last executing test programs: 3m54.25157944s ago: executing program 2 (id=4602): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x40000000000000) 3m54.248117699s ago: executing program 2 (id=4604): r0 = socket(0x2, 0xa, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setuid(0xee01) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'gre0\x00', 0x0}) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 3m54.1712376s ago: executing program 2 (id=4605): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./bus\x00', 0x85) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = openat2$dir(0xffffff9c, &(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)=ANY=[]) 3m54.127710071s ago: executing program 2 (id=4607): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000280)='./file0\x00') 3m54.048730855s ago: executing program 2 (id=4610): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000500)=@file={0x1, './file0\x00'}, 0x6e) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x284182, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000002e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r1, r0]}}], 0x14}}], 0x1, 0x2000c044) 3m53.801719407s ago: executing program 2 (id=4616): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x120) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file1\x00', 0x103841, 0x186) 3m53.729516203s ago: executing program 32 (id=4616): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x120) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file1\x00', 0x103841, 0x186) 2m4.918815377s ago: executing program 0 (id=6344): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000800)=[{{&(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10, 0x0}}], 0x1, 0x2400c0a2) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 2m4.817164951s ago: executing program 0 (id=6346): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x2, @thr={0x0, &(0x7f00000002c0)="2b3796908f8c0827ddeee90ea498c6a9fad4a7f5f72d0ae35750ad1c147a235712af28f55386492f8372a1de5d5df2ca"}}, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 2m4.719433488s ago: executing program 0 (id=6347): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(r2, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd03, 0x25dfdbf9, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x43}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810) close_range(r0, 0xffffffffffffffff, 0x0) 2m4.719120859s ago: executing program 0 (id=6348): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount(0x0, &(0x7f00000002c0)='./file0/../file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) chroot(&(0x7f0000000580)='./file0/../file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00') 2m4.638624117s ago: executing program 0 (id=6349): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x1c0) r0 = landlock_create_ruleset(&(0x7f0000000180)={0x100, 0x0, 0x1}, 0x18, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x200000, 0xc) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x100, r1}, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x100, r2}, 0x0) 2m4.359718146s ago: executing program 0 (id=6353): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{0x6, 0x29, 0x80, 0x7, 0xfffffffd, 0x91b4}, [@TCA_NETEM_RATE={0x14, 0x6, {0x5, 0x7, 0x7fffffff}}]}}}]}, 0x60}}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x2) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e25, 0x0, @empty, 0x7}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 2m4.284872534s ago: executing program 33 (id=6353): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{0x6, 0x29, 0x80, 0x7, 0xfffffffd, 0x91b4}, [@TCA_NETEM_RATE={0x14, 0x6, {0x5, 0x7, 0x7fffffff}}]}}}]}, 0x60}}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x2) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e25, 0x0, @empty, 0x7}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 2.256812009s ago: executing program 4 (id=8361): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) setuid(0xee00) r0 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000), &(0x7f0000000000)) setrlimit(0x40000000000008, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) 2.038088797s ago: executing program 4 (id=8364): io_pgetevents(0x0, 0x7c87, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x29, 0x5, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000b80)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x8}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) recvmsg(r0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x12000) 1.205189828s ago: executing program 5 (id=8378): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000002c0)=ANY=[@ANYRES32=r2, @ANYBLOB="02"], 0x9) sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4e20, @rand_addr=0x64010102}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000400)='`', 0x1}], 0x1}, 0x20000000) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000100)={r2, 0x2}, 0x8) 1.173340384s ago: executing program 1 (id=8379): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x2c040002) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {0x0, 0xfff1}, {0x0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) 1.025056947s ago: executing program 1 (id=8380): r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x702}]}, 0x34}}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295a5, 0x0, 0x0, {0xa, 0x68, 0x0, 0xc8, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1.024830133s ago: executing program 1 (id=8381): prlimit64(0x0, 0xe, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r0, &(0x7f00000001c0)=ANY=[], 0x200002e6) fcntl$setpipe(r0, 0x407, 0x7000000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 936.28328ms ago: executing program 4 (id=8382): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.idle_time\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100)=r2, 0x4) sendmsg$unix(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001700)="4ae0aa7115", 0x5}], 0x1}, 0x0) sendmsg$inet(r1, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x20000800) recvmsg$unix(r0, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x40000062) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x2) 453.486356ms ago: executing program 1 (id=8392): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000100)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_setup(0x8, &(0x7f0000000600)=0x0) io_submit(r2, 0x2000000000000390, &(0x7f0000001300)=[&(0x7f0000000380)={0x0, 0x0, 0x0, 0x5, 0x6, r1, 0x0}]) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c643c, &(0x7f0000000300)={0x0, 0x0, r0}) 298.035458ms ago: executing program 5 (id=8394): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x810}, 0x4084) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x62) listen(r0, 0xd) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, 0x94) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60) 297.912924ms ago: executing program 5 (id=8395): r0 = socket(0x10, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x20, 0x4) setsockopt$sock_attach_bpf(r2, 0x1, 0x34, &(0x7f00000000c0)=r1, 0x4) listen(r2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 217.531774ms ago: executing program 5 (id=8396): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 217.30779ms ago: executing program 1 (id=8397): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 217.088787ms ago: executing program 3 (id=8398): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2040, 0x0) 216.827811ms ago: executing program 5 (id=8399): syz_extract_tcp_res(0x0, 0xfffffff7, 0x6) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001800ffff2cbd7000000000010a000000ff00000800090000080010008b0100000400088047b56b3c67d3f0d19c3a9a73d6399c2e4043c30b5df736a2b51cc5f938319aa2421185628c8b2887761b753943659256e85087e105433fcb0947268367efc9b99c818fe46ba01c767075386e828b2e0b69b69772c6613162435721689381dd2a650672b5cdd7896e70afd8935ea339d360981dc6d8cb45ed7d20f457386a3c7e30f55e3876c4eb856529065dade802df75c48fcb158678929b4c34fed8bd47ef"], 0x28}}, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000180)='veth1_to_hsr\x00', 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newlink={0x68, 0x10, 0xffffffffffffffff, 0x70bd2b, 0x25dfdbbb, {0x0, 0x0, 0x0, 0x0, 0x50a10, 0x51a23}, [@IFLA_LINKINFO={0x48, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x34, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x3, 0x30}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}, @IFLA_GRE_LOCAL={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}]}, 0x68}, 0x1, 0x20000, 0x0, 0x240440d5}, 0x9080) 182.548511ms ago: executing program 1 (id=8400): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) pipe2(&(0x7f0000001440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r2, 0x0, r1, 0x0, 0x6, 0x0) write(r1, &(0x7f00000002c0)="fe", 0xfdef) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) sendmsg$NFNL_MSG_CTHELPER_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000010901"], 0x14}}, 0x0) 163.241651ms ago: executing program 5 (id=8401): prlimit64(0x0, 0xe, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r0, &(0x7f00000001c0)=ANY=[], 0x200002e6) fcntl$setpipe(r0, 0x407, 0x7000000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 163.115499ms ago: executing program 3 (id=8402): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x5, 0x0, &(0x7f0000000040)=0x272) 104.986739ms ago: executing program 3 (id=8403): r0 = socket(0x1, 0x80802, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x8) r3 = socket$packet(0x11, 0x2, 0x300) bind$packet(r3, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x8) 104.788632ms ago: executing program 3 (id=8404): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_newneigh={0x24, 0x1c, 0x1, 0x70bd28, 0x25dfdbfe, {0x2, 0x0, 0x0, r2, 0x3f, 0x22, 0x9}, [@NDA_DST_IPV4={0x8, 0x1, @empty}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000004) r3 = socket(0x8000000010, 0x2, 0x0) write(r3, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) 103.088206ms ago: executing program 4 (id=8405): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23c, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000a00)={r4, r2, r3, 0x0, 0x20, 0xffffffcd, 0x0, 0x3, 0x0, 0x0, 0x30000, 0x200000}) 25.610389ms ago: executing program 4 (id=8406): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) r2 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000080)=r1, 0x4) bpf$LINK_DETACH(0x22, &(0x7f0000000180)=r2, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r2, r0, 0x4, r0}, 0x5) 24.861927ms ago: executing program 3 (id=8407): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000000), r0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r2) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x437, 0x800000, 0x0, {0x0, 0x0, 0x0, r3, 0x504c3}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8, 0x1, @udp6}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c014}, 0x0) sendmsg$GTP_CMD_DELPDP(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x30, r1, 0x3, 0x70bd2c, 0xe, {}, [@GTPA_LINK={0x8, 0x1, r3}, @GTPA_VERSION={0x8}, @GTPA_TID={0xc, 0x3, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x44800}, 0x20000000) 24.511808ms ago: executing program 4 (id=8408): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01030003000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010001ffffcfffffffdffffff00000000", @ANYRES32=0x0, @ANYBLOB="0002010000000000240012800b00010065727370616e000014000280050016000000000008000700ac1414bb08000a00", @ANYRES32=r3], 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x0) 0s ago: executing program 3 (id=8409): unshare(0x6020400) r0 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r1 = fsmount(r0, 0x0, 0x0) setreuid(0x0, 0xee00) syz_clone3(&(0x7f0000000340)={0x201800000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58) kernel console output (not intermixed with test programs): le to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.069982][T19414] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.5576'. [ 520.070819][ T40] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 520.077723][T19414] netlink: Conntrack attr has 4 unknown bytes [ 520.100272][ T40] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 520.177487][ T5742] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.233180][T19430] overlayfs: failed to clone upperpath [ 520.473790][T19449] kvm: user requested TSC rate below hardware speed [ 520.817227][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 520.898282][ T40] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 521.137372][ T40] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 521.217376][ T842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 522.076078][T19503] Bluetooth: hci0: unsupported parameter 255 [ 522.079282][T19503] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 522.637091][T19525] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5633'. [ 522.782005][T19535] kvm: user requested TSC rate below hardware speed [ 523.238158][ T5824] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 523.387253][ T5824] usb 5-1: Using ep0 maxpacket: 16 [ 523.390025][ T5824] usb 5-1: too many configurations: 123, using maximum allowed: 8 [ 523.394472][ T5824] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.401484][ T5824] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.407432][ T5824] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.413490][ T5824] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.420024][ T5824] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.426513][ T5824] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.432776][ T5824] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.443165][ T5824] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.448817][ T5824] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 523.453216][ T5824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 523.457824][ T5824] usb 5-1: SerialNumber: syz [ 523.468748][ T5824] usb 5-1: config 0 descriptor?? [ 523.508879][ T5824] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input70 [ 523.696370][ T5131] bcm5974 5-1:0.0: could not read from device [ 523.701840][ T5131] bcm5974 5-1:0.0: could not read from device [ 523.704314][ T5824] usb 5-1: USB disconnect, device number 60 [ 523.937286][ C2] net_ratelimit: 13 callbacks suppressed [ 523.937306][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 524.057375][ T9] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 524.177732][ T5824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 524.219312][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 524.223907][ T9] usb 6-1: config 4 has an invalid interface number: 201 but max is 0 [ 524.227813][ T9] usb 6-1: config 4 has no interface number 0 [ 524.230741][ T9] usb 6-1: config 4 interface 201 has no altsetting 0 [ 524.236575][ T9] usb 6-1: New USB device found, idVendor=47ed, idProduct=31ab, bcdDevice=a6.55 [ 524.240872][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.244661][ T9] usb 6-1: Product: syz [ 524.246652][ T9] usb 6-1: Manufacturer: syz [ 524.249525][ T9] usb 6-1: SerialNumber: syz [ 524.349957][ T842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 524.472777][ T9] usb 6-1: USB disconnect, device number 55 [ 524.826621][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 524.882227][T19612] netlink: 'syz.3.5661': attribute type 1 has an invalid length. [ 524.885550][T19612] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.5661'. [ 524.977280][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 525.274648][T19630] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5669'. [ 525.372072][T19636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5673'. [ 525.377522][ T842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.022136][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 526.050026][ T842] libceph: connect (1)[c::]:6789 error -101 [ 526.053483][ T842] libceph: mon0 (1)[c::]:6789 connect error [ 526.054148][T19670] vivid-000: disconnect [ 526.076507][T19669] vivid-000: reconnect [ 526.107509][ T5825] libceph: connect (1)[c::]:6789 error -101 [ 526.109656][ T5825] libceph: mon0 (1)[c::]:6789 connect error [ 526.310348][ T842] libceph: connect (1)[c::]:6789 error -101 [ 526.312873][ T842] libceph: mon0 (1)[c::]:6789 connect error [ 526.367677][ T40] libceph: connect (1)[c::]:6789 error -101 [ 526.370340][ T40] libceph: mon0 (1)[c::]:6789 connect error [ 526.403187][T19690] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.410711][T19690] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 526.420999][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.427224][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.430089][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.458705][T19690] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 526.464962][T19690] virt_wifi0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 526.470285][T19690] veth1_macvtap: left promiscuous mode [ 526.472964][T19690] veth0_macvtap: left promiscuous mode [ 526.475465][T19690] veth0_macvtap: entered promiscuous mode [ 526.478623][T19690] veth1_macvtap: entered promiscuous mode [ 526.486657][T19690] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 526.492678][T19690] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 526.497592][T19690] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 526.501689][T19690] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 526.506011][T19690] ip6erspan0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 526.515309][T19690] 8021q: adding VLAN 0 to HW filter on device bond0 [ 526.570216][ T721] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.573353][ T721] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.576964][ T721] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.581541][ T721] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.598014][ T721] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.600901][ T721] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.603903][ T721] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.606790][ T721] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.649790][ T9] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 526.817788][ T5742] libceph: connect (1)[c::]:6789 error -101 [ 526.820143][ T5742] libceph: mon0 (1)[c::]:6789 connect error [ 526.867520][T19666] ceph: No mds server is up or the cluster is laggy [ 526.867857][T19673] ceph: No mds server is up or the cluster is laggy [ 526.881442][ T40] libceph: connect (1)[c::]:6789 error -101 [ 526.889374][ T40] libceph: mon0 (1)[c::]:6789 connect error [ 527.148370][ T9] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 527.309210][ T721] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 527.389054][ T5742] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 527.537217][ T5742] usb 9-1: Using ep0 maxpacket: 32 [ 527.540800][ T5742] usb 9-1: config 0 has no interfaces? [ 527.547923][ T5742] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 527.551412][ T5742] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 527.554437][ T5742] usb 9-1: Product: syz [ 527.556164][ T5742] usb 9-1: Manufacturer: syz [ 527.558486][ T5742] usb 9-1: SerialNumber: syz [ 527.565178][ T5742] usb 9-1: config 0 descriptor?? [ 527.779751][ T842] usb 9-1: USB disconnect, device number 6 [ 528.351263][ T77] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 528.362208][ T77] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 528.412670][T19771] fuse: fd is not a fuse device [ 528.648221][ T40] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 529.137373][ C2] net_ratelimit: 8 callbacks suppressed [ 529.137388][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 529.387605][ T39] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 529.393340][ T39] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.400643][ T39] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.489769][ T39] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 529.537474][ T842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.627178][ T9] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 529.693523][T19801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.700805][T19801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.705296][T19801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.712020][T19801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.715723][T19801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.720839][T19800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.808664][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 529.812421][ T9] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 529.815470][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.823093][ T9] usb 6-1: config 0 descriptor?? [ 530.008432][ T842] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 530.032456][ T9] usbhid 6-1:0.0: can't add hid device: -71 [ 530.034844][ T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 530.040758][ T9] usb 6-1: USB disconnect, device number 56 [ 530.477202][T15972] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 530.647190][T15972] usb 6-1: Using ep0 maxpacket: 32 [ 530.650550][T15972] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.654352][T15972] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 530.657826][T15972] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.669332][T15972] usb 6-1: config 0 descriptor?? [ 530.674341][T15972] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 530.679725][T15972] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 530.774955][T19839] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5753'. [ 530.978364][ T842] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 531.079632][ T40] usb 6-1: USB disconnect, device number 57 [ 531.090206][ T40] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 531.601719][T19869] overlayfs: failed to clone upperpath [ 531.711752][T19882] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.5772'. [ 531.925704][T19896] netlink: 'syz.0.5777': attribute type 1 has an invalid length. [ 531.953920][T19896] 8021q: adding VLAN 0 to HW filter on device bond2 [ 532.417314][ C2] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 532.942221][T19937] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5795'. [ 533.805610][T19974] syz.0.5809 (19974): drop_caches: 2 [ 534.110712][ T40] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 534.278609][ T40] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 534.282722][ T40] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 534.286392][ T40] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 534.290029][ T40] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.295708][T19978] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 534.300286][ T40] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 534.347110][ C2] net_ratelimit: 45 callbacks suppressed [ 534.347123][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 534.435746][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 534.548013][ T39] usb 5-1: USB disconnect, device number 61 [ 534.738703][ T5742] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 535.060127][ T77] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 535.377221][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 535.398927][T20065] tls_set_device_offload_rx: netdev not found [ 535.577925][T20075] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 535.595843][T20075] bond0: (slave lo): Enslaving as an active interface with an up link [ 535.605404][T20075] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 535.684600][T20084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 535.692268][T20084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 535.700143][T20084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 535.709924][T20084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 535.714509][T20084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 536.435511][T20114] input: syz0 as /devices/virtual/input/input71 [ 536.587373][T20120] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5872'. [ 536.708906][T20127] macvlan2: entered promiscuous mode [ 536.710666][T20127] dummy0: entered promiscuous mode [ 536.712529][T20127] macvlan2: entered allmulticast mode [ 536.714264][T20127] dummy0: entered allmulticast mode [ 536.941534][T20133] syz.1.5877 (20133): drop_caches: 2 [ 537.015776][T20141] bridge1: entered promiscuous mode [ 537.018267][T20141] bridge1: entered allmulticast mode [ 537.282628][T20156] netlink: 'syz.0.5889': attribute type 1 has an invalid length. [ 537.286048][T20156] netlink: 'syz.0.5889': attribute type 4 has an invalid length. [ 537.289765][T20156] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.5889'. [ 537.387459][T15972] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 537.506850][ T41] audit: type=1326 audit(1778527152.567:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20162 comm="syz.3.5892" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f63fcc code=0x0 [ 537.557635][T15972] usb 6-1: Using ep0 maxpacket: 8 [ 537.562738][T15972] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 537.568078][T15972] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 537.572718][T15972] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 537.576495][T15972] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 537.580459][T15972] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 537.584868][T15972] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 537.588847][T15972] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 537.593135][T15972] usb 6-1: config 168 interface 0 has no altsetting 0 [ 537.596136][T15972] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 537.598728][T15972] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 537.602489][T15972] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 537.607438][T15972] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 537.611131][T15972] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 537.614717][T15972] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 537.618998][T15972] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 537.623989][T15972] usb 6-1: config 168 interface 0 has no altsetting 0 [ 537.627919][T15972] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 537.631060][T15972] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 537.635269][T15972] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 537.642037][T15972] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 537.646659][T15972] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 537.651722][T15972] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 537.656845][T15972] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 537.661835][T15972] usb 6-1: config 168 interface 0 has no altsetting 0 [ 537.666815][T15972] usb 6-1: string descriptor 0 read error: -22 [ 537.669115][T15972] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 537.672488][T15972] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.682839][T15972] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 538.432520][T20208] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5910'. [ 538.531678][T20216] input: syz0 as /devices/virtual/input/input72 [ 538.614174][T12269] udevd[12269]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 538.620789][T12269] udevd[12269]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 538.649735][T20222] netlink: 'syz.4.5915': attribute type 1 has an invalid length. [ 538.688072][T20222] bond1: entered promiscuous mode [ 538.694638][T20222] 8021q: adding VLAN 0 to HW filter on device bond1 [ 538.927246][T20233] 9p: Bad value for 'rfdno' [ 539.175067][T20244] bridge1: entered promiscuous mode [ 539.177294][T20244] bridge1: entered allmulticast mode [ 539.379608][ T5824] net_ratelimit: 148 callbacks suppressed [ 539.379623][ T5824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.537732][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 539.937470][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.947466][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.950424][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.953137][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.957343][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.960603][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.963321][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.966361][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.989128][T15972] usb 6-1: USB disconnect, device number 58 [ 540.177364][ C1] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 540.533962][T20252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5924'. [ 541.507214][T15972] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 541.672617][T15972] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 541.687236][T15972] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 541.692230][T15972] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 541.696197][T15972] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 541.706029][T15972] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 541.711964][T15972] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 541.715723][T15972] usb 9-1: Manufacturer: syz [ 541.727622][T15972] usb 9-1: config 0 descriptor?? [ 541.735607][ T41] audit: type=1326 audit(1778527156.797:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20327 comm="syz.3.5961" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 541.749729][ T41] audit: type=1326 audit(1778527156.797:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20327 comm="syz.3.5961" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 541.758460][ T41] audit: type=1326 audit(1778527156.797:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20327 comm="syz.3.5961" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 541.768876][ T41] audit: type=1326 audit(1778527156.797:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20327 comm="syz.3.5961" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 541.779474][ T41] audit: type=1326 audit(1778527156.797:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20327 comm="syz.3.5961" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 541.791379][ T41] audit: type=1326 audit(1778527156.797:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20327 comm="syz.3.5961" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 541.803444][ T41] audit: type=1326 audit(1778527156.797:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20327 comm="syz.3.5961" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f63fe8 code=0x7ffc0000 [ 541.813689][ T41] audit: type=1326 audit(1778527156.797:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20327 comm="syz.3.5961" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f63fe8 code=0x7ffc0000 [ 541.823949][ T41] audit: type=1326 audit(1778527156.797:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20327 comm="syz.3.5961" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f63fe8 code=0x7ffc0000 [ 541.852545][T20334] overlayfs: failed to clone upperpath [ 542.143422][T15972] appleir 0003:05AC:8243.0035: unknown main item tag 0x0 [ 542.153553][T15972] appleir 0003:05AC:8243.0035: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 542.422121][ T5742] usb 9-1: USB disconnect, device number 7 [ 542.872235][T20378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5986'. [ 542.877554][T20378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5986'. [ 542.919293][T20380] fuse: fd is not a fuse device [ 543.124153][T20395] overlayfs: failed to clone upperpath [ 543.657990][T20417] 9pnet: p9_errstr2errno: server reported unknown error ./file0 [ 543.988807][ T40] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 544.147387][ T40] usb 5-1: Using ep0 maxpacket: 8 [ 544.151668][ T40] usb 5-1: config index 0 descriptor too short (expected 74, got 45) [ 544.154499][ T40] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 544.158262][ T40] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 544.161878][ T40] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 544.165851][ T40] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 544.169607][ T40] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 544.174083][ T40] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 544.176980][ T40] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.181239][T20432] 9pnet: p9_errstr2errno: server reported unknown error ÿÿ [ 544.387158][ T40] usb 5-1: usb_control_msg returned -32 [ 544.391429][ T40] usbtmc 5-1:16.0: can't read capabilities [ 544.737296][ C2] net_ratelimit: 891 callbacks suppressed [ 544.737324][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 544.748848][T20452] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -71 [ 544.752540][T20452] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 544.756762][ T40] usb 5-1: USB disconnect, device number 62 [ 545.137618][ T5742] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.457603][ T40] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.602911][ T41] kauditd_printk_skb: 28 callbacks suppressed [ 545.602929][ T41] audit: type=1326 audit(1778527160.667:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20473 comm="syz.1.6029" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708efcc code=0x0 [ 545.787217][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 545.848359][T20487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.851880][T20487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.855898][T20487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.859259][T20487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.861807][T20487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.866385][T20486] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 546.103439][T20493] fuse: fd is not a fuse device [ 546.343514][T20509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6042'. [ 546.418503][T20512] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6042'. [ 546.701778][T20536] fuse: fd is not a fuse device [ 546.774611][T20540] netlink: 'syz.3.6055': attribute type 4 has an invalid length. [ 546.838031][ T40] usb 6-1: new high-speed USB device number 59 using dummy_hcd [ 546.990656][ T40] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 546.995574][ T40] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.999875][ T40] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 547.002811][ T40] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.009269][ T40] usb 6-1: config 0 descriptor?? [ 547.422110][ T40] cm6533_jd 0003:0D8C:0022.0036: unknown main item tag 0x0 [ 547.429086][ T40] cm6533_jd 0003:0D8C:0022.0036: unknown main item tag 0x0 [ 547.433665][ T40] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:0D8C:0022.0036/input/input73 [ 547.447154][ T40] cm6533_jd 0003:0D8C:0022.0036: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 547.624698][ T40] usb 6-1: USB disconnect, device number 59 [ 548.971597][T20617] ip6tnl2: entered allmulticast mode [ 549.115481][T20624] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.6089'. [ 549.458933][T20646] netlink: 'syz.4.6098': attribute type 3 has an invalid length. [ 549.488627][ T41] audit: type=1326 audit(1778527164.557:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20640 comm="syz.3.6095" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f63fcc code=0x0 [ 549.937220][ C2] net_ratelimit: 11 callbacks suppressed [ 549.937241][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 550.001394][T20656] netlink: 'syz.0.6101': attribute type 1 has an invalid length. [ 550.004714][T20656] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6101'. [ 550.236651][T20664] binder: 20663:20664 ioctl c0306201 0 returned -14 [ 550.309686][T20667] fuse: fd is not a fuse device [ 550.356816][T20671] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6106'. [ 550.362512][T20671] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6106'. [ 550.379801][T20673] binder: 20663:20673 ioctl c0306201 0 returned -14 [ 550.671040][T20690] kernel read not supported for file /cpuacct.usage_percpu (pid: 20690 comm: syz.4.6113) [ 550.681548][ T41] audit: type=1800 audit(1778527165.747:1080): pid=20690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6113" name="cpuacct.usage_percpu" dev="mqueue" ino=88801 res=0 errno=0 [ 550.720543][T20694] overlayfs: failed to clone upperpath [ 550.814197][T20705] overlayfs: failed to clone upperpath [ 550.987202][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 551.152505][T20726] netlink: 51 bytes leftover after parsing attributes in process `syz.1.6128'. [ 551.677306][ T5742] usb 5-1: new full-speed USB device number 63 using dummy_hcd [ 551.707181][ T9] usb 6-1: new high-speed USB device number 60 using dummy_hcd [ 551.829063][ T5742] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 551.832745][ T5742] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 551.837661][ T5742] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 551.840581][ T5742] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.867236][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 551.872002][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 551.876603][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 551.881370][ T9] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 551.885787][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.891942][ T9] usb 6-1: config 0 descriptor?? [ 552.017223][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 552.047363][ T5742] usb 5-1: usb_control_msg returned -32 [ 552.049152][ T5742] usbtmc 5-1:16.0: can't read capabilities [ 552.310927][ T9] savu 0003:1E7D:2D5A.0037: hiddev1,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 552.503382][ T29] usb 6-1: USB disconnect, device number 60 [ 552.879404][T20789] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.6156'. [ 553.014020][T20793] netlink: 51 bytes leftover after parsing attributes in process `syz.4.6158'. [ 553.057161][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 553.151141][T20801] netlink: 'syz.1.6162': attribute type 3 has an invalid length. [ 553.735184][ T41] audit: type=1326 audit(1778527168.797:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20841 comm="syz.4.6182" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705efcc code=0x0 [ 553.762793][T20845] syz.1.6179 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 554.107258][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 554.296368][T20878] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 554.300988][T20878] batman_adv: batadv0: Adding interface: ip6gretap1 [ 554.303357][T20878] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 554.313118][T20878] batman_adv: batadv0: Interface activated: ip6gretap1 [ 554.444714][T15972] usb 5-1: USB disconnect, device number 63 [ 554.490495][T20884] input: syz0 as /devices/virtual/input/input74 [ 554.925541][T20915] sit3: entered allmulticast mode [ 554.967580][T20914] netlink: 'syz.3.6212': attribute type 10 has an invalid length. [ 554.972661][T20914] syz_tun: entered promiscuous mode [ 555.137365][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 555.168800][T20940] netlink: 'syz.0.6222': attribute type 6 has an invalid length. [ 555.542364][ C2] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 556.187925][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 556.344064][T20975] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.6238'. [ 556.668850][T21001] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 557.037827][T21026] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 557.227272][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 557.234317][ T41] audit: type=1326 audit(1778527172.297:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21035 comm="syz.0.6266" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fe3fcc code=0x0 [ 557.541980][T21047] input: syz1 as /devices/virtual/input/input75 [ 557.770387][T21053] netlink: 'syz.1.6274': attribute type 1 has an invalid length. [ 557.809024][T21053] 8021q: adding VLAN 0 to HW filter on device bond1 [ 557.866714][T21053] bond1: (slave geneve2): making interface the new active one [ 557.881070][T21053] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 558.257339][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 559.297192][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 560.347129][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 560.847023][T21191] veth0: entered promiscuous mode [ 560.855107][T21191] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6332'. [ 561.062770][T21202] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 561.067997][T21202] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 561.387194][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 561.773840][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 561.778486][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.974225][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 561.985162][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.047901][T11346] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 562.079964][T11346] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 562.090752][T11346] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 562.102181][T11346] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 562.106362][T11346] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 562.215134][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 562.221581][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.318197][ T42] bridge0: port 3(vlan0) entered disabled state [ 562.319212][T21256] netlink: set zone limit has 4 unknown bytes [ 562.368606][ T42] vlan0 (unregistering): left promiscuous mode [ 562.374478][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode [ 562.382727][ T42] bridge0: port 3(vlan0) entered disabled state [ 562.389331][T21263] Bluetooth: MGMT ver 1.23 [ 562.411833][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 562.418721][ C2] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 562.425918][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.520872][T21277] vcan0: tx drop: invalid da for name 0x0000000080000000 [ 562.624149][ T42] dvmrp0: left allmulticast mode [ 562.747261][T15972] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 562.892108][ T42] team0: Port device bridge1 removed [ 562.907289][T15972] usb 9-1: Using ep0 maxpacket: 8 [ 562.912904][T15972] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 562.917193][T15972] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 562.921924][T15972] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 562.926039][T15972] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 562.930248][T15972] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 562.936845][T15972] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 562.940466][T15972] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.972537][ T42] bond0 (unregistering): (slave bond1): Releasing backup interface [ 562.976895][ T42] bond0 (unregistering): Released all slaves [ 562.998320][ T42] bond1 (unregistering): Released all slaves [ 563.017856][ T42] bond2 (unregistering): Released all slaves [ 563.117416][ T42] tipc: Disabling bearer [ 563.127447][ T42] tipc: Left network mode [ 563.150290][T15972] usb 9-1: usb_control_msg returned -32 [ 563.152474][T15972] usbtmc 9-1:16.0: can't read capabilities [ 563.250073][T21239] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.252576][T21239] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.255660][T21239] bridge_slave_0: entered allmulticast mode [ 563.259871][T21239] bridge_slave_0: entered promiscuous mode [ 563.277756][T21239] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.280885][T21239] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.284460][T21239] bridge_slave_1: entered allmulticast mode [ 563.288062][T21239] bridge_slave_1: entered promiscuous mode [ 563.308226][T21239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 563.313881][T21239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 563.347264][T21239] team0: Port device team_slave_0 added [ 563.353457][T21239] team0: Port device team_slave_1 added [ 563.398296][T21239] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 563.400618][T21239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 563.410251][T21239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 563.417975][T21239] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 563.421172][T21239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 563.431809][T21239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 563.464012][ T5449] 8021q: adding VLAN 0 to HW filter on device eth2 [ 563.509503][T21239] hsr_slave_0: entered promiscuous mode [ 563.511948][T21239] hsr_slave_1: entered promiscuous mode [ 563.514885][T21239] debugfs: 'hsr0' already exists in 'hsr' [ 563.521706][T21239] Cannot create hsr debugfs directory [ 563.709426][ T42] hsr_slave_0: left promiscuous mode [ 563.739153][ T42] veth1_macvtap: left promiscuous mode [ 563.742396][ T42] veth0_macvtap: left promiscuous mode [ 563.770712][ C2] vcan0: j1939_tp_rxtimer: 0xffff88804b5fc000: rx timeout, send abort [ 563.887905][T21320] usbtmc 9-1:16.0: usb_clear_halt returned -32 [ 564.081571][ T6704] usb 9-1: USB disconnect, device number 8 [ 564.130649][ T5449] 8021q: adding VLAN 0 to HW filter on device eth3 [ 564.178584][T11346] Bluetooth: hci0: command tx timeout [ 564.275605][ C2] vcan0: j1939_tp_rxtimer: 0xffff88804b5fc000: abort rx timeout. Force session deactivation [ 564.290146][T21239] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 564.306389][T21239] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 564.310128][T21239] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 564.318272][T21239] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 564.325657][T21239] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 564.340647][T21239] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 564.355500][ T5449] 8021q: adding VLAN 0 to HW filter on device eth4 [ 564.378008][T21239] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 564.411170][T21239] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 564.503842][T21239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 564.526268][T21239] 8021q: adding VLAN 0 to HW filter on device team0 [ 564.537863][ T102] bridge0: port 1(bridge_slave_0) entered blocking state [ 564.541571][ T102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 564.555853][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 564.560229][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 564.581806][ T42] IPVS: stop unused estimator thread 0... [ 564.667108][ T5449] 8021q: adding VLAN 0 to HW filter on device eth5 [ 564.999110][T21239] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 565.224198][T21239] veth0_vlan: entered promiscuous mode [ 565.230270][T21239] veth1_vlan: entered promiscuous mode [ 565.264280][T21239] veth0_macvtap: entered promiscuous mode [ 565.275468][T21239] veth1_macvtap: entered promiscuous mode [ 565.292375][T21239] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 565.300499][T21239] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 565.307382][ T42] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.311150][ T42] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.317305][ T42] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.320997][ T42] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.433227][ T721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.436406][ T721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.463922][ T721] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.474863][ T721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.837504][T21410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6397'. [ 565.841354][T21410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6397'. [ 566.267176][T11346] Bluetooth: hci0: command tx timeout [ 566.417765][ T721] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 566.625638][T21435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6409'. [ 566.629333][T21435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6409'. [ 566.736886][T21442] netlink: 'syz.4.6412': attribute type 4 has an invalid length. [ 567.056775][T21462] netlink: 212328 bytes leftover after parsing attributes in process `syz.5.6422'. [ 567.062408][T21462] netlink: Unknown conntrack attr (type=2304, max=9) [ 567.701538][ T1433] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.348885][T11346] Bluetooth: hci0: command tx timeout [ 569.122727][T21528] vcan0: tx drop: invalid da for name 0x0000000080000000 [ 570.297355][ T5846] usb 6-1: new high-speed USB device number 61 using dummy_hcd [ 570.372563][ C3] vcan0: j1939_tp_rxtimer: 0xffff88805b742800: rx timeout, send abort [ 570.377925][ C3] vcan0: j1939_xtp_rx_abort_one: 0xffff88805b742800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 570.427993][T11346] Bluetooth: hci0: command tx timeout [ 570.487192][ T5846] usb 6-1: Using ep0 maxpacket: 8 [ 570.490759][ T5846] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 570.493876][ T5846] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 570.498050][ T5846] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 570.501554][ T5846] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 570.504694][ T5846] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 570.509459][ T5846] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 570.517120][ T5846] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.733422][ T5846] usb 6-1: usb_control_msg returned -32 [ 570.735247][ T5846] usbtmc 6-1:16.0: can't read capabilities [ 571.440183][T21570] usbtmc 6-1:16.0: usb_clear_halt returned -32 [ 571.642005][ T40] usb 6-1: USB disconnect, device number 61 [ 572.597228][ T5742] usb 6-1: new high-speed USB device number 62 using dummy_hcd [ 572.751548][ T5742] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 572.760646][ T5742] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 572.764666][ T5742] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 572.768949][ T5742] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 572.774985][ T5742] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 572.778712][ T5742] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 572.781726][ T5742] usb 6-1: Manufacturer: syz [ 572.795298][ T5742] usb 6-1: config 0 descriptor?? [ 573.223740][ T5742] appleir 0003:05AC:8243.0038: unknown main item tag 0x0 [ 573.234162][ T5742] appleir 0003:05AC:8243.0038: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 573.533510][T13633] usb 6-1: USB disconnect, device number 62 [ 574.098876][T21623] netlink: 'syz.4.6483': attribute type 1 has an invalid length. [ 574.101888][T21623] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6483'. [ 574.333234][T21635] kernel read not supported for file /cpuacct.usage_percpu (pid: 21635 comm: syz.5.6487) [ 574.337880][ T41] audit: type=1800 audit(1778527189.407:1083): pid=21635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.6487" name="cpuacct.usage_percpu" dev="mqueue" ino=95276 res=0 errno=0 [ 574.550696][T21653] netlink: 212344 bytes leftover after parsing attributes in process `syz.5.6497'. [ 574.602869][T21658] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6499'. [ 574.824662][T21670] netlink: 'syz.3.6505': attribute type 3 has an invalid length. [ 575.384072][T21701] input: syz1 as /devices/virtual/input/input76 [ 576.174412][T21721] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.6521'. [ 576.830607][T21743] overlayfs: failed to clone lowerpath [ 576.836731][T21743] overlayfs: failed to clone upperpath [ 577.278878][T21755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6538'. [ 577.684288][T21771] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6536'. [ 577.721340][T14174] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 577.733482][T14174] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 577.739876][T14174] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 577.746944][T14174] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 577.750027][T14174] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 578.151932][T21773] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.155160][T21773] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.158079][T21773] bridge_slave_0: entered allmulticast mode [ 578.161203][T21773] bridge_slave_0: entered promiscuous mode [ 578.165303][T21773] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.168198][T21773] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.170773][T21773] bridge_slave_1: entered allmulticast mode [ 578.174126][T21773] bridge_slave_1: entered promiscuous mode [ 578.194856][T21773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 578.200132][T21773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 578.218267][T21773] team0: Port device team_slave_0 added [ 578.222534][T21773] team0: Port device team_slave_1 added [ 578.247353][T21773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 578.250721][T21773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 578.263338][T21773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 578.269766][T21773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 578.272448][T21773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 578.283740][T21773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 578.314923][T21773] hsr_slave_0: entered promiscuous mode [ 578.317403][T21773] hsr_slave_1: entered promiscuous mode [ 578.320682][T21773] debugfs: 'hsr0' already exists in 'hsr' [ 578.322812][T21773] Cannot create hsr debugfs directory [ 578.446120][T21773] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.588849][T21773] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.710222][T21773] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.778801][T21773] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.931633][T21773] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 578.937778][T21773] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 578.941795][T21773] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 578.948190][T21773] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 578.952855][T21773] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 578.960793][T21773] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 578.964580][T21773] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 578.973645][T21773] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 579.052151][T21773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 579.062231][T21773] 8021q: adding VLAN 0 to HW filter on device team0 [ 579.068108][ T721] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.070974][ T721] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.079363][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.081893][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.386249][T21773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 579.547587][T21773] veth0_vlan: entered promiscuous mode [ 579.555573][T21773] veth1_vlan: entered promiscuous mode [ 579.573401][T21773] veth0_macvtap: entered promiscuous mode [ 579.579184][T21773] veth1_macvtap: entered promiscuous mode [ 579.589764][T21773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 579.596247][T21773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 579.602137][ T1157] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.605566][ T1157] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.612966][ T1157] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.618865][ T1157] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.695104][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.698334][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.721078][ T721] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.724593][ T721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.777363][T11346] Bluetooth: hci2: command tx timeout [ 579.810678][T21817] sit3: entered allmulticast mode [ 580.687776][ T41] audit: type=1326 audit(1778527195.757:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21823 comm="syz.1.6541" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708efcc code=0x0 [ 581.283667][T21844] batman_adv: batadv0: Adding interface: ip6gretap1 [ 581.286175][T21844] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 581.300477][T21844] batman_adv: batadv0: Interface activated: ip6gretap1 [ 581.313100][T21846] bridge2: entered promiscuous mode [ 581.315038][T21846] bridge2: entered allmulticast mode [ 581.557255][T21862] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6559'. [ 581.573164][T21862] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6559'. [ 581.577953][T21862] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6559'. [ 581.676937][T21869] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 581.687464][T21869] batman_adv: batadv0: Adding interface: ip6gretap1 [ 581.692208][T21869] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 581.709731][T21869] batman_adv: batadv0: Interface activated: ip6gretap1 [ 581.857393][T11346] Bluetooth: hci2: command tx timeout [ 582.198446][T21907] netlink: 'syz.3.6579': attribute type 30 has an invalid length. [ 582.250261][T21910] netlink: 'syz.3.6579': attribute type 30 has an invalid length. [ 582.408093][T21912] bridge2: entered promiscuous mode [ 582.409790][T21912] bridge2: entered allmulticast mode [ 583.145265][T21929] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6588'. [ 583.151617][T21929] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6588'. [ 583.942893][T11346] Bluetooth: hci2: command tx timeout [ 584.030893][T21948] kernel read not supported for file /file0 (pid: 21948 comm: syz.1.6600) [ 584.035270][ T41] audit: type=1800 audit(1778527199.097:1085): pid=21948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6600" name="file0" dev="mqueue" ino=95553 res=0 errno=0 [ 584.663327][T21972] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 586.028345][T11346] Bluetooth: hci2: command tx timeout [ 586.342452][T21992] netlink: 'syz.4.6610': attribute type 1 has an invalid length. [ 586.607177][ T842] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 586.767120][ T842] usb 10-1: Using ep0 maxpacket: 8 [ 586.770317][ T842] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 586.774103][ T842] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 586.777371][ T842] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.781554][ T842] usb 10-1: config 0 descriptor?? [ 587.007813][ T842] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 587.403239][ T5846] usb 10-1: USB disconnect, device number 2 [ 587.878992][T22043] netlink: 'syz.4.6629': attribute type 2 has an invalid length. [ 587.920957][T22046] netlink: 'syz.4.6629': attribute type 2 has an invalid length. [ 587.932342][T22043] ‚#{6c: entered promiscuous mode [ 587.956730][T22046] ‚#{6c: left promiscuous mode [ 587.980635][T22043] netlink: 208 bytes leftover after parsing attributes in process `syz.4.6629'. [ 589.143163][T22081] overlayfs: failed to clone upperpath [ 589.188172][T22083] fuse: fd is not a fuse device [ 590.589202][T22131] tipc: New replicast peer: 255.255.255.255 [ 590.592554][T22131] tipc: Enabled bearer , priority 10 [ 590.596839][T22131] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6666'. [ 590.600331][T22131] tipc: Disabling bearer [ 591.193024][T22175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6687'. [ 591.197786][T22177] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.6688'. [ 591.243057][ T721] Bluetooth: hci4: Frame reassembly failed (-84) [ 592.009883][T22210] overlayfs: failed to clone upperpath [ 592.908215][T22224] syz_tun: left promiscuous mode [ 592.926212][T22224] team0: Port device syz_tun added [ 593.306596][T11346] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 593.309926][T22244] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6719'. [ 593.312259][T22244] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6719'. [ 593.314775][T14174] Bluetooth: hci4: command 0x1003 tx timeout [ 593.327576][T22244] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6719'. [ 593.461835][ T41] audit: type=1326 audit(1778527208.527:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.487187][ T41] audit: type=1326 audit(1778527208.527:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.495071][ T41] audit: type=1326 audit(1778527208.527:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.503801][ T41] audit: type=1326 audit(1778527208.527:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.514876][ T41] audit: type=1326 audit(1778527208.527:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.524528][ T41] audit: type=1326 audit(1778527208.537:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.534714][ T41] audit: type=1326 audit(1778527208.537:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.544571][ T41] audit: type=1326 audit(1778527208.537:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.555104][ T41] audit: type=1326 audit(1778527208.537:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.569985][ T41] audit: type=1326 audit(1778527208.537:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22248 comm="syz.5.6721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05fcc code=0x7ffc0000 [ 593.665520][T22266] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 593.671586][T22266] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 594.083318][T22307] netlink: 'syz.1.6746': attribute type 1 has an invalid length. [ 594.089818][T22306] kvm: user requested TSC rate below hardware speed [ 594.100974][T22306] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4180564684 (8361129368 ns) > initial count (6590827116 ns). Using initial count to start timer. [ 594.103181][T22307] bond2: entered promiscuous mode [ 594.109710][T22307] 8021q: adding VLAN 0 to HW filter on device bond2 [ 594.161209][T22307] 8021q: adding VLAN 0 to HW filter on device bond2 [ 594.163947][T22307] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 594.168690][T22307] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 594.185989][T22307] bond2: (slave vcan1): making interface the new active one [ 594.189243][T22307] vcan1: entered promiscuous mode [ 594.193397][T22307] bond2: (slave vcan1): Enslaving as an active interface with an up link [ 594.452882][T22327] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6755'. [ 594.457016][T22327] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6755'. [ 594.717880][T22345] netlink: 'syz.1.6762': attribute type 1 has an invalid length. [ 594.744414][T22345] 8021q: adding VLAN 0 to HW filter on device bond3 [ 594.770538][T22350] netlink: 212348 bytes leftover after parsing attributes in process `syz.5.6764'. [ 594.835784][T22345] bond3: (slave geneve3): making interface the new active one [ 594.840671][T22345] bond3: (slave geneve3): Enslaving as an active interface with an up link [ 595.277969][T22381] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.6777'. [ 595.396048][T22389] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6779'. [ 595.438499][T22391] syzkaller1: entered promiscuous mode [ 595.440645][T22391] syzkaller1: entered allmulticast mode [ 595.950838][T22437] bridge3: entered promiscuous mode [ 595.953217][T22437] bridge3: entered allmulticast mode [ 596.976017][T22458] ceph: No mds server is up or the cluster is laggy [ 596.977873][T22466] ceph: No mds server is up or the cluster is laggy [ 597.308231][T22523] kvm: user requested TSC rate below hardware speed [ 597.313744][T22523] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 597.616303][T22537] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 597.617214][T22539] overlayfs: failed to clone upperpath [ 597.788151][ T721] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 597.892353][T22552] netlink: 'syz.3.6851': attribute type 1 has an invalid length. [ 597.909459][T22552] bond1: entered promiscuous mode [ 597.911547][T22552] 8021q: adding VLAN 0 to HW filter on device bond1 [ 597.980515][T22552] bond1: (slave bridge4): making interface the new active one [ 597.983398][T22552] bridge4: entered promiscuous mode [ 597.987721][T22552] bond1: (slave bridge4): Enslaving as an active interface with an up link [ 600.072053][T22613] fuse: fd is not a fuse device [ 600.375436][ T41] kauditd_printk_skb: 8 callbacks suppressed [ 600.375454][ T41] audit: type=1326 audit(1778527215.437:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.388497][ T41] audit: type=1326 audit(1778527215.437:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.407315][ T41] audit: type=1326 audit(1778527215.437:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.417265][ T41] audit: type=1326 audit(1778527215.437:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.426473][ T41] audit: type=1326 audit(1778527215.437:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.434843][ T41] audit: type=1326 audit(1778527215.437:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.446203][ T41] audit: type=1326 audit(1778527215.437:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.458206][ T41] audit: type=1326 audit(1778527215.437:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.466917][ T41] audit: type=1326 audit(1778527215.447:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=61 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.475070][ T41] audit: type=1326 audit(1778527215.447:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22620 comm="syz.1.6882" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708efcc code=0x7ffc0000 [ 600.659544][T22626] tipc: Cannot configure node identity twice [ 600.805913][T22569] Set syz1 is full, maxelem 65536 reached [ 600.859587][T22637] netlink: 'syz.5.6889': attribute type 2 has an invalid length. [ 600.869122][T22637] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6889'. [ 600.959560][T22642] netlink: 9 bytes leftover after parsing attributes in process `syz.5.6891'. [ 600.974322][T22642] netlink: 9 bytes leftover after parsing attributes in process `syz.5.6891'. [ 601.605148][T22678] 9pnet: p9_errstr2errno: server reported unknown error 0x0000 [ 601.717463][ T12] tipc: Subscription rejected, illegal request [ 602.018478][T22718] overlayfs: failed to clone upperpath [ 602.316021][T22733] overlayfs: failed to clone upperpath [ 602.321568][T22733] overlayfs: failed to clone upperpath [ 602.520876][T22744] A link change request failed with some changes committed already. Interface sit1 may have been left with an inconsistent configuration, please check. [ 603.882847][ T77] tipc: Subscription rejected, illegal request [ 605.370431][T22832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6976'. [ 605.378257][T22832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6976'. [ 605.383749][T22832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6976'. [ 605.629632][T22791] Set syz1 is full, maxelem 65536 reached [ 605.991207][T22860] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.6980'. [ 606.091063][T22875] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.6987'. [ 607.254414][T22895] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.6994'. [ 608.179828][T22929] netlink: 9 bytes leftover after parsing attributes in process `syz.1.7009'. [ 608.184142][T22929] netlink: 9 bytes leftover after parsing attributes in process `syz.1.7009'. [ 608.664081][ C1] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 608.809995][T22948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7019'. [ 608.815181][T22948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7019'. [ 608.930139][T22957] netlink: 9 bytes leftover after parsing attributes in process `syz.3.7021'. [ 608.934063][T22957] netlink: 9 bytes leftover after parsing attributes in process `syz.3.7021'. [ 609.187253][ T5825] usb 6-1: new full-speed USB device number 63 using dummy_hcd [ 609.360060][ T5825] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 609.367199][ T5825] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 609.377587][ T5825] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 609.381584][ T5825] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xf9000) [ 609.594458][ T5825] usb 6-1: usb_control_msg returned -32 [ 609.596641][ T5825] usbtmc 6-1:16.0: can't read capabilities [ 609.727235][ T5824] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 609.887296][ T5824] usb 10-1: Using ep0 maxpacket: 8 [ 609.891699][ T5824] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 609.896820][ T5824] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 609.901541][ T5824] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.908145][ T5824] usb 10-1: config 0 descriptor?? [ 610.042079][ T1127] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 610.045424][ T1127] ata1: failed to read log page 10h (errno=-5) [ 610.049719][ T1127] ata1.00: exception Emask 0x1 SAct 0x40000001 SErr 0x0 action 0x0 [ 610.059011][ T1127] ata1.00: irq_stat 0x41000000 [ 610.060777][ T1127] ata1.00: failed command: READ FPDMA QUEUED [ 610.063105][ T1127] ata1.00: cmd 60/90:00:6e:2b:01/05:00:00:00:00/40 tag 0 ncq dma 729088 in [ 610.063105][ T1127] res 50/00:00:00:00:00/00:00:00:00:00/a0 Emask 0x1 (device error) [ 610.071912][ T1127] ata1.00: status: { DRDY } [ 610.073682][ T1127] ata1.00: failed command: READ FPDMA QUEUED [ 610.075780][ T1127] ata1.00: cmd 60/c8:f0:a6:23:01/07:00:00:00:00/40 tag 30 ncq dma 1019904 in [ 610.075780][ T1127] res 50/00:00:00:00:00/00:00:00:00:00/a0 Emask 0x1 (device error) [ 610.084934][ T1127] ata1.00: status: { DRDY } [ 610.089771][ T1127] ata1.00: configured for UDMA/100 [ 610.092405][ T1127] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 610.096035][ T1127] sd 0:0:0:0: [sda] tag#0 Sense Key : Aborted Command [current] [ 610.099250][ T1127] sd 0:0:0:0: [sda] tag#0 Add. Sense: No additional sense information [ 610.102084][ T1127] sd 0:0:0:0: [sda] tag#0 CDB: Read(10) 28 00 00 01 2b 6e 00 05 90 00 [ 610.104724][ T1127] blk_print_req_error: 12 callbacks suppressed [ 610.104734][ T1127] I/O error, dev sda, sector 76654 op 0x0:(READ) flags 0x80700 phys_seg 88 prio class 2 [ 610.110245][ T1127] sd 0:0:0:0: [sda] tag#30 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 610.114018][ T1127] sd 0:0:0:0: [sda] tag#30 Sense Key : Aborted Command [current] [ 610.117108][ T1127] sd 0:0:0:0: [sda] tag#30 Add. Sense: No additional sense information [ 610.120428][ T1127] sd 0:0:0:0: [sda] tag#30 CDB: Read(10) 28 00 00 01 23 a6 00 07 c8 00 [ 610.122541][ T5824] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1 [ 610.123617][ T1127] I/O error, dev sda, sector 74662 op 0x0:(READ) flags 0x84700 phys_seg 168 prio class 2 [ 610.123846][ T1127] ata1: EH complete [ 610.321130][T22978] usbtmc 6-1:16.0: send_request_dev_dep_msg_in returned -90 [ 610.324950][ T5846] usb 10-1: USB disconnect, device number 3 [ 610.876065][T22999] netlink: 'syz.3.7041': attribute type 2 has an invalid length. [ 610.893118][T22999] ‚#{6c: entered promiscuous mode [ 610.904882][T22999] netlink: 'syz.3.7041': attribute type 2 has an invalid length. [ 610.909818][T22999] ‚#{6c: left promiscuous mode [ 610.961374][T23002] netlink: 208 bytes leftover after parsing attributes in process `syz.3.7041'. [ 611.070105][T23008] bridge0: port 3(syz_tun) entered blocking state [ 611.073609][T23008] bridge0: port 3(syz_tun) entered disabled state [ 611.077830][T23008] syz_tun: entered allmulticast mode [ 611.088960][T23008] syz_tun: entered promiscuous mode [ 611.093278][T23010] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7044'. [ 611.095666][T23008] bridge0: port 3(syz_tun) entered blocking state [ 611.101600][T23008] bridge0: port 3(syz_tun) entered forwarding state [ 611.109808][T23010] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7044'. [ 611.599841][T23036] bridge0: port 3(syz_tun) entered blocking state [ 611.602722][T23036] bridge0: port 3(syz_tun) entered disabled state [ 611.605739][T23036] syz_tun: entered allmulticast mode [ 611.609000][T23036] syz_tun: entered promiscuous mode [ 611.613826][T23036] bridge0: port 3(syz_tun) entered blocking state [ 611.616636][T23036] bridge0: port 3(syz_tun) entered forwarding state [ 611.969082][ T29] usb 6-1: USB disconnect, device number 63 [ 612.127533][T23068] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 612.130439][T23068] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 612.462747][T23091] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7079'. [ 612.628886][T23103] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7084'. [ 612.633013][T23103] netlink: 'syz.1.7084': attribute type 6 has an invalid length. [ 612.653537][T23103] vxlan1: entered promiscuous mode [ 612.710822][T23109] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 612.713184][T23109] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 612.827397][T23118] overlayfs: failed to clone upperpath [ 613.456936][T23123] bridge0: port 1(syz_tun) entered blocking state [ 613.461274][T23123] bridge0: port 1(syz_tun) entered disabled state [ 613.464329][T23123] syz_tun: entered allmulticast mode [ 613.472161][T23123] syz_tun: entered promiscuous mode [ 613.474976][T23123] bridge0: port 1(syz_tun) entered blocking state [ 613.477440][T23123] bridge0: port 1(syz_tun) entered listening state [ 613.573190][T23133] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7097'. [ 613.908105][T23156] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7104'. [ 613.919014][T23156] netlink: 'syz.3.7104': attribute type 6 has an invalid length. [ 614.519288][ T41] kauditd_printk_skb: 6 callbacks suppressed [ 614.519310][ T41] audit: type=1326 audit(1778527229.587:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23176 comm="syz.5.7116" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f05fcc code=0x0 [ 614.932551][T23199] netlink: 'syz.3.7121': attribute type 1 has an invalid length. [ 614.952676][T23199] bond2: entered promiscuous mode [ 614.955792][T23199] 8021q: adding VLAN 0 to HW filter on device bond2 [ 614.982952][T23199] 8021q: adding VLAN 0 to HW filter on device bond2 [ 614.985594][T23199] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 614.989527][T23199] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 614.997228][T23199] bond2: (slave vcan1): making interface the new active one [ 615.000293][T23199] vcan1: entered promiscuous mode [ 615.002939][T23199] bond2: (slave vcan1): Enslaving as an active interface with an up link [ 615.173037][T23212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7126'. [ 615.189460][T23212] vxlan2: entered promiscuous mode [ 615.335005][T23221] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7130'. [ 615.429156][T23227] netlink: 'syz.5.7133': attribute type 1 has an invalid length. [ 615.453187][T23227] bond1: entered promiscuous mode [ 615.455926][T23227] 8021q: adding VLAN 0 to HW filter on device bond1 [ 615.494253][T23227] 8021q: adding VLAN 0 to HW filter on device bond1 [ 615.498798][T23227] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 615.503469][T23227] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 615.512322][T23227] bond1: (slave vcan1): making interface the new active one [ 615.515759][T23227] vcan1: entered promiscuous mode [ 615.520033][T23227] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 615.571507][T23230] netlink: 52 bytes leftover after parsing attributes in process `syz.4.7135'. [ 615.583811][T23230] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7135'. [ 616.159925][T23247] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7142'. [ 616.494315][T23264] netlink: 52 bytes leftover after parsing attributes in process `syz.1.7147'. [ 616.520129][T23264] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7147'. [ 616.747437][T23276] kernel read not supported for file /file0 (pid: 23276 comm: syz.3.7152) [ 616.765300][ T41] audit: type=1800 audit(1778527231.817:1121): pid=23276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.7152" name="file0" dev="mqueue" ino=101566 res=0 errno=0 [ 616.869819][T23286] overlayfs: failed to clone upperpath [ 616.869981][T23287] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7157'. [ 617.884827][T23326] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7174'. [ 619.196259][ T41] audit: type=1326 audit(1778527234.257:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23374 comm="syz.3.7194" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f63fcc code=0x0 [ 619.336634][T23386] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7195'. [ 619.833583][T23396] fuse: Bad value for 'fd' [ 620.104876][T23407] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7203'. [ 620.120573][T23407] vxlan0: entered promiscuous mode [ 620.125685][ T1242] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 620.132539][ T1242] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 620.143193][ T1242] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 620.147955][ T1242] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 620.258882][ T856] libceph: connect (1)[c::]:6789 error -101 [ 620.262787][ T856] libceph: mon0 (1)[c::]:6789 connect error [ 620.305623][ T856] libceph: connect (1)[b::]:6789 error -101 [ 620.308647][ T856] libceph: mon0 (1)[b::]:6789 connect error [ 620.529008][ T856] libceph: connect (1)[c::]:6789 error -101 [ 620.532604][ T856] libceph: mon0 (1)[c::]:6789 connect error [ 620.570192][ T856] libceph: connect (1)[b::]:6789 error -101 [ 620.573143][ T856] libceph: mon0 (1)[b::]:6789 connect error [ 621.043622][ T5846] libceph: connect (1)[c::]:6789 error -101 [ 621.059221][ T5846] libceph: mon0 (1)[c::]:6789 connect error [ 621.077911][ T5846] libceph: connect (1)[b::]:6789 error -101 [ 621.078932][T23414] ceph: No mds server is up or the cluster is laggy [ 621.081894][T23417] ceph: No mds server is up or the cluster is laggy [ 621.085285][ T5846] libceph: mon0 (1)[b::]:6789 connect error [ 622.324268][T23497] tipc: Started in network mode [ 622.326718][T23497] tipc: Node identity 2007ff, cluster identity 4711 [ 622.332104][T23497] tipc: Node number set to 2099199 [ 623.062327][T23533] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7257'. [ 623.074764][T23533] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7257'. [ 623.089472][T23535] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7258'. [ 623.287753][T23556] input: syz0 as /devices/virtual/input/input77 [ 624.944455][T23607] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7290'. [ 625.012638][T23615] overlayfs: failed to resolve './cgroup': -2 [ 625.065126][T23623] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7298'. [ 625.072409][T23623] ip6gre1: entered promiscuous mode [ 625.074333][T23623] ip6gre1: entered allmulticast mode [ 625.151605][T23632] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7301'. [ 625.311147][T23649] batadv_slave_1: entered promiscuous mode [ 625.315007][T23648] batadv_slave_1: left promiscuous mode [ 625.473429][T23659] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.663802][T23673] overlayfs: failed to resolve './cgroup': -2 [ 626.233285][T23684] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.295771][T23691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7326'. [ 627.060770][T23687] ceph: No mds server is up or the cluster is laggy [ 627.063023][T23692] ceph: No mds server is up or the cluster is laggy [ 627.791578][T23710] netlink: 'syz.4.7333': attribute type 4 has an invalid length. [ 627.808429][T23710] netlink: 'syz.4.7333': attribute type 4 has an invalid length. [ 627.855295][T23719] netlink: 84 bytes leftover after parsing attributes in process `syz.5.7337'. [ 628.118449][T23747] netlink: 84 bytes leftover after parsing attributes in process `syz.3.7350'. [ 628.450612][T23758] fuse: fd is not a fuse device [ 628.497153][ C1] bridge0: port 1(syz_tun) entered learning state [ 628.642986][T23768] tls_set_device_offload: netdev not found [ 629.144685][ T1433] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.645172][ T41] audit: type=1326 audit(1778527244.707:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23790 comm="syz.1.7368" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708efcc code=0x0 [ 629.791823][ T102] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 629.927893][T23801] 9p: Bad value for 'rfdno' [ 629.953168][T23803] netlink: 'syz.5.7372': attribute type 4 has an invalid length. [ 629.972907][T23803] netlink: 'syz.5.7372': attribute type 4 has an invalid length. [ 630.241476][T23817] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 630.244086][T23815] IPVS: stopping master sync thread 23817 ... [ 630.459218][T23832] netlink: 'syz.1.7384': attribute type 4 has an invalid length. [ 630.469589][T23832] netlink: 'syz.1.7384': attribute type 4 has an invalid length. [ 630.821124][T23844] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 630.880052][T23845] IPVS: stopping master sync thread 23844 ... [ 631.784603][T13633] libceph: connect (1)[c::]:6789 error -101 [ 631.786985][T13633] libceph: mon0 (1)[c::]:6789 connect error [ 631.842132][T13633] libceph: connect (1)[c::]:6789 error -101 [ 631.844443][T13633] libceph: mon0 (1)[c::]:6789 connect error [ 632.048167][T13633] libceph: connect (1)[c::]:6789 error -101 [ 632.051400][T13633] libceph: mon0 (1)[c::]:6789 connect error [ 632.088018][T23886] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7403'. [ 632.099011][T13633] libceph: connect (1)[c::]:6789 error -101 [ 632.101575][T13633] libceph: mon0 (1)[c::]:6789 connect error [ 632.332988][T23902] netlink: 'syz.5.7410': attribute type 11 has an invalid length. [ 632.336376][T23902] netlink: 56 bytes leftover after parsing attributes in process `syz.5.7410'. [ 632.342153][T23902] netlink: 'syz.5.7410': attribute type 11 has an invalid length. [ 632.345415][T23902] netlink: 56 bytes leftover after parsing attributes in process `syz.5.7410'. [ 632.524958][T23912] bridge0: port 1(bridge_slave_0) entered disabled state [ 632.536493][ T41] audit: type=1804 audit(1778527247.597:1124): pid=23917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.7415" name="file0" dev="tmpfs" ino=1342 res=1 errno=0 [ 632.561668][ T5846] libceph: connect (1)[c::]:6789 error -101 [ 632.564311][ T5846] libceph: mon0 (1)[c::]:6789 connect error [ 632.607616][ T5846] libceph: connect (1)[c::]:6789 error -101 [ 632.609724][T23863] ceph: No mds server is up or the cluster is laggy [ 632.612073][ T5846] libceph: mon0 (1)[c::]:6789 connect error [ 632.613328][T23871] ceph: No mds server is up or the cluster is laggy [ 632.928668][T23912] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 633.132506][T23912] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 633.166445][ T1242] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 633.177092][ T1242] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.182833][ T1242] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 633.186576][ T1242] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.190494][ T1242] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 633.193334][ T1242] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.196215][ T1242] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 633.207202][ T1242] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.308226][T23953] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 633.321199][T23952] IPVS: stopping master sync thread 23953 ... [ 634.741503][T24031] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7460'. [ 635.753172][T24078] 0ªî{X¹¦: left allmulticast mode [ 635.765414][T24078] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 636.336773][T24095] netlink: 208240 bytes leftover after parsing attributes in process `syz.4.7487'. [ 636.382290][T24099] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7489'. [ 636.385480][T24099] netlink: 'syz.4.7489': attribute type 7 has an invalid length. [ 636.391631][T24099] netlink: 'syz.4.7489': attribute type 8 has an invalid length. [ 636.397849][T24099] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7489'. [ 636.771134][T24127] overlayfs: failed to clone upperpath [ 637.087764][T24153] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7514'. [ 637.098899][T24152] netlink: 'syz.4.7513': attribute type 4 has an invalid length. [ 637.102815][T24152] netlink: 156 bytes leftover after parsing attributes in process `syz.4.7513'. [ 637.111372][T24152] bond_slave_1: mtu greater than device maximum [ 637.268010][T24161] bridge1: entered promiscuous mode [ 637.270632][T24161] bridge1: entered allmulticast mode [ 637.276142][T24161] team0: Port device bridge1 added [ 637.291233][T24161] bridge0: port 4(team0) entered blocking state [ 637.293978][T24161] bridge0: port 4(team0) entered disabled state [ 637.297626][T24161] team0: entered allmulticast mode [ 637.300007][T24161] team_slave_0: entered allmulticast mode [ 637.303054][T24161] team_slave_1: entered allmulticast mode [ 637.311098][T24161] team0: entered promiscuous mode [ 637.313671][T24161] team_slave_0: entered promiscuous mode [ 637.316895][T24161] team_slave_1: entered promiscuous mode [ 637.321822][T24161] bridge0: port 4(team0) entered blocking state [ 637.325092][T24161] bridge0: port 4(team0) entered forwarding state [ 637.350754][T24166] netlink: 7 bytes leftover after parsing attributes in process `syz.5.7519'. [ 637.649587][T24191] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.7529'. [ 637.685278][T24193] bond0: entered promiscuous mode [ 637.687502][T24193] bond_slave_0: entered promiscuous mode [ 637.689605][T24193] bond_slave_1: entered promiscuous mode [ 637.695462][T24193] batadv0: entered promiscuous mode [ 637.699719][T24193] debugfs: 'hsr1' already exists in 'hsr' [ 637.701679][T24193] Cannot create hsr debugfs directory [ 637.703801][T24193] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 637.726934][T24193] netlink: 'syz.4.7530': attribute type 10 has an invalid length. [ 637.777430][ T5846] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 637.811259][T24193] bridge0: port 3(syz_tun) entered disabled state [ 637.817392][T24193] syz_tun: left allmulticast mode [ 637.820500][T24193] bridge0: port 3(syz_tun) entered disabled state [ 637.830037][T24193] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 637.932749][ T5846] usb 6-1: config 0 has no interfaces? [ 637.934805][ T5846] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 637.939815][ T5846] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.947779][ T5846] usb 6-1: config 0 descriptor?? [ 637.972860][T24198] overlayfs: failed to clone upperpath [ 638.095857][T24208] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7535'. [ 638.113157][T24208] netlink: 28 bytes leftover after parsing attributes in process `syz.5.7535'. [ 638.882247][ T41] audit: type=1326 audit(1778527253.947:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24256 comm="syz.4.7556" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x0 [ 639.843771][T24286] bridge5: entered promiscuous mode [ 639.846820][T24286] bridge5: entered allmulticast mode [ 639.851479][T24286] team0: Port device bridge5 added [ 639.864765][T24286] bridge0: port 3(team0) entered blocking state [ 639.868073][T24286] bridge0: port 3(team0) entered disabled state [ 639.870886][T24286] team0: entered allmulticast mode [ 639.873383][T24286] team_slave_1: entered allmulticast mode [ 639.876453][T24286] syz_tun: entered allmulticast mode [ 639.881360][T24286] team0: entered promiscuous mode [ 639.883509][T24286] team_slave_1: entered promiscuous mode [ 639.886017][T24286] syz_tun: entered promiscuous mode [ 640.448695][ T39] usb 6-1: USB disconnect, device number 64 [ 640.912615][T24343] __nla_validate_parse: 3 callbacks suppressed [ 640.912631][T24343] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7588'. [ 641.660339][T24356] fuse: Bad value for 'fd' [ 641.899709][T24367] netlink: 'syz.3.7595': attribute type 1 has an invalid length. [ 641.953198][T24367] bond3: entered promiscuous mode [ 641.957634][T24367] 8021q: adding VLAN 0 to HW filter on device bond3 [ 642.042109][T24367] 8021q: adding VLAN 0 to HW filter on device bond3 [ 642.045711][T24367] bond3: (slave vti0): The slave device specified does not support setting the MAC address [ 642.051709][T24367] bond3: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 642.070077][T24367] bond3: (slave vti0): making interface the new active one [ 642.073431][T24367] vti0: entered promiscuous mode [ 642.079257][T24367] bond3: (slave vti0): Enslaving as an active interface with an up link [ 642.176430][T24381] bond0: entered promiscuous mode [ 642.178011][T24383] netlink: 'syz.4.7605': attribute type 1 has an invalid length. [ 642.229337][T24387] netlink: 'syz.3.7604': attribute type 10 has an invalid length. [ 642.322672][T24381] bond0: left promiscuous mode [ 642.351215][T24383] 8021q: adding VLAN 0 to HW filter on device bond1 [ 642.357073][T24387] syz_tun: left allmulticast mode [ 642.359951][T24387] team0: Port device syz_tun removed [ 642.371127][T24388] bond1: (slave gretap1): making interface the new active one [ 642.374999][T24388] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 642.569209][T24401] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.7611'. [ 642.741891][T24415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7616'. [ 642.760025][T24419] bond0: entered promiscuous mode [ 642.761779][T24419] bond_slave_0: entered promiscuous mode [ 642.763759][T24419] bond_slave_1: entered promiscuous mode [ 642.766877][T24419] batadv0: entered promiscuous mode [ 642.769645][T24419] debugfs: 'hsr1' already exists in 'hsr' [ 642.771787][T24419] Cannot create hsr debugfs directory [ 642.774200][T24419] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 642.792202][T24419] netlink: 'syz.5.7618': attribute type 10 has an invalid length. [ 642.792364][ T41] audit: type=1326 audit(1778527257.857:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24422 comm="syz.3.7621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 642.802219][ T41] audit: type=1326 audit(1778527257.857:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24422 comm="syz.3.7621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 642.806294][T24419] bridge0: port 3(syz_tun) entered disabled state [ 642.809338][ T41] audit: type=1326 audit(1778527257.857:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24422 comm="syz.3.7621" exe="/syz-executor" sig=0 arch=40000003 syscall=186 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 642.814912][T24419] syz_tun: left allmulticast mode [ 642.818934][ T41] audit: type=1326 audit(1778527257.857:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24422 comm="syz.3.7621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 642.821557][T24419] bridge0: port 3(syz_tun) entered disabled state [ 642.830582][ T41] audit: type=1326 audit(1778527257.857:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24422 comm="syz.3.7621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 642.837899][ T41] audit: type=1326 audit(1778527257.857:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24422 comm="syz.3.7621" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 642.845732][ T41] audit: type=1326 audit(1778527257.857:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24422 comm="syz.3.7621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 642.848919][T24419] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 642.853613][ T41] audit: type=1326 audit(1778527257.857:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24422 comm="syz.3.7621" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 642.864066][ T41] audit: type=1326 audit(1778527257.857:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24422 comm="syz.3.7621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x7ffc0000 [ 642.920778][T24428] netlink: 'syz.5.7622': attribute type 4 has an invalid length. [ 642.923715][T24428] netlink: 156 bytes leftover after parsing attributes in process `syz.5.7622'. [ 642.928505][T24428] bond_slave_1: mtu greater than device maximum [ 643.124635][T24440] fuse: Bad value for 'fd' [ 643.563761][T24450] netlink: 'syz.1.7632': attribute type 4 has an invalid length. [ 643.566457][T24450] netlink: 156 bytes leftover after parsing attributes in process `syz.1.7632'. [ 643.857347][ C1] bridge0: port 1(syz_tun) entered forwarding state [ 643.860005][ C1] bridge0: topology change detected, propagating [ 643.886957][T24469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 643.950344][T24472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 644.356673][T24492] fuse: Bad value for 'fd' [ 644.473820][T24502] overlayfs: failed to clone upperpath [ 644.631522][T24513] overlayfs: failed to clone upperpath [ 644.724691][T24520] fuse: fd is not a fuse device [ 646.109169][T24568] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7688'. [ 646.494744][T24597] netlink: 'syz.3.7694': attribute type 4 has an invalid length. [ 646.870633][T24613] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7703'. [ 646.923911][T24622] overlayfs: failed to clone upperpath [ 647.574724][T24655] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7714'. [ 647.885624][T24683] overlayfs: failed to clone upperpath [ 648.370666][T24710] netlink: 'syz.5.7742': attribute type 5 has an invalid length. [ 649.544732][T24768] netlink: 212360 bytes leftover after parsing attributes in process `syz.5.7757'. [ 650.063469][T24805] VFS: Mount too revealing [ 650.451596][T24829] netlink: 7 bytes leftover after parsing attributes in process `syz.1.7777'. [ 650.795170][T24841] netlink: 'syz.1.7782': attribute type 2 has an invalid length. [ 652.006990][T24890] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7797'. [ 652.010906][T24890] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7797'. [ 652.150869][T24900] syz.5.7801: vmalloc error: size 2147479872, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz5,mems_allowed=0-1 [ 652.158857][T24900] CPU: 3 UID: 0 PID: 24900 Comm: syz.5.7801 Tainted: G L syzkaller #0 PREEMPT(full) [ 652.158891][T24900] Tainted: [L]=SOFTLOCKUP [ 652.158898][T24900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 652.158910][T24900] Call Trace: [ 652.158918][T24900] [ 652.158926][T24900] dump_stack_lvl+0x100/0x190 [ 652.158956][T24900] warn_alloc.cold+0x95/0x1c1 [ 652.158977][T24900] ? __pfx_warn_alloc+0x10/0x10 [ 652.159018][T24900] ? __lock_acquire+0x4a5/0x2630 [ 652.159040][T24900] ? __lock_acquire+0x4a5/0x2630 [ 652.159067][T24900] __vmalloc_node_range_noprof+0x136c/0x1630 [ 652.159094][T24900] ? reacquire_held_locks+0xce/0x1e0 [ 652.159119][T24900] ? release_sock+0x21/0x280 [ 652.159142][T24900] ? do_raw_spin_lock+0x128/0x260 [ 652.159169][T24900] ? netlink_alloc_large_skb+0x9b/0x150 [ 652.159201][T24900] ? alloc_pages_mpol+0x25a/0x540 [ 652.159228][T24900] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 652.159260][T24900] ? rcu_is_watching+0x12/0xc0 [ 652.159290][T24900] __kvmalloc_node_noprof+0x3de/0xa00 [ 652.159310][T24900] ? netlink_alloc_large_skb+0x9b/0x150 [ 652.159336][T24900] ? netlink_alloc_large_skb+0x9b/0x150 [ 652.159371][T24900] netlink_alloc_large_skb+0x9b/0x150 [ 652.159400][T24900] netlink_sendmsg+0x680/0xda0 [ 652.159431][T24900] ? __pfx_netlink_sendmsg+0x10/0x10 [ 652.159463][T24900] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 652.159498][T24900] sock_write_iter+0x524/0x5a0 [ 652.159524][T24900] ? __pfx_netlink_sendmsg+0x10/0x10 [ 652.159551][T24900] ? __pfx_sock_write_iter+0x10/0x10 [ 652.159576][T24900] ? futex_hash+0x141/0x370 [ 652.159605][T24900] ? bpf_lsm_file_permission+0x9/0x10 [ 652.159625][T24900] ? security_file_permission+0x76/0x210 [ 652.159650][T24900] ? rw_verify_area+0xce/0x6d0 [ 652.159673][T24900] vfs_write+0x6ac/0x1070 [ 652.159694][T24900] ? __pfx_sock_write_iter+0x10/0x10 [ 652.159719][T24900] ? __pfx_vfs_write+0x10/0x10 [ 652.159736][T24900] ? find_held_lock+0x2b/0x80 [ 652.159772][T24900] ksys_write+0x1f8/0x250 [ 652.159790][T24900] ? __pfx_ksys_write+0x10/0x10 [ 652.159811][T24900] ? rcu_is_watching+0x12/0xc0 [ 652.159834][T24900] __do_fast_syscall_32+0xe7/0x950 [ 652.159863][T24900] do_fast_syscall_32+0x32/0x70 [ 652.159891][T24900] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 652.159918][T24900] RIP: 0023:0xf7f05fcc [ 652.159933][T24900] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 652.159949][T24900] RSP: 002b:00000000f53c650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 652.159966][T24900] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000280 [ 652.159977][T24900] RDX: 00000000ffffff03 RSI: 0000000000000000 RDI: 0000000000000000 [ 652.159988][T24900] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 652.159996][T24900] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 652.160006][T24900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 652.160028][T24900] [ 652.160036][T24900] Mem-Info: [ 652.288320][T24900] active_anon:2143 inactive_anon:832 isolated_anon:0 [ 652.288320][T24900] active_file:1752 inactive_file:20546 isolated_file:0 [ 652.288320][T24900] unevictable:1768 dirty:226 writeback:0 [ 652.288320][T24900] slab_reclaimable:6429 slab_unreclaimable:80644 [ 652.288320][T24900] mapped:22381 shmem:2989 pagetables:2113 [ 652.288320][T24900] sec_pagetables:320 bounce:0 [ 652.288320][T24900] kernel_misc_reclaimable:0 [ 652.288320][T24900] free:49804 free_pcp:2045 free_cma:0 [ 652.307897][T24900] Node 0 active_anon:172kB inactive_anon:92kB active_file:36kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:2108kB dirty:0kB writeback:0kB shmem:3548kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8704kB pagetables:1792kB sec_pagetables:1144kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 652.323803][T24900] Node 1 active_anon:8500kB inactive_anon:3236kB active_file:6972kB inactive_file:81980kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:87416kB dirty:904kB writeback:0kB shmem:8408kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7408kB pagetables:6760kB sec_pagetables:136kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 652.339074][T24900] Node 0 DMA free:3992kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 652.352119][T24900] lowmem_reserve[]: 0 285 285 285 285 [ 652.353876][T24900] Node 0 DMA32 free:26588kB boost:10240kB min:23328kB low:26600kB high:29872kB reserved_highatomic:0KB free_highatomic:0KB active_anon:172kB inactive_anon:92kB active_file:36kB inactive_file:204kB unevictable:3536kB writepending:0kB zspages:1884kB present:1032196kB managed:292572kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 652.365666][T24900] lowmem_reserve[]: 0 0 0 0 0 [ 652.367818][T24900] Node 1 DMA32 free:168636kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8500kB inactive_anon:3236kB active_file:6972kB inactive_file:81980kB unevictable:3536kB writepending:904kB zspages:5952kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:9188kB local_pcp:2472kB free_cma:0kB [ 652.381402][T24900] lowmem_reserve[]: 0 0 0 0 0 [ 652.383798][T24900] Node 0 DMA: 182*4kB (UM) 54*8kB (UM) 25*16kB (UM) 28*32kB (UM) 14*64kB (UM) 3*128kB (M) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3992kB [ 652.388927][T24900] Node 0 DMA32: 835*4kB (UME) 369*8kB (UME) 141*16kB (UME) 171*32kB (UME) 38*64kB (UME) 20*128kB (UME) 6*256kB (UME) 8*512kB (UME) 2*1024kB (U) 0*2048kB 0*4096kB = 26692kB [ 652.394520][T24900] Node 1 DMA32: 2467*4kB (UME) 4478*8kB (UME) 3746*16kB (UME) 217*32kB (UME) 170*64kB (UME) 86*128kB (UME) 49*256kB (UME) 34*512kB (UME) 4*1024kB (M) 0*2048kB 0*4096kB = 168508kB [ 652.401278][T24900] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 652.404410][T24900] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 652.407537][T24900] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 652.410611][T24900] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 652.413623][T24900] 26128 total pagecache pages [ 652.415217][T24900] 884 pages in swap cache [ 652.416955][T24900] Free swap = 40072kB [ 652.420338][T24900] Total swap = 124996kB [ 652.422332][T24900] 524155 pages RAM [ 652.424420][T24900] 0 pages HighMem/MovableOnly [ 652.426899][T24900] 210119 pages reserved [ 652.428399][T24900] 0 pages cma reserved [ 652.842386][T24927] 9p: Bad value for 'rfdno' [ 652.974219][T24931] bridge0: port 1(bridge_slave_0) entered disabled state [ 653.105145][T24931] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 653.236428][T24931] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 653.365113][ T12] Bluetooth: (null): Invalid header checksum [ 653.419443][ T1242] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.423331][ T1242] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.429882][ T1242] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.436932][ T1242] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.633844][T24958] fuse: Bad value for 'fd' [ 654.009152][T24974] netlink: 'syz.4.7828': attribute type 2 has an invalid length. [ 655.104808][T25027] netlink: 'syz.3.7843': attribute type 2 has an invalid length. [ 655.412883][T25040] bridge0: port 4(team0) entered disabled state [ 655.415882][T25040] bridge0: port 2(bridge_slave_1) entered disabled state [ 655.419567][T25040] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.543903][T25040] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 655.555957][T25040] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 655.656927][T25040] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 655.746776][T25041] batman_adv: batadv0: Adding interface: dummy0 [ 655.749466][T25041] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 655.768593][T25041] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 655.803171][ T42] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 655.811782][ T42] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.817282][ T42] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 655.821158][ T42] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.827419][ T42] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 655.846856][ T42] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.854616][ T42] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 655.859302][ T42] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.700006][T25084] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 657.064272][T14174] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 657.068275][T14174] CPU: 2 UID: 0 PID: 14174 Comm: kworker/u33:30 Tainted: G L syzkaller #0 PREEMPT(full) [ 657.068300][T14174] Tainted: [L]=SOFTLOCKUP [ 657.068305][T14174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 657.068313][T14174] Workqueue: hci2 hci_rx_work [ 657.068334][T14174] Call Trace: [ 657.068339][T14174] [ 657.068344][T14174] dump_stack_lvl+0x100/0x190 [ 657.068359][T14174] sysfs_warn_dup.cold+0x1c/0x28 [ 657.068377][T14174] sysfs_create_dir_ns+0x24b/0x2b0 [ 657.068394][T14174] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 657.068405][T14174] ? find_held_lock+0x2b/0x80 [ 657.068421][T14174] ? kobject_add_internal+0x25f/0x930 [ 657.068435][T14174] ? kobject_add_internal+0x25f/0x930 [ 657.068449][T14174] ? do_raw_spin_unlock+0x145/0x1e0 [ 657.068464][T14174] kobject_add_internal+0x2c8/0x930 [ 657.068483][T14174] kobject_add+0x16a/0x1e0 [ 657.068495][T14174] ? __pfx_kobject_add+0x10/0x10 [ 657.068506][T14174] ? class_to_subsys+0x10f/0x150 [ 657.068527][T14174] ? kobject_put+0xb9/0x640 [ 657.068537][T14174] ? _raw_spin_unlock+0x28/0x50 [ 657.068555][T14174] device_add+0x294/0x1950 [ 657.068572][T14174] ? __pfx_dev_set_name+0x10/0x10 [ 657.068589][T14174] ? __pfx_device_add+0x10/0x10 [ 657.068603][T14174] ? mgmt_send_event_skb+0x2fb/0x460 [ 657.068624][T14174] hci_conn_add_sysfs+0x1a3/0x260 [ 657.068642][T14174] le_conn_complete_evt+0x11eb/0x1f60 [ 657.068665][T14174] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 657.068684][T14174] hci_le_conn_complete_evt+0x23c/0x3a0 [ 657.068701][T14174] ? skb_pull_data+0x15f/0x1e0 [ 657.068718][T14174] hci_le_meta_evt+0x34a/0x5f0 [ 657.068737][T14174] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 657.068755][T14174] hci_event_packet+0x51c/0xcd0 [ 657.068770][T14174] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 657.068788][T14174] ? __pfx_hci_event_packet+0x10/0x10 [ 657.068805][T14174] ? kcov_remote_start+0x374/0x660 [ 657.068821][T14174] ? lockdep_hardirqs_on+0x78/0x100 [ 657.068840][T14174] hci_rx_work+0x451/0xfc0 [ 657.068862][T14174] process_one_work+0xa0e/0x1980 [ 657.068880][T14174] ? __pfx_process_one_work+0x10/0x10 [ 657.068922][T14174] ? __pfx_hci_rx_work+0x10/0x10 [ 657.068943][T14174] worker_thread+0x5ef/0xe50 [ 657.068962][T14174] ? kthread+0x13a/0x450 [ 657.068977][T14174] ? __pfx_worker_thread+0x10/0x10 [ 657.068989][T14174] kthread+0x370/0x450 [ 657.068999][T14174] ? __pfx_kthread+0x10/0x10 [ 657.069010][T14174] ret_from_fork+0x72b/0xd50 [ 657.069024][T14174] ? __pfx_ret_from_fork+0x10/0x10 [ 657.069039][T14174] ? __switch_to+0x800/0x1100 [ 657.069056][T14174] ? __pfx_kthread+0x10/0x10 [ 657.069069][T14174] ret_from_fork_asm+0x1a/0x30 [ 657.069104][T14174] [ 657.069183][T14174] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 657.190951][T14174] Bluetooth: hci2: failed to register connection device [ 657.327269][T16013] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 657.497574][T16013] usb 6-1: Using ep0 maxpacket: 16 [ 657.502513][T16013] usb 6-1: config 0 has no interfaces? [ 657.506849][T16013] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 657.511358][T16013] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.514860][T16013] usb 6-1: Product: syz [ 657.517002][T16013] usb 6-1: Manufacturer: syz [ 657.519940][T16013] usb 6-1: SerialNumber: syz [ 657.526331][T16013] usb 6-1: config 0 descriptor?? [ 657.746430][ T40] usb 6-1: USB disconnect, device number 65 [ 658.286280][T25123] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.7883'. [ 658.289108][T25125] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7889'. [ 658.451402][T25127] bridge0: port 1(syz_tun) entered disabled state [ 658.781529][T25127] dummy0: left allmulticast mode [ 658.844151][T25127] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 658.887985][ T12] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 658.891609][ T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.897743][ T12] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 658.902743][ T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.907193][ T12] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 658.910130][ T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.194835][T25158] tipc: Enabled bearer , priority 10 [ 659.206036][T25158] tipc: Enabling of bearer rejected, failed to enable media [ 660.312199][T23920] tipc: Node number set to 2886997057 [ 660.403679][T25218] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7916'. [ 660.514166][T25230] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 660.519339][T25230] tipc: Enabled bearer , priority 10 [ 660.647337][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 660.718918][T25252] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7929'. [ 660.737259][T25252] netlink: 'syz.3.7929': attribute type 7 has an invalid length. [ 660.747150][T25252] netlink: 'syz.3.7929': attribute type 8 has an invalid length. [ 660.757189][T25252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7929'. [ 660.917159][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 661.106846][T25293] overlayfs: failed to clone upperpath [ 661.131997][T25296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7952'. [ 661.457130][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 662.119642][T25348] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7973'. [ 662.155801][T25350] overlayfs: failed to clone upperpath [ 662.204972][T25354] netlink: 'syz.4.7976': attribute type 1 has an invalid length. [ 662.221480][T25354] 8021q: adding VLAN 0 to HW filter on device bond2 [ 662.230164][T25354] erspan0: entered allmulticast mode [ 662.239053][T25354] bond2: (slave erspan0): making interface the new active one [ 662.242619][T25354] bond2: (slave erspan0): Enslaving as an active interface with an up link [ 662.497200][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 662.742210][T25383] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 662.745687][T25383] overlayfs: failed to set xattr on upper [ 662.750484][T25383] overlayfs: ...falling back to redirect_dir=nofollow. [ 662.754839][T25383] overlayfs: ...falling back to index=off. [ 662.822181][T25389] overlayfs: failed to clone upperpath [ 662.890668][T25393] fuse: Bad value for 'fd' [ 663.547157][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 664.239305][T25436] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8008'. [ 664.282323][T25440] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8010'. [ 664.288346][T25440] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8010'. [ 664.356582][T25443] "syz.4.8012" (25443) uses obsolete ecb(arc4) skcipher [ 664.577179][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 665.363804][T25485] netlink: 'syz.4.8028': attribute type 1 has an invalid length. [ 665.380984][T25485] bond3: entered promiscuous mode [ 665.383940][T25485] 8021q: adding VLAN 0 to HW filter on device bond3 [ 665.424392][T25485] 8021q: adding VLAN 0 to HW filter on device bond3 [ 665.427414][T25485] bond3: (slave vcan1): The slave device specified does not support setting the MAC address [ 665.430783][T25485] bond3: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 665.436449][T25485] bond3: (slave vcan1): making interface the new active one [ 665.439605][T25485] vcan1: entered promiscuous mode [ 665.443066][T25485] bond3: (slave vcan1): Enslaving as an active interface with an up link [ 665.617299][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 665.647371][T25494] netlink: set zone limit has 4 unknown bytes [ 665.689418][T25496] fuse: fd is not a fuse device [ 665.882144][T25503] overlayfs: failed to clone upperpath [ 666.657138][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 666.945563][T25547] fuse: Bad value for 'fd' [ 667.707242][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 668.089899][T25590] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8074'. [ 668.093641][T25591] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8073'. [ 668.130130][T25591] bond0: (slave syz_tun): Releasing backup interface [ 668.200341][T25597] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8077'. [ 668.412761][T25610] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 668.725475][T25628] netlink: 9 bytes leftover after parsing attributes in process `syz.1.8098'. [ 668.730710][T25628] netlink: 9 bytes leftover after parsing attributes in process `syz.1.8098'. [ 668.737163][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 668.875032][T25632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8091'. [ 669.140932][T25648] netlink: 'syz.4.8096': attribute type 1 has an invalid length. [ 669.158648][T25648] 8021q: adding VLAN 0 to HW filter on device bond4 [ 669.787191][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 670.539848][T25687] overlayfs: failed to resolve './cgroup': -2 [ 670.628743][T25693] netlink: set zone limit has 4 unknown bytes [ 670.817180][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 671.318302][T25716] netlink: 'syz.5.8124': attribute type 10 has an invalid length. [ 671.326252][T25716] team0: Failed to send options change via netlink (err -105) [ 671.337235][T25716] team0: Port device dummy0 added [ 671.341159][T25716] netlink: 'syz.5.8124': attribute type 10 has an invalid length. [ 671.344395][T25716] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 671.351070][T25716] team0: Failed to send options change via netlink (err -105) [ 671.353653][T25716] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 671.356624][T25716] team0: Port device dummy0 removed [ 671.359914][T25716] dummy0: entered promiscuous mode [ 671.362613][T25716] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 671.467347][T25732] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8134'. [ 671.858935][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 671.989583][T25754] netlink: 'syz.3.8143': attribute type 1 has an invalid length. [ 672.023647][T25754] bond4: (slave geneve2): making interface the new active one [ 672.026456][T25754] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 672.030555][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0 [ 672.034165][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0 [ 672.037755][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0 [ 672.041178][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0 [ 672.152188][T25761] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 672.155900][T25761] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8146'. [ 672.370335][T25772] 9p: Bad value for 'rfdno' [ 672.797437][T25796] tipc: Started in network mode [ 672.799543][T25796] tipc: Node identity ac1414aa, cluster identity 4711 [ 672.803110][T25796] tipc: Enabled bearer , priority 10 [ 672.897295][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 673.505829][T25812] fuse: fd is not a fuse device [ 673.798322][ T29] tipc: Node number set to 2886997162 [ 673.937469][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 673.970266][T25835] netlink: 52 bytes leftover after parsing attributes in process `syz.4.8175'. [ 674.440302][ T41] kauditd_printk_skb: 5740 callbacks suppressed [ 674.440317][ T41] audit: type=1804 audit(1778527289.507:6875): pid=25883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.8193" name="file0" dev="tmpfs" ino=2143 res=1 errno=0 [ 674.539990][T25890] fuse: Bad value for 'fd' [ 674.573083][T25896] fuse: fd is not a fuse device [ 674.977175][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 675.137315][T25137] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 675.290541][T25137] usb 6-1: config index 0 descriptor too short (expected 1572, got 36) [ 675.294448][T25137] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 675.301971][T25137] usb 6-1: New USB device found, idVendor=05ac, idProduct=0238, bcdDevice= 0.40 [ 675.306180][T25137] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.312102][T25137] usb 6-1: Product: syz [ 675.313849][T25137] usb 6-1: Manufacturer: syz [ 675.315625][T25137] usb 6-1: SerialNumber: syz [ 675.326602][T25137] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/input/input78 [ 675.529126][T25137] bcm5974 6-1:1.0: could not read from device [ 675.548216][ T5131] bcm5974 6-1:1.0: could not read from device [ 675.565799][T25137] input: failed to attach handler mousedev to device input78, error: -5 [ 675.582520][T25137] usb 6-1: USB disconnect, device number 66 [ 675.597006][ T5131] bcm5974 6-1:1.0: could not read from device [ 676.027115][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 676.286422][T25937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8214'. [ 676.482537][T25939] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8215'. [ 676.499479][T25939] hsr_slave_1 (unregistering): left promiscuous mode [ 676.620458][T25942] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8216'. [ 676.639383][T25946] bond3: entered allmulticast mode [ 676.641116][T25946] vcan1: entered allmulticast mode [ 676.645026][T25945] bond3: left allmulticast mode [ 676.650958][T25945] vcan1: left allmulticast mode [ 677.057269][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 677.065926][ T41] audit: type=1326 audit(1778527292.127:6876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25972 comm="syz.3.8228" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f63fcc code=0x0 [ 677.246853][T25980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8231'. [ 678.107152][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 678.906071][ T41] audit: type=1326 audit(1778527293.967:6877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26012 comm="syz.4.8243" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x0 [ 679.137171][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 679.388895][T26041] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8255'. [ 679.448826][T26046] gtp4: entered promiscuous mode [ 679.460842][T26046] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8257'. [ 680.177186][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 680.270381][T26068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8266'. [ 680.636131][T26087] overlayfs: failed to clone upperpath [ 681.020319][T26098] overlayfs: failed to clone upperpath [ 681.112060][T26100] netlink: 'syz.3.8280': attribute type 8 has an invalid length. [ 681.114672][T26100] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8280'. [ 681.119023][T26100] netlink: 'syz.3.8280': attribute type 8 has an invalid length. [ 681.121634][T26100] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8280'. [ 681.133029][T26104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8281'. [ 681.227173][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 681.447777][T26121] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8288'. [ 681.465351][T26121] macvtap0: entered promiscuous mode [ 681.468910][T26121] erspan0: entered promiscuous mode [ 681.472184][T26121] macvtap0: entered allmulticast mode [ 681.476284][T26121] erspan0: entered allmulticast mode [ 681.489276][T26121] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8288'. [ 681.616630][T26132] fuse: fd is not a fuse device [ 681.805586][T26149] all: renamed from bridge_slave_0 [ 682.267192][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 682.380215][T26177] all: renamed from bridge_slave_0 [ 682.403459][T26181] sit0: entered promiscuous mode [ 682.405932][T26181] netlink: 'syz.5.8313': attribute type 1 has an invalid length. [ 682.413368][T26181] netlink: 1 bytes leftover after parsing attributes in process `syz.5.8313'. [ 682.629364][T26205] netlink: 'syz.1.8321': attribute type 1 has an invalid length. [ 682.632866][T26205] netlink: 'syz.1.8321': attribute type 4 has an invalid length. [ 682.636227][T26205] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.8321'. [ 682.703525][T26208] netlink: 'syz.1.8323': attribute type 12 has an invalid length. [ 682.891518][T26222] overlayfs: failed to clone upperpath [ 683.192840][T26238] sit0: entered promiscuous mode [ 683.194607][T26238] netlink: 'syz.3.8335': attribute type 1 has an invalid length. [ 683.197201][T26238] netlink: 1 bytes leftover after parsing attributes in process `syz.3.8335'. [ 683.297190][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 683.394532][T26255] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8342'. [ 683.455204][T26261] netlink: 'syz.3.8345': attribute type 1 has an invalid length. [ 683.458060][T26261] netlink: 'syz.3.8345': attribute type 4 has an invalid length. [ 683.461475][T26261] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.8345'. [ 683.600086][T26278] fuse: Bad value for 'fd' [ 684.152251][T26311] fuse: fd is not a fuse device [ 684.337290][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 684.412196][T26318] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8368'. [ 684.430040][T26318] macvtap1: entered promiscuous mode [ 684.432001][T26318] macvtap1: entered allmulticast mode [ 684.562401][T26325] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8371'. [ 684.566923][T26325] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8371'. [ 684.619459][T26327] Failed to get privilege flags for destination (handle=0x0:0x0) [ 685.371869][T26360] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8386'. [ 685.377229][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 685.501460][T26366] 9p: Bad value for 'rfdno' [ 685.941784][ T41] audit: type=1804 audit(1778527301.007:6878): pid=26388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.8398" name="file1" dev="ramfs" ino=110194 res=1 errno=0 [ 685.945664][T26391] ip6erspan0: entered allmulticast mode [ 686.070539][T26403] netlink: 'syz.3.8404': attribute type 12 has an invalid length. [ 686.151629][T26412] netlink: 'syz.4.8408': attribute type 1 has an invalid length. [ 686.166436][T26412] bond5: entered promiscuous mode [ 686.168315][T26412] bond5: entered allmulticast mode [ 686.172330][T26412] 8021q: adding VLAN 0 to HW filter on device bond5 [ 686.196525][T26412] erspan1: entered allmulticast mode [ 686.205473][T26412] bond5: (slave erspan1): making interface the new active one [ 686.208578][T26412] erspan1: entered promiscuous mode [ 686.211934][T26412] [ 686.212798][T26412] ============================================ [ 686.214833][T26412] WARNING: possible recursive locking detected [ 686.216809][T26412] syzkaller #0 Tainted: G L [ 686.219006][T26412] -------------------------------------------- [ 686.221110][T26412] syz.4.8408/26412 is trying to acquire lock: [ 686.223021][T26412] ffff8880727a2158 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}, at: sch_direct_xmit+0x3b5/0xc60 [ 686.226122][T26412] [ 686.226122][T26412] but task is already holding lock: [ 686.228466][T26412] ffff8880222fe958 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}, at: sch_direct_xmit+0x3b5/0xc60 [ 686.231513][T26412] [ 686.231513][T26412] other info that might help us debug this: [ 686.233981][T26412] Possible unsafe locking scenario: [ 686.233981][T26412] [ 686.236331][T26412] CPU0 [ 686.237409][T26412] ---- [ 686.238577][T26412] lock(&qdisc_xmit_lock_key#3); [ 686.240183][T26412] lock(&qdisc_xmit_lock_key#3); [ 686.241847][T26412] [ 686.241847][T26412] *** DEADLOCK *** [ 686.241847][T26412] [ 686.244387][T26412] May be due to missing lock nesting notation [ 686.244387][T26412] [ 686.247006][T26412] 10 locks held by syz.4.8408/26412: [ 686.248720][T26412] #0: ffffffff90d99888 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x113/0x2c0 [ 686.251815][T26412] #1: ffffffff9060f0a0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8bb/0x2380 [ 686.254684][T26412] #2: ffffffff8e7e5280 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x296/0x4950 [ 686.257752][T26412] #3: ffff888077b61228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#5){+...}-{3:3}, at: __dev_queue_xmit+0x24ef/0x4950 [ 686.262812][T26412] #4: ffff8880222fe958 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}, at: sch_direct_xmit+0x3b5/0xc60 [ 686.266537][T26412] #5: ffffffff8e7e52e0 (rcu_read_lock){....}-{1:3}, at: ip_output+0xb3/0xc10 [ 686.269801][T26412] #6: ffffffff8e7e52e0 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x356/0x2400 [ 686.273504][T26412] #7: ffffffff8e7e52e0 (rcu_read_lock){....}-{1:3}, at: arp_xmit+0x26/0x2e0 [ 686.277257][T26412] #8: ffffffff8e7e5280 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x296/0x4950 [ 686.281438][T26412] #9: ffff88806b69b228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#5){+...}-{3:3}, at: __dev_queue_xmit+0x24ef/0x4950 [ 686.286816][T26412] [ 686.286816][T26412] stack backtrace: [ 686.289339][T26412] CPU: 3 UID: 0 PID: 26412 Comm: syz.4.8408 Tainted: G L syzkaller #0 PREEMPT(full) [ 686.289369][T26412] Tainted: [L]=SOFTLOCKUP [ 686.289377][T26412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 686.289388][T26412] Call Trace: [ 686.289394][T26412] [ 686.289402][T26412] dump_stack_lvl+0x100/0x190 [ 686.289424][T26412] print_deadlock_bug.cold+0xbd/0xca [ 686.289452][T26412] __lock_acquire+0x12bb/0x2630 [ 686.289472][T26412] ? kmalloc_reserve+0x148/0x350 [ 686.289498][T26412] lock_acquire+0x1b1/0x370 [ 686.289516][T26412] ? sch_direct_xmit+0x3b5/0xc60 [ 686.289549][T26412] _raw_spin_lock+0x2e/0x40 [ 686.289574][T26412] ? sch_direct_xmit+0x3b5/0xc60 [ 686.289595][T26412] sch_direct_xmit+0x3b5/0xc60 [ 686.289620][T26412] ? lock_acquire+0x1b1/0x370 [ 686.289638][T26412] ? __pfx_sch_direct_xmit+0x10/0x10 [ 686.289658][T26412] ? __pfx_do_raw_spin_trylock+0x10/0x10 [ 686.289680][T26412] __dev_queue_xmit+0x2794/0x4950 [ 686.289706][T26412] ? __pfx_arpt_do_table+0x10/0x10 [ 686.289728][T26412] ? __pfx___dev_queue_xmit+0x10/0x10 [ 686.289752][T26412] ? lock_acquire+0xc0/0x370 [ 686.289767][T26412] ? find_held_lock+0x2b/0x80 [ 686.289787][T26412] ? nf_hook.constprop.0+0x2f0/0x760 [ 686.289804][T26412] ? nf_hook.constprop.0+0x2f0/0x760 [ 686.289824][T26412] ? nf_hook.constprop.0+0x2fa/0x760 [ 686.289842][T26412] ? __pfx_arp_xmit_finish+0x10/0x10 [ 686.289878][T26412] arp_xmit+0x106/0x2e0 [ 686.289896][T26412] arp_send_dst+0x200/0x280 [ 686.289912][T26412] arp_solicit+0x672/0x1070 [ 686.289928][T26412] ? rcu_is_watching+0x12/0xc0 [ 686.289948][T26412] ? __pfx_arp_solicit+0x10/0x10 [ 686.289965][T26412] ? neigh_probe+0x72/0x110 [ 686.289986][T26412] ? __pfx_arp_solicit+0x10/0x10 [ 686.290003][T26412] neigh_probe+0xce/0x110 [ 686.290022][T26412] __neigh_event_send+0xacf/0x13f0 [ 686.290050][T26412] neigh_resolve_output+0x550/0x8f0 [ 686.290079][T26412] ip_finish_output2+0x851/0x2400 [ 686.290109][T26412] ? __pfx_ip_finish_output2+0x10/0x10 [ 686.290136][T26412] ? __pfx_ip_dst_mtu_maybe_forward+0x10/0x10 [ 686.290164][T26412] ? nf_nat_ipv4_out+0xb2/0x510 [ 686.290185][T26412] ? find_held_lock+0x2b/0x80 [ 686.290210][T26412] __ip_finish_output.part.0+0x444/0x6f0 [ 686.290238][T26412] ip_output+0x39b/0xc10 [ 686.290265][T26412] ? __pfx_ip_output+0x10/0x10 [ 686.290289][T26412] ? __pfx_get_random_u32+0x10/0x10 [ 686.290313][T26412] ? __pfx_ip_finish_output+0x10/0x10 [ 686.290342][T26412] ? __pfx_ip_output+0x10/0x10 [ 686.290369][T26412] ip_local_out+0x193/0x1f0 [ 686.290396][T26412] iptunnel_xmit+0x722/0xd20 [ 686.290420][T26412] ip_tunnel_xmit+0x1b85/0x3200 [ 686.290453][T26412] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 686.290479][T26412] ? mark_held_locks+0x40/0x70 [ 686.290496][T26412] ? kasan_quarantine_put+0x8f/0x240 [ 686.290516][T26412] ? lockdep_hardirqs_on+0x78/0x100 [ 686.290557][T26412] __gre_xmit+0x820/0xb20 [ 686.290583][T26412] ? __pfx___gre_xmit+0x10/0x10 [ 686.290609][T26412] ? __pfx_pskb_expand_head+0x10/0x10 [ 686.290637][T26412] erspan_xmit+0x55a/0x1ec0 [ 686.290665][T26412] ? __pfx_erspan_xmit+0x10/0x10 [ 686.290692][T26412] ? rcu_lockdep_current_cpu_online+0x30/0x150 [ 686.290719][T26412] dev_hard_start_xmit+0x128/0x7a0 [ 686.290750][T26412] sch_direct_xmit+0x1b2/0xc60 [ 686.290775][T26412] ? lock_acquire+0x1b1/0x370 [ 686.290793][T26412] ? __pfx_sch_direct_xmit+0x10/0x10 [ 686.290815][T26412] ? __pfx_do_raw_spin_trylock+0x10/0x10 [ 686.290841][T26412] __dev_queue_xmit+0x2794/0x4950 [ 686.290871][T26412] ? rcu_is_watching+0x12/0xc0 [ 686.290894][T26412] ? __pfx___dev_queue_xmit+0x10/0x10 [ 686.290920][T26412] ? __kasan_slab_alloc+0x89/0x90 [ 686.290942][T26412] ? __kasan_slab_alloc+0x30/0x90 [ 686.290964][T26412] ? kmalloc_reserve+0xf9/0x350 [ 686.290990][T26412] ? __asan_memset+0x23/0x50 [ 686.291016][T26412] ? __alloc_skb+0x4e9/0x710 [ 686.291040][T26412] ? __netdev_alloc_skb+0x10d/0x960 [ 686.291062][T26412] alb_send_lp_vid+0x31e/0x540 [ 686.291085][T26412] ? __pfx_alb_send_lp_vid+0x10/0x10 [ 686.291113][T26412] alb_send_learning_packets+0xe0/0x2f0 [ 686.291149][T26412] ? __pfx_alb_send_learning_packets+0x10/0x10 [ 686.291178][T26412] ? __pfx_alb_swap_mac_addr+0x10/0x10 [ 686.291204][T26412] alb_fasten_mac_swap+0x47f/0xa90 [ 686.291231][T26412] bond_alb_handle_active_change+0x634/0x10b0 [ 686.291260][T26412] ? __pfx_bond_alb_handle_active_change+0x10/0x10 [ 686.291287][T26412] ? __hw_addr_add_ex+0x4df/0x650 [ 686.291315][T26412] ? dev_mc_sync+0x119/0x180 [ 686.291345][T26412] ? __local_bh_enable_ip+0x9e/0x120 [ 686.291373][T26412] bond_change_active_slave+0x160c/0x2ee0 [ 686.291402][T26412] ? static_key_slow_inc_cpuslocked+0xd2/0x120 [ 686.291430][T26412] ? __pfx_bond_change_active_slave+0x10/0x10 [ 686.291461][T26412] bond_select_active_slave+0x3f5/0xca0 [ 686.291491][T26412] ? __pfx_bond_select_active_slave+0x10/0x10 [ 686.291519][T26412] ? find_held_lock+0x2b/0x80 [ 686.291572][T26412] bond_enslave+0x4290/0x5940 [ 686.291608][T26412] ? __pfx_bond_enslave+0x10/0x10 [ 686.291641][T26412] ? nlmsg_notify+0xdc/0x290 [ 686.291669][T26412] ? rtmsg_ifinfo+0x70/0x1b0 [ 686.291697][T26412] ? __pfx___dev_change_flags+0x10/0x10 [ 686.291719][T26412] ? __pfx_bond_enslave+0x10/0x10 [ 686.291746][T26412] do_set_master+0x40f/0x730 [ 686.291765][T26412] ? rtnl_configure_link+0xd0/0x280 [ 686.291795][T26412] rtnl_newlink+0x15c7/0x2380 [ 686.291820][T26412] ? __pfx_rtnl_newlink+0x10/0x10 [ 686.291842][T26412] ? kernel_text_address+0x8d/0x100 [ 686.291862][T26412] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 686.291888][T26412] ? __kernel_text_address+0xd/0x30 [ 686.291916][T26412] ? stack_depot_save_flags+0x27/0x9d0 [ 686.291939][T26412] ? stack_trace_save+0x8e/0xc0 [ 686.291967][T26412] ? find_held_lock+0x2b/0x80 [ 686.291991][T26412] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 686.292012][T26412] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 686.292034][T26412] ? __pfx_rtnl_newlink+0x10/0x10 [ 686.292056][T26412] rtnetlink_rcv_msg+0x95e/0xe90 [ 686.292079][T26412] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 686.292103][T26412] ? __lock_acquire+0x4a5/0x2630 [ 686.292124][T26412] netlink_rcv_skb+0x159/0x420 [ 686.292149][T26412] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 686.292173][T26412] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 686.292203][T26412] ? netlink_deliver_tap+0x1ae/0xcc0 [ 686.292230][T26412] netlink_unicast+0x585/0x850 [ 686.292256][T26412] ? __pfx_netlink_unicast+0x10/0x10 [ 686.292284][T26412] netlink_sendmsg+0x8b0/0xda0 [ 686.292311][T26412] ? __pfx_netlink_sendmsg+0x10/0x10 [ 686.292339][T26412] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 686.292369][T26412] ____sys_sendmsg+0x9e1/0xb70 [ 686.292395][T26412] ? __pfx_netlink_sendmsg+0x10/0x10 [ 686.292421][T26412] ? __pfx_____sys_sendmsg+0x10/0x10 [ 686.292445][T26412] ? __pfx___futex_wait+0x10/0x10 [ 686.292471][T26412] ? __pfx_futex_wake_mark+0x10/0x10 [ 686.292498][T26412] ___sys_sendmsg+0x190/0x1e0 [ 686.292524][T26412] ? __pfx____sys_sendmsg+0x10/0x10 [ 686.292561][T26412] ? find_held_lock+0x2b/0x80 [ 686.292592][T26412] __sys_sendmsg+0x170/0x220 [ 686.292613][T26412] ? __pfx___sys_sendmsg+0x10/0x10 [ 686.292638][T26412] ? rcu_is_watching+0x12/0xc0 [ 686.292662][T26412] __do_fast_syscall_32+0xe7/0x950 [ 686.292693][T26412] do_fast_syscall_32+0x32/0x70 [ 686.292720][T26412] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 686.292745][T26412] RIP: 0023:0xf703efcc [ 686.292760][T26412] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 686.292778][T26412] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 686.292798][T26412] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 686.292811][T26412] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 686.292823][T26412] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 686.292833][T26412] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 686.292845][T26412] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 686.292863][T26412] [ 686.417178][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 686.457560][T26412] bond5: (slave erspan1): Enslaving as an active interface with an up link [ 686.607577][T26421] netlink: 'syz.3.8411': attribute type 12 has an invalid length. [ 686.656550][T26412] syz.4.8408 (26412) used greatest stack depth: 19216 bytes left [ 686.883089][T26422] syz_tun (unregistering): left allmulticast mode [ 686.885592][T26422] syz_tun (unregistering): left promiscuous mode [ 686.888850][T26422] bridge0: port 1(syz_tun) entered disabled state [ 686.916443][T24348] bond0: (slave syz_tun): Releasing backup interface [ 687.417295][ T1242] team0: left allmulticast mode [ 687.418951][ T1242] team_slave_0: left allmulticast mode [ 687.420761][ T1242] team_slave_1: left allmulticast mode [ 687.422586][ T1242] team0: left promiscuous mode [ 687.424153][ T1242] team_slave_0: left promiscuous mode [ 687.426256][ T1242] team_slave_1: left promiscuous mode [ 687.428778][ T1242] bridge0: port 4(team0) entered disabled state [ 687.431532][ T1242] bridge_slave_1: left allmulticast mode [ 687.433589][ T1242] bridge_slave_1: left promiscuous mode [ 687.435740][ T1242] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.439737][ T1242] bridge_slave_0: left allmulticast mode [ 687.441732][ T1242] bridge_slave_0: left promiscuous mode [ 687.443565][ T1242] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.457222][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 687.486266][ T1242] batman_adv: batadv0: Removing interface: ip6gretap1 [ 687.521929][ T1242] bond2 (unregistering): (slave erspan0): Releasing active interface [ 687.527922][ T1242] bond5 (unregistering): (slave erspan1): Releasing active interface [ 687.530757][ T1242] erspan1 (unregistering): left promiscuous mode [ 687.547198][T14174] Bluetooth: hci0: command 0x0406 tx timeout [ 687.556737][ T1242] bond1 (unregistering): (slave gretap1): Releasing active interface [ 687.664717][ T1242] team0: Port device bridge1 removed [ 687.790067][ T1242] bond0 (unregistering): left promiscuous mode [ 687.792755][ T1242] bond_slave_0: left promiscuous mode [ 687.795126][ T1242] bond_slave_1: left promiscuous mode [ 687.798968][ T1242] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 687.804631][ T1242] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 687.809474][ T1242] bond0 (unregistering): Released all slaves [ 687.814921][ T1242] bond1 (unregistering): Released all slaves [ 687.821864][ T1242] bond2 (unregistering): Released all slaves [ 687.830238][ T1242] bond3 (unregistering): (slave vcan1): Releasing backup interface [ 687.833675][ T1242] vcan1: left promiscuous mode [ 687.836831][ T1242] bond3 (unregistering): Released all slaves [ 687.846639][ T1242] bond4 (unregistering): Released all slaves [ 687.854981][ T1242] bond5 (unregistering): Released all slaves [ 687.982760][ T1242] tipc: Disabling bearer [ 687.988410][ T1242] tipc: Left network mode [ 688.054418][ T5449] 8021q: adding VLAN 0 to HW filter on device eth6 [ 688.194824][ T5449] 8021q: adding VLAN 0 to HW filter on device eth7 [ 688.217502][ T1242] batadv0: left promiscuous mode [ 688.221995][ T1242] hsr_slave_0: left promiscuous mode [ 688.224126][ T1242] hsr_slave_1: left promiscuous mode [ 688.226251][ T1242] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 688.229945][ T1242] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 688.301998][ T1242] team0 (unregistering): Port device team_slave_1 removed [ 688.309488][ T1242] team0 (unregistering): Port device team_slave_0 removed [ 688.460719][ T5449] 8021q: adding VLAN 0 to HW filter on device eth8 [ 688.497367][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 688.628470][ T5449] 8021q: adding VLAN 0 to HW filter on device eth9 [ 689.547287][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 690.577274][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 690.578318][ T1433] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.617167][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 692.657235][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 693.697293][ C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 694.737154][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 695.777162][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available