last executing test programs: 6m44.384990306s ago: executing program 0 (id=4408): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000001000)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000006f2c7cafd337302e4dd0993128484a16d7aaa4be0a88dec09f545664ce71a0e2321e562dec980245083feb9c1410fd9a5fe3335014ff2e89e15a37a7c186eebb"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x2}, 0x94) readv(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f00000000c0)) 6m43.496664907s ago: executing program 0 (id=4418): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x1}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f903", 0x11}], 0x1}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd4242"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 6m43.22494481s ago: executing program 0 (id=4423): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x54, 0x2c, 0xd3f, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x5}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TC={0x5, 0x4, 0x7}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) 6m43.146585294s ago: executing program 0 (id=4425): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x1, 0xffffffff, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x3080}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x8004) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x4000) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@ipv6_delrule={0x1c, 0x18, 0x1, 0x0, 0x25dfdbfc, {0xa, 0x80, 0x0, 0x0, 0xff, 0x0, 0x0, 0x7}}, 0x1c}}, 0x0) 6m43.006085209s ago: executing program 0 (id=4427): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB=' '], 0x40}}], 0x1, 0x40000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) r1 = syz_create_resource$binfmt(&(0x7f0000000400)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat$binfmt(0xffffffffffffff9c, r1, 0x41, 0x1ff) renameat2(0xffffffffffffff9c, &(0x7f0000000280)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) 6m43.005881411s ago: executing program 0 (id=4428): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 6m27.922162742s ago: executing program 32 (id=4428): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 3m38.803915799s ago: executing program 4 (id=7490): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETATTR(r2, &(0x7f0000000500)={0xa0, 0x19, 0x2, {0x80, {0x8, 0x2, 0x7}, 0x41, 0x0, 0xee00, 0x8, 0x6, 0xfff, 0x100000000, 0x896, 0x0, 0x3, 0x6, 0x6, 0x9, 0x10, 0x200, 0x1, 0xbf61, 0x8}}, 0xa0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)) splice(r1, 0x0, r0, 0x0, 0x1c, 0x0) 3m38.754606364s ago: executing program 4 (id=7491): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'}) close_range(r0, 0xffffffffffffffff, 0x0) 3m38.530272463s ago: executing program 4 (id=7492): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newtfilter={0x44, 0x2c, 0x42f, 0x870bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xc, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TTL={0x5, 0x52, 0xa2}, @TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @remote}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 3m38.384402829s ago: executing program 4 (id=7494): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x1000, 0x0) mount$bind(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x20000, 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) 3m38.280587564s ago: executing program 4 (id=7495): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg$unix(r0, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/240, 0xf0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000640)=""/187, 0xbb}], 0x1}}, {{0x0, 0x0, &(0x7f0000002d00)=[{&(0x7f0000000900)=""/174, 0xae}], 0x1}}], 0x3, 0x0, 0x0) 3m38.073750848s ago: executing program 4 (id=7500): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010001fff000000008100000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000200012800b00010067656e657665000010000280060005004e24000004000e0008000a00", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) 3m37.894522021s ago: executing program 33 (id=7500): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010001fff000000008100000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000200012800b00010067656e657665000010000280060005004e24000004000e0008000a00", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) 2m52.011862228s ago: executing program 1 (id=8089): r0 = syz_io_uring_setup(0x10d4, &(0x7f0000000000)={0x0, 0x7f36, 0x0, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv6_newnexthop={0x20, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_OIF={0x8, 0x5, r4}]}, 0x20}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x45, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 2m51.874700182s ago: executing program 1 (id=8090): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000180)=0x1f5, 0x4) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000000)=0x40, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 2m51.784681199s ago: executing program 1 (id=8093): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd22, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xc, 0xa}, {}, {0xfff1, 0x2}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8848}, 0x80) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xffe0, 0xc}, {0x0, 0xfff1}, {0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041810) 2m51.621794652s ago: executing program 1 (id=8095): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) unshare(0x26020480) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r0, 0xfffd, 0x0) 2m51.542467478s ago: executing program 1 (id=8096): r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x47, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @empty}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000640)={'ip6tnl0\x00', 0x0, 0x4, 0x2, 0x1, 0xcf57, 0xff00, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @mcast2, 0x8000, 0x0, 0x0, 0x300}}) 2m51.281319042s ago: executing program 1 (id=8100): unshare(0x6c000200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0xf, &(0x7f0000000380)=ANY=[@ANYRESDEC=r0, @ANYRES16], &(0x7f0000000080)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdc00, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) 2m51.202780665s ago: executing program 34 (id=8100): unshare(0x6c000200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0xf, &(0x7f0000000380)=ANY=[@ANYRESDEC=r0, @ANYRES16], &(0x7f0000000080)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdc00, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) 5.038053877s ago: executing program 2 (id=10178): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000280)=0x1, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) 4.997268835s ago: executing program 5 (id=10179): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x5}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 4.765859391s ago: executing program 5 (id=10181): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r1) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 4.593290273s ago: executing program 2 (id=10182): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x1a8) r2 = fanotify_init(0xf00, 0x0) fanotify_mark(r2, 0x451, 0x8001008, r1, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, r3, 0x2) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r5 = fanotify_init(0x4, 0x1000) fanotify_mark(r5, 0x1, 0x800002b, r4, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) 4.208085374s ago: executing program 5 (id=10183): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1b, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x8804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket(0x10, 0x3, 0x0) socket$key(0xf, 0x3, 0x2) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0xfe, 0x4c831, 0xffffffffffffffff, 0x0) 4.186094047s ago: executing program 2 (id=10184): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r5, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r2, 0x1, 0x0, 0x0, 0x2}) io_uring_enter(r2, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) 3.397104681s ago: executing program 5 (id=10188): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0xa0, 0x4) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1a8) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000540)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r1 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x47) mknodat$loop(r1, &(0x7f0000000200)='./file1\x00', 0x800, 0x1) 3.264960275s ago: executing program 5 (id=10189): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) epoll_pwait(r0, &(0x7f0000000140)=[{}], 0x1, 0x2d516fb6, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r3}, 0x10) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0) 2.472382948s ago: executing program 2 (id=10196): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r3 = syz_io_uring_setup(0xcaf, &(0x7f0000000240)={0x0, 0xeb81, 0x8, 0x5, 0x9c3}, &(0x7f00000001c0)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000), 0x0, 0x1e}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) 2.117427717s ago: executing program 6 (id=10201): ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a3525c373b8be3e8d2672540e4fff5fe7", 0x0, 0x18}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)={[{0xba9c, 0x8, 0x5, 0x80, 0x40, 0x6, 0x3, 0x4, 0x2, 0x9, 0xa6, 0x4, 0x7}, {0x9, 0x81, 0x1, 0x10, 0x0, 0x2, 0x9, 0x6, 0xfb, 0x8, 0x8, 0x62, 0x7fffffff}, {0x4, 0x6, 0x4, 0x0, 0x6, 0x5, 0xac, 0x5, 0x3, 0xc9, 0xd, 0x80, 0x3}], 0xd7}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x7, 0x8, 0x0, 0xf1, 0x3, 0x0, 0x8, 0x6}, {0xffff1000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x2000, 0x8080000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x0, 0xfc}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4}, {0x80a0000, 0xeeee8000, 0xe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x1, 0x2, 0x0, 0x0, 0xff, 0x1}, {0x0, 0xeeee0000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x110, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.922254607s ago: executing program 6 (id=10204): ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc"], 0xb8}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x4000) 1.862114055s ago: executing program 3 (id=10205): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0) writev(r0, &(0x7f00000028c0)=[{&(0x7f0000002600)='u', 0x4000}, {0x0, 0x2}], 0x2) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) 1.845080964s ago: executing program 5 (id=10206): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r1 = userfaultfd(0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 1.844961143s ago: executing program 6 (id=10207): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x2461, &(0x7f0000000380)={0x0, 0xddec, 0x10100, 0x3}, &(0x7f0000002080)=0x0, &(0x7f0000002100)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r5, &(0x7f0000000640)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0xfe, 0x0, 0x2a}, 0xe) shutdown(r5, 0x1) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x2e, &(0x7f0000000000)=0x21ea, 0x4) recvmmsg(r5, &(0x7f0000000840)=[{{0x0, 0x41, 0x0}}], 0x414, 0x406, 0x0) 1.758118582s ago: executing program 3 (id=10208): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x1138000, 0x800, 0x3, 0x1}, 0x20) syz_clone(0x80040000, 0x0, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) 1.7440116s ago: executing program 3 (id=10209): unshare(0x6c000200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0xf, &(0x7f0000000380)=ANY=[@ANYRESDEC=r0, @ANYRES16], &(0x7f0000000080)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) socket$packet(0x11, 0x3, 0x300) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}], 0x1, 0x0) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xa8, 0x2, 0x6, 0x801, 0x0, 0x0, {0x3, 0x0, 0xa}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x7e}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x29}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x5}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4000}, 0x80) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdc00, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r1, 0x0, 0x25, 0x14, @val=@kprobe_multi=@syms={0x0, 0x2, &(0x7f0000000140)=[&(0x7f00000000c0)='GPL\x00', &(0x7f0000000100)='\xad,*&\'\x00'], 0x0, 0xc980000000}}, 0x30) 1.560570797s ago: executing program 2 (id=10210): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff038}, {0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) sendmmsg(r2, &(0x7f0000001c00), 0x400000000000159, 0x40840) 1.395742795s ago: executing program 6 (id=10211): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x18) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}]}}) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r2, @ANYRESHEX=r3], 0x15) 1.244050678s ago: executing program 6 (id=10212): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec775000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) flock(r1, 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r2, 0x1) flock(r2, 0x2) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0xe0) flock(r3, 0x1) 1.062074633s ago: executing program 3 (id=10213): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000280)=0x1, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) 246.327513ms ago: executing program 3 (id=10214): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) syz_open_dev$vbi(0x0, 0x1, 0x2) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000200), 0x0) r2 = accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10) sendto$inet6(r2, &(0x7f0000000080)="255b2a20f709b4", 0x7, 0x800, 0x0, 0x0) 68.360851ms ago: executing program 6 (id=10215): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) chdir(&(0x7f0000000080)='./file0\x00') setpgid(r0, r0) setpgid(0x0, r0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x1f00, 0x12) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40100, 0x0) r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) 31.626863ms ago: executing program 3 (id=10216): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="400000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000000000000180012800b0001006772657461700000080002800400120008000a00", @ANYRES32=r5], 0x40}, 0x1, 0x0, 0x0, 0x88801}, 0x8000) r6 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r6, 0x0, 0x0, 0x44010, &(0x7f0000000180)={0x11, 0x1, r2, 0x1, 0x12, 0x6, @local}, 0x14) 0s ago: executing program 2 (id=10217): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x2, 0x200000000000001, 0x106) kernel console output (not intermixed with test programs): bond8: (slave veth21): Enslaving as an active interface with a down link [ 534.967716][T25933] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 534.970326][T25933] bond8: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 535.449806][T25962] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8291'. [ 535.537141][ T40] audit: type=1326 audit(1768276764.652:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25966 comm="syz.3.8292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 535.554638][ T40] audit: type=1326 audit(1768276764.662:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25966 comm="syz.3.8292" exe="/syz-executor" sig=0 arch=40000003 syscall=372 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 535.574173][ T40] audit: type=1326 audit(1768276764.662:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25966 comm="syz.3.8292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 535.583120][ T40] audit: type=1326 audit(1768276764.662:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25966 comm="syz.3.8292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 536.300457][T26005] netlink: 96 bytes leftover after parsing attributes in process `syz.2.8306'. [ 536.370241][T26008] overlayfs: failed to clone upperpath [ 536.706021][T24224] usb 10-1: USB disconnect, device number 5 [ 536.910763][T26046] netlink: 'syz.2.8323': attribute type 1 has an invalid length. [ 536.914416][T26046] netlink: 'syz.2.8323': attribute type 4 has an invalid length. [ 536.917704][T26046] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.8323'. [ 536.922680][T26046] netlink: 'syz.2.8323': attribute type 1 has an invalid length. [ 536.925929][T26046] netlink: 'syz.2.8323': attribute type 4 has an invalid length. [ 536.929240][T26046] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.8323'. [ 537.347838][ T40] audit: type=1804 audit(1768276766.462:1836): pid=26066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.8330" name="/newroot/52/bus/file0" dev="overlay" ino=313 res=1 errno=0 [ 538.003806][T26093] overlayfs: failed to clone upperpath [ 538.274665][T26114] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8350'. [ 538.591726][T26138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8361'. [ 538.596975][T26138] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8361'. [ 539.232748][T26172] overlayfs: failed to clone upperpath [ 539.238052][T26172] overlayfs: failed to clone upperpath [ 541.766562][T26237] overlayfs: failed to clone upperpath [ 541.875009][T26249] netlink: 24 bytes leftover after parsing attributes in process `syz.5.8408'. [ 542.020767][T26264] overlayfs: failed to clone upperpath [ 542.027119][T26264] overlayfs: failed to clone upperpath [ 542.452339][ T6078] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 542.592323][ T6078] usb 10-1: device descriptor read/64, error -71 [ 542.852388][ T6078] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 543.002458][ T6078] usb 10-1: device descriptor read/64, error -71 [ 543.122728][ T6078] usb usb10-port1: attempt power cycle [ 543.242327][ T53] usb 11-1: new high-speed USB device number 2 using dummy_hcd [ 543.318205][T26301] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8428'. [ 543.392335][ T53] usb 11-1: Using ep0 maxpacket: 16 [ 543.397328][ T53] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 543.401585][ T53] usb 11-1: config 0 has no interfaces? [ 543.406557][ T53] usb 11-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 543.410538][ T53] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 543.414224][ T53] usb 11-1: Product: syz [ 543.416341][ T53] usb 11-1: Manufacturer: syz [ 543.418397][ T53] usb 11-1: SerialNumber: syz [ 543.422539][ T53] usb 11-1: config 0 descriptor?? [ 543.472354][ T6078] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 543.503123][ T6078] usb 10-1: device descriptor read/8, error -71 [ 543.550341][T26314] overlayfs: failed to clone lowerpath [ 543.554962][T26314] overlayfs: failed to clone lowerpath [ 543.600483][T26316] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8434'. [ 543.642010][T26318] overlayfs: failed to clone upperpath [ 543.652412][ T53] usb 11-1: USB disconnect, device number 2 [ 543.752299][ T6078] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 543.772767][ T6078] usb 10-1: device descriptor read/8, error -71 [ 543.882727][ T6078] usb usb10-port1: unable to enumerate USB device [ 544.307275][T26283] Set syz1 is full, maxelem 65536 reached [ 545.526278][T26360] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8455'. [ 545.651325][ T1148] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.751992][ T5300] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 545.755029][ T5300] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 545.764254][ T5300] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 545.765243][ T1148] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.767266][ T5300] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 545.775624][ T5300] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 545.880895][ T1148] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.967634][T26364] chnl_net:caif_netlink_parms(): no params data found [ 546.042847][ T1148] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.094278][T26364] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.097361][T26364] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.100491][T26364] bridge_slave_0: entered allmulticast mode [ 546.111417][T26364] bridge_slave_0: entered promiscuous mode [ 546.131453][T26364] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.135436][T26364] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.138637][T26364] bridge_slave_1: entered allmulticast mode [ 546.142624][T26364] bridge_slave_1: entered promiscuous mode [ 546.201229][T26364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 546.227268][T26364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 546.276576][T26364] team0: Port device team_slave_0 added [ 546.281228][T26364] team0: Port device team_slave_1 added [ 546.294095][ T1148] bridge_slave_1: left allmulticast mode [ 546.296556][ T1148] bridge_slave_1: left promiscuous mode [ 546.299093][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.307371][ T1148] bridge_slave_0: left allmulticast mode [ 546.309803][ T1148] bridge_slave_0: left promiscuous mode [ 546.312697][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.593204][T26401] overlayfs: failed to clone lowerpath [ 546.596279][T26405] overlayfs: failed to clone upperpath [ 546.646130][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 546.663827][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 546.668459][ T1148] bond0 (unregistering): Released all slaves [ 546.702952][T26364] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 546.703447][T26407] netlink: 'syz.3.8470': attribute type 7 has an invalid length. [ 546.705927][T26364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 546.708999][T26407] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8470'. [ 546.724975][T26364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 546.735033][T26364] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 546.737923][T26364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 546.749456][T26364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 546.849238][T26364] hsr_slave_0: entered promiscuous mode [ 546.851622][T26364] hsr_slave_1: entered promiscuous mode [ 546.858869][T26364] debugfs: 'hsr0' already exists in 'hsr' [ 546.860878][T26364] Cannot create hsr debugfs directory [ 547.021560][T26425] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8475'. [ 547.155111][ T1148] hsr_slave_0: left promiscuous mode [ 547.166311][ T1148] hsr_slave_1: left promiscuous mode [ 547.169137][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 547.172038][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 547.175374][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 547.177691][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 547.207541][ T1148] veth1_macvtap: left promiscuous mode [ 547.211112][ T1148] veth0_macvtap: left promiscuous mode [ 547.213668][ T1148] veth1_vlan: left promiscuous mode [ 547.216266][ T1148] veth0_vlan: left promiscuous mode [ 547.701122][ T40] audit: type=1326 audit(1768276776.812:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26446 comm="syz.3.8486" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7fc00000 [ 547.708571][ T40] audit: type=1326 audit(1768276776.822:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26446 comm="syz.3.8486" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7fc00000 [ 547.760190][ T40] audit: type=1326 audit(1768276776.872:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26452 comm="syz.2.8487" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cd579 code=0x0 [ 547.792053][ T40] audit: type=1326 audit(1768276776.902:1840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26446 comm="syz.3.8486" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7fc00000 [ 547.804115][ T40] audit: type=1326 audit(1768276776.922:1841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26446 comm="syz.3.8486" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7fc00000 [ 547.855434][ T1148] team0 (unregistering): Port device team_slave_1 removed [ 547.872319][ T5953] Bluetooth: hci0: command tx timeout [ 547.902124][ T1148] team0 (unregistering): Port device team_slave_0 removed [ 548.262814][ T6078] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 548.398940][ T40] audit: type=1326 audit(1768276777.512:1842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26446 comm="syz.3.8486" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7fc00000 [ 548.412357][ T6078] usb 10-1: Using ep0 maxpacket: 8 [ 548.416582][ T6078] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 548.421015][ T6078] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 548.425344][ T6078] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 548.429577][ T6078] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 548.435756][ T6078] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 548.439719][ T6078] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.586209][T26364] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 548.590501][T26364] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 548.596266][T26364] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 548.611945][T26364] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 548.657770][T26364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 548.659380][ T6078] usb 10-1: GET_CAPABILITIES returned 0 [ 548.662463][ T6078] usbtmc 10-1:16.0: can't read capabilities [ 548.674486][T26364] 8021q: adding VLAN 0 to HW filter on device team0 [ 548.680299][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 548.682577][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 548.690261][ T4536] bridge0: port 2(bridge_slave_1) entered blocking state [ 548.693358][ T4536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 548.800481][T26364] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 548.872298][T11040] usb 10-1: USB disconnect, device number 10 [ 548.975361][T26364] veth0_vlan: entered promiscuous mode [ 548.981599][T26364] veth1_vlan: entered promiscuous mode [ 549.003153][T26364] veth0_macvtap: entered promiscuous mode [ 549.007826][T26364] veth1_macvtap: entered promiscuous mode [ 549.020227][T26364] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 549.028973][T26364] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 549.038116][ T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.041072][ T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.044896][ T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.048311][ T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.080824][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.083862][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 549.097145][ T4536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.100412][ T4536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 549.424883][T26486] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8494'. [ 549.551378][T26496] 9p: Bad value for 'rfdno' [ 549.942537][ T5953] Bluetooth: hci0: command tx timeout [ 550.370359][T26540] netlink: 'syz.2.8507': attribute type 1 has an invalid length. [ 550.391446][T26540] 8021q: adding VLAN 0 to HW filter on device bond9 [ 550.425914][T26540] bond9: (slave veth0_to_bond): making interface the new active one [ 550.430639][T26540] bond9: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 550.535537][ T829] usb 11-1: new high-speed USB device number 3 using dummy_hcd [ 550.670324][T26556] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8517'. [ 550.682287][ T829] usb 11-1: Using ep0 maxpacket: 16 [ 550.693435][ T829] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 550.699204][ T829] usb 11-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 550.705828][ T829] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.709229][ T829] usb 11-1: Product: syz [ 550.726112][ T829] usb 11-1: Manufacturer: syz [ 550.728220][ T829] usb 11-1: SerialNumber: syz [ 550.731764][ T829] usb 11-1: config 0 descriptor?? [ 550.745667][ T829] em28xx 11-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 550.749565][ T829] em28xx 11-1:0.0: DVB interface 0 found: bulk [ 550.794806][T26564] lo: entered promiscuous mode [ 550.803607][T26564] tunl0: entered promiscuous mode [ 550.806388][T26564] gre0: entered promiscuous mode [ 550.809832][T26564] gretap0: entered promiscuous mode [ 550.853079][T26564] ip_vti0: entered promiscuous mode [ 550.855627][T26564] ip6_vti0: entered promiscuous mode [ 550.861473][T26564] ip6tnl0: entered promiscuous mode [ 550.864854][T26564] ip6gre0: entered promiscuous mode [ 550.867391][T26564] syz_tun: entered promiscuous mode [ 550.871471][T26564] 8021q: adding VLAN 0 to HW filter on device bond0 [ 550.875371][T26564] team0: entered promiscuous mode [ 550.877250][T26564] team_slave_0: entered promiscuous mode [ 550.879204][T26564] team_slave_1: entered promiscuous mode [ 550.884714][T26564] 8021q: adding VLAN 0 to HW filter on device team0 [ 550.888017][T26564] dummy0: entered promiscuous mode [ 550.890402][T26564] batman_adv: batadv0: Interface activated: dummy0 [ 550.892905][T26564] batadv0: mtu less than device minimum [ 550.895430][T26564] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 550.900501][T26564] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 550.904820][T26564] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 550.909123][T26564] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 550.913460][T26564] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 550.917871][T26564] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 550.922537][T26564] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 550.926844][T26564] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 550.930887][T26564] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 550.952633][T26564] nlmon0: entered promiscuous mode [ 550.962685][T26564] caif0: entered promiscuous mode [ 551.353603][T26587] kvm: pic: single mode not supported [ 551.353825][T26587] kvm: pic: level sensitive irq not supported [ 551.357509][ T829] em28xx 11-1:0.0: unknown em28xx chip ID (0) [ 551.778090][T26609] bond1: entered promiscuous mode [ 551.791085][T26609] macvlan0: entered promiscuous mode [ 551.793585][T26609] macvlan0: entered allmulticast mode [ 551.796750][T26609] bond1: (slave macvlan0): Opening slave failed [ 551.868199][T26617] netlink: 'syz.3.8542': attribute type 1 has an invalid length. [ 551.887374][T26617] 8021q: adding VLAN 0 to HW filter on device bond14 [ 551.913549][T26617] bond14: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 551.913865][T26620] netlink: 'syz.5.8543': attribute type 1 has an invalid length. [ 551.942980][T26620] 8021q: adding VLAN 0 to HW filter on device bond2 [ 551.998063][T26620] bond2: (slave veth0_to_bond): making interface the new active one [ 552.002857][T26620] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 552.022342][ T5953] Bluetooth: hci0: command tx timeout [ 552.027070][T26620] bond2: entered promiscuous mode [ 552.029263][T26620] veth0_to_bond: entered promiscuous mode [ 552.031768][T26620] bond2: entered allmulticast mode [ 552.034078][T26620] veth0_to_bond: entered allmulticast mode [ 552.116604][T26629] netlink: 24 bytes leftover after parsing attributes in process `syz.5.8545'. [ 552.427919][ T11] block nbd0: Possible stuck request ffff888025c40000: control (read@0,1024B). Runtime 480 seconds [ 552.431459][ T11] block nbd0: Possible stuck request ffff888025c40200: control (read@1024,1024B). Runtime 480 seconds [ 552.435148][ T11] block nbd0: Possible stuck request ffff888025c40400: control (read@2048,1024B). Runtime 480 seconds [ 552.439045][ T11] block nbd0: Possible stuck request ffff888025c40600: control (read@3072,1024B). Runtime 480 seconds [ 552.822815][ T829] em28xx 11-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 552.829823][ T829] em28xx 11-1:0.0: board has no eeprom [ 552.892412][ T829] em28xx 11-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 552.895767][ T829] em28xx 11-1:0.0: dvb set to bulk mode. [ 552.899182][T25558] em28xx 11-1:0.0: Binding DVB extension [ 552.909382][ T829] usb 11-1: USB disconnect, device number 3 [ 552.912957][ T829] em28xx 11-1:0.0: Disconnecting em28xx [ 552.936009][T25558] em28xx 11-1:0.0: Registering input extension [ 552.938355][ T829] em28xx 11-1:0.0: Closing input extension [ 552.947446][ T829] em28xx 11-1:0.0: Freeing device [ 553.385279][T26648] netlink: 'syz.6.8553': attribute type 1 has an invalid length. [ 553.514542][T26651] netlink: 2028 bytes leftover after parsing attributes in process `syz.6.8554'. [ 553.518604][T26651] netlink: 20 bytes leftover after parsing attributes in process `syz.6.8554'. [ 554.065251][T26653] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8555'. [ 554.102269][ T5953] Bluetooth: hci0: command tx timeout [ 554.251703][T26659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8558'. [ 554.544749][T26680] lo: entered promiscuous mode [ 554.548088][T26680] tunl0: entered promiscuous mode [ 554.550910][T26680] gre0: entered promiscuous mode [ 554.554353][T26680] gretap0: entered promiscuous mode [ 554.557043][T26680] erspan0: entered promiscuous mode [ 554.563710][T26680] ip_vti0: entered promiscuous mode [ 554.566506][T26680] ip6_vti0: entered promiscuous mode [ 554.569252][T26680] sit0: entered promiscuous mode [ 554.572026][T26680] ip6tnl0: entered promiscuous mode [ 554.575658][T26680] ip6gre0: entered promiscuous mode [ 554.578370][T26680] syz_tun: entered promiscuous mode [ 554.581083][T26680] ip6gretap0: entered promiscuous mode [ 554.584434][T26680] bridge0: entered promiscuous mode [ 554.587414][T26680] bond0: entered promiscuous mode [ 554.589572][T26680] bond_slave_0: entered promiscuous mode [ 554.592106][T26680] bond_slave_1: entered promiscuous mode [ 554.595688][T26680] team0: entered promiscuous mode [ 554.598015][T26680] team_slave_0: entered promiscuous mode [ 554.600874][T26680] team_slave_1: entered promiscuous mode [ 554.604726][T26680] dummy0: entered promiscuous mode [ 554.607621][T26680] nlmon0: entered promiscuous mode [ 554.611307][T26680] caif0: entered promiscuous mode [ 555.594684][T26716] lo: entered promiscuous mode [ 555.596970][T26716] tunl0: entered promiscuous mode [ 555.598938][T26716] gre0: entered promiscuous mode [ 555.600860][T26716] gretap0: entered promiscuous mode [ 555.602974][T26716] erspan0: entered promiscuous mode [ 555.604989][T26716] ip_vti0: entered promiscuous mode [ 555.607092][T26716] ip6_vti0: entered promiscuous mode [ 555.609192][T26716] sit0: entered promiscuous mode [ 555.611195][T26716] ip6tnl0: entered promiscuous mode [ 555.613281][T26716] ip6gre0: entered promiscuous mode [ 555.615355][T26716] syz_tun: entered promiscuous mode [ 555.619377][T26716] 8021q: adding VLAN 0 to HW filter on device bond0 [ 555.622499][T26716] nlmon0: entered promiscuous mode [ 555.624711][T26716] caif0: entered promiscuous mode [ 555.692394][ T829] usb 11-1: new high-speed USB device number 4 using dummy_hcd [ 555.822381][ T142] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 555.845016][ T829] usb 11-1: config index 0 descriptor too short (expected 28277, got 36) [ 555.847504][ T829] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 555.850420][ T829] usb 11-1: config 0 has no interfaces? [ 555.852078][ T829] usb 11-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 555.856320][ T829] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.859859][ T829] usb 11-1: config 0 descriptor?? [ 555.992342][ T142] usb 10-1: Using ep0 maxpacket: 8 [ 555.995447][ T142] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 555.998946][ T142] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 556.002626][ T142] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 556.005765][ T142] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 556.009769][ T142] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 556.013062][ T142] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.221536][ T142] usb 10-1: GET_CAPABILITIES returned 0 [ 556.223517][ T142] usbtmc 10-1:16.0: can't read capabilities [ 556.425060][T24228] usb 10-1: USB disconnect, device number 11 [ 557.770020][T26770] overlayfs: failed to clone upperpath [ 557.943431][T26776] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.8602'. [ 557.946474][T26776] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8602'. [ 558.350542][T24230] usb 11-1: USB disconnect, device number 4 [ 558.511694][T24228] libceph: connect (1)[c::]:6789 error -101 [ 558.514890][T24228] libceph: mon0 (1)[c::]:6789 connect error [ 558.666730][T26789] ceph: No mds server is up or the cluster is laggy [ 561.055586][T26833] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8619'. [ 561.196148][T26839] overlayfs: failed to clone upperpath [ 561.660327][T26844] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 561.791544][ T5953] Bluetooth: hci0: connection err: -111 [ 562.427298][T26873] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8637'. [ 563.746597][T26891] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8642'. [ 564.032912][ T829] usb 11-1: new high-speed USB device number 5 using dummy_hcd [ 564.194572][ T829] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 564.198263][ T829] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 564.202594][ T829] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 564.206564][ T829] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 564.211184][ T829] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 564.219088][ T829] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 564.223423][ T829] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 564.226856][ T829] usb 11-1: Product: syz [ 564.228647][ T829] usb 11-1: Manufacturer: syz [ 564.234552][ T829] cdc_wdm 11-1:1.0: skipping garbage [ 564.236908][ T829] cdc_wdm 11-1:1.0: skipping garbage [ 564.244104][ T829] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 564.246656][ T829] cdc_wdm 11-1:1.0: Unknown control protocol [ 564.436946][ T829] usb 11-1: USB disconnect, device number 5 [ 565.072534][ T142] usb 11-1: new high-speed USB device number 6 using dummy_hcd [ 565.244411][ T142] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 565.247331][ T142] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 565.250771][ T142] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 565.253992][ T142] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 565.257610][ T142] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 565.263882][ T142] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 565.267172][ T142] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 565.269784][ T142] usb 11-1: Product: syz [ 565.271293][ T142] usb 11-1: Manufacturer: syz [ 565.275365][ T142] cdc_wdm 11-1:1.0: skipping garbage [ 565.277457][ T142] cdc_wdm 11-1:1.0: skipping garbage [ 565.280025][ T142] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 565.282048][ T142] cdc_wdm 11-1:1.0: Unknown control protocol [ 565.469611][T26964] overlayfs: failed to clone upperpath [ 565.510342][T26966] netlink: 48 bytes leftover after parsing attributes in process `syz.2.8673'. [ 565.737368][T26973] overlayfs: failed to clone upperpath [ 566.508831][T26982] overlayfs: failed to clone upperpath [ 566.854973][T27001] overlayfs: failed to clone upperpath [ 566.900521][ T6078] usb 11-1: USB disconnect, device number 6 4096 16384 4194304 [ 567.346103][T27023] uprobe: syz.3.8697:27023 failed to unregister, leaking uprobe [ 568.462245][ T40] audit: type=1800 audit(1768276797.572:1843): pid=27041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.8703" name="/" dev="fuse" ino=9 res=0 errno=0 [ 568.493988][ T5953] Bluetooth: hci1: unexpected event for opcode 0x201c [ 569.035950][T27076] netlink: 24 bytes leftover after parsing attributes in process `syz.5.8717'. [ 570.874035][T27114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8730'. [ 571.687750][T27143] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8740'. [ 571.690783][T27143] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8740'. [ 572.631091][T27204] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8763'. [ 572.642508][T27204] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8763'. [ 572.647534][T27204] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8763'. [ 572.855057][T27214] 9pnet_fd: Insufficient options for proto=fd [ 572.867022][ T5953] Bluetooth: hci2: unexpected cc 0x2039 length: 9 > 1 [ 572.905106][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 572.907957][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 574.223293][T27252] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8778'. [ 574.451648][T27264] binder: 27263:27264 ioctl c0306201 80000040 returned -11 [ 574.636823][T27272] overlayfs: failed to clone upperpath [ 575.650833][ T53] libceph: connect (1)[c::]:6789 error -101 [ 575.654898][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 575.794062][T27298] ceph: No mds server is up or the cluster is laggy [ 576.222849][T27325] syzkaller0: entered promiscuous mode [ 576.224656][T27325] syzkaller0: entered allmulticast mode [ 576.902466][ T5953] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 576.907641][ T5953] Bluetooth: hci2: Injecting HCI hardware error event [ 576.912560][ T5953] Bluetooth: hci2: hardware error 0x00 [ 577.322605][T27346] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8814'. [ 578.019385][ T40] audit: type=1326 audit(1768276815.130:1844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27365 comm="syz.2.8821" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x0 [ 578.955082][ T5300] Bluetooth: hci0: unexpected cc 0x2039 length: 9 > 1 [ 578.982301][ T5953] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 580.321005][T27454] syz_tun: entered allmulticast mode [ 580.332327][T27454] dvmrp1: entered allmulticast mode [ 580.383449][T27453] syz_tun: left allmulticast mode [ 580.874654][T27477] syzkaller0: entered promiscuous mode [ 580.877076][T27477] syzkaller0: entered allmulticast mode [ 581.546345][T27500] overlayfs: failed to clone upperpath [ 581.925863][T27514] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 582.235994][T27530] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8889'. [ 582.505228][ T11] block nbd0: Possible stuck request ffff888025c40000: control (read@0,1024B). Runtime 510 seconds [ 582.509589][ T11] block nbd0: Possible stuck request ffff888025c40200: control (read@1024,1024B). Runtime 510 seconds [ 582.515472][ T11] block nbd0: Possible stuck request ffff888025c40400: control (read@2048,1024B). Runtime 510 seconds [ 582.519209][ T11] block nbd0: Possible stuck request ffff888025c40600: control (read@3072,1024B). Runtime 510 seconds [ 582.983004][ T5953] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 582.986805][ T5953] Bluetooth: hci0: Injecting HCI hardware error event [ 582.991069][ T5300] Bluetooth: hci0: hardware error 0x00 [ 584.110758][ T40] audit: type=1326 audit(1768276821.220:1845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27604 comm="syz.2.8918" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x0 [ 584.844094][T27612] overlayfs: failed to clone upperpath [ 585.062481][ T5300] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 585.126813][T27640] netlink: 'syz.6.8930': attribute type 39 has an invalid length. [ 585.643887][T27656] overlayfs: failed to clone upperpath [ 585.750111][T27660] netlink: 64 bytes leftover after parsing attributes in process `syz.6.8937'. [ 585.760851][T27660] syzkaller1: entered promiscuous mode [ 585.772287][T27660] syzkaller1: entered allmulticast mode [ 586.000021][T27680] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8955'. [ 587.758236][ T40] audit: type=1326 audit(1768276824.870:1846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27720 comm="syz.5.8961" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x0 [ 588.165805][T27726] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8962'. [ 588.264962][T27734] overlayfs: failed to clone upperpath [ 588.344377][T27742] netlink: 64 bytes leftover after parsing attributes in process `syz.3.8970'. [ 588.666766][T27772] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8980'. [ 589.193008][T27807] syzkaller0: entered promiscuous mode [ 589.194857][T27807] syzkaller0: entered allmulticast mode [ 589.997994][T27814] netlink: 'syz.3.8995': attribute type 39 has an invalid length. [ 590.683265][T27810] syzkaller0: entered promiscuous mode [ 590.685950][T27810] syzkaller0: entered allmulticast mode [ 590.774642][T27827] syz_tun: entered allmulticast mode [ 590.783106][T27827] pimreg: entered allmulticast mode [ 590.790490][T27826] syz_tun: left allmulticast mode [ 590.943144][T27842] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 590.988763][ T40] audit: type=1804 audit(1768276828.100:1847): pid=27842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.9005" name="/newroot/295/bus/file0" dev="overlay" ino=71827677 res=1 errno=0 [ 591.001187][ T40] audit: type=1804 audit(1768276828.110:1848): pid=27842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.9005" name="/newroot/295/bus/file0" dev="overlay" ino=71827677 res=1 errno=0 [ 591.117265][T27846] overlayfs: failed to clone upperpath [ 591.447863][T27863] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9013'. [ 592.232675][T27883] netlink: 'syz.3.9020': attribute type 13 has an invalid length. [ 592.460790][T27901] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9027'. [ 592.605943][T27909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9030'. [ 592.646576][T27909] bond10: (slave geneve5): Enslaving as an active interface with an up link [ 592.649954][ T13] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 592.653382][ T13] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 592.656659][ T13] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 592.659822][ T13] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 592.660504][T27909] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9030'. [ 592.663800][T27913] netlink: 1932 bytes leftover after parsing attributes in process `syz.5.9031'. [ 592.669670][T27913] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9031'. [ 592.673559][T27909] bond10 (unregistering): (slave geneve5): Releasing backup interface [ 592.678851][T27909] bond10 (unregistering): Released all slaves [ 592.687807][ T13] netdevsim netdevsim2 eth0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 592.691485][ T13] netdevsim netdevsim2 eth1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 592.695438][ T13] netdevsim netdevsim2 eth2: unset [1, 1] type 2 family 0 port 20004 - 0 [ 592.699121][ T13] netdevsim netdevsim2 eth3: unset [1, 1] type 2 family 0 port 20004 - 0 [ 593.050546][T27924] bridge0: port 2(bridge_slave_1) entered disabled state [ 593.054130][T27924] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.198616][T27924] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 593.214729][T27924] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 593.365776][ T1143] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 593.369824][ T1143] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 593.374301][ T76] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 593.382447][ T76] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 593.420347][T27929] pimreg: entered allmulticast mode [ 593.800283][T27961] bridge0: entered allmulticast mode [ 593.816507][T27961] pimreg: entered allmulticast mode [ 593.880013][T27960] bridge0: left allmulticast mode [ 594.000001][ T40] audit: type=1800 audit(1768276831.110:1849): pid=27967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.9052" name=6E73BF12E10BC845E0807291376B6A9C4CCE5A99F85125232DD3D213E8DCE1FDDEEFF2A7D2AB97C26527FC108503 dev="overlay" ino=136535 res=0 errno=0 [ 594.134866][T27971] netlink: 32 bytes leftover after parsing attributes in process `syz.6.9053'. [ 594.985054][T28006] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9066'. [ 595.048867][T28006] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 595.054687][T24141] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0 [ 595.058408][T24141] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0 [ 595.062081][T24141] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0 [ 595.066308][T28006] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9066'. [ 595.066359][T24141] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0 [ 595.075964][T28006] bond1 (unregistering): (slave geneve2): Releasing backup interface [ 595.080678][T28006] bond1 (unregistering): Released all slaves [ 595.090393][ T1143] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 20004 - 0 [ 595.094427][ T1143] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 20004 - 0 [ 595.098314][ T1143] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 20004 - 0 [ 595.102078][ T1143] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 20004 - 0 [ 595.911240][ T40] audit: type=1326 audit(1768276833.020:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 595.919729][ T40] audit: type=1326 audit(1768276833.020:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 595.927204][ T40] audit: type=1326 audit(1768276833.020:1852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 595.936501][ T40] audit: type=1326 audit(1768276833.020:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 595.945915][ T40] audit: type=1326 audit(1768276833.020:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 595.947244][T28025] 0x000000002f70-0x000000020000 : "" [ 595.957051][ T40] audit: type=1326 audit(1768276833.020:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 595.964761][T28025] ftl_cs: FTL header corrupt! [ 595.966329][ T40] audit: type=1326 audit(1768276833.020:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 595.992358][ T40] kauditd_printk_skb: 105 callbacks suppressed [ 595.992374][ T40] audit: type=1326 audit(1768276833.100:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 596.008230][ T40] audit: type=1326 audit(1768276833.120:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 596.016636][ T40] audit: type=1326 audit(1768276833.120:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 596.026352][ T40] audit: type=1326 audit(1768276833.120:1965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 596.033997][ T40] audit: type=1326 audit(1768276833.120:1966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 596.042887][ T40] audit: type=1326 audit(1768276833.120:1967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 596.051489][ T40] audit: type=1326 audit(1768276833.120:1968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 596.058572][ T40] audit: type=1326 audit(1768276833.120:1969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 596.065715][ T40] audit: type=1326 audit(1768276833.120:1970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 596.073671][ T40] audit: type=1326 audit(1768276833.120:1971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28028 comm="syz.3.9073" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 596.348108][T28050] input: syz0 as /devices/virtual/input/input42 [ 596.542410][T24224] usb 10-1: new high-speed USB device number 12 using dummy_hcd [ 596.702285][T24224] usb 10-1: Using ep0 maxpacket: 8 [ 596.705565][T24224] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 596.709254][T24224] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 596.712789][T24224] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 596.716962][T24224] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 596.722549][T24224] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 596.726413][T24224] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.935594][T24224] usb 10-1: GET_CAPABILITIES returned 0 [ 596.937897][T24224] usbtmc 10-1:16.0: can't read capabilities [ 596.980041][T28068] overlayfs: failed to clone upperpath [ 597.079218][T28075] bridge0: entered allmulticast mode [ 597.083989][T28074] bridge0: left allmulticast mode [ 597.137457][T24224] usb 10-1: USB disconnect, device number 12 [ 597.305024][T28081] overlayfs: failed to clone upperpath [ 597.351329][T24228] IPVS: starting estimator thread 0... [ 597.418410][T28086] batman_adv: batadv0: Interface deactivated: dummy0 [ 597.442455][T28084] IPVS: using max 24 ests per chain, 57600 per kthread [ 597.719690][T28096] syzkaller0: entered promiscuous mode [ 597.722249][T28096] syzkaller0: entered allmulticast mode [ 598.474396][T28124] netlink: 'syz.2.9110': attribute type 5 has an invalid length. [ 598.477835][T28124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9110'. [ 598.527532][T28125] netlink: 'syz.2.9110': attribute type 5 has an invalid length. [ 598.530486][T28125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9110'. [ 599.287986][T28114] lo: Caught tx_queue_len zero misconfig [ 599.326141][T28124] bond10: down delay (48426) is not a multiple of miimon (2558), value rounded to 46044 ms [ 599.330416][T28124] bond10: peer notification delay (2365) is not a multiple of miimon (2558), value rounded to 0 ms [ 599.338529][T28125] bond10: down delay (48426) is not a multiple of miimon (2558), value rounded to 46044 ms [ 599.343187][T28125] bond10: peer notification delay (2365) is not a multiple of miimon (2558), value rounded to 0 ms [ 599.632927][T28137] bridge0: port 2(bridge_slave_1) entered disabled state [ 599.636473][T28137] bridge0: port 1(bridge_slave_0) entered disabled state [ 599.762300][T28137] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 599.772095][T28137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 599.879925][ T13] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.884241][ T13] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.888690][ T13] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.892557][ T13] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.367030][T28148] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 600.369597][T28148] overlayfs: failed to set xattr on upper [ 600.371992][T28148] overlayfs: ...falling back to redirect_dir=nofollow. [ 600.374674][T28148] overlayfs: ...falling back to index=off. [ 600.376957][T28148] overlayfs: ...falling back to uuid=null. [ 600.387868][T28148] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 600.433865][T28152] overlayfs: failed to clone lowerpath [ 600.776650][T28182] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9134'. [ 601.103070][T28206] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9151'. [ 601.108436][T28206] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9151'. [ 601.715131][T28214] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9145'. [ 602.752312][T11040] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 602.837668][T28259] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9163'. [ 602.842899][T28259] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9163'. [ 602.912495][T11040] usb 11-1: Using ep0 maxpacket: 8 [ 602.916943][T11040] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 602.925712][T11040] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 602.935985][T11040] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 115, changing to 10 [ 602.945204][T11040] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 18277, setting to 1024 [ 602.955859][T11040] usb 11-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 602.963137][T11040] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.975871][T28251] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 602.979859][T11040] hub 11-1:1.0: bad descriptor, ignoring hub [ 602.982724][T11040] hub 11-1:1.0: probe with driver hub failed with error -5 [ 602.986352][T11040] cdc_wdm 11-1:1.0: skipping garbage [ 602.988680][T11040] cdc_wdm 11-1:1.0: skipping garbage [ 602.992116][T11040] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 602.995055][T11040] cdc_wdm 11-1:1.0: Unknown control protocol [ 603.156810][T28270] : renamed from dummy0 [ 603.207317][T28275] bridge: RTM_NEWNEIGH with invalid ether address [ 603.258099][T28282] netlink: 24 bytes leftover after parsing attributes in process `syz.5.9174'. [ 603.261025][T28282] netlink: 24 bytes leftover after parsing attributes in process `syz.5.9174'. [ 603.522622][ T53] usb 11-1: USB disconnect, device number 7 [ 604.110116][ T40] kauditd_printk_skb: 166 callbacks suppressed [ 604.110128][ T40] audit: type=1326 audit(1768276841.220:2138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 604.119530][ T40] audit: type=1326 audit(1768276841.220:2139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 604.126759][ T40] audit: type=1326 audit(1768276841.230:2140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 604.133615][T28295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9178'. [ 604.133804][ T40] audit: type=1326 audit(1768276841.230:2141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 604.136885][T28295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9178'. [ 604.143384][ T40] audit: type=1326 audit(1768276841.230:2142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 604.143410][ T40] audit: type=1326 audit(1768276841.250:2143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 604.143430][ T40] audit: type=1326 audit(1768276841.250:2144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 604.143450][ T40] audit: type=1326 audit(1768276841.250:2145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 604.143485][ T40] audit: type=1326 audit(1768276841.250:2146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 604.143504][ T40] audit: type=1326 audit(1768276841.250:2147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28292 comm="syz.6.9177" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 606.329574][T28343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 606.341091][T28343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 606.380575][T28343] veth0_macvtap: left allmulticast mode [ 606.558208][ T4536] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 606.561754][ T4536] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.565661][ T4536] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 606.569257][ T4536] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.572847][ T4536] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 606.576319][ T4536] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.579847][ T4536] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 606.584042][ T4536] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.867415][T28365] ªªªªªª: renamed from wg2 [ 607.000734][T28370] netlink: 'syz.6.9204': attribute type 1 has an invalid length. [ 607.031522][T28370] 8021q: adding VLAN 0 to HW filter on device bond1 [ 607.035127][T28373] overlayfs: failed to clone upperpath [ 607.091290][T28370] bond1: (slave veth3): Enslaving as an active interface with a down link [ 607.123487][T28370] bond1: (slave dummy0): making interface the new active one [ 607.126749][T28370] dummy0: entered promiscuous mode [ 607.129188][T28370] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 607.147749][T28370] netlink: 'syz.6.9204': attribute type 10 has an invalid length. [ 607.150731][T28370] __nla_validate_parse: 5 callbacks suppressed [ 607.150742][T28370] netlink: 40 bytes leftover after parsing attributes in process `syz.6.9204'. [ 607.158361][T28370] bond1: (slave dummy0): Releasing active interface [ 607.187791][T28387] net_ratelimit: 13 callbacks suppressed [ 607.187805][T28387] Set syz0 is full, maxelem 0 reached [ 607.424429][T28400] overlayfs: failed to clone upperpath [ 607.543740][T28408] sctp: [Deprecated]: syz.2.9218 (pid 28408) Use of struct sctp_assoc_value in delayed_ack socket option. [ 607.543740][T28408] Use struct sctp_sack_info instead [ 608.463534][ T5300] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 609.150037][T28456] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9236'. [ 609.156392][T28456] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9236'. [ 609.919964][T28478] bond2: (slave ip6erspan0): making interface the new active one [ 609.923542][T28478] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link [ 610.392336][T24228] usb 11-1: new high-speed USB device number 8 using dummy_hcd [ 610.544669][T24228] usb 11-1: config index 0 descriptor too short (expected 28277, got 36) [ 610.547463][T24228] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 610.551101][T24228] usb 11-1: config 0 has no interfaces? [ 610.553657][T24228] usb 11-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 610.556701][T24228] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.560724][T24228] usb 11-1: config 0 descriptor?? [ 610.911810][T28504] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9253'. [ 610.954767][T28506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9254'. [ 610.959348][T28506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9254'. [ 610.965434][T28506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9254'. [ 610.969235][T28506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9254'. [ 611.028813][T28510] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9256'. [ 611.064948][T28510] hsr_slave_1 (unregistering): left promiscuous mode [ 611.355516][T28537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9267'. [ 611.400150][T28541] netlink: 'syz.3.9269': attribute type 1 has an invalid length. [ 611.464135][T28541] bond15: (slave veth11): Enslaving as an active interface with a down link [ 611.493649][T28541] bond15: entered promiscuous mode [ 611.495912][T28541] bond15: entered allmulticast mode [ 611.498062][T28541] 8021q: adding VLAN 0 to HW filter on device bond15 [ 612.265936][T28577] binder: 28576:28577 unknown command 0 [ 612.269881][T28577] binder: 28576:28577 ioctl c0306201 80000080 returned -22 [ 612.592819][ T11] block nbd0: Possible stuck request ffff888025c40000: control (read@0,1024B). Runtime 540 seconds [ 612.596403][ T11] block nbd0: Possible stuck request ffff888025c40200: control (read@1024,1024B). Runtime 540 seconds [ 612.600267][ T11] block nbd0: Possible stuck request ffff888025c40400: control (read@2048,1024B). Runtime 540 seconds [ 612.604506][ T11] block nbd0: Possible stuck request ffff888025c40600: control (read@3072,1024B). Runtime 540 seconds [ 612.859639][T28590] FAT-fs (loop11): unable to read boot sector [ 612.944076][T28598] __nla_validate_parse: 2 callbacks suppressed [ 612.944087][T28598] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9289'. [ 613.069258][T24228] usb 11-1: USB disconnect, device number 8 [ 613.312319][T24230] usb 10-1: new high-speed USB device number 13 using dummy_hcd [ 613.427762][T28631] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9302'. [ 613.472294][T24230] usb 10-1: Using ep0 maxpacket: 32 [ 613.483608][T24230] usb 10-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 613.487143][T24230] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.492616][T24230] usb 10-1: config 0 descriptor?? [ 613.635340][T28645] pim6reg: entered allmulticast mode [ 613.698643][T28650] netlink: 'syz.3.9311': attribute type 3 has an invalid length. [ 613.701793][T28650] netlink: 'syz.3.9311': attribute type 3 has an invalid length. [ 613.728835][T28654] bridge0: entered allmulticast mode [ 613.731779][T28652] Bluetooth: hci4: Frame reassembly failed (-90) [ 613.732541][T24230] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 613.738554][T28653] bridge0: left allmulticast mode [ 613.744764][T24230] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 613.749574][T24230] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 613.762278][T24230] usb 10-1: media controller created [ 613.775441][T24230] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 613.962626][T28668] overlayfs: failed to clone upperpath [ 614.772579][T24230] stb0899_attach: Driver disabled by Kconfig [ 614.774835][T24230] az6027: no front-end attached [ 614.774835][T24230] [ 614.778082][T24230] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 614.781992][T24230] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb10/10-1/input/input43 [ 614.789338][T24230] dvb-usb: schedule remote query interval to 400 msecs. [ 614.792358][T24230] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 614.980269][T28606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 614.984166][T28606] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 614.994927][T24230] usb 10-1: USB disconnect, device number 13 [ 615.044784][T24230] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 615.622353][T28713] tipc: Failed to remove unknown binding: 66,0,0/0:1812692343/1812692344 [ 615.626037][T28713] tipc: Failed to remove unknown binding: 66,0,0/0:1812692343/1812692344 [ 615.782345][ T5300] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 616.652343][T24228] usb 11-1: new full-speed USB device number 9 using dummy_hcd [ 616.814166][T24228] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 616.817882][T24228] usb 11-1: config 0 has no interfaces? [ 616.819889][T24228] usb 11-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 616.823297][T24228] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.827572][T24228] usb 11-1: config 0 descriptor?? [ 616.871419][T28771] overlayfs: failed to clone upperpath [ 617.041579][T28759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 617.046437][T28759] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 617.054298][ T6078] usb 11-1: USB disconnect, device number 9 [ 617.531603][T28790] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9360'. [ 617.652986][T28790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9360'. [ 618.021175][T28798] netlink: 'syz.3.9362': attribute type 1 has an invalid length. [ 618.034872][T28798] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.9362'. [ 618.545054][T28805] overlayfs: failed to clone upperpath [ 618.898063][T28819] pim6reg: entered allmulticast mode [ 619.836815][T28872] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 620.039360][T28887] netlink: 24 bytes leftover after parsing attributes in process `syz.6.9396'. [ 620.061075][T28887] sch_tbf: burst 88 is lower than device veth5 mtu (1514) ! [ 620.078660][T28889] netlink: 107460 bytes leftover after parsing attributes in process `syz.3.9398'. [ 620.115196][T28895] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9400'. [ 620.127445][T28897] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9401'. [ 620.130397][T28897] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9401'. [ 620.558318][T28918] netlink: 'syz.3.9409': attribute type 4 has an invalid length. [ 620.845194][T28926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 620.849833][T28926] 8021q: adding VLAN 0 to HW filter on device team0 [ 620.855855][T28926] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. syzkaller syzkaller login: [ 621.812463][T24228] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 621.962965][T24228] usb 10-1: too many configurations: 9, using maximum allowed: 8 [ 621.966852][T24228] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 621.970779][T24228] usb 10-1: config 0 has no interfaces? [ 621.973567][T24228] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 621.977412][T24228] usb 10-1: config 0 has no interfaces? [ 621.980587][T24228] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 621.984231][T24228] usb 10-1: config 0 has no interfaces? [ 621.986810][T24228] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 621.989979][T24228] usb 10-1: config 0 has no interfaces? [ 621.994470][T24228] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 621.998794][T24228] usb 10-1: config 0 has no interfaces? [ 622.012950][T24228] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 622.017626][T24228] usb 10-1: config 0 has no interfaces? [ 622.021020][T24228] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 622.025568][T24228] usb 10-1: config 0 has no interfaces? [ 622.028993][T24228] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 622.033483][T24228] usb 10-1: config 0 has no interfaces? [ 622.037973][T24228] usb 10-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 622.041766][T24228] usb 10-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 622.045427][T24228] usb 10-1: Product: syz [ 622.047255][T24228] usb 10-1: Manufacturer: syz [ 622.049282][T24228] usb 10-1: SerialNumber: syz [ 622.053284][T24228] usb 10-1: config 0 descriptor?? [ 622.273811][ T6078] usb 10-1: USB disconnect, device number 14 [ 622.332796][T28997] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 622.381113][T29001] overlayfs: failed to clone upperpath [ 622.751620][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 622.751637][ T40] audit: type=1326 audit(1768276859.860:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 622.764858][ T40] audit: type=1326 audit(1768276859.860:2153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 622.773877][ T40] audit: type=1326 audit(1768276859.860:2154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 622.782889][ T40] audit: type=1326 audit(1768276859.860:2155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 622.792285][ T40] audit: type=1326 audit(1768276859.860:2156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 622.801117][ T40] audit: type=1326 audit(1768276859.860:2157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 622.811071][ T40] audit: type=1326 audit(1768276859.860:2158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 622.820006][ T40] audit: type=1326 audit(1768276859.860:2159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 622.828976][ T40] audit: type=1326 audit(1768276859.870:2160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=246 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 622.839037][ T40] audit: type=1326 audit(1768276859.870:2161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29018 comm="syz.3.9454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 623.101423][T29029] netlink: 'syz.5.9450': attribute type 1 has an invalid length. [ 623.113854][T29029] bond3: entered promiscuous mode [ 623.115938][T29029] 8021q: adding VLAN 0 to HW filter on device bond3 [ 623.149948][T29029] bond3: (slave bridge7): making interface the new active one [ 623.155205][T29029] bridge7: entered promiscuous mode [ 623.158819][T29029] bond3: (slave bridge7): Enslaving as an active interface with an up link [ 623.360087][T29043] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 623.421385][T29049] netlink: 'syz.5.9459': attribute type 1 has an invalid length. [ 623.487819][T29049] bond4: (slave veth13): Enslaving as an active interface with a down link [ 623.524233][T29049] bond4: entered promiscuous mode [ 623.526600][T29049] bond4: entered allmulticast mode [ 623.529093][T29049] 8021q: adding VLAN 0 to HW filter on device bond4 [ 623.604967][T29056] tipc: Started in network mode [ 623.607140][T29056] tipc: Node identity 84e, cluster identity 4711 [ 623.609989][T29056] tipc: Node number set to 2126 [ 623.832543][T24228] usb 10-1: new high-speed USB device number 15 using dummy_hcd [ 623.858688][T29071] 9pnet_fd: p9_fd_create_tcp (29071): problem connecting socket to 127.0.0.1 [ 623.936664][T29073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9470'. [ 623.982256][T24228] usb 10-1: Using ep0 maxpacket: 32 [ 623.985410][T24228] usb 10-1: config index 0 descriptor too short (expected 29220, got 36) [ 623.988121][T24228] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 623.990956][T24228] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 623.997728][T24228] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 624.001467][T24228] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 624.005046][T24228] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 624.009762][T24228] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 624.013252][T24228] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.017572][T24228] usb 10-1: config 0 descriptor?? [ 624.224365][T24228] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 624.231086][T24228] usb 10-1: USB disconnect, device number 15 [ 624.242060][T24228] usblp0: removed [ 624.682407][ T6078] usb 10-1: new high-speed USB device number 16 using dummy_hcd [ 624.833626][ T6078] usb 10-1: Using ep0 maxpacket: 32 [ 624.834961][ T6078] usb 10-1: config index 0 descriptor too short (expected 29220, got 36) [ 624.839168][ T6078] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 624.839182][ T6078] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 624.839206][ T6078] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 624.839217][ T6078] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 624.839230][ T6078] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 624.863307][ T6078] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 624.863329][ T6078] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.868683][ T6078] usb 10-1: config 0 descriptor?? [ 625.083530][ T6078] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 625.273598][ T53] usb 10-1: USB disconnect, device number 16 [ 625.277763][ T53] usblp0: removed [ 626.703827][T29161] tipc: Started in network mode [ 626.705917][T29161] tipc: Node identity 12d90b963f23, cluster identity 4711 [ 626.709091][T29161] tipc: Enabled bearer , priority 0 [ 626.714168][T29160] tipc: Resetting bearer [ 627.785898][T29193] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9512'. [ 628.134940][T29160] tipc: Disabling bearer [ 628.156534][ T53] tipc: Node number set to 771361686 [ 628.167715][T29198] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9513'. [ 628.168437][T29194] bond16: (slave vxcan1): The slave device specified does not support setting the MAC address [ 628.177215][T29194] bond16: (slave vxcan1): Error -95 calling set_mac_address [ 628.196879][T29195] macvlan2: entered promiscuous mode [ 628.201883][T29195] macvlan2: entered allmulticast mode [ 628.205280][T29195] bond16: (slave macvlan2): Error -98 calling set_mac_address [ 628.218016][T29198] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9513'. [ 628.391230][T29207] FAT-fs (loop5): unable to read boot sector [ 628.430220][T29209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9518'. [ 628.434826][T29209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9518'. [ 628.438009][T29209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9518'. [ 628.441164][T29209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9518'. [ 628.446028][T29209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9518'. [ 628.449243][T29209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9518'. [ 628.696131][T29226] overlayfs: failed to clone upperpath [ 628.811022][T29227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 628.991433][T29241] FAT-fs (loop7): unable to read boot sector [ 629.933026][ T40] kauditd_printk_skb: 51 callbacks suppressed [ 629.933036][ T40] audit: type=1326 audit(1768276867.050:2213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 629.952276][ T40] audit: type=1326 audit(1768276867.060:2214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 629.965089][ T40] audit: type=1326 audit(1768276867.060:2215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 629.982449][ T40] audit: type=1326 audit(1768276867.060:2216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 630.002273][ T40] audit: type=1326 audit(1768276867.060:2217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 630.012821][ T40] audit: type=1326 audit(1768276867.060:2218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 630.020607][ T40] audit: type=1326 audit(1768276867.060:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 630.027398][ T40] audit: type=1326 audit(1768276867.060:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 630.030282][T29270] vlan4: entered promiscuous mode [ 630.035002][ T40] audit: type=1326 audit(1768276867.060:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=271 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 630.044349][ T40] audit: type=1326 audit(1768276867.060:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29263 comm="syz.3.9537" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 630.047640][T29270] hsr_slave_1: entered promiscuous mode [ 630.062561][T29270] vlan4: entered allmulticast mode [ 630.065107][T29270] hsr_slave_1: entered allmulticast mode [ 630.219856][T29280] FAT-fs (loop13): unable to read boot sector [ 630.676244][T29303] tipc: Enabled bearer , priority 0 [ 630.680273][T29302] tipc: Resetting bearer [ 631.216950][T29322] overlayfs: failed to clone upperpath [ 632.462007][T29302] tipc: Disabling bearer [ 632.504452][T29342] netlink: 'syz.3.9567': attribute type 1 has an invalid length. [ 632.580985][T29342] 8021q: adding VLAN 0 to HW filter on device bond18 [ 632.587300][T29342] bond17: (slave bond18): making interface the new active one [ 632.591079][T29342] bond17: (slave bond18): Enslaving as an active interface with an up link [ 632.606385][T29350] __nla_validate_parse: 1 callbacks suppressed [ 632.606400][T29350] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9570'. [ 632.623048][T29342] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9567'. [ 632.660548][T29342] 8021q: adding VLAN 0 to HW filter on device bond17 [ 632.871702][T29363] netlink: 'syz.3.9576': attribute type 12 has an invalid length. [ 632.927160][T29368] overlayfs: failed to clone upperpath [ 633.145927][T29377] netlink: 12 bytes leftover after parsing attributes in process `syz.5.9581'. [ 633.223727][T29379] netlink: 'syz.5.9582': attribute type 12 has an invalid length. [ 633.892324][ T6078] usb 10-1: new high-speed USB device number 17 using dummy_hcd [ 634.072287][ T6078] usb 10-1: Using ep0 maxpacket: 8 [ 634.075207][ T6078] usb 10-1: config 0 has an invalid interface number: 55 but max is 0 [ 634.077913][ T6078] usb 10-1: config 0 has no interface number 0 [ 634.080013][ T6078] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 634.083511][ T6078] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 634.087175][ T6078] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 634.091503][ T6078] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 634.095722][ T6078] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 634.098807][ T6078] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.102517][ T6078] usb 10-1: config 0 descriptor?? [ 634.106790][ T6078] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 634.320342][T24228] usb 10-1: USB disconnect, device number 17 [ 634.333836][T24228] ldusb 10-1:0.55: LD USB Device #0 now disconnected [ 634.355526][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.358538][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 635.112286][ T53] usb 10-1: new high-speed USB device number 18 using dummy_hcd [ 635.282416][ T53] usb 10-1: Using ep0 maxpacket: 32 [ 635.286267][ T53] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 635.290144][ T53] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 635.294315][ T53] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 635.298256][ T53] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.304129][ T53] usb 10-1: config 0 descriptor?? [ 635.715922][ T53] savu 0003:1E7D:2D5A.0020: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 636.018834][ T53] usb 10-1: USB disconnect, device number 18 [ 636.151081][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 636.151162][ T40] audit: type=1326 audit(1768276873.260:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29465 comm="syz.5.9611" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x0 [ 637.755726][T29521] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9625'. [ 637.784670][T29521] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9625'. [ 638.984913][T29558] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9637'. [ 639.277615][T29568] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9640'. [ 639.421981][T29574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9644'. [ 639.500316][T29576] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 640.348570][T29610] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9658'. [ 640.548713][T29620] overlayfs: failed to clone upperpath [ 641.137564][T29632] netlink: 12 bytes leftover after parsing attributes in process `syz.5.9667'. [ 641.614873][T29655] 9pnet: p9_errstr2errno: server reported unknown error 0x00000000 [ 641.812402][T29671] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9682'. [ 642.155760][T29688] x_tables: duplicate underflow at hook 1 [ 642.201638][T29690] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9697'. [ 642.624223][T29705] overlayfs: failed to clone upperpath [ 642.662453][ T11] block nbd0: Possible stuck request ffff888025c40000: control (read@0,1024B). Runtime 570 seconds [ 642.667179][ T11] block nbd0: Possible stuck request ffff888025c40200: control (read@1024,1024B). Runtime 570 seconds [ 642.671171][ T11] block nbd0: Possible stuck request ffff888025c40400: control (read@2048,1024B). Runtime 570 seconds [ 642.675096][ T11] block nbd0: Possible stuck request ffff888025c40600: control (read@3072,1024B). Runtime 570 seconds [ 642.790445][T29713] syzkaller0: entered promiscuous mode [ 642.792521][T29713] syzkaller0: entered allmulticast mode [ 644.371698][T29722] bridge_slave_0: left allmulticast mode [ 644.374403][T29722] bridge_slave_0: left promiscuous mode [ 644.377037][T29722] bridge0: port 1(bridge_slave_0) entered disabled state [ 644.382704][T29722] bridge_slave_1: left allmulticast mode [ 644.384993][T29722] bridge_slave_1: left promiscuous mode [ 644.387496][T29722] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.395504][T29722] bond2: (slave veth0_to_bond): Releasing active interface [ 644.397931][T29722] veth0_to_bond: left promiscuous mode [ 644.399765][T29722] veth0_to_bond: left allmulticast mode [ 644.402963][T29722] bond0: (slave bond_slave_0): Releasing backup interface [ 644.405457][T29722] bond_slave_0: left promiscuous mode [ 644.408617][T29722] bond0: (slave bond_slave_1): Releasing backup interface [ 644.411624][T29722] bond_slave_1: left promiscuous mode [ 644.413960][T29722] team_slave_0: left promiscuous mode [ 644.416771][T29722] team0: Port device team_slave_0 removed [ 644.419759][T29722] team_slave_1: left promiscuous mode [ 644.433731][T29722] team0: Port device team_slave_1 removed [ 644.442624][T29722] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 644.455854][T29722] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 644.459214][T29722] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 644.468848][T29730] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9702'. [ 644.469521][T29731] netlink: 'syz.3.9704': attribute type 16 has an invalid length. [ 644.476968][T29731] netlink: 'syz.3.9704': attribute type 17 has an invalid length. [ 644.480431][T29731] lo: left promiscuous mode [ 644.487452][T29731] tunl0: left promiscuous mode [ 644.490894][T29731] gre0: left promiscuous mode [ 644.493710][T29733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9705'. [ 644.495278][T29731] gretap0: left promiscuous mode [ 644.501692][T29731] erspan0: left promiscuous mode [ 644.505974][T29731] ip_vti0: left promiscuous mode [ 644.509371][T29731] ip6_vti0: left promiscuous mode [ 644.513008][T29731] sit0: left promiscuous mode [ 644.519008][T29731] ip6tnl0: left promiscuous mode [ 644.522681][T29731] ip6gre0: left promiscuous mode [ 644.528964][T29731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 644.532780][T29731] team0: left promiscuous mode [ 644.535032][T29731] team_slave_0: left promiscuous mode [ 644.537903][T29731] team_slave_1: left promiscuous mode [ 644.541018][T29731] 8021q: adding VLAN 0 to HW filter on device team0 [ 644.544933][T29731] dummy0: left promiscuous mode [ 644.547223][T29731] batman_adv: batadv0: Interface activated: dummy0 [ 644.549946][T29731] batadv0: mtu less than device minimum [ 644.553217][T29731] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 644.558513][T29731] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 644.563868][T29731] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 644.569164][T29731] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 644.574512][T29731] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 644.579832][T29731] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 644.585125][T29731] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 644.590354][T29731] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 644.607040][T29731] nlmon0: left promiscuous mode [ 644.610585][T29731] caif0: left promiscuous mode [ 644.701717][T29750] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9715'. [ 644.741153][T29754] binder_alloc: 29752: binder_alloc_buf size 4294966888 failed, no address space [ 644.743606][T29753] netlink: 107460 bytes leftover after parsing attributes in process `syz.2.9708'. [ 644.745517][T29754] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 8184 (num: 1 largest: 8184) [ 645.508854][T29796] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 645.516574][T29796] block device autoloading is deprecated and will be removed. [ 645.864101][T29812] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9733'. [ 645.910934][T29812] sch_tbf: burst 88 is lower than device veth19 mtu (1514) ! [ 646.739419][T29832] x_tables: duplicate underflow at hook 1 [ 648.263959][T29877] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9757'. [ 648.459407][ T40] audit: type=1326 audit(1768276885.570:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 648.470099][ T40] audit: type=1326 audit(1768276885.570:2227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 648.483123][ T40] audit: type=1326 audit(1768276885.590:2228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 648.491557][ T40] audit: type=1326 audit(1768276885.590:2229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 648.499585][ T40] audit: type=1326 audit(1768276885.590:2230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 648.508679][ T40] audit: type=1326 audit(1768276885.590:2231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 648.517591][ T40] audit: type=1326 audit(1768276885.590:2232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 648.526652][ T40] audit: type=1326 audit(1768276885.600:2233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 648.537192][ T40] audit: type=1326 audit(1768276885.600:2234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 648.546139][ T40] audit: type=1326 audit(1768276885.600:2235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29886 comm="syz.2.9760" exe="/syz-executor" sig=0 arch=40000003 syscall=246 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 649.089208][T29903] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 649.092327][T29903] block device autoloading is deprecated and will be removed. [ 649.152012][T29907] tipc: Started in network mode [ 649.155930][T29907] tipc: Node identity 84e, cluster identity 4711 [ 649.158424][T29907] tipc: Node number set to 2126 [ 649.166614][ T6000] libceph: connect (1)[c::]:6789 error -101 [ 649.169175][ T6000] libceph: mon0 (1)[c::]:6789 connect error [ 649.268432][T29909] ceph: No mds server is up or the cluster is laggy [ 650.040130][T29955] bridge_slave_0: left allmulticast mode [ 650.042801][T29955] bridge_slave_0: left promiscuous mode [ 650.045043][T29955] bridge0: port 1(bridge_slave_0) entered disabled state [ 650.050259][T29955] bridge_slave_1: left allmulticast mode [ 650.052540][T29955] bridge_slave_1: left promiscuous mode [ 650.054971][T29955] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.059978][T29955] bond0: (slave bond_slave_0): Releasing backup interface [ 650.065627][T29955] bond0: (slave bond_slave_1): Releasing backup interface [ 650.071075][T29955] team0: Port device team_slave_0 removed [ 650.078810][T29955] team0: Port device team_slave_1 removed [ 650.090988][T29955] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 650.096442][T29955] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 650.101157][T29955] net_ratelimit: 12 callbacks suppressed [ 650.101173][T29955] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 650.491367][T29980] overlayfs: failed to clone upperpath [ 650.587110][T29984] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9791'. [ 650.590925][T29984] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9791'. [ 650.951810][T29998] overlayfs: failed to clone upperpath [ 650.953682][T29999] overlayfs: failed to clone upperpath [ 653.480924][T30015] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9805'. [ 654.579788][T30042] overlayfs: failed to clone upperpath [ 654.598601][T30044] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9815'. [ 654.603781][T30044] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9815'. [ 654.607847][T30044] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9815'. [ 654.611676][T30044] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9815'. [ 654.618280][T30044] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9815'. [ 654.872454][ T40] kauditd_printk_skb: 114 callbacks suppressed [ 654.872474][ T40] audit: type=1326 audit(1768276891.980:2350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30054 comm="syz.5.9820" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x0 [ 654.892629][ T40] audit: type=1326 audit(1768276892.010:2351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30048 comm="syz.6.9818" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x0 [ 655.019988][T30061] bridge: RTM_NEWNEIGH with invalid ether address [ 655.068906][T30063] bridge0: entered allmulticast mode [ 655.072315][T30065] overlayfs: failed to clone upperpath [ 655.075289][T30062] bridge0: left allmulticast mode [ 655.080102][T30065] overlayfs: failed to clone lowerpath [ 655.121713][T30069] Set syz0 is full, maxelem 0 reached [ 655.127014][T30069] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 655.979393][T30081] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 656.111557][T30091] netlink: 28 bytes leftover after parsing attributes in process `syz.5.9830'. [ 656.123349][T30091] netlink: 'syz.5.9830': attribute type 7 has an invalid length. [ 656.126572][T30091] netlink: 'syz.5.9830': attribute type 8 has an invalid length. [ 656.129808][T30091] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9830'. [ 656.262808][T30097] lo: entered allmulticast mode [ 656.267091][T30096] lo: left allmulticast mode [ 656.523039][T30110] netlink: 'syz.6.9836': attribute type 1 has an invalid length. [ 656.526313][T30110] netlink: 16150 bytes leftover after parsing attributes in process `syz.6.9836'. [ 657.276843][T30123] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 657.325339][T30127] input: syz1 as /devices/virtual/input/input44 [ 658.528139][T30159] netlink: 24 bytes leftover after parsing attributes in process `syz.6.9856'. [ 658.679582][T30164] binder_alloc: 30163: pid 30163 spamming oneway? 1 buffers allocated for a total size of 4096 [ 659.774601][T30188] sch_tbf: burst 32855 is lower than device lo mtu (11337746) ! [ 662.105913][ T40] audit: type=1326 audit(1768276899.220:2352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30237 comm="syz.3.9882" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x0 [ 662.858074][T30256] netlink: 'syz.2.9885': attribute type 12 has an invalid length. [ 663.751908][T30269] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 664.754781][T30288] overlayfs: failed to clone upperpath [ 664.830124][T30292] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9901'. [ 664.851386][ T40] audit: type=1326 audit(1768276901.960:2353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30280 comm="syz.5.9894" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x0 [ 664.873792][T30292] bond11: (slave vxcan1): The slave device specified does not support setting the MAC address [ 664.878417][T30292] bond11: (slave vxcan1): Error -95 calling set_mac_address [ 664.920927][T30294] macvlan0: entered promiscuous mode [ 664.922941][T30294] macvlan0: entered allmulticast mode [ 664.924937][T30294] bond11: (slave macvlan0): Error -98 calling set_mac_address [ 665.218417][T30311] overlayfs: failed to clone upperpath [ 665.480465][T30313] overlayfs: failed to clone upperpath [ 665.600021][ T40] audit: type=1326 audit(1768276902.690:2354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30319 comm="syz.3.9915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 665.610878][ T40] audit: type=1326 audit(1768276902.690:2355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30319 comm="syz.3.9915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 665.622783][ T40] audit: type=1326 audit(1768276902.690:2356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30319 comm="syz.3.9915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 665.631750][ T40] audit: type=1326 audit(1768276902.690:2358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30319 comm="syz.3.9915" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 665.640864][ T40] audit: type=1326 audit(1768276902.690:2357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30319 comm="syz.3.9915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 665.652401][ T40] audit: type=1326 audit(1768276902.690:2359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30319 comm="syz.3.9915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 665.661441][ T40] audit: type=1326 audit(1768276902.690:2360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30319 comm="syz.3.9915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 665.671236][ T40] audit: type=1326 audit(1768276902.690:2361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30319 comm="syz.3.9915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000 [ 665.874721][T30340] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 665.901203][T30340] netlink: 'syz.2.9918': attribute type 10 has an invalid length. [ 665.909394][T30340] mac80211_hwsim hwsim3 : entered promiscuous mode [ 665.912164][T30340] mac80211_hwsim hwsim3 : entered allmulticast mode [ 665.917630][T30340] bond0: (slave ): Enslaving as an active interface with an up link [ 666.409109][T30364] kAFS: No cell specified [ 666.588379][T30367] netlink: 'syz.5.9928': attribute type 1 has an invalid length. [ 666.617431][T30367] 8021q: adding VLAN 0 to HW filter on device bond5 [ 666.625987][T30367] bond5: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 666.634698][T30367] bond5: entered allmulticast mode [ 666.647379][T30367] bond5: (slave ip6gretap1): Enslaving as an active interface with an up link [ 666.743307][T30374] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9929'. [ 667.190478][T30378] batadv_slave_1: entered promiscuous mode [ 667.193202][T30377] batadv_slave_1: left promiscuous mode [ 668.110908][T30402] binder: 30401:30402 ioctl c0306201 80000b00 returned -11 [ 668.318406][T30406] Bluetooth: MGMT ver 1.23 [ 668.404879][T30411] netlink: 24 bytes leftover after parsing attributes in process `syz.6.9944'. [ 668.538431][T30415] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9943'. [ 669.237982][ T53] libceph: connect (1)[c::]:6789 error -101 [ 669.240515][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 669.390602][T30436] ceph: No mds server is up or the cluster is laggy [ 669.795465][ T40] kauditd_printk_skb: 56 callbacks suppressed [ 669.795482][ T40] audit: type=1804 audit(1768276906.910:2418): pid=30448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.9954" name="file0" dev="ramfs" ino=148715 res=1 errno=0 [ 671.029368][T30478] netlink: 'syz.2.9963': attribute type 1 has an invalid length. [ 671.032784][T30478] netlink: 'syz.2.9963': attribute type 4 has an invalid length. [ 671.036040][T30478] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.9963'. [ 671.786379][T30482] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 671.794850][T30482] netlink: 'syz.6.9965': attribute type 10 has an invalid length. [ 672.235383][T30502] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9972'. [ 672.383846][ T53] usb 10-1: new high-speed USB device number 19 using dummy_hcd [ 672.532290][ T53] usb 10-1: Using ep0 maxpacket: 8 [ 672.535527][ T53] usb 10-1: config 0 has an invalid interface number: 55 but max is 0 [ 672.538255][ T53] usb 10-1: config 0 has no interface number 0 [ 672.552363][ T53] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 672.555870][ T53] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 672.559586][ T53] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 672.563235][ T53] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 672.567418][ T53] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 672.570337][ T53] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.574400][ T53] usb 10-1: config 0 descriptor?? [ 672.578428][ T53] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 672.752816][ T11] block nbd0: Possible stuck request ffff888025c40000: control (read@0,1024B). Runtime 600 seconds [ 672.757279][ T11] block nbd0: Possible stuck request ffff888025c40200: control (read@1024,1024B). Runtime 600 seconds [ 672.761820][ T11] block nbd0: Possible stuck request ffff888025c40400: control (read@2048,1024B). Runtime 600 seconds [ 672.766512][ T11] block nbd0: Possible stuck request ffff888025c40600: control (read@3072,1024B). Runtime 600 seconds [ 672.796097][ T53] usb 10-1: USB disconnect, device number 19 [ 672.802110][T30516] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 672.806180][ T53] ldusb 10-1:0.55: LD USB Device #0 now disconnected [ 672.840459][T30518] binder: 30517:30518 ioctl c0306201 80000680 returned -14 [ 672.845050][T30510] netlink: 'syz.3.9975': attribute type 10 has an invalid length. [ 672.850870][T30510] mac80211_hwsim hwsim7 : entered promiscuous mode [ 672.855289][T30510] mac80211_hwsim hwsim7 : entered allmulticast mode [ 672.862591][T30510] bond0: (slave ): Enslaving as an active interface with an up link [ 673.423700][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.427773][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.431241][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.435281][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.438708][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.444684][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.449737][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.454415][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.459210][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.463369][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.467509][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.471633][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.476063][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.480155][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.485408][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.489497][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.495101][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.499933][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.513721][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.534020][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.553298][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.557408][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.570620][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.582900][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.598290][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.603456][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.615886][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.626388][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.638072][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.651202][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.669338][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.692373][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.708788][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.727035][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.740380][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.757222][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.779094][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.800910][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.806111][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.820339][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.840122][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.857012][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.882554][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.894351][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.908911][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.930145][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.950671][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.965149][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.970549][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.979953][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 673.994521][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.010845][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.022080][T30544] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 674.031505][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.042677][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.047932][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.052303][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.056256][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.060606][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.065395][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.070492][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.075465][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.079306][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.083857][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.089089][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.095777][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.100687][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.106645][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.112668][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.117344][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.121996][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.126695][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.131529][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.136352][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.141776][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.146517][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.151529][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.156479][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.161471][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.166879][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.171972][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.183336][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.199316][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.231080][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.248525][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.255873][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.263595][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.267949][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.276567][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.287325][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.297729][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.307710][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.312578][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.348234][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.363314][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.376189][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.392418][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.400065][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.405611][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.410412][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.415240][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.419865][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.424604][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.434011][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.454069][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.464062][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.480605][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.485860][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.490570][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.495720][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.500651][T30551] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 674.508735][T30551] netlink: 'syz.5.9987': attribute type 10 has an invalid length. [ 674.513401][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.518819][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.523688][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.541642][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.550614][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.554476][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.557432][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.560459][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.563613][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.566630][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.569754][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.573059][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.576368][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.579373][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.583060][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.588014][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.593160][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.597544][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.601675][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.606095][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.610240][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.615177][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.619380][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.623400][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.627476][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.630818][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.639517][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.646167][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.650754][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.658348][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.661936][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.666834][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.670196][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.682997][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.692251][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.713605][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.718042][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.728119][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.732037][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.737340][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.745380][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.749624][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.755579][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.758846][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.763737][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.770193][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.774355][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.777376][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.780330][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 674.784116][T30536] 9pnet_fd: p9_fd_create_tcp (30536): problem connecting socket to 127.0.0.1 [ 675.176549][T30573] netlink: 'syz.5.9993': attribute type 1 has an invalid length. [ 675.251844][T30577] netlink: 28 bytes leftover after parsing attributes in process `syz.5.9993'. [ 675.257344][T30577] bond6 (unregistering): Released all slaves [ 675.387671][T30582] netlink: 24 bytes leftover after parsing attributes in process `syz.5.9996'. [ 675.558731][T30585] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 675.576995][T30585] netlink: 'syz.2.9997': attribute type 10 has an invalid length. [ 676.441169][T30625] openvswitch: netlink: Geneve opt len 17 is not a multiple of 4. [ 676.601105][T30628] kvm: requested 181866 ns i8254 timer period limited to 200000 ns [ 676.606232][T30632] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10011'. [ 676.610003][T30628] kvm: requested 46095 ns i8254 timer period limited to 200000 ns [ 676.615144][T30628] kvm: requested 36038 ns i8254 timer period limited to 200000 ns [ 676.620798][T30628] kvm: requested 114819 ns i8254 timer period limited to 200000 ns [ 676.626123][T30628] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 676.631320][T30628] kvm: requested 106438 ns i8254 timer period limited to 200000 ns [ 676.650497][T30628] kvm: requested 188571 ns i8254 timer period limited to 200000 ns [ 676.655509][T30628] kvm: requested 24304 ns i8254 timer period limited to 200000 ns [ 676.661066][T30628] kvm: requested 34361 ns i8254 timer period limited to 200000 ns [ 676.677082][T30628] kvm: requested 186895 ns i8254 timer period limited to 200000 ns [ 677.615480][T30640] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10013'. [ 678.737806][T30660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 678.837400][T30679] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10027'. [ 679.740486][T30704] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 679.750625][T30704] netlink: 'syz.5.10036': attribute type 10 has an invalid length. [ 679.898864][T30724] 9pnet_fd: p9_fd_create_tcp (30724): problem connecting socket to 127.0.0.1 [ 682.479106][T30787] smc: net device bond0 applied user defined pnetid SYZ2 [ 682.482052][T30787] netlink: 14 bytes leftover after parsing attributes in process `syz.2.10062'. [ 682.517722][ T40] audit: type=1804 audit(1768276919.630:2419): pid=30789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.10063" name="/newroot/317/file0" dev="tmpfs" ino=1793 res=1 errno=0 [ 682.530009][T30787] smc: removing net device bond0 with user defined pnetid SYZ2 [ 682.567697][T30787] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 682.571549][T30787] bond_slave_0: left promiscuous mode [ 682.574070][T30787] bond_slave_0: left allmulticast mode [ 682.577888][T30787] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 682.581740][T30787] bond_slave_1: left promiscuous mode [ 682.584437][T30787] bond_slave_1: left allmulticast mode [ 682.588493][T30787] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 682.593289][T30787] bridge_slave_1: left promiscuous mode [ 682.595841][T30787] bridge_slave_1: left allmulticast mode [ 682.601671][T30787] bond0 (unregistering): (slave team0): Releasing backup interface [ 682.621219][T30787] team0: left allmulticast mode [ 682.623260][T30787] team_slave_0: left allmulticast mode [ 682.625467][T30787] team_slave_1: left allmulticast mode [ 682.628997][T30787] bond0 (unregistering): (slave ): Releasing backup interface [ 682.632931][T30787] mac80211_hwsim hwsim3 : left promiscuous mode [ 682.635587][T30787] mac80211_hwsim hwsim3 : left allmulticast mode [ 682.638973][T30787] bond0 (unregistering): Released all slaves [ 682.645443][T30793] sch_tbf: burst 19360 is lower than device lo mtu (65550) ! [ 682.955422][T30814] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10073'. [ 683.302531][T30831] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10081'. [ 683.740415][T30856] netlink: 24 bytes leftover after parsing attributes in process `syz.5.10089'. [ 683.884693][ T40] audit: type=1804 audit(1768276921.000:2420): pid=30869 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.10094" name="/newroot/501/file0" dev="tmpfs" ino=2774 res=1 errno=0 [ 684.007150][T30882] netlink: 'syz.6.10099': attribute type 1 has an invalid length. [ 684.026539][T30882] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 684.029682][T30882] bond3: (slave vxcan3): Setting fail_over_mac to active for active-backup mode [ 684.039385][T30882] bond3: (slave vxcan3): making interface the new active one [ 684.042027][T30882] bond3: (slave vxcan3): Enslaving as an active interface with an up link [ 684.048267][T30882] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10099'. [ 684.054763][T30882] bond3 (unregistering): (slave vxcan3): Releasing backup interface [ 684.084801][T30882] bond3 (unregistering): Released all slaves [ 684.284996][T30899] batman_adv: batadv0: Interface deactivated: dummy0 [ 684.886327][T30916] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000 [ 685.088082][T30922] dvmrp0: entered allmulticast mode [ 685.627874][T23843] dvmrp0 (unregistering): left allmulticast mode [ 685.870036][ T40] audit: type=1804 audit(1768276922.980:2421): pid=30935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.10123" name="bus" dev="ramfs" ino=153861 res=1 errno=0 [ 685.888654][ T40] audit: type=1804 audit(1768276922.980:2422): pid=30935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.10123" name="bus" dev="ramfs" ino=153861 res=1 errno=0 [ 686.037130][T23843] bond3 (unregistering): (slave geneve2): Releasing active interface [ 686.205674][T23843] batman_adv: batadv0: Removing interface: macvlan2 [ 686.217450][T23843] bond0 (unregistering): Released all slaves [ 686.221593][T23843] batman_adv: batadv0: Removing interface: bond1 [ 686.225600][T23843] bond1 (unregistering): Released all slaves [ 686.232835][T23843] bond2 (unregistering): Released all slaves [ 686.526266][T23843] bond3 (unregistering): Released all slaves [ 686.538468][T23843] bond4 (unregistering): (slave lo): Releasing backup interface [ 686.560073][T23843] bond4 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 686.567031][T23843] bond4 (unregistering): Released all slaves [ 686.683390][T23843] bond5 (unregistering): Released all slaves [ 686.799856][T23843] tipc: Disabling bearer [ 686.803898][T23843] tipc: Left network mode [ 686.886435][T30962] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10122'. [ 686.969731][ T6000] Process accounting resumed [ 686.994763][T30953] Process accounting resumed [ 687.046666][T30967] netlink: 24 bytes leftover after parsing attributes in process `syz.5.10124'. [ 687.426282][T30962] netlink: 'syz.2.10122': attribute type 5 has an invalid length. [ 687.431776][T30962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10122'. [ 687.686709][T30974] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 687.689694][T30974] overlayfs: failed to set xattr on upper [ 687.692116][T30974] overlayfs: ...falling back to redirect_dir=nofollow. [ 687.696395][T30974] overlayfs: ...falling back to index=off. [ 687.699428][T30974] overlayfs: ...falling back to uuid=null. [ 687.939758][T23843] hsr_slave_0: left promiscuous mode [ 687.944404][T23843] hsr_slave_1: left promiscuous mode [ 688.054432][T30997] overlayfs: failed to clone upperpath [ 688.134584][T30999] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 688.142416][ T6078] IPVS: starting estimator thread 0... [ 688.232283][T31001] IPVS: using max 45 ests per chain, 108000 per kthread [ 688.371063][T31010] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10141'. [ 689.073514][T31019] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10144'. [ 689.257183][T23843] IPVS: stop unused estimator thread 0... [ 689.374395][T31036] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10151'. [ 689.553437][T31044] overlayfs: failed to clone upperpath [ 689.574740][T31046] syzkaller0: entered promiscuous mode [ 689.576962][T31046] syzkaller0: entered allmulticast mode [ 691.005630][T31096] netlink: 'syz.5.10173': attribute type 1 has an invalid length. [ 691.037897][T31096] 8021q: adding VLAN 0 to HW filter on device bond6 [ 691.071679][T31096] gretap1: entered promiscuous mode [ 691.077122][T31096] bond6: (slave gretap1): making interface the new active one [ 691.080875][T31096] bond6: (slave gretap1): Enslaving as an active interface with an up link [ 691.722850][T31117] syzkaller0: entered promiscuous mode [ 691.730560][T31117] syzkaller0: entered allmulticast mode [ 691.777183][T31117] tipc: Enabled bearer , priority 0 [ 691.795244][T31116] tipc: Resetting bearer [ 691.814249][T31116] tipc: Disabling bearer [ 692.969594][T31133] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10187'. [ 693.509141][ T40] audit: type=1804 audit(1768276930.620:2423): pid=31156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.10193" name="bus" dev="ramfs" ino=156468 res=1 errno=0 [ 693.516370][ T40] audit: type=1804 audit(1768276930.620:2424): pid=31156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.10193" name="bus" dev="ramfs" ino=156468 res=1 errno=0 [ 693.704118][T31160] netlink: 24 bytes leftover after parsing attributes in process `syz.6.10194'. [ 694.133381][T31172] syzkaller0: entered promiscuous mode [ 694.135923][T31172] syzkaller0: entered allmulticast mode [ 694.354110][T31177] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000 [ 694.376089][T31179] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 694.507333][T31187] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10204'. [ 694.517338][T31187] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10204'. [ 694.520901][T31187] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10204'. [ 694.530606][T31187] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10204'. [ 694.535145][T31187] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10204'. [ 694.979838][T31199] lo speed is unknown, defaulting to 1000 [ 694.989651][T31199] lo speed is unknown, defaulting to 1000 [ 695.000248][T31199] lo speed is unknown, defaulting to 1000 [ 695.039724][T31199] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 695.069048][T31199] lo speed is unknown, defaulting to 1000 [ 695.072344][T31199] lo speed is unknown, defaulting to 1000 [ 695.083417][T31199] lo speed is unknown, defaulting to 1000 [ 695.086528][T31199] lo speed is unknown, defaulting to 1000 [ 695.089157][T31199] lo speed is unknown, defaulting to 1000 [ 695.112498][T31208] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000 [ 695.804488][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 695.807291][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.458647][T31224] [ 696.459429][T31224] ====================================================== [ 696.461684][T31224] WARNING: possible circular locking dependency detected [ 696.464238][T31224] syzkaller #0 Tainted: G L [ 696.466600][T31224] ------------------------------------------------------ [ 696.469332][T31224] syz.6.10215/31224 is trying to acquire lock: [ 696.471778][T31224] ffff88802af94148 (&sbi->pipe_mutex){+.+.}-{4:4}, at: autofs_notify_daemon+0x4a6/0xd60 [ 696.473609][T31228] netlink: 'syz.3.10216': attribute type 1 has an invalid length. [ 696.474889][T31224] [ 696.474889][T31224] but task is already holding lock: [ 696.474895][T31224] ffff88802af78088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 696.482648][T31224] [ 696.482648][T31224] which lock already depends on the new lock. [ 696.482648][T31224] [ 696.485874][T31224] [ 696.485874][T31224] the existing dependency chain (in reverse order) is: [ 696.488679][T31224] [ 696.488679][T31224] -> #2 (&of->mutex){+.+.}-{4:4}: [ 696.490972][T31224] __mutex_lock+0x1aa/0x1ca0 [ 696.492613][T31224] kernfs_fop_write_iter+0x28f/0x570 [ 696.494467][T31224] iter_file_splice_write+0xa24/0x12b0 [ 696.496281][T31224] do_splice+0x1478/0x1fc0 [ 696.497878][T31224] __do_splice+0x32a/0x360 [ 696.499472][T31224] __ia32_sys_splice+0x189/0x250 [ 696.501167][T31224] __do_fast_syscall_32+0xe8/0x680 [ 696.502953][T31224] do_fast_syscall_32+0x32/0x80 [ 696.504672][T31224] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 696.506854][T31224] [ 696.506854][T31224] -> #1 (&pipe->mutex){+.+.}-{4:4}: [ 696.509178][T31224] __mutex_lock+0x1aa/0x1ca0 [ 696.510802][T31224] anon_pipe_write+0x15d/0x1bd0 [ 696.512501][T31224] __kernel_write_iter+0x720/0xb10 [ 696.514278][T31224] __kernel_write+0xf5/0x140 [ 696.515937][T31224] autofs_notify_daemon+0x4db/0xd60 [ 696.517739][T31224] autofs_wait+0x10f3/0x1ac0 [ 696.519380][T31224] autofs_mount_wait+0x132/0x3c0 [ 696.521108][T31224] autofs_d_automount+0x4b2/0x960 [ 696.522874][T31224] __traverse_mounts+0x1b9/0x830 [ 696.524599][T31224] step_into_slowpath+0x772/0xf50 [ 696.526417][T31224] path_lookupat+0x627/0xc40 [ 696.528001][T31224] filename_lookup+0x224/0x5f0 [ 696.529999][T31224] user_path_at+0x3a/0x60 [ 696.531899][T31224] __ia32_sys_mount+0x1fa/0x310 [ 696.533598][T31224] __do_fast_syscall_32+0xe8/0x680 [ 696.535391][T31224] do_fast_syscall_32+0x32/0x80 [ 696.537086][T31224] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 696.539274][T31224] [ 696.539274][T31224] -> #0 (&sbi->pipe_mutex){+.+.}-{4:4}: [ 696.541705][T31224] __lock_acquire+0x1669/0x2890 [ 696.543510][T31224] lock_acquire+0x179/0x330 [ 696.545106][T31224] __mutex_lock+0x1aa/0x1ca0 [ 696.546721][T31224] autofs_notify_daemon+0x4a6/0xd60 [ 696.548501][T31224] autofs_wait+0x10f3/0x1ac0 [ 696.550085][T31224] autofs_mount_wait+0x132/0x3c0 [ 696.551772][T31224] autofs_d_automount+0x4b2/0x960 [ 696.553512][T31224] __traverse_mounts+0x1b9/0x830 [ 696.555254][T31224] step_into_slowpath+0x772/0xf50 [ 696.557030][T31224] path_lookupat+0x627/0xc40 [ 696.558683][T31224] filename_lookup+0x224/0x5f0 [ 696.560371][T31224] kern_path+0x35/0x50 [ 696.561845][T31224] lookup_bdev+0xd8/0x280 [ 696.563383][T31224] resume_store+0x1d6/0x490 [ 696.564938][T31224] kobj_attr_store+0x58/0x80 [ 696.566724][T31224] sysfs_kf_write+0xf2/0x150 [ 696.568372][T31224] kernfs_fop_write_iter+0x3af/0x570 [ 696.570503][T31224] vfs_write+0x7d3/0x11d0 [ 696.572327][T31224] ksys_write+0x12a/0x250 [ 696.573879][T31224] __do_fast_syscall_32+0xe8/0x680 [ 696.575741][T31224] do_fast_syscall_32+0x32/0x80 [ 696.577449][T31224] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 696.579612][T31224] [ 696.579612][T31224] other info that might help us debug this: [ 696.579612][T31224] [ 696.582823][T31224] Chain exists of: [ 696.582823][T31224] &sbi->pipe_mutex --> &pipe->mutex --> &of->mutex [ 696.582823][T31224] [ 696.587171][T31224] Possible unsafe locking scenario: [ 696.587171][T31224] [ 696.589515][T31224] CPU0 CPU1 [ 696.591232][T31224] ---- ---- [ 696.592919][T31224] lock(&of->mutex); [ 696.594199][T31224] lock(&pipe->mutex); [ 696.596703][T31224] lock(&of->mutex); [ 696.599320][T31224] lock(&sbi->pipe_mutex); [ 696.601000][T31224] [ 696.601000][T31224] *** DEADLOCK *** [ 696.601000][T31224] [ 696.604085][T31224] 4 locks held by syz.6.10215/31224: [ 696.606130][T31224] #0: ffff8880275e1278 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 696.608992][T31224] #1: ffff8880469fe420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 696.611817][T31224] #2: ffff88802af78088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 696.614920][T31224] #3: ffff888040adc0f8 (kn->active#97){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 696.618129][T31224] [ 696.618129][T31224] stack backtrace: [ 696.620018][T31224] CPU: 2 UID: 0 PID: 31224 Comm: syz.6.10215 Tainted: G L syzkaller #0 PREEMPT(full) [ 696.620036][T31224] Tainted: [L]=SOFTLOCKUP [ 696.620040][T31224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 696.620048][T31224] Call Trace: [ 696.620054][T31224] [ 696.620061][T31224] dump_stack_lvl+0x116/0x1f0 [ 696.620084][T31224] print_circular_bug+0x275/0x340 [ 696.620105][T31224] check_noncircular+0x146/0x160 [ 696.620125][T31224] __lock_acquire+0x1669/0x2890 [ 696.620138][T31224] lock_acquire+0x179/0x330 [ 696.620148][T31224] ? autofs_notify_daemon+0x4a6/0xd60 [ 696.620163][T31224] ? __pfx___might_resched+0x10/0x10 [ 696.620180][T31224] ? __lock_acquire+0x12c2/0x2890 [ 696.620192][T31224] __mutex_lock+0x1aa/0x1ca0 [ 696.620203][T31224] ? autofs_notify_daemon+0x4a6/0xd60 [ 696.620215][T31224] ? __kernel_text_address+0xd/0x40 [ 696.620228][T31224] ? find_held_lock+0x2b/0x80 [ 696.620241][T31224] ? autofs_notify_daemon+0x4a6/0xd60 [ 696.620253][T31224] ? autofs_notify_daemon+0x45a/0xd60 [ 696.620267][T31224] ? __pfx___mutex_lock+0x10/0x10 [ 696.620277][T31224] ? __mutex_unlock_slowpath+0x161/0x790 [ 696.620289][T31224] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 696.620300][T31224] ? from_kgid_munged+0xab/0x130 [ 696.620319][T31224] ? autofs_notify_daemon+0x4a6/0xd60 [ 696.620331][T31224] autofs_notify_daemon+0x4a6/0xd60 [ 696.620345][T31224] ? __pfx_autofs_notify_daemon+0x10/0x10 [ 696.620357][T31224] ? kernfs_fop_write_iter+0x3af/0x570 [ 696.620373][T31224] ? vfs_write+0x7d3/0x11d0 [ 696.620388][T31224] ? ksys_write+0x12a/0x250 [ 696.620409][T31224] ? lockdep_init_map_type+0x5c/0x270 [ 696.620420][T31224] ? lockdep_init_map_type+0x5c/0x270 [ 696.620432][T31224] autofs_wait+0x10f3/0x1ac0 [ 696.620446][T31224] ? __pfx_autofs_wait+0x10/0x10 [ 696.620458][T31224] ? __pfx_path_check_mount+0x10/0x10 [ 696.620469][T31224] ? find_held_lock+0x2b/0x80 [ 696.620483][T31224] ? path_has_submounts+0xcf/0x120 [ 696.620496][T31224] ? do_raw_spin_unlock+0x172/0x230 [ 696.620509][T31224] ? find_held_lock+0x2b/0x80 [ 696.620523][T31224] autofs_mount_wait+0x132/0x3c0 [ 696.620536][T31224] autofs_d_automount+0x4b2/0x960 [ 696.620548][T31224] __traverse_mounts+0x1b9/0x830 [ 696.620561][T31224] step_into_slowpath+0x772/0xf50 [ 696.620575][T31224] ? __up_read+0x2d1/0x700 [ 696.620587][T31224] ? __pfx_step_into_slowpath+0x10/0x10 [ 696.620601][T31224] ? lookup_slow+0x40/0x70 [ 696.620615][T31224] path_lookupat+0x627/0xc40 [ 696.620630][T31224] filename_lookup+0x224/0x5f0 [ 696.620645][T31224] ? __pfx_filename_lookup+0x10/0x10 [ 696.620665][T31224] ? getname_kernel+0x52/0x370 [ 696.620675][T31224] ? __asan_memcpy+0x3c/0x60 [ 696.620690][T31224] kern_path+0x35/0x50 [ 696.620704][T31224] lookup_bdev+0xd8/0x280 [ 696.620716][T31224] ? __pfx_lookup_bdev+0x10/0x10 [ 696.620727][T31224] ? __asan_memcpy+0x3c/0x60 [ 696.620741][T31224] resume_store+0x1d6/0x490 [ 696.620755][T31224] ? __pfx_resume_store+0x10/0x10 [ 696.620770][T31224] ? find_held_lock+0x2b/0x80 [ 696.620784][T31224] ? __pfx_resume_store+0x10/0x10 [ 696.620797][T31224] kobj_attr_store+0x58/0x80 [ 696.620807][T31224] ? __pfx_kobj_attr_store+0x10/0x10 [ 696.620817][T31224] sysfs_kf_write+0xf2/0x150 [ 696.620830][T31224] kernfs_fop_write_iter+0x3af/0x570 [ 696.620848][T31224] ? __pfx_sysfs_kf_write+0x10/0x10 [ 696.620859][T31224] vfs_write+0x7d3/0x11d0 [ 696.620874][T31224] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 696.620892][T31224] ? __pfx_vfs_write+0x10/0x10 [ 696.620906][T31224] ? find_held_lock+0x2b/0x80 [ 696.620924][T31224] ksys_write+0x12a/0x250 [ 696.620940][T31224] ? __pfx_ksys_write+0x10/0x10 [ 696.620957][T31224] __do_fast_syscall_32+0xe8/0x680 [ 696.620969][T31224] do_fast_syscall_32+0x32/0x80 [ 696.620982][T31224] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 696.620998][T31224] RIP: 0023:0xf7fc3579 [ 696.621008][T31224] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 696.621020][T31224] RSP: 002b:00000000f54b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 696.621031][T31224] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 696.621038][T31224] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000 [ 696.621045][T31224] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 696.621051][T31224] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 696.621058][T31224] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 696.621068][T31224] [ 696.804385][T31224] PM: Image not found (code -22) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 697.090375][T31228] 8021q: adding VLAN 0 to HW filter on device bond19 [ 697.176469][T31231] gretap4: entered promiscuous mode [ 697.180672][T31231] bond19: (slave gretap4): making interface the new active one [ 697.197759][T31231] bond19: (slave gretap4): Enslaving as an active interface with an up link [ 702.842556][T11283] block nbd0: Possible stuck request ffff888025c40000: control (read@0,1024B). Runtime 630 seconds [ 702.847037][T11283] block nbd0: Possible stuck request ffff888025c40200: control (read@1024,1024B). Runtime 630 seconds [ 702.851579][T11283] block nbd0: Possible stuck request ffff888025c40400: control (read@2048,1024B). Runtime 630 seconds [ 702.856242][T11283] block nbd0: Possible stuck request ffff888025c40600: control (read@3072,1024B). Runtime 630 seconds