242.014340][ T5744] usb 5-1: Using ep0 maxpacket: 8 [ 242.019021][ T5744] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 242.021959][ T5744] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 242.026453][ T5744] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 242.031006][ T5744] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 242.035312][ T5744] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 242.041197][ T5744] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 242.044595][ T5744] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.255269][ T5744] usb 5-1: GET_CAPABILITIES returned 0 [ 242.263568][ T5744] usbtmc 5-1:16.0: can't read capabilities [ 242.374511][T10204] syzkaller0: entered promiscuous mode [ 242.376374][T10204] syzkaller0: entered allmulticast mode [ 242.383697][T10204] 0: reclassify loop, rule prio 0, protocol 800 [ 242.475120][ T1357] usb 5-1: USB disconnect, device number 10 [ 242.540255][T10214] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 242.547233][T10214] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 242.565125][T10214] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 242.573228][T10214] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 242.592004][T10217] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1081'. [ 242.611811][T10217] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 242.619085][T10220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1082'. [ 242.652190][T10217] bond0 (unregistering): Released all slaves [ 242.664511][ T5843] syz1: Port: 1 Link DOWN [ 242.698042][T10223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1080'. [ 242.715048][T10223] siw: device registration error -23 [ 242.775605][ T77] smbdirect: ib_dev[syz1] removed [ 242.823646][ T5742] block nbd2: Receive control failed (result -32) [ 243.535624][T10251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1087'. [ 243.576817][T10251] siw: device registration error -23 [ 243.625868][T10253] syzkaller0: entered promiscuous mode [ 243.627780][T10253] syzkaller0: entered allmulticast mode [ 244.216266][T10259] lo speed is unknown, defaulting to 1000 [ 244.610806][T10272] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 244.944938][T10270] fuse: Bad value for 'fd' [ 246.011963][T10298] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 246.085088][T10300] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 246.109065][ T5747] usb 42-1: device descriptor read/8, error -110 [ 246.464415][T10322] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1114'. [ 246.589221][ T5747] usb usb42-port1: attempt power cycle [ 246.682475][T10327] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 246.811318][T10332] tipc: Resetting bearer [ 246.877830][T10332] tipc: Resetting bearer [ 246.909454][T10332] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 247.575109][ T5747] usb usb42-port1: unable to enumerate USB device [ 247.723141][T10359] 9p: Bad value for 'rfdno' [ 248.027654][T10352] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1121'. [ 248.268702][T10389] 9p: Bad value for 'rfdno' [ 248.459543][T10400] xt_limit: Overflow, try lower: 271964/0 [ 248.707112][T10382] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1122'. [ 248.860486][T10413] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1127'. [ 248.992738][T10421] netlink: 'syz.1.1128': attribute type 10 has an invalid length. [ 249.001163][T10422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1126'. [ 249.028196][T10424] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 249.192357][T10436] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1134'. [ 249.204368][T10436] netlink: 'syz.2.1134': attribute type 2 has an invalid length. [ 249.324931][T10442] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1132'. [ 249.331523][T10442] siw: device registration error -23 [ 249.500116][T10457] 9p: Bad value for 'rfdno' [ 250.043617][T10448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1135'. [ 250.752908][T10494] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1145'. [ 251.207305][T10499] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1147'. [ 251.654364][ T5744] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 251.804303][ T5744] usb 6-1: Using ep0 maxpacket: 8 [ 251.811728][ T5744] usb 6-1: config 1 interface 0 has no altsetting 0 [ 251.818196][ T5744] usb 6-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.40 [ 251.823575][ T5744] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.829979][ T5744] usb 6-1: Product: 鷬溋຀ãˆã¸šå¯¦å¯’鹙慬듂⹅텈ï„︲ìá…î€Ü¸ê´¢ç†“栴锛㭓誟ìºä©”衺방畚û橯ë¿è¿»ëž¤â…䫒壇䬥皲暧紗í¶á®³ç½±æ˜´áš“躧奔좷쥢ટï®æž’仄ᮗ曞쟋渱ᗜଃ筻ã»âš¥è€¸á¸€ë‚©ê‘´ì§’份ìƒã‚·â”žî›§ë¡–嘳뚌Ꚉë»æ«§â­—♭℈釺çžì‹†å¡§æŒ‰åŽ«æšµã–㸃᪫㎨è†î¬”巆鎬螄㇜垾퉻è›êœ [ 251.854477][ T5744] usb 6-1: Manufacturer: イ꒜혰î짤ä擘øℕ뛄从ٯ愾뽿皀砊鯀ìšæ¿¦ë¿ˆæ¸¸ç‰¸Ñ¹ç«¤ç–¼ä‹Šã¨«çˆ–幓ㅪÌã©„è¾ï£¨áŸ¿å ´ï¡¤éª¹ì…¾æˆ´èº³ï¹ ëª®æ²®á—î‚€åªë»™é­¼ [ 251.864051][ T5744] usb 6-1: SerialNumber: syz [ 252.433297][T10527] __nla_validate_parse: 1 callbacks suppressed [ 252.433317][T10527] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1155'. [ 252.896531][ T5744] usbhid 6-1:1.0: can't add hid device: -71 [ 252.898842][ T5744] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 252.910061][ T5744] usb 6-1: USB disconnect, device number 10 [ 252.986438][T10573] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1162'. [ 253.205449][T10585] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1161'. [ 253.815975][T10588] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1166'. [ 254.533040][T10624] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1168'. [ 254.550538][T10624] siw: device registration error -23 [ 255.175052][ T5747] hid (null): global environment stack underflow [ 255.212694][ T5747] hid-generic 616F:20C2607D:F72986D9.0007: global environment stack underflow [ 255.224067][ T5747] hid-generic 616F:20C2607D:F72986D9.0007: item 0 1 1 11 parsing failed [ 255.238167][ T5747] hid-generic 616F:20C2607D:F72986D9.0007: probe with driver hid-generic failed with error -22 [ 255.369250][T10635] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 255.651836][T10641] overlay: ./file1 is not a directory [ 256.787325][T10660] netlink: 6024 bytes leftover after parsing attributes in process `syz.1.1178'. [ 256.849375][T10660] lo speed is unknown, defaulting to 1000 [ 257.801262][T10670] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1181'. [ 258.077005][T10671] siw: device registration error -23 [ 259.253076][T10677] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 259.340932][T10683] syzkaller0: entered promiscuous mode [ 259.342713][T10683] syzkaller0: entered allmulticast mode [ 259.364154][T10683] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1186'. [ 259.658114][T10695] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1190'. [ 260.352844][ T1434] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.357147][ T1434] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.436762][T10707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1192'. [ 260.449654][T10707] siw: device registration error -23 [ 260.967359][T10721] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 261.275042][ T5747] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 261.276967][ T5742] block nbd3: Receive control failed (result -32) [ 261.454373][ T5747] usb 6-1: Using ep0 maxpacket: 8 [ 261.462161][ T5747] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 261.467006][ T5747] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 261.473364][ T5747] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 261.479658][ T5747] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 261.485287][ T5747] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 261.503068][ T5747] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 261.510475][ T5747] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.737317][ T5747] usb 6-1: GET_CAPABILITIES returned 0 [ 261.739124][ T5747] usbtmc 6-1:16.0: can't read capabilities [ 261.841031][T10733] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1200'. [ 261.958076][T10734] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1200'. [ 262.086205][ T5747] usb 6-1: USB disconnect, device number 11 [ 262.104366][T10739] siw: device registration error -23 [ 262.376221][T10751] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1203'. [ 266.150438][T10811] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.1221'. [ 266.164934][T10811] openvswitch: netlink: Missing key (keys=40, expected=100) [ 266.168276][T10814] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 266.358542][T10829] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 266.359713][T10833] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1227'. [ 267.243645][T10822] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1220'. [ 267.405084][T10859] tipc: Enabling of bearer rejected, failed to enable media [ 267.471147][T10862] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1233'. [ 267.541357][T10870] netlink: 124 bytes leftover after parsing attributes in process `syz.0.1235'. [ 267.547222][T10870] netlink: 124 bytes leftover after parsing attributes in process `syz.0.1235'. [ 267.547883][T10872] binder: 10871:10872 ioctl 400445a0 80000240 returned -22 [ 267.636799][T10882] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1242'. [ 268.153597][T10919] QAT: Device 253 not found [ 268.376449][T10927] lo speed is unknown, defaulting to 1000 [ 268.511697][T10892] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1243'. [ 268.527490][T10933] netlink: 'syz.2.1249': attribute type 1 has an invalid length. [ 268.540799][T10933] bond3: entered promiscuous mode [ 268.542897][T10933] 8021q: adding VLAN 0 to HW filter on device bond3 [ 268.612805][T10936] netlink: 600 bytes leftover after parsing attributes in process `syz.2.1250'. [ 269.017979][T10929] lo speed is unknown, defaulting to 1000 [ 269.637630][T10960] syzkaller0: entered promiscuous mode [ 269.650031][T10960] syzkaller0: entered allmulticast mode [ 269.783856][T10967] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1258'. [ 269.793140][T10967] siw: device registration error -23 [ 270.757854][T11002] netlink: del zone limit has 8 unknown bytes [ 271.170327][T10990] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1262'. [ 271.263061][T11025] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 272.167423][T11035] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1268'. [ 273.244670][ T1357] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 273.280173][T11079] syzkaller0: entered promiscuous mode [ 273.282439][T11079] syzkaller0: entered allmulticast mode [ 273.396364][ T1357] usb 7-1: config index 0 descriptor too short (expected 9, got 0) [ 273.399948][ T1357] usb 7-1: can't read configurations, error -22 [ 273.642826][T11089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1279'. [ 273.659562][T11089] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 274.018894][T11097] netlink: 'syz.1.1280': attribute type 10 has an invalid length. [ 274.060150][T11097] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 274.361082][T11095] netlink: 'syz.1.1280': attribute type 10 has an invalid length. [ 274.424317][ T1357] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 274.596383][ T1357] usb 7-1: config index 0 descriptor too short (expected 9, got 0) [ 274.599075][ T1357] usb 7-1: can't read configurations, error -22 [ 274.603247][ T1357] usb usb7-port1: attempt power cycle [ 274.725738][T11104] netlink: 'syz.0.1283': attribute type 38 has an invalid length. [ 274.964300][ T1357] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 274.990052][ T1357] usb 7-1: config index 0 descriptor too short (expected 9, got 0) [ 274.992633][ T1357] usb 7-1: can't read configurations, error -22 [ 275.006036][T11116] netlink: 'syz.3.1288': attribute type 10 has an invalid length. [ 275.009054][T11116] syz_tun: entered promiscuous mode [ 275.134408][ T1357] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 275.154309][ T40] audit: type=1804 audit(1778604964.342:137): pid=11118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1286" name="/newroot/321/file0" dev="tmpfs" ino=1776 res=1 errno=0 [ 275.173358][ T1357] usb 7-1: config index 0 descriptor too short (expected 9, got 0) [ 275.176360][ T1357] usb 7-1: can't read configurations, error -22 [ 275.179337][ T1357] usb usb7-port1: unable to enumerate USB device [ 275.182601][ T40] audit: type=1804 audit(1778604964.352:138): pid=11118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1286" name="/newroot/321/file0" dev="tmpfs" ino=1776 res=1 errno=0 [ 275.708508][T11121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1289'. [ 275.711472][T11121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1289'. [ 275.788314][T11121] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 276.129877][T11124] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 276.615446][T11133] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1292'. [ 276.632289][ T40] audit: type=1326 audit(1778604965.882:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 276.654070][ T40] audit: type=1326 audit(1778604965.882:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 276.665961][ T40] audit: type=1326 audit(1778604965.882:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=283 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 276.675941][ T40] audit: type=1326 audit(1778604965.892:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 276.685191][ T40] audit: type=1326 audit(1778604965.892:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 276.694758][ T40] audit: type=1326 audit(1778604965.892:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 276.703582][ T40] audit: type=1326 audit(1778604965.892:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 276.714574][ T40] audit: type=1326 audit(1778604965.892:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.1.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 276.894101][T11142] netlink: 'syz.0.1295': attribute type 8 has an invalid length. [ 277.590169][T11157] openvswitch: netlink: Flow actions attr not present in new flow. [ 278.565789][ T5842] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 278.774383][ T5842] usb 6-1: Using ep0 maxpacket: 8 [ 278.783258][ T5842] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 278.786957][ T5842] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 278.794458][ T5842] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 278.797930][ T5842] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 278.802312][ T5842] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 278.808763][ T5842] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 278.811863][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.018448][ T5842] usb 6-1: GET_CAPABILITIES returned 0 [ 279.024282][ T5842] usbtmc 6-1:16.0: can't read capabilities [ 279.228884][ T5842] usb 6-1: USB disconnect, device number 12 [ 279.619190][T11201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1315'. [ 279.625309][T11201] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1315'. [ 279.628076][T11201] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1315'. [ 279.666873][T11203] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 279.906392][T11215] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1318'. [ 279.922593][T11215] siw: device registration error -23 [ 280.693085][T11224] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1319'. [ 280.698810][T11224] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1319'. [ 280.717061][T11224] loop4: detected capacity change from 0 to 7 [ 280.860283][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 280.864707][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 280.868728][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 280.872414][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 280.876720][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 280.958486][T11230] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1323'. [ 281.206530][T11240] A link change request failed with some changes committed already. Interface sit1 may have been left with an inconsistent configuration, please check. [ 281.308915][T11246] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 281.316341][T11246] team0: No ports can be present during mode change [ 281.590240][T11257] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1333'. [ 281.593882][T11257] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1333'. [ 281.593906][T11248] syz.2.1331 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 282.053788][T11287] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 282.062000][T11287] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 282.187089][T11291] __nla_validate_parse: 1 callbacks suppressed [ 282.187109][T11291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1345'. [ 282.484042][T11301] netlink: 'syz.1.1349': attribute type 13 has an invalid length. [ 282.487463][T11301] netlink: 'syz.1.1349': attribute type 17 has an invalid length. [ 282.609037][T11301] ip6tnl0: left promiscuous mode [ 282.612129][T11301] syz_tun: left promiscuous mode [ 282.798546][T11306] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 282.982443][T11301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.992363][T11301] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.003010][T11301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 283.040909][T11308] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1352'. [ 283.068845][T11301] batadv_slave_1: left promiscuous mode [ 283.075875][T11301] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 283.079478][T11301] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 283.204098][T11301] veth1_vlan: left promiscuous mode [ 283.208380][T11301] vlan0: left promiscuous mode [ 283.210492][T11301] veth1_vlan: entered promiscuous mode [ 283.216128][T11301] veth1_macvtap: left promiscuous mode [ 283.218922][T11301] veth0_macvtap: left promiscuous mode [ 283.401022][T11301] veth0_macvtap: entered promiscuous mode [ 283.609547][T11301] veth1_macvtap: entered promiscuous mode [ 283.618091][T11301] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 283.646490][T11301] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 283.702355][T11301] netdevsim netdevsim1 netdevsim2: refused to change device tx_queue_len [ 283.706167][T11301] A link change request failed with some changes committed already. Interface netdevsim2 may have been left with an inconsistent configuration, please check. [ 284.037428][T11319] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1356'. [ 284.041061][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.049816][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.110457][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.121038][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.236601][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 284.236613][ T40] audit: type=1326 audit(1778604973.492:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.258753][T11332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1357'. [ 284.264945][ T40] audit: type=1326 audit(1778604973.492:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.282424][ T40] audit: type=1326 audit(1778604973.502:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.300432][ T40] audit: type=1326 audit(1778604973.502:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.313478][ T40] audit: type=1326 audit(1778604973.502:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.329359][ T40] audit: type=1326 audit(1778604973.502:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.343867][ T40] audit: type=1326 audit(1778604973.502:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.345053][T11344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1363'. [ 284.356656][ T40] audit: type=1326 audit(1778604973.502:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.365011][ T40] audit: type=1326 audit(1778604973.502:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.372100][ T40] audit: type=1326 audit(1778604973.502:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11326 comm="syz.0.1359" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 284.383021][T11348] netlink: 'syz.2.1365': attribute type 12 has an invalid length. [ 284.432861][T11350] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1366'. [ 284.748114][T11362] tipc: Resetting bearer [ 284.757525][T11362] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 284.798917][T11362] tipc: Resetting bearer [ 284.805596][T11362] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 284.823146][T11364] lo speed is unknown, defaulting to 1000 [ 284.923313][T11364] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1371'. [ 285.219662][T11378] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 286.101700][T11391] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1378'. [ 286.102313][T11385] FAULT_INJECTION: forcing a failure. [ 286.102313][T11385] name failslab, interval 1, probability 0, space 0, times 0 [ 286.112762][T11385] CPU: 2 UID: 0 PID: 11385 Comm: syz.1.1376 Tainted: G L syzkaller #0 PREEMPT(full) [ 286.112805][T11385] Tainted: [L]=SOFTLOCKUP [ 286.112811][T11385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 286.112822][T11385] Call Trace: [ 286.112836][T11385] [ 286.112843][T11385] dump_stack_lvl+0x100/0x190 [ 286.112870][T11385] should_fail_ex.cold+0x5/0xa [ 286.112895][T11385] ? lsm_blob_alloc+0x68/0x90 [ 286.112919][T11385] should_failslab+0xc2/0x120 [ 286.112941][T11385] __kmalloc_noprof+0xe0/0x850 [ 286.112958][T11385] ? trace_kmem_cache_alloc+0xd5/0x100 [ 286.112985][T11385] lsm_blob_alloc+0x68/0x90 [ 286.113009][T11385] security_sk_alloc+0x2d/0x290 [ 286.113040][T11385] sk_prot_alloc+0x1d1/0x2a0 [ 286.113067][T11385] sk_alloc+0x36/0xe80 [ 286.113086][T11385] inet_create+0x3a0/0x1060 [ 286.113105][T11385] ? inet_create+0x94/0x1060 [ 286.113127][T11385] __sock_create+0x339/0x860 [ 286.113159][T11385] mptcp_subflow_create_socket+0xec/0xa30 [ 286.113184][T11385] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 286.113204][T11385] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 286.113225][T11385] ? find_held_lock+0x2b/0x80 [ 286.113248][T11385] ? tomoyo_check_inet_address+0x40d/0x6d0 [ 286.113274][T11385] __mptcp_nmpc_sk+0x17f/0x880 [ 286.113298][T11385] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 286.113320][T11385] ? register_lock_class+0x40/0x560 [ 286.113346][T11385] mptcp_connect+0x7e/0xaf0 [ 286.113372][T11385] __inet_stream_connect+0x208/0xfa0 [ 286.113398][T11385] ? __pfx___inet_stream_connect+0x10/0x10 [ 286.113440][T11385] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 286.113467][T11385] ? __pfx_inet_stream_connect+0x10/0x10 [ 286.113487][T11385] ? __local_bh_enable_ip+0x9e/0x120 [ 286.113515][T11385] ? __pfx_inet_stream_connect+0x10/0x10 [ 286.113531][T11385] inet_stream_connect+0x57/0xa0 [ 286.113551][T11385] __sys_connect_file+0x141/0x1a0 [ 286.113572][T11385] __sys_connect+0x141/0x170 [ 286.113590][T11385] ? __pfx___sys_connect+0x10/0x10 [ 286.113626][T11385] __ia32_sys_connect+0x71/0xb0 [ 286.113643][T11385] ? lockdep_hardirqs_on+0x78/0x100 [ 286.113670][T11385] __do_fast_syscall_32+0xe7/0x950 [ 286.113713][T11385] ? lockdep_hardirqs_on+0x78/0x100 [ 286.113742][T11385] do_fast_syscall_32+0x32/0x70 [ 286.113769][T11385] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 286.113792][T11385] RIP: 0023:0xf6fdefcc [ 286.113807][T11385] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 286.113830][T11385] RSP: 002b:00000000f53cd50c EFLAGS: 00000292 ORIG_RAX: 000000000000016a [ 286.113848][T11385] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000000 [ 286.113859][T11385] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 286.113869][T11385] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 286.113879][T11385] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 286.113889][T11385] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 286.113915][T11385] [ 286.427456][T11400] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 286.566983][T11409] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1383'. [ 287.077101][T11416] netlink: 211856 bytes leftover after parsing attributes in process `syz.2.1385'. [ 287.460065][T11433] overlayfs: failed to resolve './file0': -2 [ 287.537904][T11433] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.795344][T11433] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.829483][T11431] overlayfs: missing 'lowerdir' [ 288.082213][T11433] team0: Port device netdevsim1 removed [ 288.086496][T11433] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.197683][T11433] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.309725][ T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.321325][ T59] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.330800][ T59] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.342781][ T59] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.894634][ T5821] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 289.044592][ T5821] usb 7-1: Using ep0 maxpacket: 32 [ 289.052150][ T5821] usb 7-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 289.056192][ T5821] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.059567][ T5821] usb 7-1: Product: syz [ 289.061218][ T5821] usb 7-1: Manufacturer: syz [ 289.063216][ T5821] usb 7-1: SerialNumber: syz [ 289.070441][ T5821] usb 7-1: config 0 descriptor?? [ 289.082454][ T5821] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 289.087539][ T5821] dvb-usb: bulk message failed: -22 (4/0) [ 289.089869][ T5821] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 289.093547][ T5821] dvb-usb: bulk message failed: -22 (5/0) [ 289.096478][ T5821] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 289.106334][ T5821] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 289.110566][ T5821] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 289.113923][ T5821] usb 7-1: media controller created [ 289.127916][ T5821] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 289.143988][ T5821] usb 7-1: selecting invalid altsetting 3 [ 289.148170][ T5821] ttusb2: set interface to alts=3 failed [ 289.178027][ T5821] DVB: Unable to find symbol tda10086_attach() [ 289.189471][ T5821] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 289.210330][ T5821] dvb-usb: bulk message failed: -22 (4/0) [ 289.215897][ T5821] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 289.230704][ T5821] dvb-usb: bulk message failed: -22 (5/0) [ 289.233170][ T5821] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 289.240691][ T5821] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 289.267987][T11470] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1393'. [ 289.301825][ T5821] usb 7-1: USB disconnect, device number 12 qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x400000) [ 289.371192][ T5821] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 289.416366][ T1126] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 289.419515][ T1126] ata1: failed to read log page 10h (errno=-5) [ 289.422213][ T1126] ata1.00: NCQ disabled due to excessive errors [ 289.425857][ T1126] ata1.00: exception Emask 0x1 SAct 0x300 SErr 0x0 action 0x0 [ 289.428758][ T1126] ata1.00: irq_stat 0x40000000 [ 289.430337][ T1126] ata1.00: failed command: READ FPDMA QUEUED [ 289.432169][ T1126] ata1.00: cmd 60/00:40:c6:23:01/20:00:00:00:00/40 tag 8 ncq dma 4194304 in [ 289.432169][ T1126] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 289.437845][ T1126] ata1.00: status: { DRDY } [ 289.439347][ T1126] ata1.00: failed command: READ FPDMA QUEUED [ 289.441388][ T1126] ata1.00: cmd 60/a8:48:c6:43:01/17:00:00:00:00/40 tag 9 ncq dma 3100672 in [ 289.441388][ T1126] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 289.447772][ T1126] ata1.00: status: { DRDY } [ 289.451239][ T1126] ata1.00: configured for UDMA/100 [ 289.453269][ T1126] sd 0:0:0:0: [sda] tag#8 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 289.456809][ T1126] sd 0:0:0:0: [sda] tag#8 Sense Key : Aborted Command [current] [ 289.459383][ T1126] sd 0:0:0:0: [sda] tag#8 Add. Sense: No additional sense information [ 289.462417][ T1126] sd 0:0:0:0: [sda] tag#8 CDB: Read(10) 28 00 00 01 23 c6 00 20 00 00 [ 289.465675][ T1126] I/O error, dev sda, sector 74694 op 0x0:(READ) flags 0x84700 phys_seg 115 prio class 2 [ 289.469173][ T1126] sd 0:0:0:0: [sda] tag#9 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 289.473452][ T1126] sd 0:0:0:0: [sda] tag#9 Sense Key : Aborted Command [current] [ 289.477298][ T1126] sd 0:0:0:0: [sda] tag#9 Add. Sense: No additional sense information [ 289.480758][ T1126] sd 0:0:0:0: [sda] tag#9 CDB: Read(10) 28 00 00 01 43 c6 00 17 a8 00 [ 289.485079][ T1126] I/O error, dev sda, sector 82886 op 0x0:(READ) flags 0x80700 phys_seg 50 prio class 2 [ 289.490400][ T1126] ata1: EH complete [ 289.924713][T11484] tipc: Resetting bearer [ 289.939647][T11484] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 290.349637][T11495] capability: warning: `syz.1.1399' uses 32-bit capabilities (legacy support in use) [ 290.378223][T11495] program syz.1.1399 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 290.697667][ T40] kauditd_printk_skb: 55 callbacks suppressed [ 290.697684][ T40] audit: type=1326 audit(1778604980.956:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11500 comm="syz.1.1401" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6fdefcc code=0x0 [ 291.651638][T11521] FAULT_INJECTION: forcing a failure. [ 291.651638][T11521] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 291.660006][T11519] Cannot find add_set index 2 as target [ 291.660948][T11521] CPU: 2 UID: 0 PID: 11521 Comm: syz.0.1407 Tainted: G L syzkaller #0 PREEMPT(full) [ 291.660977][T11521] Tainted: [L]=SOFTLOCKUP [ 291.660983][T11521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 291.660993][T11521] Call Trace: [ 291.661000][T11521] [ 291.661006][T11521] dump_stack_lvl+0x100/0x190 [ 291.661035][T11521] should_fail_ex.cold+0x5/0xa [ 291.661059][T11521] _copy_from_user+0x2e/0xd0 [ 291.661079][T11521] get_compat_msghdr+0xb3/0x4b0 [ 291.661102][T11521] ? __pfx_get_compat_msghdr+0x10/0x10 [ 291.661134][T11521] ___sys_sendmsg+0x1b6/0x1e0 [ 291.661163][T11521] ? __pfx____sys_sendmsg+0x10/0x10 [ 291.661203][T11521] ? find_held_lock+0x2b/0x80 [ 291.661246][T11521] __sys_sendmsg+0x170/0x220 [ 291.661267][T11521] ? __pfx___sys_sendmsg+0x10/0x10 [ 291.661286][T11521] ? __fget_files+0x21f/0x3d0 [ 291.661315][T11521] ? ksys_write+0x1ac/0x250 [ 291.661364][T11521] ? rcu_is_watching+0x12/0xc0 [ 291.661392][T11521] __do_fast_syscall_32+0xe7/0x950 [ 291.661420][T11521] ? lockdep_hardirqs_on+0x78/0x100 [ 291.661447][T11521] do_fast_syscall_32+0x32/0x70 [ 291.661476][T11521] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.661499][T11521] RIP: 0023:0xf7fd6fcc [ 291.661516][T11521] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 291.661534][T11521] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 291.661552][T11521] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 291.661563][T11521] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 291.661573][T11521] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 291.661584][T11521] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 291.661594][T11521] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 291.661620][T11521] [ 291.738216][T11523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1408'. [ 292.160878][T11536] tmpfs: Bad value for 'mpol' [ 293.009483][T11548] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 293.012348][T11548] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 293.018001][T11548] vhci_hcd vhci_hcd.0: Device attached [ 293.444514][ T4821] usb 44-1: SetAddress Request (10) to port 0 [ 293.446886][ T4821] usb 44-1: new SuperSpeed USB device number 10 using vhci_hcd [ 294.125451][T11570] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1424'. [ 294.131735][T11552] vhci_hcd: connection reset by peer [ 294.176997][T11572] netlink: 'syz.0.1425': attribute type 10 has an invalid length. [ 294.195017][T11572] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 294.214083][T11572] team0: Port device netdevsim1 added [ 294.221197][ T12] vhci_hcd vhci_hcd.3: stop threads [ 294.226055][ T12] vhci_hcd vhci_hcd.3: release socket [ 294.230928][ T12] vhci_hcd vhci_hcd.3: disconnect device [ 294.387046][T11582] netlink: 'syz.2.1427': attribute type 1 has an invalid length. [ 294.405139][T11582] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1427'. [ 294.428465][T11582] netlink: 658 bytes leftover after parsing attributes in process `syz.2.1427'. [ 294.445327][T11582] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1427'. [ 294.489977][T11588] netlink: 'syz.3.1428': attribute type 10 has an invalid length. [ 294.560814][T11588] team0: Failed to send options change via netlink (err -105) [ 294.574800][T11588] team0: Port device dummy0 added [ 294.608639][T11592] netlink: 'syz.3.1428': attribute type 10 has an invalid length. [ 294.629274][T11592] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 294.676620][T11592] team0: Failed to send options change via netlink (err -105) [ 294.694607][T11592] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 294.698841][T11592] team0: Port device dummy0 removed [ 294.708093][ T1161] tipc: Resetting bearer [ 294.804329][ T5744] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 294.954385][ T5744] usb 5-1: Using ep0 maxpacket: 8 [ 294.958405][ T5744] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 294.961962][ T5744] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 294.967046][ T5744] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 294.971816][ T5744] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 294.975196][ T5744] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 294.979403][ T5744] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 294.982490][ T5744] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.193090][ T5744] usb 5-1: usb_control_msg returned -32 [ 295.195159][ T5744] usbtmc 5-1:16.0: can't read capabilities [ 295.575282][T11609] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 295.767841][T11616] raw_sendmsg: syz.3.1437 forgot to set AF_INET. Fix it! [ 295.945748][T11622] netlink: 'syz.3.1438': attribute type 10 has an invalid length. [ 295.962543][T11622] team0: Failed to send options change via netlink (err -105) [ 295.965041][T11622] team0: Port device dummy0 added [ 295.998630][T11622] netlink: 'syz.3.1438': attribute type 10 has an invalid length. [ 296.004313][T11622] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 296.024735][T11622] team0: Failed to send options change via netlink (err -105) [ 296.028604][T11622] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 296.040154][T11622] team0: Port device dummy0 removed [ 296.049105][ T46] tipc: Resetting bearer [ 296.168059][T11627] netlink: 'syz.1.1440': attribute type 10 has an invalid length. [ 296.181485][T11627] bond0: (slave dummy0): Releasing backup interface [ 296.213472][T11627] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 296.230730][T11627] team0: Failed to send options change via netlink (err -105) [ 296.238246][T11627] team0: Port device dummy0 added [ 297.080925][ T40] audit: type=1326 audit(1778604987.336:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.092511][T11632] A link change request failed with some changes committed already. Interface sit1 may have been left with an inconsistent configuration, please check. [ 297.094413][ T40] audit: type=1326 audit(1778604987.346:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.107968][ T40] audit: type=1326 audit(1778604987.346:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.116978][ T40] audit: type=1326 audit(1778604987.346:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.126737][ T40] audit: type=1326 audit(1778604987.346:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.135708][ T40] audit: type=1326 audit(1778604987.346:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.152220][ T40] audit: type=1326 audit(1778604987.346:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.162921][ T40] audit: type=1326 audit(1778604987.346:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.171753][ T40] audit: type=1326 audit(1778604987.346:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.181407][ T40] audit: type=1326 audit(1778604987.346:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11633 comm="syz.1.1443" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 297.181461][T11638] openvswitch: netlink: Flow actions attr not present in new flow. [ 297.295345][T11641] bond0: (slave syz_tun): Releasing backup interface [ 297.320279][T11641] team0: Port device dummy0 removed [ 297.337179][T11641] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 297.366632][T11641] team0: Mode changed to "activebackup" [ 297.376072][T11641] vlan0: entered promiscuous mode [ 297.550696][ T24] usb 5-1: USB disconnect, device number 11 [ 297.754366][ T10] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 297.889295][T11657] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1451'. [ 297.904351][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 297.907415][ T10] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.910896][ T10] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.915177][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 297.917369][ T10] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 297.920242][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.925556][ T10] usb 6-1: config 0 descriptor?? [ 298.059042][T11654] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 298.062974][T11654] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 298.076167][T11654] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 298.078973][T11654] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 298.083880][T11654] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 298.121774][T11661] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 298.235414][T11662] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1452'. [ 298.440015][ T10] usbhid 6-1:0.0: can't add hid device: -71 [ 298.445383][ T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 298.463784][ T10] usb 6-1: USB disconnect, device number 13 [ 298.504582][ T4821] usb 44-1: device descriptor read/8, error -110 [ 298.946938][T11673] netlink: 272 bytes leftover after parsing attributes in process `syz.2.1455'. [ 299.110665][T11678] netlink: 'syz.2.1457': attribute type 1 has an invalid length. [ 299.146516][T11678] bond4: entered promiscuous mode [ 299.148671][T11678] 8021q: adding VLAN 0 to HW filter on device bond4 [ 299.213560][T11685] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1460'. [ 299.223724][T11685] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 299.456169][T11696] netlink: 'syz.3.1458': attribute type 10 has an invalid length. [ 299.477297][T11696] team0: Failed to send options change via netlink (err -105) [ 299.480767][T11696] team0: Port device dummy0 added [ 299.501697][T11696] netlink: 'syz.3.1458': attribute type 10 has an invalid length. [ 299.508767][T11696] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 299.513280][ T4821] usb usb44-port1: attempt power cycle [ 299.517299][T11696] team0: Failed to send options change via netlink (err -105) [ 299.521287][T11696] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 299.525376][T11696] team0: Port device dummy0 removed [ 299.539733][ T181] tipc: Resetting bearer [ 299.954598][ T5742] Bluetooth: hci1: command 0x0406 tx timeout [ 300.105086][ T5742] Bluetooth: hci3: command 0x0c1a tx timeout [ 300.165563][ T4821] usb usb44-port1: unable to enumerate USB device [ 300.345588][T11709] cgroup2: Unknown parameter 'memory_recursiv' [ 300.394092][T11711] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1467'. [ 300.518986][T11722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'. [ 300.751675][T11730] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1473'. [ 300.988552][T11743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1479'. [ 301.216765][T11750] netlink: 'syz.0.1481': attribute type 12 has an invalid length. [ 301.850229][T11764] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1484'. [ 301.868887][T11764] siw: device registration error -23 [ 302.035131][ T5737] Bluetooth: hci1: command 0x0406 tx timeout [ 302.184658][ T5737] Bluetooth: hci3: command 0x0c1a tx timeout [ 302.237737][T11772] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1485'. [ 302.587807][T11776] openvswitch: netlink: Flow actions attr not present in new flow. [ 303.191952][T11784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1488'. [ 303.619817][T11788] can0: slcan on ttyS3. [ 303.724549][T11787] can0 (unregistered): slcan off ttyS3. [ 303.776046][T11792] netlink: 'syz.0.1493': attribute type 1 has an invalid length. [ 303.779587][T11792] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1493'. [ 303.809747][T11796] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 303.933278][T11801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1496'. [ 303.953294][T11803] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1497'. [ 304.119117][T11810] netlink: 'syz.0.1499': attribute type 10 has an invalid length. [ 304.127508][T11810] team0: Failed to send options change via netlink (err -105) [ 304.130009][T11810] team0: Port device dummy0 added [ 304.137977][T11810] netlink: 'syz.0.1499': attribute type 10 has an invalid length. [ 304.141835][T11810] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 304.152480][T11811] netlink: 'syz.2.1498': attribute type 10 has an invalid length. [ 304.160898][T11810] team0: Failed to send options change via netlink (err -105) [ 304.163692][T11810] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 304.167175][T11810] team0: Port device dummy0 removed [ 304.175953][T11810] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 304.274296][ T5742] Bluetooth: hci3: command 0x0c1a tx timeout [ 305.090700][T11823] fuse: Bad value for 'fd' [ 305.096043][T11823] binder: 11822:11823 ioctl c054561d 80000440 returned -22 [ 305.240085][T11831] bridge1: entered promiscuous mode [ 305.241988][T11831] bridge1: entered allmulticast mode [ 305.978279][T11841] netlink: 'syz.1.1508': attribute type 1 has an invalid length. [ 305.980784][T11841] netlink: 'syz.1.1508': attribute type 1 has an invalid length. [ 305.983194][T11841] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1508'. [ 305.987984][T11840] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 306.080569][T11839] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1506'. [ 306.089237][T11845] FAULT_INJECTION: forcing a failure. [ 306.089237][T11845] name failslab, interval 1, probability 0, space 0, times 0 [ 306.100983][T11845] CPU: 0 UID: 0 PID: 11845 Comm: syz.0.1509 Tainted: G L syzkaller #0 PREEMPT(full) [ 306.101003][T11845] Tainted: [L]=SOFTLOCKUP [ 306.101007][T11845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 306.101013][T11845] Call Trace: [ 306.101017][T11845] [ 306.101022][T11845] dump_stack_lvl+0x100/0x190 [ 306.101039][T11845] should_fail_ex.cold+0x5/0xa [ 306.101053][T11845] should_failslab+0xc2/0x120 [ 306.101066][T11845] __kmalloc_cache_noprof+0x7a/0x6f0 [ 306.101082][T11845] ? nfnetlink_rcv_batch+0x780/0x2880 [ 306.101095][T11845] ? __nla_parse+0x40/0x60 [ 306.101114][T11845] nfnetlink_rcv_batch+0x780/0x2880 [ 306.101151][T11845] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 306.101169][T11845] ? kasan_save_stack+0x3f/0x50 [ 306.101179][T11845] ? kasan_save_stack+0x30/0x50 [ 306.101189][T11845] ? kasan_save_track+0x14/0x30 [ 306.101219][T11845] ? __nla_parse+0x40/0x60 [ 306.101236][T11845] nfnetlink_rcv+0x3bd/0x440 [ 306.101248][T11845] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 306.101264][T11845] netlink_unicast+0x585/0x850 [ 306.101282][T11845] ? __pfx_netlink_unicast+0x10/0x10 [ 306.101301][T11845] netlink_sendmsg+0x8b0/0xda0 [ 306.101320][T11845] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.101337][T11845] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 306.101357][T11845] ____sys_sendmsg+0x9e1/0xb70 [ 306.101372][T11845] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.101388][T11845] ? __pfx_____sys_sendmsg+0x10/0x10 [ 306.101410][T11845] ___sys_sendmsg+0x190/0x1e0 [ 306.101427][T11845] ? __pfx____sys_sendmsg+0x10/0x10 [ 306.101450][T11845] ? find_held_lock+0x2b/0x80 [ 306.101478][T11845] __sys_sendmsg+0x170/0x220 [ 306.101491][T11845] ? __pfx___sys_sendmsg+0x10/0x10 [ 306.101502][T11845] ? __fget_files+0x21f/0x3d0 [ 306.101519][T11845] ? ksys_write+0x1ac/0x250 [ 306.101533][T11845] ? rcu_is_watching+0x12/0xc0 [ 306.101548][T11845] __do_fast_syscall_32+0xe7/0x950 [ 306.101565][T11845] ? lockdep_hardirqs_on+0x78/0x100 [ 306.101582][T11845] do_fast_syscall_32+0x32/0x70 [ 306.101600][T11845] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 306.101614][T11845] RIP: 0023:0xf7fd6fcc [ 306.101623][T11845] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 306.101634][T11845] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 306.101645][T11845] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080009b40 [ 306.101652][T11845] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 306.101658][T11845] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 306.101664][T11845] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 306.101670][T11845] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 306.101684][T11845] [ 306.309701][T11847] ptrace attach of "/syz-executor exec"[11851] was attempted by "/syz-executor exec"[11847] [ 306.374397][ T5742] Bluetooth: hci3: command 0x0c1a tx timeout [ 306.434527][T11858] netlink: 'syz.2.1512': attribute type 10 has an invalid length. [ 306.447910][T11858] team0: Failed to send options change via netlink (err -105) [ 306.450409][T11858] team0: Port device dummy0 added [ 306.528876][T11861] siw: device registration error -23 [ 307.303109][T11866] netlink: 'syz.1.1516': attribute type 38 has an invalid length. [ 307.305759][T11866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1516'. [ 307.336668][T11868] netlink: 'syz.2.1517': attribute type 10 has an invalid length. [ 307.459162][T11874] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 307.465779][T11876] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1522'. [ 307.603516][T11881] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1520'. [ 307.626530][T11881] siw: device registration error -23 [ 308.458807][T11897] netlink: 'syz.3.1525': attribute type 10 has an invalid length. [ 308.468110][T11897] team0: Failed to send options change via netlink (err -105) [ 308.470580][T11897] team0: Port device dummy0 added [ 309.099438][T11906] netlink: 'syz.1.1524': attribute type 10 has an invalid length. [ 309.238842][T11906] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 310.258722][T11922] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 311.059862][T11932] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1533'. [ 311.067914][T11932] siw: device registration error -23 [ 311.931311][T11948] netlink: 'syz.1.1535': attribute type 10 has an invalid length. [ 312.006355][T11948] bond0: (slave dummy0): Releasing backup interface [ 312.042996][T11948] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 312.059715][T11948] team0: Failed to send options change via netlink (err -105) [ 312.062900][T11948] team0: Port device dummy0 added [ 312.221178][T11956] netlink: 'syz.0.1538': attribute type 10 has an invalid length. [ 312.278820][T11957] netlink: 'syz.0.1538': attribute type 10 has an invalid length. [ 312.283810][T11956] bond0: (slave dummy0): Releasing backup interface [ 312.307405][T11956] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 312.310399][T11956] team0: Failed to send options change via netlink (err -105) [ 312.312688][T11956] team0: Port device dummy0 added [ 312.334720][T11957] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 312.372131][T11957] team0: Failed to send options change via netlink (err -105) [ 312.374936][T11957] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 312.378538][T11957] team0: Port device dummy0 removed [ 312.399714][T11957] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 312.841564][T11962] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 313.164565][ T24] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 313.324274][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 313.327347][ T24] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.330874][ T24] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 313.334107][ T24] usb 6-1: config 0 interface 0 has no altsetting 0 [ 313.336330][ T24] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 313.339273][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.343294][ T24] usb 6-1: config 0 descriptor?? [ 313.761740][ T24] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 313.764089][ T24] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 313.766425][ T24] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 313.768640][ T24] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 313.770870][ T24] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 313.773632][ T24] mcp2221 0003:04D8:00DD.0008: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 314.110585][T11984] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1544'. [ 314.118294][T11979] siw: device registration error -23 [ 314.171450][ T5841] usb 6-1: USB disconnect, device number 14 [ 314.881197][T11992] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1548'. [ 315.001279][ T5742] block nbd4: Receive control failed (result -32) [ 315.325065][T12014] syzkaller0: entered promiscuous mode [ 315.326884][T12014] syzkaller0: entered allmulticast mode [ 315.330628][T12014] 0: reclassify loop, rule prio 0, protocol 800 [ 315.488160][T12016] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 315.990486][T12006] ceph: No mds server is up or the cluster is laggy [ 316.489702][T12042] FAULT_INJECTION: forcing a failure. [ 316.489702][T12042] name failslab, interval 1, probability 0, space 0, times 0 [ 316.494480][T12042] CPU: 3 UID: 0 PID: 12042 Comm: syz.0.1564 Tainted: G L syzkaller #0 PREEMPT(full) [ 316.494498][T12042] Tainted: [L]=SOFTLOCKUP [ 316.494501][T12042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 316.494508][T12042] Call Trace: [ 316.494512][T12042] [ 316.494517][T12042] dump_stack_lvl+0x100/0x190 [ 316.494533][T12042] should_fail_ex.cold+0x5/0xa [ 316.494547][T12042] should_failslab+0xc2/0x120 [ 316.494560][T12042] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 316.494579][T12042] ? __alloc_skb+0x140/0x710 [ 316.494589][T12042] ? __alloc_skb+0x5b7/0x710 [ 316.494602][T12042] __alloc_skb+0x140/0x710 [ 316.494612][T12042] ? __alloc_skb+0x5b7/0x710 [ 316.494624][T12042] ? __pfx___alloc_skb+0x10/0x10 [ 316.494639][T12042] netlink_alloc_large_skb+0x69/0x150 [ 316.494656][T12042] netlink_sendmsg+0x680/0xda0 [ 316.494674][T12042] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.494692][T12042] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 316.494711][T12042] ____sys_sendmsg+0x9e1/0xb70 [ 316.494726][T12042] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.494742][T12042] ? __pfx_____sys_sendmsg+0x10/0x10 [ 316.494764][T12042] ___sys_sendmsg+0x190/0x1e0 [ 316.494785][T12042] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.494814][T12042] ? find_held_lock+0x2b/0x80 [ 316.494842][T12042] __sys_sendmsg+0x170/0x220 [ 316.494855][T12042] ? __pfx___sys_sendmsg+0x10/0x10 [ 316.494866][T12042] ? __fget_files+0x21f/0x3d0 [ 316.494882][T12042] ? ksys_write+0x1ac/0x250 [ 316.494902][T12042] ? rcu_is_watching+0x12/0xc0 [ 316.494922][T12042] __do_fast_syscall_32+0xe7/0x950 [ 316.494944][T12042] ? lockdep_hardirqs_on+0x78/0x100 [ 316.494969][T12042] do_fast_syscall_32+0x32/0x70 [ 316.494987][T12042] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 316.495002][T12042] RIP: 0023:0xf7fd6fcc [ 316.495011][T12042] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 316.495026][T12042] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 316.495041][T12042] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 316.495051][T12042] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 316.495059][T12042] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 316.495069][T12042] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 316.495078][T12042] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 316.495100][T12042] [ 316.499761][T12043] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1565'. [ 316.592540][T12045] bond5: Removing last arp target with arp_interval on [ 316.600715][T12043] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 316.678061][T12051] ip6tnl0: left promiscuous mode [ 316.680677][T12051] vlan0: left promiscuous mode [ 316.689848][T12051] bridge1: left promiscuous mode [ 316.691586][T12051] bridge1: left allmulticast mode [ 316.728094][T12054] netlink: 'syz.3.1567': attribute type 10 has an invalid length. [ 316.744070][ T59] tipc: Resetting bearer [ 316.775979][T12054] netlink: 'syz.3.1567': attribute type 10 has an invalid length. [ 316.780373][T12054] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 316.786970][T12054] team0: Port device dummy0 removed [ 317.004273][ T5744] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 317.174420][ T5744] usb 5-1: Using ep0 maxpacket: 32 [ 317.178121][ T5744] usb 5-1: unable to get BOS descriptor or descriptor too short [ 317.182049][ T5744] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 317.184674][ T5744] usb 5-1: can't read configurations, error -61 [ 317.324297][ T5744] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 317.474279][ T5744] usb 5-1: Using ep0 maxpacket: 32 [ 317.478314][ T5744] usb 5-1: unable to get BOS descriptor or descriptor too short [ 317.482225][ T5744] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 317.484867][ T5744] usb 5-1: can't read configurations, error -61 [ 317.487385][ T5744] usb usb5-port1: attempt power cycle [ 317.824325][ T5744] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 317.845051][ T5744] usb 5-1: Using ep0 maxpacket: 32 [ 317.849865][ T5744] usb 5-1: unable to get BOS descriptor or descriptor too short [ 317.855391][ T5744] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 317.858429][ T5744] usb 5-1: can't read configurations, error -61 [ 317.960712][T12061] siw: device registration error -23 [ 318.914384][ T5744] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 318.934743][ T5744] usb 5-1: Using ep0 maxpacket: 32 [ 318.937952][ T5744] usb 5-1: unable to get BOS descriptor or descriptor too short [ 318.941602][ T5744] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 318.943971][ T5744] usb 5-1: can't read configurations, error -61 [ 318.945106][T12070] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1575'. [ 318.946169][ T5744] usb usb5-port1: unable to enumerate USB device [ 318.953077][T12070] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 319.019725][T12074] ip6tnl0: left promiscuous mode [ 319.023944][T12074] vlan0: left promiscuous mode [ 319.029446][T12074] bond1: left promiscuous mode [ 319.031383][T12074] vti0: left promiscuous mode [ 319.035617][T12074] bond2: left promiscuous mode [ 319.042292][T12074] bond3: left promiscuous mode [ 319.047054][T12074] bond4: left promiscuous mode [ 319.087641][T12076] netlink: 'syz.2.1578': attribute type 1 has an invalid length. [ 319.120599][T12076] 8021q: adding VLAN 0 to HW filter on device bond6 [ 319.126500][T12076] bond5: (slave bond6): making interface the new active one [ 319.129962][T12076] bond5: (slave bond6): Enslaving as an active interface with an up link [ 319.148253][T12076] bond5: (slave gretap1): Enslaving as a backup interface with an up link [ 319.339363][T12087] netlink: 'syz.3.1580': attribute type 10 has an invalid length. [ 319.350384][T12087] team0: Failed to send options change via netlink (err -105) [ 319.352897][T12087] team0: Port device dummy0 added [ 319.359270][T12087] netlink: 'syz.3.1580': attribute type 10 has an invalid length. [ 319.363985][T12087] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 319.369977][T12087] team0: Failed to send options change via netlink (err -105) [ 319.372564][T12087] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 319.376339][T12087] team0: Port device dummy0 removed [ 319.382157][ T59] tipc: Resetting bearer [ 320.515550][T12101] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1584'. [ 320.529542][T12101] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 320.787655][T12107] vlan0: left promiscuous mode [ 320.808013][T12107] bond1: left promiscuous mode [ 320.809564][T12107] vti0: left promiscuous mode [ 320.811411][T12107] gretap1: left promiscuous mode [ 320.813097][ T12] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.815741][ T12] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.818833][ T12] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.822140][ T12] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.204022][T12123] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1590'. [ 321.220818][T12123] siw: device registration error -23 [ 321.319670][T12131] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 321.328698][T12131] tipc: Enabled bearer , priority 10 [ 321.357769][T12134] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1594'. [ 321.365922][T12134] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 321.458262][T12138] FAULT_INJECTION: forcing a failure. [ 321.458262][T12138] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.462357][T12138] CPU: 0 UID: 0 PID: 12138 Comm: syz.0.1597 Tainted: G L syzkaller #0 PREEMPT(full) [ 321.462375][T12138] Tainted: [L]=SOFTLOCKUP [ 321.462378][T12138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 321.462384][T12138] Call Trace: [ 321.462389][T12138] [ 321.462393][T12138] dump_stack_lvl+0x100/0x190 [ 321.462409][T12138] should_fail_ex.cold+0x5/0xa [ 321.462424][T12138] _copy_from_user+0x2e/0xd0 [ 321.462436][T12138] userfaultfd_ioctl+0x2580/0x3890 [ 321.462453][T12138] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 321.462466][T12138] ? do_vfs_ioctl+0x226/0x13e0 [ 321.462477][T12138] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 321.462492][T12138] ? find_held_lock+0x2b/0x80 [ 321.462506][T12138] ? __fget_files+0x215/0x3d0 [ 321.462518][T12138] ? hook_file_ioctl_common+0x149/0x410 [ 321.462533][T12138] ? __fget_files+0x21f/0x3d0 [ 321.462546][T12138] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 321.462559][T12138] ? compat_ptr_ioctl+0x6e/0xa0 [ 321.462568][T12138] compat_ptr_ioctl+0x6e/0xa0 [ 321.462578][T12138] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 321.462588][T12138] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 321.462601][T12138] __do_fast_syscall_32+0xe7/0x950 [ 321.462618][T12138] ? lockdep_hardirqs_on+0x78/0x100 [ 321.462635][T12138] do_fast_syscall_32+0x32/0x70 [ 321.462653][T12138] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 321.462667][T12138] RIP: 0023:0xf7fd6fcc [ 321.462676][T12138] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 321.462687][T12138] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 321.462698][T12138] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c028aa03 [ 321.462704][T12138] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 321.462711][T12138] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 321.462717][T12138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 321.462723][T12138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 321.462736][T12138] [ 321.621327][T12144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1599'. [ 321.788417][ T1434] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.791399][ T1434] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.089966][T12154] netlink: 'syz.1.1601': attribute type 10 has an invalid length. [ 322.096298][T12154] netlink: 'syz.1.1601': attribute type 10 has an invalid length. [ 322.105727][T12154] team0: Port device dummy0 removed [ 322.118931][T12154] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 323.177500][T12167] netlink: 'syz.3.1602': attribute type 10 has an invalid length. [ 323.207103][T12167] team0: Failed to send options change via netlink (err -105) [ 323.210131][T12167] team0: Port device dummy0 added [ 323.280636][T12167] netlink: 'syz.3.1602': attribute type 10 has an invalid length. [ 323.294885][T12167] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 323.370011][T12167] team0: Failed to send options change via netlink (err -105) [ 323.372205][T12167] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 323.379163][T12167] team0: Port device dummy0 removed [ 323.386944][ T59] tipc: Resetting bearer [ 324.126559][T12176] openvswitch: netlink: Flow actions attr not present in new flow. [ 324.181823][T12181] netlink: 'syz.1.1608': attribute type 21 has an invalid length. [ 325.242127][T12191] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1609'. [ 325.254448][T12191] siw: device registration error -23 [ 325.779488][T12198] netlink: 'syz.1.1611': attribute type 10 has an invalid length. [ 325.831493][T12199] netlink: 'syz.1.1611': attribute type 10 has an invalid length. [ 326.084048][T12198] bond0: (slave dummy0): Releasing backup interface [ 326.113493][T12198] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 326.117660][T12203] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1612'. [ 326.118587][T12198] team0: Failed to send options change via netlink (err -105) [ 326.128234][T12198] team0: Port device dummy0 added [ 326.136601][T12199] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 326.151972][T12199] team0: Failed to send options change via netlink (err -105) [ 326.158976][T12199] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 326.165184][T12199] team0: Port device dummy0 removed [ 326.172795][T12199] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 326.178803][T12206] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1613'. [ 326.238552][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 326.238564][ T40] audit: type=1326 audit(1778605016.496:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.2.1612" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702efcc code=0x0 [ 327.128711][T12227] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1618'. [ 327.257157][T12232] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1619'. [ 327.267417][T12232] siw: device registration error -23 [ 327.624867][T12241] netlink: 'syz.2.1620': attribute type 10 has an invalid length. [ 327.627331][T12241] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1620'. [ 327.630138][T12241] team0: entered promiscuous mode [ 327.631682][T12241] vlan0: entered promiscuous mode [ 327.633425][T12241] netdevsim netdevsim2 netdevsim1: entered promiscuous mode [ 327.635706][T12241] dummy0: entered promiscuous mode [ 327.637490][T12241] bridge0: port 1(team0) entered blocking state [ 327.639375][T12241] bridge0: port 1(team0) entered disabled state [ 327.641329][T12241] team0: entered allmulticast mode [ 327.642846][T12241] vlan0: entered allmulticast mode [ 327.644409][T12241] veth0_vlan: entered allmulticast mode [ 327.646077][T12241] netdevsim netdevsim2 netdevsim1: entered allmulticast mode [ 327.648254][T12241] dummy0: entered allmulticast mode [ 328.042046][T12244] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1623'. [ 328.076910][T12244] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 328.165010][T12247] netlink: 'syz.0.1624': attribute type 10 has an invalid length. [ 328.169287][T12247] bond0: (slave dummy0): Releasing backup interface [ 328.175386][T12247] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 328.178971][T12247] team0: Failed to send options change via netlink (err -105) [ 328.181878][T12247] team0: Port device dummy0 added [ 328.187595][T12247] netlink: 'syz.0.1624': attribute type 10 has an invalid length. [ 328.191171][T12247] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 328.196352][T12247] team0: Failed to send options change via netlink (err -105) [ 328.199479][T12247] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 328.203090][T12247] team0: Port device dummy0 removed [ 328.207585][T12247] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 328.585590][T12249] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 328.913138][T12252] binder: 12251:12252 ioctl c0285840 80000000 returned -22 [ 329.395597][T12258] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 330.084911][T12276] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1631'. [ 330.260808][T12279] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 330.262908][T12279] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 330.272158][T12279] vhci_hcd vhci_hcd.0: Device attached [ 330.534358][ T5841] usb 38-1: SetAddress Request (10) to port 0 [ 330.537289][ T5841] usb 38-1: new SuperSpeed USB device number 10 using vhci_hcd [ 330.683166][T12280] vhci_hcd: connection reset by peer [ 330.686300][ T1156] vhci_hcd vhci_hcd.0: stop threads [ 330.691964][ T1156] vhci_hcd vhci_hcd.0: release socket [ 330.697828][ T1156] vhci_hcd vhci_hcd.0: disconnect device [ 330.982938][T12301] netlink: 'syz.2.1635': attribute type 10 has an invalid length. [ 330.987162][T12301] netlink: 'syz.2.1635': attribute type 10 has an invalid length. [ 330.990808][T12301] dummy0: left promiscuous mode [ 330.997668][T12301] dummy0: left allmulticast mode [ 331.015227][T12301] team0: Port device dummy0 removed [ 331.300488][T12325] bond0: (slave dummy0): Releasing backup interface [ 331.305576][T12325] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 331.313579][T12325] team0: Unable to change to the same mode the team is in [ 331.319091][T12325] vlan0: entered promiscuous mode [ 331.355545][T12328] netlink: 'syz.3.1638': attribute type 1 has an invalid length. [ 331.362543][T12328] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1638'. [ 331.382197][T12331] vlan0: left promiscuous mode [ 331.610185][T12338] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1642'. [ 331.620606][T12338] siw: device registration error -23 [ 332.157654][T12349] netlink: 'syz.2.1645': attribute type 9 has an invalid length. [ 332.160191][T12349] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1645'. [ 332.168728][T12349] macvlan2: entered promiscuous mode [ 332.171829][T12349] hsr0: entered promiscuous mode [ 332.174367][T12349] macvlan2: entered allmulticast mode [ 332.176996][T12349] hsr0: entered allmulticast mode [ 332.179356][T12349] hsr_slave_0: entered allmulticast mode [ 332.181983][T12349] hsr_slave_1: entered allmulticast mode [ 332.530014][T12378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1653'. [ 332.590069][ T40] audit: type=1326 audit(1778605022.846:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 332.590110][ T40] audit: type=1326 audit(1778605022.846:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 332.590933][ T40] audit: type=1326 audit(1778605022.846:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 332.632932][T12387] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1654'. [ 332.632953][T12387] openvswitch: netlink: Flow key attr not present in new flow. [ 332.634295][ T40] audit: type=1326 audit(1778605022.866:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 332.654049][ T40] audit: type=1326 audit(1778605022.866:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 332.661252][ T40] audit: type=1326 audit(1778605022.866:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71d616b code=0x7ffc0000 [ 332.668633][ T40] audit: type=1326 audit(1778605022.866:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 332.675159][ T40] audit: type=1326 audit(1778605022.876:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 332.681751][ T40] audit: type=1326 audit(1778605022.876:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 332.688563][ T40] audit: type=1326 audit(1778605022.876:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12384 comm="syz.0.1654" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6fcc code=0x7ffc0000 [ 332.747766][T12393] netlink: 'syz.1.1656': attribute type 1 has an invalid length. [ 332.758743][T12393] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1656'. [ 332.777384][T12393] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1656'. [ 332.828688][T12393] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1656'. [ 332.944511][T12393] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1656'. [ 332.946014][T12406] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1657'. [ 333.067078][T12420] ip6tnl0: left promiscuous mode [ 333.072258][T12420] syz_tun: left promiscuous mode [ 333.082524][T12420] tipc: Resetting bearer [ 333.127366][T12423] loop4: detected capacity change from 0 to 7 [ 333.132591][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 333.136869][ C3] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 333.139853][ C3] Buffer I/O error on dev loop4, logical block 0, async page read [ 333.175163][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 333.180055][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 333.184167][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read [ 333.189251][ T8343] Buffer I/O error on dev loop4, logical block 0, async page read qemu-system-x86_64: hw/ide/core.c:934: ide_dma_cb: Assertion `prep_size >= 0 && prep_size <= n * 512' failed. Read from remote host localhost: Connection reset by peer client_loop: send disconnect: Broken pipe