last executing test programs: 2.000310496s ago: executing program 2 (id=663): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000003080)=@newtfilter={0x58, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0xffff, 0x5}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_basic={{0xa}, {0x28, 0x2, [@TCA_BASIC_EMATCHES={0x24, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x4, 0x7, 0x6}, {{0x2, 0x1, 0x1}, {0x3}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x404c000}, 0x0) 1.841039783s ago: executing program 2 (id=670): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r1], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, 0x0, 0x0, 0x0) 1.78029284s ago: executing program 2 (id=672): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="f8000000190001000000000000000000e0000002000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000001"], 0xf8}}, 0x0) connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r1, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d7, 0x0) 807.272133ms ago: executing program 2 (id=691): mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0xfffffff7) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) syz_io_uring_setup(0x360, &(0x7f00000004c0)={0x0, 0x77d0, 0x1, 0x1, 0x2b6, 0x0, r0}, &(0x7f0000000080), &(0x7f0000000180), &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x84, 0x0) 700.250612ms ago: executing program 2 (id=692): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x42, 0x11c) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000400)='system.posix_acl_default\x00', 0x0, 0x0, 0x3) 700.129386ms ago: executing program 2 (id=693): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f0000000000)=0x1000, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xd}}, 0x101}, 0x1c) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)}], 0x1}}], 0x1, 0x48819) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/158, 0x9e, 0x1, 0x0}, &(0x7f0000000180)=0x40) 328.589627ms ago: executing program 3 (id=707): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a64000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a31000000001400048008000240a04b3d02080001400000000308000540000000001c0008800c00014000000000000000090c000240000000000018ab6e14000000110001"], 0x8c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x4e24, 0xdcdf, @loopback, 0xffff}]}, &(0x7f0000000100)=0x10) 328.419705ms ago: executing program 1 (id=708): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 278.914177ms ago: executing program 1 (id=711): mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x200000c, 0x32, 0xffffffffffffffff, 0x41e90000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000c3a0f8ff4100000095"], &(0x7f0000000080)='syzkaller\x00', 0x8, 0x8f, &(0x7f00000015c0)=""/143, 0x0, 0x42, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) 278.791541ms ago: executing program 3 (id=712): pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 217.755492ms ago: executing program 1 (id=714): setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x23}, 0x10) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="020100090a0000000600000000080000030006000000000002000000ffffffff0000008d32000000030005000000000002000000ac1e00010000000340000000020013"], 0x50}}, 0x0) 217.596431ms ago: executing program 3 (id=715): unshare(0x2a020400) r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r0, 0x114, 0x3, 0x0, 0x0) 170.138377ms ago: executing program 1 (id=717): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_DEV(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="29c726bd7000fedbc82519"], 0x1c}}, 0x0) 170.023673ms ago: executing program 3 (id=718): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000080)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x6, 0x0, 0x0, 0x0, 0x18, {[@fastopen={0x22, 0x2}]}}}}}}, 0xfdef) 169.924182ms ago: executing program 0 (id=719): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 109.636354ms ago: executing program 1 (id=720): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 109.414724ms ago: executing program 0 (id=721): r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000980), &(0x7f0000000a00)=0x80) 109.30736ms ago: executing program 0 (id=722): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1}]}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}}, 0xc0}}, 0x4840) 49.728131ms ago: executing program 1 (id=723): r0 = syz_open_dev$loop(&(0x7f0000000500), 0xee8, 0x5042) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_wakeup_irq', 0x20940, 0x1e2) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000140)={r1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x5, 0xc, "c44ef9682a689185ff07ec0f9eddd770e010a8b62022fd106fa715e63fee8ab07f3c19ed0c04afcaba06f6d9584488da0162d4cc7030ec4f7b9ab89b3e192e4a", "8bc975aabbbbe9e4cbb0e98d43a12e12538b330e6fe3bce73919393417abdc6c58f0abd4f0c29b3c71757f74bc429c808f46e9cda4584203143a0b9705fb16b6", "666f1d5f5c43005b310134ce9a6d0369862b72c1f9f4980a2346c4dd62ad8050", [0x6, 0x61fe]}}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 49.451977ms ago: executing program 0 (id=724): pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 49.282733ms ago: executing program 3 (id=725): unshare(0x6020400) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x40187013, &(0x7f0000000040)={0x1, 0x0, {0x0, 0xfffffffb, 0xffffffff, 0xfffffffe, 0x10005, 0x0, 0x6}}) 252.814µs ago: executing program 0 (id=726): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x1aa042) ioctl$USBDEVFS_CONNECTINFO(r0, 0x40085511, &(0x7f0000000040)) 107.395µs ago: executing program 3 (id=727): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) epoll_create(0x7) syz_clone(0xd2205491, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=728): ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x6, 'veth0_vlan\x00', {0x3}, 0x101}) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) io_uring_setup(0x7b82, &(0x7f0000000140)={0x0, 0xa936, 0x2, 0x1, 0x349}) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1f, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:56087' (ED25519) to the list of known hosts. [ 102.491949][ T5928] cgroup: Unknown subsys name 'net' [ 102.673595][ T5928] cgroup: Unknown subsys name 'cpuset' [ 102.679076][ T5928] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 103.609192][ T5928] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 106.916379][ T5952] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.916961][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 106.919363][ T5952] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 106.921970][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 106.926546][ T5952] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 106.929035][ T5952] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 106.929228][ T5955] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.932844][ T5953] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 106.934753][ T5955] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.936654][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 106.938820][ T5955] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.941419][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 106.942639][ T5955] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.945099][ T5958] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 106.945610][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.950875][ T5955] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.952863][ T5958] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 106.960455][ T5958] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 106.966971][ T5958] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 106.980274][ T5958] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 107.193280][ T5945] chnl_net:caif_netlink_parms(): no params data found [ 107.262318][ T5957] chnl_net:caif_netlink_parms(): no params data found [ 107.272159][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 107.335732][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 107.393306][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.396168][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.399034][ T5945] bridge_slave_0: entered allmulticast mode [ 107.402918][ T5945] bridge_slave_0: entered promiscuous mode [ 107.408156][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.411132][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.413941][ T5945] bridge_slave_1: entered allmulticast mode [ 107.417155][ T5945] bridge_slave_1: entered promiscuous mode [ 107.458172][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.460555][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.462872][ T5944] bridge_slave_0: entered allmulticast mode [ 107.465541][ T5944] bridge_slave_0: entered promiscuous mode [ 107.468292][ T5957] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.470680][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.472972][ T5957] bridge_slave_0: entered allmulticast mode [ 107.475679][ T5957] bridge_slave_0: entered promiscuous mode [ 107.483481][ T5957] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.485804][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.488108][ T5957] bridge_slave_1: entered allmulticast mode [ 107.491546][ T5957] bridge_slave_1: entered promiscuous mode [ 107.497355][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.499639][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.502102][ T5944] bridge_slave_1: entered allmulticast mode [ 107.504783][ T5944] bridge_slave_1: entered promiscuous mode [ 107.509090][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.533744][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.558426][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.567563][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.581928][ T5957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.592183][ T5945] team0: Port device team_slave_0 added [ 107.595322][ T5945] team0: Port device team_slave_1 added [ 107.597278][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.600868][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.603614][ T5946] bridge_slave_0: entered allmulticast mode [ 107.606369][ T5946] bridge_slave_0: entered promiscuous mode [ 107.609524][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.612356][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.614811][ T5946] bridge_slave_1: entered allmulticast mode [ 107.617600][ T5946] bridge_slave_1: entered promiscuous mode [ 107.626441][ T5957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.647434][ T5944] team0: Port device team_slave_0 added [ 107.667112][ T5944] team0: Port device team_slave_1 added [ 107.670066][ T5957] team0: Port device team_slave_0 added [ 107.673110][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.676581][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.678967][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.689586][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.694958][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.697189][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.705613][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.716746][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.720978][ T5957] team0: Port device team_slave_1 added [ 107.747078][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.749288][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.757592][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.763403][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.765634][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.774042][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.777943][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.780418][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.788476][ T5957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.803379][ T5946] team0: Port device team_slave_0 added [ 107.805806][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.808722][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.819031][ T5957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.839201][ T5946] team0: Port device team_slave_1 added [ 107.854940][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.857169][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.865336][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.872277][ T5945] hsr_slave_0: entered promiscuous mode [ 107.874706][ T5945] hsr_slave_1: entered promiscuous mode [ 107.896453][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.898588][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.906868][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.925968][ T5944] hsr_slave_0: entered promiscuous mode [ 107.928360][ T5944] hsr_slave_1: entered promiscuous mode [ 107.931184][ T5944] debugfs: 'hsr0' already exists in 'hsr' [ 107.933160][ T5944] Cannot create hsr debugfs directory [ 107.948158][ T5957] hsr_slave_0: entered promiscuous mode [ 107.951047][ T5957] hsr_slave_1: entered promiscuous mode [ 107.953121][ T5957] debugfs: 'hsr0' already exists in 'hsr' [ 107.955014][ T5957] Cannot create hsr debugfs directory [ 108.012149][ T5946] hsr_slave_0: entered promiscuous mode [ 108.014540][ T5946] hsr_slave_1: entered promiscuous mode [ 108.016653][ T5946] debugfs: 'hsr0' already exists in 'hsr' [ 108.018541][ T5946] Cannot create hsr debugfs directory [ 108.220657][ T5945] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 108.227129][ T5945] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 108.243769][ T5945] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 108.252968][ T5945] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 108.290598][ T5957] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 108.296166][ T5957] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 108.300849][ T5957] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 108.305908][ T5957] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 108.353560][ T5944] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 108.357976][ T5944] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 108.364501][ T5944] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 108.368922][ T5944] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.414052][ T5946] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 108.420624][ T5946] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 108.433945][ T5946] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 108.442333][ T5946] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.451640][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.473871][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.494845][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.497221][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.517953][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.520332][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.531847][ T5957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.557409][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.562360][ T5957] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.576596][ T220] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.578887][ T220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.585978][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.595606][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.600294][ T94] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.602661][ T94] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.606103][ T94] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.608445][ T94] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.616300][ T94] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.618638][ T94] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.634596][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.640025][ T220] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.642321][ T220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.661000][ T220] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.663310][ T220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.709572][ T5946] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 108.713436][ T5946] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 108.734076][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.768715][ T5945] veth0_vlan: entered promiscuous mode [ 108.783953][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.787263][ T5945] veth1_vlan: entered promiscuous mode [ 108.811762][ T5957] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.835214][ T5945] veth0_macvtap: entered promiscuous mode [ 108.846597][ T5945] veth1_macvtap: entered promiscuous mode [ 108.860929][ T5944] veth0_vlan: entered promiscuous mode [ 108.872940][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.877352][ T5944] veth1_vlan: entered promiscuous mode [ 108.883680][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.900969][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.903924][ T5957] veth0_vlan: entered promiscuous mode [ 108.917462][ T5957] veth1_vlan: entered promiscuous mode [ 108.921478][ T1174] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.924504][ T1174] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.942071][ T1174] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.946076][ T1174] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.956258][ T5944] veth0_macvtap: entered promiscuous mode [ 108.963137][ T5946] veth0_vlan: entered promiscuous mode [ 108.968160][ T5944] veth1_macvtap: entered promiscuous mode [ 108.985445][ T5946] veth1_vlan: entered promiscuous mode [ 109.017302][ T5957] veth0_macvtap: entered promiscuous mode [ 109.028485][ T5957] veth1_macvtap: entered promiscuous mode [ 109.030454][ T5952] Bluetooth: hci1: command tx timeout [ 109.030457][ T5958] Bluetooth: hci3: command tx timeout [ 109.031849][ T5952] Bluetooth: hci0: command tx timeout [ 109.031898][ T5950] Bluetooth: hci2: command tx timeout [ 109.043734][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.048416][ T1174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.050908][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.051873][ T1174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.065379][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.070502][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.087016][ T60] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.090679][ T60] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.116899][ T60] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.120525][ T60] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.125427][ T5946] veth0_macvtap: entered promiscuous mode [ 109.130131][ T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.135220][ T94] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.138094][ T94] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.148349][ T5946] veth1_macvtap: entered promiscuous mode [ 109.151940][ T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.155600][ T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.163666][ T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.216318][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.225157][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.225702][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.228507][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.233997][ T5945] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 109.240537][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.250700][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.299355][ T1149] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.299748][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.307670][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.314657][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.317964][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.323576][ T94] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.326077][ T94] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.334046][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.337593][ T6031] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'. [ 109.349300][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.359069][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.410832][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.413630][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.879589][ T6089] process 'syz.2.20' launched './file0' with NULL argv: empty string added [ 111.109947][ T5958] Bluetooth: hci1: command tx timeout [ 111.110482][ T5950] Bluetooth: hci3: command tx timeout [ 111.110623][ T5955] Bluetooth: hci2: command tx timeout [ 111.112079][ T5952] Bluetooth: hci0: command tx timeout [ 112.141741][ T6168] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 112.145401][ T6168] block device autoloading is deprecated and will be removed. [ 112.624549][ T6200] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 112.628460][ T6200] block device autoloading is deprecated and will be removed. [ 112.797204][ T6219] Zero length message leads to an empty skb [ 113.022768][ T6233] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 113.026250][ T6233] block device autoloading is deprecated and will be removed. [ 113.193151][ T5952] Bluetooth: hci3: command tx timeout [ 113.193215][ T5950] Bluetooth: hci2: command tx timeout [ 113.195339][ T5952] Bluetooth: hci0: command tx timeout [ 113.195366][ T5952] Bluetooth: hci1: command tx timeout [ 113.805226][ T6297] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 113.809253][ T6297] block device autoloading is deprecated and will be removed. [ 114.381374][ T6356] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.519447][ T6366] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 114.522617][ T6366] block device autoloading is deprecated and will be removed. [ 114.986709][ T6394] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 114.996222][ T6394] block device autoloading is deprecated and will be removed. [ 115.272219][ T5950] Bluetooth: hci1: command tx timeout [ 115.272274][ T5958] Bluetooth: hci2: command tx timeout [ 115.272315][ T5955] Bluetooth: hci3: command tx timeout [ 115.272341][ T5952] Bluetooth: hci0: command tx timeout [ 115.863682][ T6477] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 115.868091][ T6477] block device autoloading is deprecated and will be removed. [ 116.674740][ T6540] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 116.677777][ T6540] block device autoloading is deprecated and will be removed. [ 116.851208][ T6564] syzkaller0: entered promiscuous mode [ 116.853566][ T6564] syzkaller0: entered allmulticast mode [ 117.036419][ T6580] netlink: 'syz.0.229': attribute type 1 has an invalid length. [ 117.137551][ T6580] bond1: (slave geneve2): making interface the new active one [ 117.142539][ T6580] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 117.150628][ T6594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.234'. [ 117.161319][ T1174] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 117.164778][ T1174] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 117.169093][ T1174] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 117.193272][ T1174] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 117.196280][ T6580] netlink: 'syz.0.229': attribute type 46 has an invalid length. [ 118.561132][ T6658] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 118.565206][ T6658] block device autoloading is deprecated and will be removed. [ 121.415098][ T6804] 9p: Bad value for 'wfdno' [ 121.721320][ T6832] 9p: Bad value for 'wfdno' [ 121.725393][ T6833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.328'. [ 122.156950][ T6870] 9p: Bad value for 'rfdno' [ 122.413859][ T6897] 9p: Bad value for 'rfdno' [ 125.276527][ T7162] 9p: Bad value for 'wfdno' [ 125.595247][ T7202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.486'. [ 125.612930][ T7202] veth0_macvtap: entered allmulticast mode [ 125.633081][ T7205] syzkaller0: entered promiscuous mode [ 125.637808][ T7205] syzkaller0: entered allmulticast mode [ 125.810917][ T7223] 9p: Bad value for 'wfdno' [ 126.010496][ T7239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.502'. [ 126.014658][ T7239] veth0_macvtap: entered allmulticast mode [ 126.066458][ T7242] syzkaller0: entered promiscuous mode [ 126.068693][ T7242] syzkaller0: entered allmulticast mode [ 126.398427][ T7270] syzkaller0: entered promiscuous mode [ 126.400691][ T7270] syzkaller0: entered allmulticast mode [ 126.529393][ T7285] 9p: Bad value for 'wfdno' [ 126.733971][ T7303] sctp: [Deprecated]: syz.1.534 (pid 7303) Use of struct sctp_assoc_value in delayed_ack socket option. [ 126.733971][ T7303] Use struct sctp_sack_info instead [ 126.763957][ T7305] 9p: Bad value for 'wfdno' [ 126.834819][ T7313] netlink: 592 bytes leftover after parsing attributes in process `syz.1.539'. [ 127.112495][ T7340] netlink: 592 bytes leftover after parsing attributes in process `syz.3.552'. [ 127.305362][ T7366] netlink: 592 bytes leftover after parsing attributes in process `syz.3.565'. [ 127.628568][ T7407] syz.0.584 uses obsolete (PF_INET,SOCK_PACKET) [ 128.081846][ T7433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.596'. [ 128.384542][ T7447] netlink: 'syz.2.601': attribute type 12 has an invalid length. [ 129.089846][ T7469] 9p: Bad value for 'wfdno' [ 129.539876][ T7479] IPv6: addrconf: prefix option has invalid lifetime [ 129.635781][ T7485] syzkaller0: entered promiscuous mode [ 129.638274][ T7485] syzkaller0: entered allmulticast mode [ 129.724298][ T7491] 9p: Bad value for 'wfdno' [ 130.088522][ T7508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.625'. [ 130.745518][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.638'. [ 130.748511][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.638'. [ 130.751533][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.638'. [ 130.773794][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.638'. [ 130.777108][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.638'. [ 130.781076][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.638'. [ 130.882400][ T7552] netlink: 'syz.3.642': attribute type 46 has an invalid length. [ 131.004847][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.638'. [ 131.008530][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.638'. [ 131.016887][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.2.638'. [ 131.251773][ T7569] netlink: 12 bytes leftover after parsing attributes in process `syz.2.649'. [ 132.261559][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.269933][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.272545][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.279771][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.282312][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.285007][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.287641][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.291185][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.293854][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.296523][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 132.321833][ T9] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz0] on syz0 [ 132.376668][ T7602] fido_id[7602]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 132.505684][ T7617] futex_wake_op: syz.0.668 tries to shift op by 32; fix this program [ 133.357675][ T7658] syzkaller0: entered promiscuous mode [ 133.359481][ T7658] syzkaller0: entered allmulticast mode [ 134.249317][ T7733] loop6: detected capacity change from 0 to 8 [ 134.254484][ C3] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.258206][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.261205][ C0] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.265593][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.271112][ C0] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.275546][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.279307][ C0] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.283921][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.287390][ C0] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.291785][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.295746][ C1] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.299478][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.302461][ C0] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.306027][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.309315][ C0] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.313249][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.316373][ T7733] ldm_validate_partition_table(): Disk read failed. [ 134.350634][ T7740] [ 134.351552][ T7740] ====================================================== [ 134.354122][ T7740] WARNING: possible circular locking dependency detected [ 134.356719][ T7740] syzkaller #0 Not tainted [ 134.358630][ T7740] ------------------------------------------------------ [ 134.360938][ T7740] syz.1.723/7740 is trying to acquire lock: [ 134.362839][ T7740] ffff88801caf4220 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 134.365962][ T7740] [ 134.365962][ T7740] but task is already holding lock: [ 134.368214][ T7740] ffff8880268fb008 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 134.371780][ T7740] [ 134.371780][ T7740] which lock already depends on the new lock. [ 134.371780][ T7740] [ 134.375386][ T7740] [ 134.375386][ T7740] the existing dependency chain (in reverse order) is: [ 134.378396][ T7740] [ 134.378396][ T7740] -> #2 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 134.381023][ T7740] blk_alloc_queue+0x610/0x790 [ 134.382663][ T7740] blk_mq_alloc_queue+0x174/0x290 [ 134.384353][ T7740] __blk_mq_alloc_disk+0x29/0x120 [ 134.386041][ T7740] loop_add+0x498/0xb60 [ 134.387513][ T7740] loop_init+0x1d3/0x200 [ 134.389084][ T7740] do_one_initcall+0x11d/0x760 [ 134.390967][ T7740] kernel_init_freeable+0x6e5/0x7a0 [ 134.392969][ T7740] kernel_init+0x1f/0x1e0 [ 134.394782][ T7740] ret_from_fork+0x754/0xd80 [ 134.396360][ T7740] ret_from_fork_asm+0x1a/0x30 [ 134.397997][ T7740] [ 134.397997][ T7740] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 134.400195][ T7740] fs_reclaim_acquire+0xc4/0x100 [ 134.401816][ T7740] kmem_cache_alloc_noprof+0x4c/0x6e0 [ 134.403649][ T7740] __kernfs_iattrs+0x126/0x400 [ 134.405326][ T7740] __kernfs_setattr+0x4d/0x3c0 [ 134.407055][ T7740] kernfs_iop_setattr+0xda/0x130 [ 134.409194][ T7740] notify_change+0xb25/0x1330 [ 134.411198][ T7740] do_truncate+0x1df/0x240 [ 134.412946][ T7740] path_openat+0x2a55/0x31a0 [ 134.414761][ T7740] do_file_open+0x20e/0x430 [ 134.416367][ T7740] do_sys_openat2+0x10d/0x1e0 [ 134.417949][ T7740] __x64_sys_openat+0x12d/0x210 [ 134.419622][ T7740] do_syscall_64+0x106/0xf80 [ 134.421200][ T7740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.423192][ T7740] [ 134.423192][ T7740] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 134.425897][ T7740] __lock_acquire+0x14b8/0x2630 [ 134.427653][ T7740] lock_acquire+0x1cf/0x380 [ 134.429498][ T7740] down_read+0x99/0x460 [ 134.431423][ T7740] kernfs_iop_getattr+0x9c/0xf0 [ 134.433317][ T7740] vfs_getattr_nosec+0x2d4/0x430 [ 134.435217][ T7740] vfs_getattr+0x4a/0x60 [ 134.436802][ T7740] loop_query_min_dio_size.isra.0+0x117/0x250 [ 134.439106][ T7740] lo_ioctl+0x13aa/0x1bc0 [ 134.440690][ T7740] lo_compat_ioctl+0xf3/0x160 [ 134.442399][ T7740] compat_blkdev_ioctl+0x682/0x7b0 [ 134.444349][ T7740] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 134.446628][ T7740] __do_fast_syscall_32+0xe3/0x8c0 [ 134.448744][ T7740] do_fast_syscall_32+0x32/0x70 [ 134.450646][ T7740] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 134.452866][ T7740] [ 134.452866][ T7740] other info that might help us debug this: [ 134.452866][ T7740] [ 134.456093][ T7740] Chain exists of: [ 134.456093][ T7740] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#23 [ 134.456093][ T7740] [ 134.460666][ T7740] Possible unsafe locking scenario: [ 134.460666][ T7740] [ 134.463028][ T7740] CPU0 CPU1 [ 134.464779][ T7740] ---- ---- [ 134.466612][ T7740] lock(&q->q_usage_counter(io)#23); [ 134.468649][ T7740] lock(fs_reclaim); [ 134.471236][ T7740] lock(&q->q_usage_counter(io)#23); [ 134.473789][ T7740] rlock(&root->kernfs_iattr_rwsem); [ 134.475617][ T7740] [ 134.475617][ T7740] *** DEADLOCK *** [ 134.475617][ T7740] [ 134.478178][ T7740] 3 locks held by syz.1.723/7740: [ 134.479829][ T7740] #0: ffff888026cf0448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 134.483200][ T7740] #1: ffff8880268fb008 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 134.487176][ T7740] #2: ffff8880268fb040 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 134.491113][ T7740] [ 134.491113][ T7740] stack backtrace: [ 134.493009][ T7740] CPU: 1 UID: 0 PID: 7740 Comm: syz.1.723 Not tainted syzkaller #0 PREEMPT(full) [ 134.493022][ T7740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 134.493029][ T7740] Call Trace: [ 134.493033][ T7740] [ 134.493038][ T7740] dump_stack_lvl+0x100/0x190 [ 134.493057][ T7740] print_circular_bug.cold+0x178/0x1c7 [ 134.493077][ T7740] check_noncircular+0x146/0x160 [ 134.493095][ T7740] __lock_acquire+0x14b8/0x2630 [ 134.493111][ T7740] lock_acquire+0x1cf/0x380 [ 134.493124][ T7740] ? kernfs_iop_getattr+0x9c/0xf0 [ 134.493141][ T7740] ? __pfx___might_resched+0x10/0x10 [ 134.493159][ T7740] down_read+0x99/0x460 [ 134.493172][ T7740] ? kernfs_iop_getattr+0x9c/0xf0 [ 134.493186][ T7740] ? find_held_lock+0x2b/0x80 [ 134.493195][ T7740] ? __pfx_down_read+0x10/0x10 [ 134.493206][ T7740] ? kernfs_root+0xee/0x2a0 [ 134.493222][ T7740] kernfs_iop_getattr+0x9c/0xf0 [ 134.493236][ T7740] vfs_getattr_nosec+0x2d4/0x430 [ 134.493250][ T7740] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 134.493266][ T7740] vfs_getattr+0x4a/0x60 [ 134.493277][ T7740] loop_query_min_dio_size.isra.0+0x117/0x250 [ 134.493295][ T7740] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 134.493316][ T7740] lo_ioctl+0x13aa/0x1bc0 [ 134.493333][ T7740] ? __pfx_lo_ioctl+0x10/0x10 [ 134.493349][ T7740] ? tomoyo_path_number_perm+0x46d/0x580 [ 134.493363][ T7740] ? kasan_quarantine_put+0x104/0x240 [ 134.493380][ T7740] ? blk_get_meta_cap+0xd4/0x6c0 [ 134.493396][ T7740] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 134.493411][ T7740] ? find_held_lock+0x2b/0x80 [ 134.493420][ T7740] ? tomoyo_path_number_perm+0x28f/0x580 [ 134.493434][ T7740] ? blkdev_common_ioctl+0x515/0x2ba0 [ 134.493451][ T7740] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 134.493468][ T7740] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 134.493480][ T7740] ? do_vfs_ioctl+0x226/0x13e0 [ 134.493494][ T7740] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 134.493511][ T7740] lo_compat_ioctl+0xf3/0x160 [ 134.493528][ T7740] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 134.493543][ T7740] compat_blkdev_ioctl+0x682/0x7b0 [ 134.493560][ T7740] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 134.493578][ T7740] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 134.493594][ T7740] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 134.493611][ T7740] __do_fast_syscall_32+0xe3/0x8c0 [ 134.493623][ T7740] do_fast_syscall_32+0x32/0x70 [ 134.493634][ T7740] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 134.493648][ T7740] RIP: 0023:0xf7ff4f6c [ 134.493658][ T7740] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 134.493674][ T7740] RSP: 002b:00000000f549550c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 134.493686][ T7740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c06 [ 134.493693][ T7740] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 134.493700][ T7740] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 134.493707][ T7740] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 134.493714][ T7740] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 134.493725][ T7740] [ 134.594027][ C3] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.597259][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.600159][ C0] critical medium error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 134.604927][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 134.609577][ T7733] Dev loop6: unable to read RDB block 0 [ 134.612771][ T7733] loop6: unable to read partition table [ 134.615325][ T7733] loop6: partition table beyond EOD, truncated [ 134.617981][ T7733] loop_reread_partitions: partition scan of loop6 (ÄNùh*h‘…ÿìžÝ×pਸ਼ "ýo§æ?<í ¯ÊºöÙXDˆÚbÔÌp0ìO{š¸›>.) failed (rc=-5) [ 134.624376][ T5936] ldm_validate_partition_table(): Disk read failed. [ 134.627258][ T5936] Dev loop6: unable to read RDB block 0 [ 134.630083][ T5936] loop6: unable to read partition table [ 134.632720][ T5936] loop6: partition table beyond EOD, truncated [ 134.637178][ T7740] ldm_validate_partition_table(): Disk read failed. [ 134.641971][ T7740] Dev loop6: unable to read RDB block 0 [ 134.644119][ T7740] loop6: unable to read partition table [ 134.646084][ T7740] loop6: partition table beyond EOD, truncated [ 134.648224][ T7740] loop_reread_partitions: partition scan of loop6 (ÄNùh*h‘…ÿìžÝ×pਸ਼ "ýo§æ?<í ¯ÊºöÙXDˆÚbÔÌp0ìO{š¸›>.) failed (rc=-5) [ 137.602058][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.604831][ T1414] ieee802154 phy1 wpan1: encryption failed: -22