last executing test programs: 6m59.760189392s ago: executing program 2 (id=1579): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fsopen(0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, 0x0) ioctl$TUNSETLINK(r1, 0x400454cd, 0x20) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) close_range(r0, r2, 0x0) 6m59.16788687s ago: executing program 2 (id=1586): io_uring_setup(0x4c0c, &(0x7f0000000140)={0x0, 0x2637, 0x3c00, 0x2, 0x10001d4}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x5, 0x10, 0xf1, 0x50, 0x12, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x43100}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) capset(&(0x7f0000000100)={0x20071026}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x8080000, 0xeeee0000, 0x8, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x5, 0x6, 0x15, 0x3, 0x2, 0x87}, {0x6000, 0x1, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0xd, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x9, 0x83, 0xf7, 0x83}, {0x1000, 0x3909e40c33606d9c, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0xf, 0x1, 0x7}, {0x3000, 0x3000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0xe, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x9}, {0xeeef0000, 0x30}, {0x5000, 0x7}, 0x80000031, 0x0, 0xdddd0000, 0x2024, 0x0, 0x1500, 0x3000, [0x6800000000000000, 0x204, 0x5b, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6m58.329281261s ago: executing program 2 (id=1593): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x5, 0x4, 0x6, 0x4, 0x0, 0xffffffffffffffff, 0x3}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000100000000010"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000070000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 6m58.128455344s ago: executing program 2 (id=1599): gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb101e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000240)='./file0/../file0\x00', 0x89901) umount2(0x0, 0x0) 6m57.909094459s ago: executing program 2 (id=1601): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) mq_open(&(0x7f0000000140)='$@\x005gM\xfb\xa3\xabt\xb8\x97\xa2`\xcc\xfb&\r.\x97TM&\x93\xd3\xd2\x17[\x89}\xd2j\xd6\xee\xf4\'@\xff\x00\x00\x00\x00\x00\x00\x00\x00\xcd.,\xfb\xab\xb9\x00r\voG\x9d\xaa\x86\xe9\xff\x1b\xa20\x16\t\x05\xa4\x97\xfah\xe9u\xbb\xad~\xb3\x83\xb9\xa3\xe7\xa4\xea\xe6x\xd8H\xa9\xa89\x1a\xfeZ0+\x18\xe9\xc7\x87\\\x05\xbf`!Q\xf2\xcc\xbc4\xbc|s\xbdZY1\x02r\xac\x805\x06\x18\xb5\x88gx\xac\xd6\xc7.\xa6Z\x84X:{II>~<\xa4x\'\xd0\xdc\xf5`\x1a\x1dI:\x8b\xc6v/;U\xac\x12\xed\xed\x86W\xf4\xcb\xf4\xdd\x89w<\xd2d\xc0\x17\xf3\x9f\xdf\xd2', 0x1, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 6m57.464233362s ago: executing program 2 (id=1612): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x103, 0x4, 0x551, 0x401}}) 6m57.09394061s ago: executing program 32 (id=1612): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x103, 0x4, 0x551, 0x401}}) 4m37.103093807s ago: executing program 4 (id=2590): r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, 0x0, 0x0) listen(r0, 0x50) r1 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x6, @empty, 0x4}, 0x1c) listen(r1, 0x50) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 4m36.890274688s ago: executing program 4 (id=2593): bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0x1, 0x0, 0x0}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b000000050000000500000009"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f00000001c0), &(0x7f00000002c0)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) 4m36.732276824s ago: executing program 4 (id=2594): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r2, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xd4}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x0, 0x8001}, 0x90) 4m36.675639178s ago: executing program 4 (id=2596): r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000b00), 0x0, 0x4000040) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) syz_pidfd_open(r0, 0x0) syz_clone3(&(0x7f0000000000)={0x13824400, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[r0], 0x1}, 0x58) 4m33.956086425s ago: executing program 4 (id=2602): setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000180)={0x0, 0x1, 0x6, @multicast}, 0x10) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYBLOB="20000280", @ANYRES32, @ANYBLOB="0000000000000000000000000a000000000000000000001420000100", @ANYRES32=r2], 0x58}}, 0x0) 4m33.70594432s ago: executing program 4 (id=2605): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x200000e, 0x6c2f2, 0xffffffffffffffff, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={0xffffffffffffffff, 0x0}, 0x20) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x50) mbind(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x0, 0x80000000000005d, 0x2) poll(0x0, 0x0, 0x119) socket(0x10, 0x3, 0x0) move_pages(0x0, 0x20000000000000fe, &(0x7f0000000080)=[&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil], 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) 4m27.403754745s ago: executing program 0 (id=2623): setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0xb, &(0x7f0000000200)=0x6, 0x4) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000280)=0x10000, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000100)=""/92, &(0x7f00000001c0)=0x11) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000780)={0x0, 0x1, 0x0, [0x806f, 0x0, 0x2d5, 0x2, 0x6], [0x9d8, 0x7, 0x1, 0x9, 0x200000000008002, 0x0, 0x5, 0x2, 0x0, 0x802, 0x9, 0x200000100, 0x3, 0xfffffffffffffff4, 0x4a, 0x5, 0x100, 0xd, 0xdd, 0x5, 0x1, 0x2a9, 0x3, 0xc39, 0x3, 0x8, 0x100000000, 0x2, 0xa51, 0x8, 0x401, 0x800000000000003, 0x7, 0xfffffffffffffffa, 0x81, 0x100, 0x5, 0x931, 0x101, 0x3, 0x8001, 0x8000000000000000, 0x7, 0x1, 0x8, 0x8, 0x6aa, 0x102, 0x1, 0x83, 0x538a, 0x9, 0xfffffffffffffffb, 0x4, 0x0, 0x4, 0x8, 0x8, 0x8000, 0x8000000000000000, 0x4, 0xfffffffffffffffc, 0x14, 0x5bc, 0x1, 0x7fffffff, 0x4, 0x8000, 0xc9, 0x7, 0x6, 0x9, 0x82c, 0x7ff, 0xe000000000000, 0xe4, 0x11, 0x0, 0x8, 0x22, 0xffffffffffffffff, 0x7, 0x2, 0x8000000000000000, 0x9, 0x8, 0x0, 0x6, 0x6, 0x7, 0x100000002, 0x4, 0x4, 0x7, 0x7, 0x7, 0x9, 0x1, 0x16d, 0x6, 0x68d, 0xffffffffffff43b0, 0x8, 0x50000000000000, 0xe, 0x0, 0x0, 0x100000003, 0x4, 0x7, 0x406, 0x3, 0x6, 0x2, 0x0, 0x3, 0x40, 0x7fffffff, 0x7, 0xe, 0x1]}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r5 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x970, 0x1f480, 0x3, 0x398}) io_uring_enter(r5, 0x8ae, 0x6933, 0x17, 0x0, 0x0) 4m25.466040386s ago: executing program 0 (id=2633): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0) 4m25.23006742s ago: executing program 0 (id=2635): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="02000000040000000700000002"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) pivot_root(0x0, 0x0) 4m25.026004926s ago: executing program 0 (id=2639): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000007100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xd, 0x0, &(0x7f0000000440)="101a07b4f827085bb454548985", 0x0, 0x7, 0x0, 0x2, 0x0, &(0x7f0000000280)="41a6", 0x0, 0x4}, 0x50) 4m24.876331039s ago: executing program 0 (id=2642): r0 = socket(0x10, 0x80003, 0x0) ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 4m24.862250103s ago: executing program 0 (id=2643): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f0000000640)='./file0/../file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) inotify_init1(0x80800) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000280)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="200000001000010700000000e9ffffff0a0000000c0002006e6c3830323131"], 0x20}}, 0x400c0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 4m18.586386002s ago: executing program 33 (id=2605): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x200000e, 0x6c2f2, 0xffffffffffffffff, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={0xffffffffffffffff, 0x0}, 0x20) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x50) mbind(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x0, 0x80000000000005d, 0x2) poll(0x0, 0x0, 0x119) socket(0x10, 0x3, 0x0) move_pages(0x0, 0x20000000000000fe, &(0x7f0000000080)=[&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil], 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) 4m12.252172619s ago: executing program 3 (id=2682): socket(0x10, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) mlockall(0x7) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) 4m9.437067142s ago: executing program 34 (id=2643): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f0000000640)='./file0/../file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) inotify_init1(0x80800) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000280)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="200000001000010700000000e9ffffff0a0000000c0002006e6c3830323131"], 0x20}}, 0x400c0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 4m9.252145401s ago: executing program 3 (id=2688): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) creat(&(0x7f0000000180)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x0, 0x20002f7}) r1 = socket$inet(0x2, 0x80001, 0x84) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x2, 0x9}}, 0x20) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4m8.152164229s ago: executing program 3 (id=2691): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) setns(r2, 0x66020000) mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 4m3.589572085s ago: executing program 3 (id=2700): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) openat$cgroup_type(r4, &(0x7f0000000040), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2, 0x11}, &(0x7f0000001fee)='R\brust\xe3c*sgrVex:D0', 0x0) socket$inet(0x2, 0x1, 0x0) syz_socket_connect_nvme_tcp() bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newrule={0x4c, 0x20, 0x1, 0x8070bd27, 0x25dfdbfd, {0xa, 0x10, 0x7f, 0x80, 0x0, 0x0, 0x0, 0x3, 0x16}, [@FRA_SRC={0x14, 0x2, @mcast1}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00'}, @FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0xc, 0x4e20}}]}, 0x4c}}, 0x40080) 4m0.911678317s ago: executing program 3 (id=2705): mlockall(0x7) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) 4m0.106929915s ago: executing program 3 (id=2708): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) setns(r2, 0x66020000) mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 3m45.000362899s ago: executing program 35 (id=2708): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) setns(r2, 0x66020000) mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 10.340115472s ago: executing program 5 (id=3174): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7f, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r5}, 0x18) syz_clone3(&(0x7f0000001000)={0x1000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r6}, 0x18) clock_nanosleep(0x8, 0x0, &(0x7f00000004c0)={0x0, 0x3938700}, 0x0) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4000) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="7c010000100033060000000000000000fc000000000000000000000000000000ffffffff00000000000000000000000000004000000080040000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac14143b0000000000000000000000000000000032000000fe80000000000000000000000000001a2703000000000000000000000000000000000000000000000000000000000000ff0f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008f000000000000000000000029bd7000000000000a0004003b000000000000f51b00200000004e2200000000ac1414bb00000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0004"], 0x17c}}, 0x0) r9 = dup(r7) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[]) write$FUSE_BMAP(r9, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x4}}, 0x18) 6.909136189s ago: executing program 1 (id=3175): ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtaction={0x70, 0x30, 0x1, 0x70bd2b, 0x25dfdbde, {}, [{0x5c, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0xffffffff, 0xef, 0x1, 0x8000, 0x2}}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x16, 0xf2, 0x3, 0x7}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0xc044}, 0x4000814) 6.905950602s ago: executing program 5 (id=3176): openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) getgid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xffff, 0x20000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x70bd28, 0x0, {0x2, 0x20, 0x20, 0x0, 0x0, 0x0, 0x0, 0x7}, [@RTA_IIF={0x8, 0x3, r5}]}, 0x24}}, 0xea5bc50b6199d77e) 6.820101075s ago: executing program 5 (id=3177): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000a0db000000000000000000850000000e000000c50000002a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x39000, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioprio_set$uid(0x3, 0x0, 0x0) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r4, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0}, 0x0]) 3.913946337s ago: executing program 1 (id=3178): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) pidfd_send_signal(r3, 0x28, &(0x7f0000000300)={0x3f, 0x2, 0x6}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x18, 0x0, 0x0) sendto$inet6(r5, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000001100)=@req3={0x8000, 0x200, 0x80, 0x20000}, 0x1c) mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r0, 0x0) socket$netlink(0x10, 0x3, 0x0) 3.442162936s ago: executing program 5 (id=3179): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x22102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000080)=@x86={0x83, 0x3, 0xd1, 0x0, 0x100, 0x9, 0xcb, 0x10, 0x19, 0x5, 0xb, 0x8, 0x0, 0x10003, 0xe, 0xff, 0x4, 0x2, 0x12, '\x00', 0x8}) 3.271103294s ago: executing program 1 (id=3180): bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESDEC=0x0, @ANYRESDEC=0x0]) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x28}}, 0x0) pipe(&(0x7f0000000300)) sync() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x28, 0x0, 0x0, 0xfff7f038}, {0x6}]}, 0x10) 2.595364809s ago: executing program 5 (id=3181): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000040000000000000000850000002300000095", @ANYRES64], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='kfree\x00', r0}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc), 0x80, 0x0, 0x0, 0x0, 0x0) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) write$cgroup_int(r1, &(0x7f0000000040)=0xfe8e, 0x12) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r3, 0x400, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) munlockall() bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, 0x0) r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0x2) 1.428387908s ago: executing program 1 (id=3182): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020}, 0x2020) write$FUSE_INIT(r0, 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b7db000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e83a02650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) dup2(r1, r0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x0) r2 = open(&(0x7f00000003c0)='./file2\x00', 0x400, 0x0) ioctl$BTRFS_IOC_DEFRAG(r2, 0x4c00, 0x3) 1.356602063s ago: executing program 1 (id=3183): pipe(0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000240)="94", 0x1) tee(0xffffffffffffffff, r1, 0x8f5, 0x100000000000000) read$msr(r0, &(0x7f00000000c0)=""/24, 0x18) write(0xffffffffffffffff, 0x0, 0x0) 1.336303428s ago: executing program 5 (id=3184): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000008000000070000000900000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x4, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) unshare(0x2040400) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x0, 0x0}) r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fspick(r7, &(0x7f0000000000)='.\x00', 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c200000b2425e7cdd4a380c08ea133987a9db64074227ae3d6ba73f4cfa1c4f31a6c36254333a74b76daf745fa64b5071410e1a4e17512f096b5692ae6122a95603255e7856128c3de0dc43167bb13d7e0ccce20f44b4a11abfd16d1a1e54a3da4972003cc43054109c9089f7c88d218d906d2c1ef3b600000000", @ANYRES16=r6, @ANYBLOB="796100000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4008084}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r8}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='task_newtask\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=3185): ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtaction={0x70, 0x30, 0x1, 0x70bd2b, 0x25dfdbde, {}, [{0x5c, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0xffffffff, 0xef, 0x1, 0x8000, 0x2}}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x16, 0xf2, 0x3, 0x7}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0xc044}, 0x4000814) kernel console output (not intermixed with test programs): 202.354518][ T8239] fuse: Bad value for 'fd' [ 204.791070][ T8294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.969'. [ 207.085619][ T8338] netlink: 8 bytes leftover after parsing attributes in process `syz.4.985'. [ 208.392900][ T8353] fuse: Bad value for 'fd' [ 208.613818][ T8362] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 209.016969][ T1888] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 209.374978][ T8395] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 209.394971][ T31] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 209.515868][ T1262] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 210.126841][ T8413] siw: device registration error -23 [ 210.155617][ T38] audit: type=1326 audit(1761345745.203:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.157301][ T38] audit: type=1326 audit(1761345745.203:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.157735][ T38] audit: type=1326 audit(1761345745.203:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.158136][ T38] audit: type=1326 audit(1761345745.203:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.158766][ T38] audit: type=1326 audit(1761345745.203:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.159140][ T38] audit: type=1326 audit(1761345745.203:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.160405][ T38] audit: type=1326 audit(1761345745.203:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.160886][ T38] audit: type=1326 audit(1761345745.203:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.161296][ T38] audit: type=1326 audit(1761345745.203:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.163523][ T38] audit: type=1326 audit(1761345745.203:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8387 comm="syz.3.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 210.547015][ T1262] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 210.547328][ T1262] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 210.622279][ T31] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 211.827207][ T8476] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1038'. [ 212.512216][ T8508] bridge_slave_0: left allmulticast mode [ 212.512248][ T8508] bridge_slave_0: left promiscuous mode [ 212.528264][ T8508] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.617393][ T8508] bridge_slave_1: left allmulticast mode [ 212.617424][ T8508] bridge_slave_1: left promiscuous mode [ 212.617676][ T8508] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.745987][ T8508] bond0: (slave bond_slave_0): Releasing backup interface [ 212.835986][ T8508] bond0: (slave bond_slave_1): Releasing backup interface [ 212.962832][ T8508] team0: Port device team_slave_0 removed [ 212.999524][ T8508] team0: Port device team_slave_1 removed [ 213.000345][ T8508] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.000363][ T8508] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.065012][ T8508] net_ratelimit: 44 callbacks suppressed [ 213.065033][ T8508] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 213.158735][ T8513] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1053'. [ 213.546356][ T8531] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1061'. [ 213.837224][ T8543] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1068'. [ 214.129882][ T8557] netlink: 'syz.1.1073': attribute type 4 has an invalid length. [ 214.164560][ T8554] lo speed is unknown, defaulting to 1000 [ 214.304878][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 215.443618][ T8597] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1091'. [ 216.209928][ T8619] siw: device registration error -23 [ 217.165659][ T8637] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1105'. [ 217.840605][ T8654] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1112'. [ 218.969346][ T8684] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1125'. [ 219.369621][ T8696] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 219.791667][ T8717] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1138'. [ 219.983941][ T8719] siw: device registration error -23 [ 221.146956][ T8772] bridge_slave_0: left allmulticast mode [ 221.146987][ T8772] bridge_slave_0: left promiscuous mode [ 221.147274][ T8772] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.259871][ T8772] bridge_slave_1: left allmulticast mode [ 221.259904][ T8772] bridge_slave_1: left promiscuous mode [ 221.260164][ T8772] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.418742][ T8772] bond0: (slave bond_slave_0): Releasing backup interface [ 221.535922][ T8772] bond0: (slave bond_slave_1): Releasing backup interface [ 221.641375][ T8772] team0: Port device team_slave_0 removed [ 221.691053][ T8772] team0: Port device team_slave_1 removed [ 221.693016][ T8772] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.693043][ T8772] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.752488][ T8772] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.752519][ T8772] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.794313][ T8772] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 221.984886][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 222.151377][ T61] Bluetooth: hci3: command 0x0406 tx timeout [ 222.155011][ T61] Bluetooth: hci1: command 0x0406 tx timeout [ 222.155144][ T61] Bluetooth: hci4: command 0x0406 tx timeout [ 222.155172][ T61] Bluetooth: hci2: command 0x0406 tx timeout [ 222.155198][ T61] Bluetooth: hci0: command 0x0406 tx timeout [ 223.381157][ T8819] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1181'. [ 223.728802][ T8829] bridge_slave_0: left allmulticast mode [ 223.728834][ T8829] bridge_slave_0: left promiscuous mode [ 223.729092][ T8829] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.839017][ T8829] bridge_slave_1: left allmulticast mode [ 223.839038][ T8829] bridge_slave_1: left promiscuous mode [ 223.839187][ T8829] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.978351][ T8829] bond0: (slave bond_slave_0): Releasing backup interface [ 224.059886][ T8829] bond0: (slave bond_slave_1): Releasing backup interface [ 224.155649][ T8829] team0: Port device team_slave_0 removed [ 224.157927][ T8850] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1193'. [ 224.215212][ T8829] team0: Port device team_slave_1 removed [ 224.216538][ T8829] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 224.216576][ T8829] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 224.269313][ T8829] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 224.269335][ T8829] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 224.298159][ T8829] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 225.359823][ T8891] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1212'. [ 225.418569][ T8895] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 226.012541][ T8915] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1221'. [ 227.560216][ T8959] bridge_slave_0: left allmulticast mode [ 227.560248][ T8959] bridge_slave_0: left promiscuous mode [ 227.561772][ T8959] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.648456][ T8959] bridge_slave_1: left allmulticast mode [ 227.648485][ T8959] bridge_slave_1: left promiscuous mode [ 227.648734][ T8959] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.676993][ T8966] netlink: 'syz.0.1240': attribute type 4 has an invalid length. [ 227.728498][ T8963] netlink: 'syz.0.1240': attribute type 4 has an invalid length. [ 227.777508][ T8959] bond0: (slave bond_slave_0): Releasing backup interface [ 227.835476][ T8959] bond0: (slave bond_slave_1): Releasing backup interface [ 227.912337][ T8959] team0: Port device team_slave_0 removed [ 227.952989][ T8959] team0: Port device team_slave_1 removed [ 227.953809][ T8959] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 227.953829][ T8959] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 227.979198][ T8959] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 227.979222][ T8959] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 228.028111][ T8959] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 228.479867][ T8981] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1247'. [ 228.933255][ T8999] siw: device registration error -23 [ 229.263399][ T9011] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1259'. [ 230.282651][ T38] kauditd_printk_skb: 20 callbacks suppressed [ 230.282671][ T38] audit: type=1326 audit(1761345765.323:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 230.287489][ T38] audit: type=1326 audit(1761345765.323:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 230.287546][ T38] audit: type=1326 audit(1761345765.333:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 230.287594][ T38] audit: type=1326 audit(1761345765.333:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 230.292986][ T38] audit: type=1326 audit(1761345765.333:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 230.293047][ T38] audit: type=1326 audit(1761345765.333:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 230.293405][ T38] audit: type=1326 audit(1761345765.333:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 230.294823][ T38] audit: type=1326 audit(1761345765.333:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 230.298016][ T38] audit: type=1326 audit(1761345765.343:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 230.304044][ T38] audit: type=1326 audit(1761345765.343:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9012 comm="syz.0.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 231.354199][ T9074] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1284'. [ 231.718027][ T9092] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 233.837727][ T9134] mmap: syz.3.1292 (9134) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 234.742527][ T9153] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 237.376788][ T9211] overlayfs: failed to clone upperpath [ 237.984896][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 238.332469][ T38] kauditd_printk_skb: 26 callbacks suppressed [ 238.332506][ T38] audit: type=1326 audit(1761345773.373:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9248 comm="syz.0.1349" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x0 [ 239.658624][ T9283] fuse: Bad value for 'group_id' [ 239.658646][ T9283] fuse: Bad value for 'group_id' [ 239.778723][ T38] audit: type=1326 audit(1761345774.823:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9289 comm="syz.0.1367" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x0 [ 240.484144][ T38] audit: type=1326 audit(1761345775.523:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7fc00000 [ 240.562848][ T9314] fuse: Bad value for 'group_id' [ 240.562875][ T9314] fuse: Bad value for 'group_id' [ 241.171123][ T9332] lo speed is unknown, defaulting to 1000 [ 241.344295][ T38] audit: type=1326 audit(1761345776.383:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9346 comm="syz.1.1390" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x0 [ 241.560831][ T9355] fuse: Bad value for 'group_id' [ 241.560852][ T9355] fuse: Bad value for 'group_id' [ 242.008752][ T9371] siw: device registration error -23 [ 242.134540][ T1262] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 242.139812][ T1262] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 242.139858][ T1262] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 242.139895][ T1262] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 242.445961][ T9389] tmpfs: Unsupported parameter 'huge' [ 242.586972][ T9393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1409'. [ 242.687370][ T9398] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1410'. [ 243.019699][ T9407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1413'. [ 243.112711][ T38] audit: type=1326 audit(1761345778.153:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9408 comm="syz.1.1415" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x0 [ 243.740045][ T9441] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1427'. [ 244.067366][ T9451] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1430'. [ 244.212554][ T9462] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1432'. [ 245.828121][ T9509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1454'. [ 246.904747][ T9544] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1468'. [ 247.422372][ T9550] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1472'. [ 248.605703][ T9573] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1479'. [ 249.452466][ T38] audit: type=1326 audit(1761345784.493:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9596 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7fc00000 [ 250.120887][ T38] audit: type=1326 audit(1761345785.163:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9596 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fbc17efc9 code=0x7fc00000 [ 251.447601][ T9678] fuse: Unknown parameter 'grou00000000000000000000' [ 251.483041][ T38] audit: type=1326 audit(1761345786.523:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9670 comm="syz.4.1516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165e4fefc9 code=0x7fc00000 [ 252.131522][ T38] audit: type=1326 audit(1761345787.173:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9670 comm="syz.4.1516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f165e4fefc9 code=0x7fc00000 [ 252.359315][ T9706] fuse: Unknown parameter 'grou00000000000000000000' [ 252.760410][ T3122] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 252.960468][ T9727] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1539'. [ 253.248620][ T38] audit: type=1326 audit(1761345788.293:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9729 comm="syz.4.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165e4fefc9 code=0x7fc00000 [ 253.424951][ T3122] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 253.851558][ T38] audit: type=1326 audit(1761345788.893:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9729 comm="syz.4.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f165e4fefc9 code=0x7fc00000 [ 254.032169][ T9760] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1554'. [ 255.330976][ T9811] bridge2: entered allmulticast mode [ 255.454481][ T38] audit: type=1326 audit(1761345790.493:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9787 comm="syz.0.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7fc00000 [ 257.081661][ T9868] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1597'. [ 257.778989][ T9901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1613'. [ 258.191522][ T58] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 258.191562][ T58] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.661649][ T58] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 258.661688][ T58] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.820713][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 258.832901][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 258.859238][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 258.889330][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 258.891031][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 259.061568][ T58] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 259.061606][ T58] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.110388][ T9952] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1634'. [ 259.110412][ T9952] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1634'. [ 259.428805][ T58] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 259.428845][ T58] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.609956][ T9936] lo speed is unknown, defaulting to 1000 [ 259.916144][ T9984] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1647'. [ 259.916168][ T9984] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1647'. [ 260.361208][ T9994] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 260.635002][ T9936] chnl_net:caif_netlink_parms(): no params data found [ 260.664232][T10006] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1655'. [ 260.944893][ T5815] Bluetooth: hci4: command tx timeout [ 261.033916][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.034008][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.692738][ T58] bond0 (unregistering): Released all slaves [ 262.970186][T10043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1667'. [ 263.034916][ T5815] Bluetooth: hci4: command tx timeout [ 263.706952][ T9936] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.721311][ T9936] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.721547][ T9936] bridge_slave_0: entered allmulticast mode [ 263.724157][ T9936] bridge_slave_0: entered promiscuous mode [ 263.729463][ T9936] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.729620][ T9936] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.729848][ T9936] bridge_slave_1: entered allmulticast mode [ 263.733079][ T9936] bridge_slave_1: entered promiscuous mode [ 264.441123][ T9936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.105931][ T5815] Bluetooth: hci4: command tx timeout [ 265.134193][T10088] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 265.175819][ T9936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.290141][T10104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1687'. [ 265.344538][T10109] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1687'. [ 265.674754][ T58] hsr_slave_0: left promiscuous mode [ 265.694841][ T58] hsr_slave_1: left promiscuous mode [ 265.833590][ T58] veth1_macvtap: left promiscuous mode [ 265.835990][ T58] veth0_macvtap: left promiscuous mode [ 265.836808][ T58] veth1_vlan: left promiscuous mode [ 265.840466][ T58] veth0_vlan: left promiscuous mode [ 267.184862][ T5815] Bluetooth: hci4: command tx timeout [ 267.689192][ T38] audit: type=1326 audit(1761345802.733:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 267.689620][ T38] audit: type=1326 audit(1761345802.733:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 267.689898][ T38] audit: type=1326 audit(1761345802.733:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 267.718467][ T38] audit: type=1326 audit(1761345802.733:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 267.718561][ T38] audit: type=1326 audit(1761345802.733:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 267.720294][ T38] audit: type=1326 audit(1761345802.733:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 267.720350][ T38] audit: type=1326 audit(1761345802.763:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 267.722789][ T38] audit: type=1326 audit(1761345802.763:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 267.722844][ T38] audit: type=1326 audit(1761345802.763:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 267.722892][ T38] audit: type=1326 audit(1761345802.763:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10147 comm="syz.1.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 270.624841][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 271.388222][ T9936] team0: Port device team_slave_0 added [ 271.489967][T10181] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1716'. [ 271.740821][ T9936] team0: Port device team_slave_1 added [ 271.856241][T10183] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1719'. [ 271.916462][T10189] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1720'. [ 272.023762][T10194] fuse: Bad value for 'fd' [ 272.237073][ T9936] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 272.237091][ T9936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 272.237119][ T9936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 272.241609][ T9936] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 272.241622][ T9936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 272.241662][ T9936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.464108][T10216] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1731'. [ 272.622170][ T9936] hsr_slave_0: entered promiscuous mode [ 272.643241][ T9936] hsr_slave_1: entered promiscuous mode [ 272.657609][ T9936] debugfs: 'hsr0' already exists in 'hsr' [ 272.657639][ T9936] Cannot create hsr debugfs directory [ 273.190445][T10230] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 273.473229][T10247] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1741'. [ 273.732544][T10261] fuse: Bad value for 'fd' [ 274.081867][T10271] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 274.350514][T10287] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1757'. [ 274.350540][T10287] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1757'. [ 274.452530][ T9936] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 274.505771][ T9936] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 274.528232][T10291] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1758'. [ 274.597869][ T9936] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 274.706509][ T9936] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 275.039191][T10318] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 275.243595][ T9936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.330037][ T9936] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.352509][ T3573] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.379180][ T3573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.448536][ T3573] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.448787][ T3573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.559359][T10337] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1770'. [ 275.559388][T10337] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1770'. [ 276.110811][T10362] fuse: Bad value for 'fd' [ 276.286365][T10369] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.370177][T10369] bridge_slave_1: left promiscuous mode [ 276.370444][T10369] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.497410][T10369] bond0: (slave bond_slave_0): Releasing backup interface [ 276.588313][T10369] bond0: (slave bond_slave_1): Releasing backup interface [ 276.668584][T10369] team0: Port device team_slave_0 removed [ 276.725681][T10369] team0: Port device team_slave_1 removed [ 276.726188][T10369] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 276.789651][T10369] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 276.820007][T10369] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 277.018919][ T9936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 277.023322][ T38] kauditd_printk_skb: 16 callbacks suppressed [ 277.023340][ T38] audit: type=1326 audit(1761345812.063:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 277.023387][ T38] audit: type=1326 audit(1761345812.063:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 277.042094][ T38] audit: type=1326 audit(1761345812.083:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 277.042156][ T38] audit: type=1326 audit(1761345812.083:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 277.042206][ T38] audit: type=1326 audit(1761345812.083:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 277.045657][ T38] audit: type=1326 audit(1761345812.093:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 277.045715][ T38] audit: type=1326 audit(1761345812.093:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 277.045763][ T38] audit: type=1326 audit(1761345812.093:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 277.050573][ T38] audit: type=1326 audit(1761345812.093:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 277.050631][ T38] audit: type=1326 audit(1761345812.093:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10356 comm="syz.0.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 278.608182][ T9936] veth0_vlan: entered promiscuous mode [ 278.648243][ T9936] veth1_vlan: entered promiscuous mode [ 278.773102][T10419] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 278.923488][ T9936] veth0_macvtap: entered promiscuous mode [ 278.955400][ T9936] veth1_macvtap: entered promiscuous mode [ 279.079838][ T9936] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 279.143924][ T9936] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 279.208235][ T58] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.209848][ T58] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.210105][ T58] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.210355][ T58] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.806146][ T3541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.806166][ T3541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.913144][T10450] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1798'. [ 279.923803][ T3541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.923824][ T3541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.532016][T10463] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 283.420154][T10540] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1831'. [ 283.486122][T10542] siw: device registration error -23 [ 284.050576][T10556] vlan2: entered promiscuous mode [ 284.050596][T10556] bridge0: entered promiscuous mode [ 285.111461][T10574] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 285.111487][T10574] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 285.112647][T10574] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 285.378783][T10583] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 287.469279][T10628] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 288.417857][T10649] netlink: 'syz.3.1874': attribute type 5 has an invalid length. [ 289.322555][ T38] kauditd_printk_skb: 42 callbacks suppressed [ 289.322575][ T38] audit: type=1326 audit(1761345824.363:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 289.322710][ T38] audit: type=1326 audit(1761345824.363:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 289.323009][ T38] audit: type=1326 audit(1761345824.363:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 289.447146][ T38] audit: type=1326 audit(1761345824.483:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 289.447204][ T38] audit: type=1326 audit(1761345824.483:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 289.447252][ T38] audit: type=1326 audit(1761345824.483:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 289.447298][ T38] audit: type=1326 audit(1761345824.483:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 289.447344][ T38] audit: type=1326 audit(1761345824.483:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 289.447390][ T38] audit: type=1326 audit(1761345824.483:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 289.447434][ T38] audit: type=1326 audit(1761345824.493:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10644 comm="syz.0.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eeb9defc9 code=0x7ffc0000 [ 290.415690][T10702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1898'. [ 290.415879][T10702] bond0: left allmulticast mode [ 290.417678][T10702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.636649][T10708] fuse: Bad value for 'group_id' [ 290.636679][T10708] fuse: Bad value for 'group_id' [ 291.447073][T10740] fuse: Bad value for 'group_id' [ 291.447094][T10740] fuse: Bad value for 'group_id' [ 292.173523][ T3573] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.174344][ T3573] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.174386][ T3573] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.174423][ T3573] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.196236][T10761] siw: device registration error -23 [ 294.891683][ T38] kauditd_printk_skb: 45 callbacks suppressed [ 294.891703][ T38] audit: type=1326 audit(1761345829.933:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 294.924647][ T38] audit: type=1326 audit(1761345829.933:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 294.924703][ T38] audit: type=1326 audit(1761345829.943:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 294.924751][ T38] audit: type=1326 audit(1761345829.943:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 294.924796][ T38] audit: type=1326 audit(1761345829.943:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 294.924841][ T38] audit: type=1326 audit(1761345829.943:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 294.924886][ T38] audit: type=1326 audit(1761345829.943:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 294.924933][ T38] audit: type=1326 audit(1761345829.943:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 294.924981][ T38] audit: type=1326 audit(1761345829.943:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 294.925025][ T38] audit: type=1326 audit(1761345829.943:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10808 comm="syz.4.1935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165e4fefc9 code=0x7ffc0000 [ 295.408850][T10847] siw: device registration error -23 [ 297.989362][T10934] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1974'. [ 303.349982][ T38] kauditd_printk_skb: 19 callbacks suppressed [ 303.350002][ T38] audit: type=1326 audit(1761345838.393:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 303.350701][ T38] audit: type=1326 audit(1761345838.393:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 303.352388][ T38] audit: type=1326 audit(1761345838.393:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 303.352577][ T38] audit: type=1326 audit(1761345838.393:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 303.353966][ T38] audit: type=1326 audit(1761345838.393:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 303.354141][ T38] audit: type=1326 audit(1761345838.393:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 303.354314][ T38] audit: type=1326 audit(1761345838.393:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 303.367576][ T38] audit: type=1326 audit(1761345838.393:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 303.367641][ T38] audit: type=1326 audit(1761345838.403:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 303.367692][ T38] audit: type=1326 audit(1761345838.403:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11061 comm="syz.3.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fbc17efc9 code=0x7ffc0000 [ 306.572385][T11144] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2049'. [ 306.576316][T11144] siw: device registration error -23 [ 308.205656][T11193] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2069'. [ 308.206089][T11193] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 308.447683][T11197] tmpfs: Bad value for 'mpol' [ 309.429895][ T38] kauditd_printk_skb: 16 callbacks suppressed [ 309.429915][ T38] audit: type=1326 audit(1761345844.463:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 309.429964][ T38] audit: type=1326 audit(1761345844.483:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 309.430019][ T38] audit: type=1326 audit(1761345844.483:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 309.430060][ T38] audit: type=1326 audit(1761345844.483:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 309.430210][ T38] audit: type=1326 audit(1761345844.483:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 309.430257][ T38] audit: type=1326 audit(1761345844.483:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 309.430302][ T38] audit: type=1326 audit(1761345844.483:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 309.430348][ T38] audit: type=1326 audit(1761345844.483:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 309.430394][ T38] audit: type=1326 audit(1761345844.483:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 309.446455][ T38] audit: type=1326 audit(1761345844.483:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f427fdeefc9 code=0x7ffc0000 [ 316.035603][T11326] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2123'. [ 317.931375][T11346] syzkaller0: entered promiscuous mode [ 317.931405][T11346] syzkaller0: entered allmulticast mode [ 321.748172][T11422] ======================================================= [ 321.748172][T11422] WARNING: The mand mount option has been deprecated and [ 321.748172][T11422] and is ignored by this kernel. Remove the mand [ 321.748172][T11422] option from the mount to silence this warning. [ 321.748172][T11422] ======================================================= [ 322.475552][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.475629][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 331.810277][T11355] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2134'. [ 331.956383][T11512] sctp: [Deprecated]: syz.4.2198 (pid 11512) Use of int in maxseg socket option. [ 331.956383][T11512] Use struct sctp_assoc_value instead [ 332.400228][T11522] lo speed is unknown, defaulting to 1000 [ 332.740897][T11542] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 332.740926][T11542] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 336.326516][T11626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2245'. [ 337.811857][T11664] vlan2: entered promiscuous mode [ 337.812062][T11664] vlan2: entered allmulticast mode [ 337.834836][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 342.348326][T11762] netlink: 276 bytes leftover after parsing attributes in process `syz.0.2303'. [ 344.019262][T11819] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 344.784251][T11828] lo speed is unknown, defaulting to 1000 [ 345.491316][T11854] wireguard0: entered promiscuous mode [ 345.491344][T11854] wireguard0: entered allmulticast mode [ 347.014119][T11891] vlan1: entered allmulticast mode [ 347.014145][T11891] bridge_slave_0: entered allmulticast mode [ 347.974628][T11901] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2359'. [ 348.947581][ T5921] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 350.257718][ T5921] usb 6-1: Using ep0 maxpacket: 16 [ 350.286362][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 350.286397][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 350.286441][ T5921] usb 6-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 350.286466][ T5921] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.525636][ T5921] usb 6-1: config 0 descriptor?? [ 351.244808][ T5921] usbhid 6-1:0.0: can't add hid device: -71 [ 351.244949][ T5921] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 351.384173][ T5921] usb 6-1: USB disconnect, device number 2 [ 355.077638][T11949] sctp: [Deprecated]: syz.0.2376 (pid 11949) Use of int in maxseg socket option. [ 355.077638][T11949] Use struct sctp_assoc_value instead [ 355.967097][T11975] sctp: [Deprecated]: syz.1.2388 (pid 11975) Use of int in maxseg socket option. [ 355.967097][T11975] Use struct sctp_assoc_value instead [ 356.552600][T11999] sctp: [Deprecated]: syz.5.2400 (pid 11999) Use of int in maxseg socket option. [ 356.552600][T11999] Use struct sctp_assoc_value instead [ 357.587268][ T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 357.756113][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 357.777733][ T9] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 357.777763][ T9] usb 6-1: config 179 has no interface number 0 [ 357.778083][ T9] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 357.778116][ T9] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 357.778146][ T9] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 357.778185][ T9] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 357.778207][ T9] usb 6-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 357.778235][ T9] usb 6-1: config 179 interface 65 has no altsetting 0 [ 357.778271][ T9] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 357.778294][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.277959][ T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input5 [ 358.337581][T12037] sctp: [Deprecated]: syz.3.2413 (pid 12037) Use of int in maxseg socket option. [ 358.337581][T12037] Use struct sctp_assoc_value instead [ 358.533831][ T9] usb 6-1: USB disconnect, device number 3 [ 358.534731][ C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 359.494728][T12066] sctp: [Deprecated]: syz.3.2426 (pid 12066) Use of int in maxseg socket option. [ 359.494728][T12066] Use struct sctp_assoc_value instead [ 362.303088][T12090] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2435'. [ 365.700276][T12115] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2446'. [ 367.499271][T12127] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2451'. [ 369.325343][T12147] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2458'. [ 373.082438][T12161] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2462'. [ 374.574634][T12173] netlink: 165 bytes leftover after parsing attributes in process `syz.1.2466'. [ 374.597373][T12175] overlayfs: failed to clone upperpath [ 374.767054][T12182] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2470'. [ 374.970221][T12191] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2474'. [ 375.115744][T12195] siw: device registration error -23 [ 376.623298][T12218] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2483'. [ 376.967110][T12225] siw: device registration error -23 [ 378.629275][T12248] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2494'. [ 379.093156][T12260] 9pnet_fd: Insufficient options for proto=fd [ 380.495731][T12288] 9pnet_fd: Insufficient options for proto=fd [ 382.311555][T12320] 9pnet_fd: Insufficient options for proto=fd [ 384.087134][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.087212][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.553515][T12350] 9pnet_fd: Insufficient options for proto=fd [ 384.677648][T12349] lo speed is unknown, defaulting to 1000 [ 386.249795][ T5815] Bluetooth: hci4: command 0x0406 tx timeout [ 389.281535][T12396] 9pnet_fd: Insufficient options for proto=fd [ 396.810751][T12489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2580'. [ 403.224718][T12576] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2612'. [ 406.211525][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 408.094683][ T9] usb 6-1: device not accepting address 4, error -71 [ 413.271087][T12677] overlayfs: failed to clone lowerpath [ 419.870471][T12726] netlink: 'syz.3.2671': attribute type 4 has an invalid length. [ 420.346428][ T5815] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 420.348984][ T5815] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 420.360269][T12738] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2676'. [ 420.361894][ T5815] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 420.379006][ T5815] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 420.380168][ T5815] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 420.599726][T12735] lo speed is unknown, defaulting to 1000 [ 422.490632][ T5815] Bluetooth: hci5: command tx timeout [ 424.582634][ T5815] Bluetooth: hci5: command tx timeout [ 426.842399][ T5815] Bluetooth: hci5: command tx timeout [ 427.451120][T12792] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2690'. [ 427.451144][T12792] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2690'. [ 428.228589][T12792] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 428.846207][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 428.848195][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 428.868547][ T5826] Bluetooth: hci5: command tx timeout [ 429.233716][ T5119] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 429.495407][ T5119] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 429.496305][ T5119] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 429.652132][ T3560] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 429.652172][ T3560] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.739515][T12805] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 429.739566][T12805] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 429.739587][T12805] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 429.883044][ T38] kauditd_printk_skb: 10 callbacks suppressed [ 429.883065][ T38] audit: type=1800 audit(1761345972.782:354): pid=12805 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2692" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 429.968688][T12735] chnl_net:caif_netlink_parms(): no params data found [ 430.199719][ T5880] kernel write not supported for file bpf-prog (pid: 5880 comm: kworker/1:5) [ 430.421094][ T3560] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 430.421134][ T3560] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.756337][T12803] lo speed is unknown, defaulting to 1000 [ 430.998801][ T3560] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 430.998841][ T3560] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.664784][ T5119] Bluetooth: hci1: command tx timeout [ 433.804659][ T5119] Bluetooth: hci1: command tx timeout [ 433.949044][ T3560] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 433.949083][ T3560] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.007915][T12837] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 434.007962][T12837] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 434.007984][T12837] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 434.184470][ T38] audit: type=1800 audit(1761345977.052:355): pid=12837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2702" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 434.222352][T12735] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.222488][T12735] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.222734][T12735] bridge_slave_0: entered allmulticast mode [ 434.266774][T12735] bridge_slave_0: entered promiscuous mode [ 434.294783][T12735] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.294920][T12735] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.295136][T12735] bridge_slave_1: entered allmulticast mode [ 434.298082][T12735] bridge_slave_1: entered promiscuous mode [ 435.646146][T12735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 435.699746][T12735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 435.824663][ T5119] Bluetooth: hci1: command tx timeout [ 436.011826][T12853] lo speed is unknown, defaulting to 1000 [ 436.170443][T12735] team0: Port device team_slave_0 added [ 436.313537][T12735] team0: Port device team_slave_1 added [ 437.787651][ T38] audit: type=1800 audit(1761345980.832:356): pid=12870 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2712" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 437.787980][T12870] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 437.788023][T12870] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 437.788044][T12870] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 437.904881][ T5119] Bluetooth: hci1: command tx timeout [ 438.256186][T12735] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 438.256205][T12735] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 438.256231][T12735] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 439.196465][T12735] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 439.196482][T12735] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 439.196510][T12735] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.151673][T12906] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2722'. [ 444.370660][ T3560] bond0 (unregistering): Released all slaves [ 445.075595][ T3560] bond1 (unregistering): (slave veth3): Releasing backup interface [ 445.095268][ T3560] veth3: left promiscuous mode [ 445.095436][ T3560] veth3: left allmulticast mode [ 445.147170][ T3560] bond1 (unregistering): Released all slaves [ 445.179701][T12908] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 445.179746][T12908] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 445.179775][T12908] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 445.189397][ T38] audit: type=1800 audit(1761345988.222:357): pid=12908 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2721" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 445.356912][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.357000][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 449.428743][T12735] hsr_slave_0: entered promiscuous mode [ 449.432514][T12735] hsr_slave_1: entered promiscuous mode [ 449.437249][T12735] debugfs: 'hsr0' already exists in 'hsr' [ 449.437281][T12735] Cannot create hsr debugfs directory [ 449.438185][T12803] chnl_net:caif_netlink_parms(): no params data found [ 450.836603][ T5815] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 450.851596][ T5815] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 450.852946][ T5815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 450.858363][ T5815] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 450.859810][ T5815] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 450.964683][ T5955] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 451.049480][ T3560] hsr_slave_0: left promiscuous mode [ 451.074647][ T3560] hsr_slave_1: left promiscuous mode [ 451.138111][ T5955] usb 6-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.138151][ T5955] usb 6-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 451.138181][ T5955] usb 6-1: config 0 interface 0 has no altsetting 0 [ 451.138228][ T5955] usb 6-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 451.138253][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.156295][ T5955] usb 6-1: config 0 descriptor?? [ 451.269202][ T3560] veth1_macvtap: left promiscuous mode [ 451.269317][ T3560] veth0_macvtap: left promiscuous mode [ 451.269599][ T3560] veth1_vlan: left promiscuous mode [ 451.269685][ T3560] veth0_vlan: left promiscuous mode [ 451.601930][ T5955] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 451.601984][ T5955] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 451.602010][ T5955] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 451.602037][ T5955] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 451.602062][ T5955] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 452.908618][ T5955] hid-led 0003:0FC5:B080.0001: probe with driver hid-led failed with error -71 [ 452.939907][ T5955] usb 6-1: USB disconnect, device number 6 [ 452.944682][ T5815] Bluetooth: hci0: command tx timeout [ 455.798112][ T5815] Bluetooth: hci0: command tx timeout [ 457.824673][ T5119] Bluetooth: hci0: command tx timeout [ 459.701141][T12803] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.701281][T12803] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.701506][T12803] bridge_slave_0: entered allmulticast mode [ 459.716425][T12803] bridge_slave_0: entered promiscuous mode [ 459.761399][T12803] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.761533][T12803] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.761720][T12803] bridge_slave_1: entered allmulticast mode [ 459.765446][T12803] bridge_slave_1: entered promiscuous mode [ 459.904730][ T5119] Bluetooth: hci0: command tx timeout [ 460.254411][T12970] lo speed is unknown, defaulting to 1000 [ 460.325930][T12803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 460.681493][T12803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 461.131729][T12803] team0: Port device team_slave_0 added [ 461.369892][T12803] team0: Port device team_slave_1 added [ 463.852052][T12803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 463.852070][T12803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.852110][T12803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.877397][T12803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.877427][T12803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.877464][T12803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 464.608925][T13061] netlink: 165 bytes leftover after parsing attributes in process `syz.5.2771'. [ 465.447450][T13051] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2770'. [ 465.447577][T13051] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2770'. [ 465.547776][T12803] hsr_slave_0: entered promiscuous mode [ 465.549276][T12803] hsr_slave_1: entered promiscuous mode [ 465.550764][T12735] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 465.633449][T12735] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 466.289348][ T5955] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 466.844633][ T5955] usb 6-1: Using ep0 maxpacket: 8 [ 466.849646][ T5955] usb 6-1: config 135 has an invalid interface number: 230 but max is 0 [ 466.849675][ T5955] usb 6-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 466.849695][ T5955] usb 6-1: config 135 has no interface number 0 [ 466.849728][ T5955] usb 6-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30 [ 466.849769][ T5955] usb 6-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53 [ 466.849797][ T5955] usb 6-1: config 135 interface 230 has no altsetting 0 [ 466.853191][ T5955] usb 6-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 466.853288][ T5955] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.853326][ T5955] usb 6-1: Product: syz [ 466.853342][ T5955] usb 6-1: Manufacturer: syz [ 466.853358][ T5955] usb 6-1: SerialNumber: syz [ 466.978469][ T5955] uvcvideo 6-1:135.230: probe with driver uvcvideo failed with error -22 [ 468.039037][ T31] usb 6-1: USB disconnect, device number 7 [ 468.106943][T12735] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 468.226584][T13071] lo speed is unknown, defaulting to 1000 [ 468.498719][T12735] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 468.994773][ T3560] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 468.994800][ T3560] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.231823][T13091] netlink: 165 bytes leftover after parsing attributes in process `syz.5.2779'. [ 471.938966][ T3560] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 471.939002][ T3560] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 472.328729][ T3560] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 472.328767][ T3560] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 472.520618][T12970] chnl_net:caif_netlink_parms(): no params data found [ 472.880385][ T3560] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 472.880425][ T3560] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.481864][T13121] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.482664][T13121] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.603844][T13126] netlink: 165 bytes leftover after parsing attributes in process `syz.1.2787'. [ 477.071002][T13121] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 477.080596][T13121] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 477.086101][ T5815] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 477.094912][ T5815] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 477.096160][ T5815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 477.098064][ T5815] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 477.099101][ T5815] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 479.104598][ T3623] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 479.104629][ T3623] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.111310][T13150] overlayfs: failed to clone upperpath [ 479.234073][ T5119] Bluetooth: hci2: command tx timeout [ 479.273874][ T3623] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 479.273912][ T3623] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.351277][ T3623] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 479.351312][ T3623] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.485562][ T3623] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 479.485598][ T3623] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.562928][T13159] netlink: 'syz.5.2794': attribute type 16 has an invalid length. [ 480.108305][T13159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.130574][T13159] 8021q: adding VLAN 0 to HW filter on device team0 [ 481.122270][T13159] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 481.675134][T13163] netlink: 165 bytes leftover after parsing attributes in process `syz.1.2795'. [ 482.596130][ T5119] Bluetooth: hci2: command tx timeout [ 482.672347][T12970] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.672484][T12970] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.672737][T12970] bridge_slave_0: entered allmulticast mode [ 482.698338][T12970] bridge_slave_0: entered promiscuous mode [ 482.760443][T12970] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.760678][T12970] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.760876][T12970] bridge_slave_1: entered allmulticast mode [ 482.764076][T12970] bridge_slave_1: entered promiscuous mode [ 484.564599][T13136] lo speed is unknown, defaulting to 1000 [ 484.624783][ T5119] Bluetooth: hci2: command tx timeout [ 487.480638][ T5119] Bluetooth: hci2: command tx timeout [ 487.619581][T12970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 487.646163][ T5815] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 487.651974][ T5815] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 487.654002][ T5815] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 487.794984][ T5815] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 487.795924][ T5815] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 487.870297][T12970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 488.022972][T13209] netlink: 165 bytes leftover after parsing attributes in process `syz.5.2803'. [ 488.374436][ T3560] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 488.375480][ T3560] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.439007][T12970] team0: Port device team_slave_0 added [ 489.904891][ T5119] Bluetooth: hci5: command tx timeout [ 490.068864][T12970] team0: Port device team_slave_1 added [ 491.520844][ T3560] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 491.520881][ T3560] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.984643][ T5119] Bluetooth: hci5: command tx timeout [ 492.091607][T12970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 492.091620][T12970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 492.091638][T12970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 493.288095][ T3560] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 493.288134][ T3560] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.336050][T12970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 493.336062][T12970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 493.336081][T12970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 493.337947][T13202] lo speed is unknown, defaulting to 1000 [ 494.716706][ T5119] Bluetooth: hci5: command tx timeout [ 495.081986][ T3560] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 495.082043][ T3560] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.164171][T12970] hsr_slave_0: entered promiscuous mode [ 495.171872][T12970] hsr_slave_1: entered promiscuous mode [ 495.173251][T12970] debugfs: 'hsr0' already exists in 'hsr' [ 495.173276][T12970] Cannot create hsr debugfs directory [ 497.478299][ T5119] Bluetooth: hci5: command tx timeout [ 497.517164][T13136] chnl_net:caif_netlink_parms(): no params data found [ 497.529515][T13295] tty tty30: ldisc open failed (-12), clearing slot 29 [ 506.018484][ T3560] bond0 (unregistering): Released all slaves [ 506.690352][T13362] evm: overlay not supported [ 506.801068][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.801138][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 509.037787][ T3560] bond0 (unregistering): Released all slaves [ 509.405014][T13136] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.405149][T13136] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.405349][T13136] bridge_slave_0: entered allmulticast mode [ 509.409626][T13136] bridge_slave_0: entered promiscuous mode [ 509.413268][T13202] chnl_net:caif_netlink_parms(): no params data found [ 509.848226][T13136] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.907660][T13136] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.148341][T13136] bridge_slave_1: entered allmulticast mode [ 510.151383][T13136] bridge_slave_1: entered promiscuous mode [ 510.854849][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 510.872549][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 510.873907][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 510.890601][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 510.891547][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 513.906533][T13403] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2856'. [ 514.150989][T13404] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2856'. [ 517.355514][ T5119] Bluetooth: hci1: command tx timeout [ 518.654803][T13136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 518.726114][T13136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 519.451353][T13136] team0: Port device team_slave_0 added [ 519.584575][ T5815] Bluetooth: hci1: command tx timeout [ 519.603867][T13136] team0: Port device team_slave_1 added [ 519.885881][T13393] lo speed is unknown, defaulting to 1000 [ 519.891897][T13428] IPv6: sit1: Disabled Multicast RS [ 519.893059][T13428] sit1: entered allmulticast mode [ 520.005694][T13202] bridge0: port 1(bridge_slave_0) entered blocking state [ 520.005853][T13202] bridge0: port 1(bridge_slave_0) entered disabled state [ 520.006057][T13202] bridge_slave_0: entered allmulticast mode [ 520.008383][T13202] bridge_slave_0: entered promiscuous mode [ 521.506094][T13202] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.507700][T13202] bridge0: port 2(bridge_slave_1) entered disabled state [ 521.507967][T13202] bridge_slave_1: entered allmulticast mode [ 521.513221][T13202] bridge_slave_1: entered promiscuous mode [ 521.889239][ T5815] Bluetooth: hci1: command tx timeout [ 523.821751][T13445] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 523.821793][T13445] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 523.821818][T13445] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 523.976838][ T5815] Bluetooth: hci1: command tx timeout [ 525.856557][T13136] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 525.856574][T13136] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 525.856601][T13136] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 527.603031][T13136] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 527.603049][T13136] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 527.603094][T13136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 527.638208][T13202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.685993][T13202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 528.001542][T13469] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2879'. [ 528.001614][T13469] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2879'. [ 528.147416][ T3560] hsr_slave_0: left promiscuous mode [ 528.184674][ T3560] hsr_slave_1: left promiscuous mode [ 528.514703][ T3560] hsr_slave_0: left promiscuous mode [ 528.555990][ T3560] hsr_slave_1: left promiscuous mode [ 528.617033][ T3560] veth1_macvtap: left promiscuous mode [ 528.617110][ T3560] veth0_macvtap: left promiscuous mode [ 528.617349][ T3560] veth1_vlan: left promiscuous mode [ 528.617479][ T3560] veth0_vlan: left promiscuous mode [ 528.755051][ T3560] veth1_macvtap: left promiscuous mode [ 528.755125][ T3560] veth0_macvtap: left promiscuous mode [ 528.755307][ T3560] veth1_vlan: left promiscuous mode [ 528.755428][ T3560] veth0_vlan: left promiscuous mode [ 537.550621][ T5119] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 537.563054][ T5119] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 537.564365][ T5119] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 537.566968][ T5119] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 537.567853][ T5119] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 538.558050][T13475] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 538.558099][T13475] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 538.558120][T13475] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 538.811872][T13202] team0: Port device team_slave_0 added [ 538.892229][T13202] team0: Port device team_slave_1 added [ 539.216071][T13202] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.216090][T13202] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 539.216116][T13202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.265755][T13202] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.265773][T13202] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 539.265804][T13202] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 539.338359][T13495] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2887'. [ 539.473296][T13491] lo speed is unknown, defaulting to 1000 [ 539.667620][ T5815] Bluetooth: hci0: command tx timeout [ 539.724642][ T3122] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 539.942380][ T3122] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 539.942415][ T3122] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 539.942440][ T3122] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 539.942486][ T3122] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 539.942510][ T3122] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.997320][ T3122] usb 6-1: config 0 descriptor?? [ 541.279012][ T3122] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 541.417195][ T3122] usb 6-1: USB disconnect, device number 8 [ 541.569618][T13530] fido_id[13530]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 542.619200][ T5815] Bluetooth: hci0: command tx timeout [ 542.921301][T13202] hsr_slave_0: entered promiscuous mode [ 542.932357][T13202] hsr_slave_1: entered promiscuous mode [ 542.941219][T13202] debugfs: 'hsr0' already exists in 'hsr' [ 542.941304][T13202] Cannot create hsr debugfs directory [ 543.124807][ T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 543.173431][T13393] chnl_net:caif_netlink_parms(): no params data found [ 543.284607][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 543.289693][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 543.289727][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 543.293496][ T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 543.293524][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 543.293546][ T10] usb 6-1: Product: syz [ 543.293561][ T10] usb 6-1: Manufacturer: syz [ 543.293576][ T10] usb 6-1: SerialNumber: syz [ 543.630537][ T10] usb 6-1: 0:2 : does not exist [ 543.647884][ T10] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 543.827419][ T10] usb 6-1: USB disconnect, device number 9 [ 543.917683][T13493] udevd[13493]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 543.935857][T13553] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2898'. [ 543.937094][T13553] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2898'. [ 545.252151][ T5815] Bluetooth: hci0: command tx timeout [ 545.628931][T13393] bridge0: port 1(bridge_slave_0) entered blocking state [ 545.629061][T13393] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.629269][T13393] bridge_slave_0: entered allmulticast mode [ 545.631138][T13393] bridge_slave_0: entered promiscuous mode [ 545.664144][T13393] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.664291][T13393] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.667810][T13393] bridge_slave_1: entered allmulticast mode [ 545.671175][T13393] bridge_slave_1: entered promiscuous mode [ 546.072652][T13393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 546.097380][T13579] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2906'. [ 546.097451][T13579] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2906'. [ 546.288304][T13393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 546.681009][ T5119] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 546.683746][ T5119] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 546.699532][ T5119] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 546.700764][ T5119] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 546.701586][ T5119] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 547.616694][ T5815] Bluetooth: hci0: command tx timeout [ 548.905889][T13393] team0: Port device team_slave_0 added [ 549.007654][T13491] chnl_net:caif_netlink_parms(): no params data found [ 549.181559][ T5119] Bluetooth: hci2: command tx timeout [ 550.757950][T13393] team0: Port device team_slave_1 added [ 551.184561][ T5119] Bluetooth: hci2: command tx timeout [ 552.128801][T13634] macsec1: entered promiscuous mode [ 553.388712][ T5119] Bluetooth: hci2: command tx timeout [ 554.474544][T13646] netlink: 6 bytes leftover after parsing attributes in process `syz.5.2922'. [ 554.616019][T13652] fuse: Unknown parameter '00000000000000000000' [ 555.735909][ T5119] Bluetooth: hci2: command tx timeout [ 555.865082][T13393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 555.865101][T13393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 555.865130][T13393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 556.058450][T13393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 556.058469][T13393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 556.058498][T13393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 556.094257][T13676] fuse: Unknown parameter '00000000000000000000' [ 556.476663][T13595] lo speed is unknown, defaulting to 1000 [ 556.937533][T13491] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.937771][T13491] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.938038][T13491] bridge_slave_0: entered allmulticast mode [ 556.944290][T13491] bridge_slave_0: entered promiscuous mode [ 557.266417][T13491] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.266558][T13491] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.266786][T13491] bridge_slave_1: entered allmulticast mode [ 557.274653][T13491] bridge_slave_1: entered promiscuous mode [ 557.333454][T13393] hsr_slave_0: entered promiscuous mode [ 557.335100][T13393] hsr_slave_1: entered promiscuous mode [ 557.336280][T13393] debugfs: 'hsr0' already exists in 'hsr' [ 557.336309][T13393] Cannot create hsr debugfs directory [ 557.883080][T13491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 559.209144][T13702] fuse: Unknown parameter '00000000000000000000' [ 559.570217][T13491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 559.598028][T13708] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2944'. [ 559.902777][T13491] team0: Port device team_slave_0 added [ 559.920672][T13491] team0: Port device team_slave_1 added [ 560.259776][T13491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 560.259794][T13491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 560.259822][T13491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 560.405264][T13491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 560.405294][T13491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 560.405324][T13491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 560.990042][T13735] fuse: Unknown parameter 'user00000000000000000000' [ 561.800963][T13491] hsr_slave_0: entered promiscuous mode [ 561.802436][T13491] hsr_slave_1: entered promiscuous mode [ 561.803441][T13491] debugfs: 'hsr0' already exists in 'hsr' [ 561.803466][T13491] Cannot create hsr debugfs directory [ 562.554882][T13595] chnl_net:caif_netlink_parms(): no params data found [ 564.122927][T13763] fuse: Unknown parameter 'user00000000000000000000' [ 569.408332][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 569.408503][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.496832][T13791] fuse: Unknown parameter 'user00000000000000000000' [ 571.198733][ T5826] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 571.209562][ T5826] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 571.210880][ T5826] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 571.212676][ T5826] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 571.213632][ T5826] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 571.499509][T13595] bridge0: port 1(bridge_slave_0) entered blocking state [ 571.499853][T13595] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.500076][T13595] bridge_slave_0: entered allmulticast mode [ 571.502349][T13595] bridge_slave_0: entered promiscuous mode [ 571.520327][T13595] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.520498][T13595] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.521698][T13595] bridge_slave_1: entered allmulticast mode [ 571.526149][T13595] bridge_slave_1: entered promiscuous mode [ 572.020981][T13817] fuse: Unknown parameter 'user_i00000000000000000000' [ 572.035849][T13595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 572.061850][T13595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 572.217361][T13810] lo speed is unknown, defaulting to 1000 [ 573.574875][ T5815] Bluetooth: hci5: command 0x1003 tx timeout [ 573.575038][ T5815] Bluetooth: hci6: command tx timeout [ 573.575398][ T5119] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 573.730210][T13835] fuse: Unknown parameter 'user_i00000000000000000000' [ 573.806783][T13595] team0: Port device team_slave_0 added [ 573.833578][T13595] team0: Port device team_slave_1 added [ 574.091471][T13595] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 574.091488][T13595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 574.091517][T13595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 574.111216][T13595] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 574.111236][T13595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 574.111271][T13595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 574.387770][ T3560] bridge_slave_1: left allmulticast mode [ 574.387802][ T3560] bridge_slave_1: left promiscuous mode [ 574.391040][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.446200][ T3560] bridge_slave_0: left allmulticast mode [ 574.446225][ T3560] bridge_slave_0: left promiscuous mode [ 574.446455][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.519041][ T3560] bridge_slave_1: left allmulticast mode [ 574.519065][ T3560] bridge_slave_1: left promiscuous mode [ 574.519244][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.577279][ T3560] bridge_slave_0: left allmulticast mode [ 574.577312][ T3560] bridge_slave_0: left promiscuous mode [ 574.577561][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.650254][ T3560] bridge_slave_1: left allmulticast mode [ 574.650377][ T3560] bridge_slave_1: left promiscuous mode [ 574.650619][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state [ 575.403414][ T3560] bridge_slave_0: left allmulticast mode [ 575.403830][ T3560] bridge_slave_0: left promiscuous mode [ 575.445097][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.657678][ T5826] Bluetooth: hci6: command tx timeout [ 575.879262][ T3560] bridge_slave_1: left allmulticast mode [ 575.879295][ T3560] bridge_slave_1: left promiscuous mode [ 575.879503][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state [ 575.935402][T13859] fuse: Unknown parameter 'user_i00000000000000000000' [ 575.962953][ T3560] bridge_slave_0: left allmulticast mode [ 575.962983][ T3560] bridge_slave_0: left promiscuous mode [ 575.963280][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.554925][T13863] overlayfs: failed to clone upperpath [ 577.716500][ T5119] Bluetooth: hci6: command tx timeout [ 578.955888][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 579.055277][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 579.117888][ T3560] bond0 (unregistering): Released all slaves [ 579.355750][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 579.436596][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 579.499045][ T3560] bond0 (unregistering): Released all slaves [ 579.735501][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 579.744732][ T5119] Bluetooth: hci6: command tx timeout [ 579.825300][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 579.898194][ T3560] bond0 (unregistering): Released all slaves [ 580.225561][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 580.305257][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 580.367290][ T3560] bond0 (unregistering): Released all slaves [ 580.780061][T13595] hsr_slave_0: entered promiscuous mode [ 580.781771][T13595] hsr_slave_1: entered promiscuous mode [ 580.782974][T13595] debugfs: 'hsr0' already exists in 'hsr' [ 580.782998][T13595] Cannot create hsr debugfs directory [ 580.907852][T13883] fuse: Unknown parameter 'user_id00000000000000000000' [ 582.212247][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 582.256633][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 582.384097][T13908] fuse: Unknown parameter 'user_id00000000000000000000' [ 582.464808][ T3560] hsr_slave_0: left promiscuous mode [ 582.504665][ T3560] hsr_slave_1: left promiscuous mode [ 582.505599][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 582.545613][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 582.706524][ T3560] hsr_slave_0: left promiscuous mode [ 582.744965][ T3560] hsr_slave_1: left promiscuous mode [ 582.746107][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 582.786502][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 584.044629][ T3560] hsr_slave_0: left promiscuous mode [ 584.086179][ T3560] hsr_slave_1: left promiscuous mode [ 584.088308][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 584.135249][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 585.677301][T13931] fuse: Unknown parameter 'user_id00000000000000000000' [ 586.177322][ T3560] team0 (unregistering): Port device team_slave_1 removed [ 586.405606][ T3560] team0 (unregistering): Port device team_slave_0 removed [ 587.497263][ T3560] team0 (unregistering): Port device team_slave_1 removed [ 587.647798][ T3560] team0 (unregistering): Port device team_slave_0 removed [ 590.869249][ T3560] team0 (unregistering): Port device team_slave_1 removed [ 591.176751][ T3560] team0 (unregistering): Port device team_slave_0 removed [ 593.425673][ T3560] team0 (unregistering): Port device team_slave_1 removed [ 593.595436][ T3560] team0 (unregistering): Port device team_slave_0 removed [ 594.356538][T14005] wireguard0: entered promiscuous mode [ 594.356565][T14005] wireguard0: entered allmulticast mode [ 594.669141][T13810] chnl_net:caif_netlink_parms(): no params data found [ 595.839610][T13491] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 595.893319][T13810] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.893476][T13810] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.909393][T13810] bridge_slave_0: entered allmulticast mode [ 595.913845][T13810] bridge_slave_0: entered promiscuous mode [ 595.977498][T13491] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 596.019703][T13810] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.019887][T13810] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.020120][T13810] bridge_slave_1: entered allmulticast mode [ 596.046203][T13810] bridge_slave_1: entered promiscuous mode [ 596.075166][T13491] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 596.360925][T13491] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 596.625528][T13810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 596.750959][T13810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.051944][T13810] team0: Port device team_slave_0 added [ 597.074997][T13810] team0: Port device team_slave_1 added [ 597.134138][T14037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3047'. [ 597.215698][T13595] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 597.387403][T13595] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 597.447846][T13810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 597.447865][T13810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 597.447896][T13810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 597.448625][T13595] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 597.580238][T13810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 597.580257][T13810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 597.580290][T13810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 597.581460][T13595] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 598.377113][T13810] hsr_slave_0: entered promiscuous mode [ 598.386696][T13810] hsr_slave_1: entered promiscuous mode [ 598.533207][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 598.548518][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 598.551013][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 598.552612][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 598.555231][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 600.704694][ T5119] Bluetooth: hci1: command tx timeout [ 601.220856][T14063] lo speed is unknown, defaulting to 1000 [ 602.244823][T13810] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 602.309723][T14109] netlink: 'syz.1.3063': attribute type 12 has an invalid length. [ 602.320791][T13810] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 602.500191][T13810] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 603.695693][T13810] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 603.707161][ T5119] Bluetooth: hci1: command tx timeout [ 604.827943][T14063] chnl_net:caif_netlink_parms(): no params data found [ 605.805804][T14157] netlink: 'syz.1.3071': attribute type 32 has an invalid length. [ 606.653946][T13595] 8021q: adding VLAN 0 to HW filter on device bond0 [ 606.742783][ T5119] Bluetooth: hci1: command tx timeout [ 607.664204][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 607.686355][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 607.690628][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 607.693559][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 607.699321][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 608.085458][T14063] bridge0: port 1(bridge_slave_0) entered blocking state [ 608.085675][T14063] bridge0: port 1(bridge_slave_0) entered disabled state [ 608.085945][T14063] bridge_slave_0: entered allmulticast mode [ 608.088864][T14063] bridge_slave_0: entered promiscuous mode [ 609.452616][ T5826] Bluetooth: hci1: command tx timeout [ 609.608651][T14063] bridge0: port 2(bridge_slave_1) entered blocking state [ 609.608793][T14063] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.609047][T14063] bridge_slave_1: entered allmulticast mode [ 609.614831][T14063] bridge_slave_1: entered promiscuous mode [ 609.738440][T14188] IPv6: sit1: Disabled Multicast RS [ 609.739387][T14188] sit1: entered allmulticast mode [ 609.744787][ T5826] Bluetooth: hci0: command tx timeout [ 609.967845][T14063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 609.990942][T14063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 611.900508][ T5826] Bluetooth: hci0: command tx timeout [ 613.811587][T14172] lo speed is unknown, defaulting to 1000 [ 613.867222][T14063] team0: Port device team_slave_0 added [ 613.913271][T14063] team0: Port device team_slave_1 added [ 614.020266][ T5826] Bluetooth: hci0: command tx timeout [ 615.573090][T14063] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 615.573108][T14063] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 615.573136][T14063] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.763791][T14063] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 615.763808][T14063] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 615.763838][T14063] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 615.900547][T14233] netlink: 'syz.5.3085': attribute type 16 has an invalid length. [ 616.064683][ T5826] Bluetooth: hci0: command tx timeout [ 618.555010][T14233] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 618.833825][ T3560] bridge_slave_1: left allmulticast mode [ 618.833855][ T3560] bridge_slave_1: left promiscuous mode [ 618.834107][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.216241][ T3560] bridge_slave_0: left allmulticast mode [ 619.216273][ T3560] bridge_slave_0: left promiscuous mode [ 619.216533][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state [ 620.404203][ T3560] bridge_slave_1: left allmulticast mode [ 620.404235][ T3560] bridge_slave_1: left promiscuous mode [ 620.404687][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state [ 620.585835][ T3560] bridge_slave_0: left allmulticast mode [ 620.585862][ T3560] bridge_slave_0: left promiscuous mode [ 620.586065][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state [ 620.677635][ T3560] bridge_slave_1: left allmulticast mode [ 620.677657][ T3560] bridge_slave_1: left promiscuous mode [ 620.677843][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state [ 620.715760][ T3560] bridge_slave_0: left allmulticast mode [ 620.715783][ T3560] bridge_slave_0: left promiscuous mode [ 620.715964][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state [ 621.064585][ T3122] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 621.082834][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 621.155111][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 621.217504][ T3560] bond0 (unregistering): Released all slaves [ 621.224623][ T3122] usb 6-1: Using ep0 maxpacket: 32 [ 621.227443][ T3122] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.227492][ T3122] usb 6-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 621.227519][ T3122] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.295262][ T3122] usb 6-1: config 0 descriptor?? [ 621.495379][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 621.566116][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 621.626658][ T3560] bond0 (unregistering): Released all slaves [ 621.753180][ T3122] samsung 0003:0419:0600.0003: item fetching failed at offset 0/2 [ 621.754053][ T3122] samsung 0003:0419:0600.0003: parse failed [ 621.754122][ T3122] samsung 0003:0419:0600.0003: probe with driver samsung failed with error -22 [ 621.845218][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 621.916112][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 621.949978][T13146] usb 6-1: USB disconnect, device number 10 [ 621.988838][ T3560] bond0 (unregistering): Released all slaves [ 623.581628][T14063] hsr_slave_0: entered promiscuous mode [ 623.615148][T14063] hsr_slave_1: entered promiscuous mode [ 623.616196][T14063] debugfs: 'hsr0' already exists in 'hsr' [ 623.616222][T14063] Cannot create hsr debugfs directory [ 625.125718][T14290] bridge0: entered promiscuous mode [ 625.126009][T14290] macsec0: entered promiscuous mode [ 625.898385][ T3560] hsr_slave_0: left promiscuous mode [ 625.914616][ T3560] hsr_slave_1: left promiscuous mode [ 625.915572][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.968532][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.116876][ T3560] hsr_slave_0: left promiscuous mode [ 626.139915][ T3560] hsr_slave_1: left promiscuous mode [ 626.143078][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.196597][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.544104][ T3560] hsr_slave_0: left promiscuous mode [ 626.584547][ T3560] hsr_slave_1: left promiscuous mode [ 626.585575][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.629873][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 628.310910][T14317] netlink: 148 bytes leftover after parsing attributes in process `syz.5.3107'. [ 628.310990][T14317] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3107'. [ 629.899953][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.900029][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.995270][ T3560] team0 (unregistering): Port device team_slave_1 removed [ 630.115247][ T3560] team0 (unregistering): Port device team_slave_0 removed [ 630.740871][T14326] 9pnet_fd: Insufficient options for proto=fd [ 631.998436][ T5119] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 632.001317][ T5119] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 632.002587][ T5119] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 632.004142][ T5119] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 632.033936][ T5119] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 632.525416][ T3560] team0 (unregistering): Port device team_slave_1 removed [ 632.626953][ T3560] team0 (unregistering): Port device team_slave_0 removed [ 633.730613][ T3560] team0 (unregistering): Port device team_slave_1 removed [ 633.825552][ T3560] team0 (unregistering): Port device team_slave_0 removed [ 634.144614][ T5119] Bluetooth: hci2: command tx timeout [ 635.998562][T14172] chnl_net:caif_netlink_parms(): no params data found [ 636.238069][ T5119] Bluetooth: hci2: command tx timeout [ 636.245102][ T10] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 636.256090][T14358] 9pnet_fd: Insufficient options for proto=fd [ 636.429548][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 636.431115][ T10] usb 6-1: config 2 has an invalid interface number: 34 but max is 2 [ 636.431141][ T10] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 636.431162][ T10] usb 6-1: config 2 has no interface number 0 [ 636.431245][ T10] usb 6-1: config 2 interface 1 altsetting 190 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 636.431292][ T10] usb 6-1: config 2 interface 34 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 636.431321][ T10] usb 6-1: config 2 interface 1 has no altsetting 0 [ 636.431340][ T10] usb 6-1: config 2 interface 34 has no altsetting 0 [ 636.441177][ T10] usb 6-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=37.c4 [ 636.441214][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.441235][ T10] usb 6-1: Product: syz [ 636.441250][ T10] usb 6-1: Manufacturer: syz [ 636.441266][ T10] usb 6-1: SerialNumber: syz [ 637.667401][ T10] usb 6-1: selecting invalid altsetting 0 [ 637.742310][ T10] usb 6-1: USB disconnect, device number 11 [ 637.846208][T14365] udevd[14365]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:2.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 637.906830][T14335] lo speed is unknown, defaulting to 1000 [ 638.222857][T14376] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3125'. [ 638.506956][ T5119] Bluetooth: hci2: command tx timeout [ 639.243309][ T1888] kernel write not supported for file bpf-prog (pid: 1888 comm: kworker/1:3) [ 640.638713][ T5119] Bluetooth: hci2: command tx timeout [ 640.726537][T14403] 9pnet_fd: Insufficient options for proto=fd [ 640.827716][T14172] bridge0: port 1(bridge_slave_0) entered blocking state [ 640.827852][T14172] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.828091][T14172] bridge_slave_0: entered allmulticast mode [ 640.847651][T14172] bridge_slave_0: entered promiscuous mode [ 641.243986][T14172] bridge0: port 2(bridge_slave_1) entered blocking state [ 641.244132][T14172] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.244618][T14172] bridge_slave_1: entered allmulticast mode [ 641.249077][T14172] bridge_slave_1: entered promiscuous mode [ 642.778585][T14172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 642.820533][T14172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 642.884879][T14420] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3133'. [ 642.884955][T14420] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3133'. [ 643.182396][T14172] team0: Port device team_slave_0 added [ 643.228719][T14172] team0: Port device team_slave_1 added [ 643.916864][T14172] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 643.916881][T14172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 643.916908][T14172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 645.080943][T14172] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 645.080963][T14172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 645.081002][T14172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 647.768532][T14335] chnl_net:caif_netlink_parms(): no params data found [ 647.978108][T14172] hsr_slave_0: entered promiscuous mode [ 648.772203][T14172] hsr_slave_1: entered promiscuous mode [ 648.991875][T14172] debugfs: 'hsr0' already exists in 'hsr' [ 648.991903][T14172] Cannot create hsr debugfs directory [ 649.625467][T14063] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 649.717115][T14063] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 649.886022][T14063] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 650.010619][T14063] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 650.536981][T14335] bridge0: port 1(bridge_slave_0) entered blocking state [ 650.537185][T14335] bridge0: port 1(bridge_slave_0) entered disabled state [ 650.537481][T14335] bridge_slave_0: entered allmulticast mode [ 650.540662][T14335] bridge_slave_0: entered promiscuous mode [ 652.594036][T14335] bridge0: port 2(bridge_slave_1) entered blocking state [ 652.594176][T14335] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.604619][T14335] bridge_slave_1: entered allmulticast mode [ 652.614647][T14335] bridge_slave_1: entered promiscuous mode [ 653.180671][T14335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 653.192132][T13146] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 653.345637][T13146] usb 6-1: Using ep0 maxpacket: 16 [ 653.346926][T13146] usb 6-1: too many configurations: 112, using maximum allowed: 8 [ 653.394076][T13146] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 653.394110][T13146] usb 6-1: New USB device strings: Mfr=144, Product=246, SerialNumber=0 [ 653.394133][T13146] usb 6-1: Product: syz [ 653.394149][T13146] usb 6-1: Manufacturer: syz [ 653.470542][T13146] r8152-cfgselector 6-1: Unknown version 0x0000 [ 653.470571][T13146] r8152-cfgselector 6-1: config 0 descriptor?? [ 653.496221][T13146] cdc_acm 6-1:0.0: Zero length descriptor references [ 653.496270][T13146] cdc_acm 6-1:0.0: probe with driver cdc_acm failed with error -22 [ 653.609428][T14335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 653.687891][ T10] r8152-cfgselector 6-1: USB disconnect, device number 12 [ 655.979460][T14335] team0: Port device team_slave_0 added [ 656.064809][T14335] team0: Port device team_slave_1 added [ 656.931055][T14524] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 657.426635][ T38] audit: type=1326 audit(1761346205.473:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14519 comm="syz.5.3160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 657.427271][ T38] audit: type=1326 audit(1761346205.473:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14519 comm="syz.5.3160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 657.444632][ T38] audit: type=1326 audit(1761346205.483:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14519 comm="syz.5.3160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 657.444700][ T38] audit: type=1326 audit(1761346205.483:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14519 comm="syz.5.3160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 658.892684][T14530] lo speed is unknown, defaulting to 1000 [ 659.282961][ T5826] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 659.313590][ T5826] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 659.322408][ T5826] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 659.323730][ T5826] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 659.325549][ T5826] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 659.696471][T14335] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 659.696490][T14335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 659.696520][T14335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 660.036904][T14335] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 660.036921][T14335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 660.036950][T14335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 661.424678][ T5826] Bluetooth: hci5: command tx timeout [ 661.593293][T14335] hsr_slave_0: entered promiscuous mode [ 661.595488][T14335] hsr_slave_1: entered promiscuous mode [ 661.596501][T14335] debugfs: 'hsr0' already exists in 'hsr' [ 661.596524][T14335] Cannot create hsr debugfs directory [ 661.655960][T14536] lo speed is unknown, defaulting to 1000 [ 662.097785][ T3560] bridge_slave_1: left allmulticast mode [ 662.097816][ T3560] bridge_slave_1: left promiscuous mode [ 662.098067][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state [ 662.345778][ T3560] bridge_slave_0: left allmulticast mode [ 662.345802][ T3560] bridge_slave_0: left promiscuous mode [ 662.346006][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.504558][ T5826] Bluetooth: hci5: command tx timeout [ 663.559938][ T3560] bridge_slave_1: left allmulticast mode [ 663.559970][ T3560] bridge_slave_1: left promiscuous mode [ 663.560263][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.687318][ T3560] bridge_slave_0: left allmulticast mode [ 663.687349][ T3560] bridge_slave_0: left promiscuous mode [ 663.687618][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.846050][T14577] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 664.300696][ T38] audit: type=1326 audit(1761346212.343:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 664.301005][ T38] audit: type=1326 audit(1761346212.343:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 664.301454][ T38] audit: type=1326 audit(1761346212.343:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 664.301776][ T38] audit: type=1326 audit(1761346212.343:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 664.302091][ T38] audit: type=1326 audit(1761346212.343:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 664.302476][ T38] audit: type=1326 audit(1761346212.343:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 664.438709][ T38] audit: type=1326 audit(1761346212.343:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 664.438880][ T38] audit: type=1326 audit(1761346212.483:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 664.440125][ T38] audit: type=1326 audit(1761346212.483:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 664.440186][ T38] audit: type=1326 audit(1761346212.483:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14572 comm="syz.5.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 665.996398][ T5826] Bluetooth: hci5: command tx timeout [ 666.116920][T14591] netlink: 'syz.5.3174': attribute type 32 has an invalid length. [ 666.117001][T14591] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3174'. [ 668.064533][ T5826] Bluetooth: hci5: command tx timeout [ 668.629225][ T5119] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 668.632131][ T5119] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 668.633706][ T5119] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 668.801892][ T5119] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 668.995505][ T5119] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 669.506353][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 669.585638][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 669.647989][ T3560] bond0 (unregistering): Released all slaves [ 670.915385][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 670.976196][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 671.036909][ T3560] bond0 (unregistering): Released all slaves [ 671.450010][ T5826] Bluetooth: hci1: command tx timeout [ 671.651642][T14602] lo speed is unknown, defaulting to 1000 [ 672.841185][T14625] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 673.054877][T14536] chnl_net:caif_netlink_parms(): no params data found [ 673.204547][ T3560] hsr_slave_0: left promiscuous mode [ 673.244562][ T3560] hsr_slave_1: left promiscuous mode [ 673.245629][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 673.285454][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 673.375365][ T38] audit: type=1326 audit(1761346221.413:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.375429][ T38] audit: type=1326 audit(1761346221.423:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.375480][ T38] audit: type=1326 audit(1761346221.423:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.376287][ T38] audit: type=1326 audit(1761346221.423:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.376351][ T38] audit: type=1326 audit(1761346221.423:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.376400][ T38] audit: type=1326 audit(1761346221.423:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.378268][ T38] audit: type=1326 audit(1761346221.423:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.378330][ T38] audit: type=1326 audit(1761346221.423:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.378815][ T38] audit: type=1326 audit(1761346221.423:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.378867][ T38] audit: type=1326 audit(1761346221.423:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14623 comm="syz.5.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4292efc9 code=0x7ffc0000 [ 673.504665][ T5826] Bluetooth: hci1: command tx timeout [ 673.684732][ T3560] hsr_slave_0: left promiscuous mode [ 673.726878][ T3560] hsr_slave_1: left promiscuous mode [ 673.727922][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 673.754633][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 676.715590][ T23] ================================================================== [ 676.715608][ T23] BUG: KASAN: vmalloc-out-of-bounds in run_irq_workd+0x116/0x190 [ 676.715649][ T23] Read of size 8 at addr ffffc9000fc39090 by task irq_work/0/23 [ 676.715667][ T23] [ 676.715690][ T23] CPU: 0 UID: 0 PID: 23 Comm: irq_work/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 676.715716][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 676.715733][ T23] Call Trace: [ 676.715746][ T23] [ 676.715757][ T23] dump_stack_lvl+0x189/0x250 [ 676.715791][ T23] ? run_irq_workd+0x116/0x190 [ 676.715822][ T23] ? __pfx_dump_stack_lvl+0x10/0x10 [ 676.715854][ T23] ? __pfx__printk+0x10/0x10 [ 676.715884][ T23] ? __virt_addr_valid+0xdc/0x5c0 [ 676.715915][ T23] ? __virt_addr_valid+0xdc/0x5c0 [ 676.715949][ T23] print_report+0xca/0x240 [ 676.715979][ T23] ? run_irq_workd+0x116/0x190 [ 676.716007][ T23] kasan_report+0x118/0x150 [ 676.716040][ T23] ? run_irq_workd+0x116/0x190 [ 676.716074][ T23] run_irq_workd+0x116/0x190 [ 676.716104][ T23] ? __pfx_run_irq_workd+0x10/0x10 [ 676.716133][ T23] ? schedule+0x91/0x360 [ 676.716168][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 676.716196][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 676.716222][ T23] smpboot_thread_fn+0x542/0xa60 [ 676.716249][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 676.716280][ T23] kthread+0x711/0x8a0 [ 676.716313][ T23] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 676.716341][ T23] ? __pfx_kthread+0x10/0x10 [ 676.716370][ T23] ? rt_spin_unlock+0x150/0x200 [ 676.716394][ T23] ? rt_spin_unlock+0x161/0x200 [ 676.716414][ T23] ? __pfx_kthread+0x10/0x10 [ 676.716446][ T23] ret_from_fork+0x4bc/0x870 [ 676.716473][ T23] ? __pfx_ret_from_fork+0x10/0x10 [ 676.716503][ T23] ? __switch_to_asm+0x39/0x70 [ 676.716524][ T23] ? __switch_to_asm+0x33/0x70 [ 676.716545][ T23] ? __pfx_kthread+0x10/0x10 [ 676.716577][ T23] ret_from_fork_asm+0x1a/0x30 [ 676.716610][ T23] [ 676.716618][ T23] [ 676.716623][ T23] The buggy address belongs to a vmalloc virtual mapping [ 676.716651][ T23] Memory state around the buggy address: [ 676.716663][ T23] ffffc9000fc38f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 676.716678][ T23] ffffc9000fc39000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 676.716693][ T23] >ffffc9000fc39080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 676.716707][ T23] ^ [ 676.716718][ T23] ffffc9000fc39100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 676.716733][ T23] ffffc9000fc39180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 676.716744][ T23] ================================================================== [ 676.716768][ T23] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 676.716783][ T23] CPU: 0 UID: 0 PID: 23 Comm: irq_work/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 676.716808][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 676.716821][ T23] Call Trace: [ 676.716829][ T23] [ 676.716837][ T23] dump_stack_lvl+0x99/0x250 [ 676.716869][ T23] ? __asan_memcpy+0x40/0x70 [ 676.716894][ T23] ? __pfx_dump_stack_lvl+0x10/0x10 [ 676.716926][ T23] ? __pfx__printk+0x10/0x10 [ 676.716959][ T23] vpanic+0x237/0x6d0 [ 676.716980][ T23] ? __pfx_vpanic+0x10/0x10 [ 676.717007][ T23] panic+0xb9/0xc0 [ 676.717026][ T23] ? __pfx_panic+0x10/0x10 [ 676.717045][ T23] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 676.717076][ T23] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 676.717113][ T23] ? run_irq_workd+0x116/0x190 [ 676.717142][ T23] check_panic_on_warn+0x89/0xb0 [ 676.717170][ T23] ? run_irq_workd+0x116/0x190 [ 676.717200][ T23] end_report+0x78/0x160 [ 676.717229][ T23] kasan_report+0x129/0x150 [ 676.717260][ T23] ? run_irq_workd+0x116/0x190 [ 676.717294][ T23] run_irq_workd+0x116/0x190 [ 676.717324][ T23] ? __pfx_run_irq_workd+0x10/0x10 [ 676.717353][ T23] ? schedule+0x91/0x360 [ 676.717380][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 676.717408][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 676.717434][ T23] smpboot_thread_fn+0x542/0xa60 [ 676.717462][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 676.717494][ T23] kthread+0x711/0x8a0 [ 676.717527][ T23] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 676.717554][ T23] ? __pfx_kthread+0x10/0x10 [ 676.717583][ T23] ? rt_spin_unlock+0x150/0x200 [ 676.717607][ T23] ? rt_spin_unlock+0x161/0x200 [ 676.717627][ T23] ? __pfx_kthread+0x10/0x10 [ 676.717660][ T23] ret_from_fork+0x4bc/0x870 [ 676.717686][ T23] ? __pfx_ret_from_fork+0x10/0x10 [ 676.717716][ T23] ? __switch_to_asm+0x39/0x70 [ 676.717737][ T23] ? __switch_to_asm+0x33/0x70 [ 676.717758][ T23] ? __pfx_kthread+0x10/0x10 [ 676.717790][ T23] ret_from_fork_asm+0x1a/0x30 [ 676.717823][ T23] [ 676.718100][ T23] Kernel Offset: disabled