last executing test programs: 2.142375448s ago: executing program 3 (id=823): poll(&(0x7f00000001c0)=[{}], 0x1, 0x100) syz_clone(0x6a02f080, 0x0, 0xfffffffffffffd7b, 0x0, 0x0, 0x0) 1.173719176s ago: executing program 0 (id=836): creat(&(0x7f00000011c0)='./file0\x00', 0x0) mount$nfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x400, &(0x7f0000000140)={[{'nointr'}]}) 914.065197ms ago: executing program 2 (id=838): ioperm(0x0, 0x33, 0x3) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff) 914.008107ms ago: executing program 3 (id=839): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score\x00') lseek(r0, 0x5, 0x0) 913.302087ms ago: executing program 0 (id=846): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000200)=@ethtool_perm_addr={0x4b, 0xa, 'Cr\a\x00\x00\x00\x00\x00Go'}}) 912.694507ms ago: executing program 1 (id=840): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}, @func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x4, 0x3}, {0x8, 0x3}]}]}}, &(0x7f0000000f40)=""/4089, 0x42, 0xff9, 0x1}, 0x28) 770.440928ms ago: executing program 1 (id=841): r0 = socket(0x10, 0x803, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000680), &(0x7f00000006c0)=0xfffffc83) 769.652698ms ago: executing program 0 (id=842): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002bc0)={0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f00000036c0)={&(0x7f00000032c0)=@file={0x0, './file0\x00'}, 0x9e, 0x0, 0x0, &(0x7f0000003680)=[@rights={{0x14}}], 0x18}, 0x0) 738.216341ms ago: executing program 2 (id=843): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r0, &(0x7f0000000240)={{0x3, @default}, [@null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x48) 720.835822ms ago: executing program 3 (id=844): r0 = openat$sequencer2(0xffffff9c, &(0x7f0000005e00), 0x0, 0x0) ioctl$SNDCTL_TMR_CONTINUE(r0, 0x5404) 577.142704ms ago: executing program 1 (id=845): mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x5, &(0x7f0000000000)=0xd, 0xb, 0x1) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000045000/0x3000)=nil, 0x3) 564.722975ms ago: executing program 0 (id=847): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="50000000010201800c00028005000000a90000002c000180040003"], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x24040804) 514.702379ms ago: executing program 2 (id=848): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x5c, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2017, 0x2021}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @mcast1}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x8000002) 490.346731ms ago: executing program 3 (id=849): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff) mount$nfs(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000500), 0x20040c1, 0x0) 387.948659ms ago: executing program 1 (id=850): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) getsockopt$inet6_buf(r0, 0x29, 0x1f, 0x0, &(0x7f0000002b00)) 334.369423ms ago: executing program 2 (id=851): r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, 0x0, 0x0) 239.175301ms ago: executing program 3 (id=852): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000200)=@ethtool_perm_addr={0x4b, 0xa, 'Cr\a\x00\x00\x00\x00\x00Go'}}) 239.101871ms ago: executing program 0 (id=853): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score\x00') lseek(r0, 0x5, 0x0) 235.701301ms ago: executing program 1 (id=860): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="6400000002060103000000000000000000000000050001000700000016000300686173683a6e65742c706f72742c6e65740000000900020073797a30000000000500040000000000050005000a00000014000780080012400000000005001500", @ANYBLOB="0f"], 0x64}, 0x1, 0x0, 0x0, 0xc010}, 0x40) 145.530538ms ago: executing program 2 (id=854): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000700)={0x54, 0x2, 0x6, 0x3, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}]}, 0x54}}, 0x0) 38.049368ms ago: executing program 3 (id=855): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002bc0)={0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f00000036c0)={&(0x7f00000032c0)=@file={0x0, './file0\x00'}, 0x9e, 0x0, 0x0, &(0x7f0000003680)=[@rights={{0x14}}], 0x18}, 0x0) 11.097359ms ago: executing program 1 (id=856): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="80020000160001000000001000000000fe8000000000000000000000000000aaff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8800000000000000000000000000010000000033000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000a0000000000000000000000000000000000000008001f00010000000c001500"], 0x280}}, 0x0) 10.325169ms ago: executing program 0 (id=865): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="6400000002060103000000000000000000000000050001000700000016000300686173683a6e65742c706f72742c6e65740000000900020073797a30000000000500040000000000050005000a00000014000780080012400000000005001500", @ANYBLOB="0f"], 0x64}, 0x1, 0x0, 0x0, 0xc010}, 0x40) 0s ago: executing program 2 (id=857): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.43' (ED25519) to the list of known hosts. [ 64.969092][ T5771] cgroup: Unknown subsys name 'net' [ 65.096578][ T5771] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.383203][ T5771] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.802646][ T5785] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.811204][ T5785] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.819644][ T5785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.827540][ T5785] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.836344][ T5785] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.844755][ T5785] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.852433][ T5785] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.882270][ T5792] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.900851][ T5792] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.900861][ T5785] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.910636][ T5793] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.922708][ T5792] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.931107][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.931719][ T5792] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.946106][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.946245][ T5793] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.962820][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.963119][ T5794] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.977549][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.978887][ T5794] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.985886][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.992893][ T5794] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.000799][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.014774][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.345869][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 68.550916][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 68.573641][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.581583][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.588822][ T5780] bridge_slave_0: entered allmulticast mode [ 68.596001][ T5780] bridge_slave_0: entered promiscuous mode [ 68.615187][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.623453][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.630921][ T5780] bridge_slave_1: entered allmulticast mode [ 68.638365][ T5780] bridge_slave_1: entered promiscuous mode [ 68.658250][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 68.687865][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.717474][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.727794][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 68.794610][ T5780] team0: Port device team_slave_0 added [ 68.818730][ T5780] team0: Port device team_slave_1 added [ 68.878381][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.885621][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.893808][ T5781] bridge_slave_0: entered allmulticast mode [ 68.900518][ T5781] bridge_slave_0: entered promiscuous mode [ 68.911143][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.918544][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.944508][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.959035][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.966120][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.992552][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.016620][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.023997][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.031368][ T5781] bridge_slave_1: entered allmulticast mode [ 69.037999][ T5781] bridge_slave_1: entered promiscuous mode [ 69.105004][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.115865][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.123324][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.130656][ T5783] bridge_slave_0: entered allmulticast mode [ 69.137269][ T5783] bridge_slave_0: entered promiscuous mode [ 69.144115][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.151488][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.158657][ T5782] bridge_slave_0: entered allmulticast mode [ 69.166089][ T5782] bridge_slave_0: entered promiscuous mode [ 69.174967][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.207721][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.214900][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.222656][ T5783] bridge_slave_1: entered allmulticast mode [ 69.229254][ T5783] bridge_slave_1: entered promiscuous mode [ 69.235767][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.243090][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.250214][ T5782] bridge_slave_1: entered allmulticast mode [ 69.257422][ T5782] bridge_slave_1: entered promiscuous mode [ 69.276530][ T5781] team0: Port device team_slave_0 added [ 69.320614][ T5781] team0: Port device team_slave_1 added [ 69.351316][ T5780] hsr_slave_0: entered promiscuous mode [ 69.359886][ T5780] hsr_slave_1: entered promiscuous mode [ 69.379536][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.391777][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.428478][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.439709][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.480630][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.487619][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.514609][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.564476][ T5782] team0: Port device team_slave_0 added [ 69.574378][ T5782] team0: Port device team_slave_1 added [ 69.582128][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.589091][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.615193][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.629210][ T5783] team0: Port device team_slave_0 added [ 69.638726][ T5783] team0: Port device team_slave_1 added [ 69.706060][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.713497][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.739914][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.752135][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.759373][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.786706][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.814369][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.823001][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.848984][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.860642][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.867610][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.893969][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.921295][ T5794] Bluetooth: hci0: command tx timeout [ 69.971123][ T5781] hsr_slave_0: entered promiscuous mode [ 69.977918][ T5781] hsr_slave_1: entered promiscuous mode [ 69.984553][ T5781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.993711][ T5781] Cannot create hsr debugfs directory [ 70.059151][ T5783] hsr_slave_0: entered promiscuous mode [ 70.066494][ T5783] hsr_slave_1: entered promiscuous mode [ 70.072969][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.080824][ T5794] Bluetooth: hci1: command tx timeout [ 70.086944][ T5783] Cannot create hsr debugfs directory [ 70.090448][ T5794] Bluetooth: hci2: command tx timeout [ 70.092417][ T5793] Bluetooth: hci3: command tx timeout [ 70.166923][ T5782] hsr_slave_0: entered promiscuous mode [ 70.173231][ T5782] hsr_slave_1: entered promiscuous mode [ 70.179331][ T5782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.187090][ T5782] Cannot create hsr debugfs directory [ 70.419289][ T5780] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.460820][ T5780] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.493551][ T5780] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.503440][ T5780] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.569446][ T5781] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.586331][ T5781] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.596983][ T5781] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.607561][ T5781] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.715022][ T5783] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.724571][ T5783] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.750621][ T5783] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.763410][ T5783] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.864678][ T5782] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.875544][ T5782] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.891440][ T5782] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.913218][ T5782] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.935964][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.985309][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.017143][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.038648][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.059190][ T3477] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.066561][ T3477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.096853][ T3477] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.104068][ T3477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.118387][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.125672][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.145379][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.162679][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.169769][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.234819][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.287892][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.294366][ T5780] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.300774][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.323877][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.331145][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.378719][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.386056][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.447781][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.536510][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.582801][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.590328][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.632784][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.639943][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.773848][ T5782] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.866681][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.989057][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.009737][ T5793] Bluetooth: hci0: command tx timeout [ 72.047195][ T5780] veth0_vlan: entered promiscuous mode [ 72.100167][ T5780] veth1_vlan: entered promiscuous mode [ 72.139540][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.161700][ T5793] Bluetooth: hci2: command tx timeout [ 72.162441][ T5794] Bluetooth: hci1: command tx timeout [ 72.167261][ T5793] Bluetooth: hci3: command tx timeout [ 72.201920][ T5781] veth0_vlan: entered promiscuous mode [ 72.215948][ T5781] veth1_vlan: entered promiscuous mode [ 72.237730][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.259290][ T5780] veth0_macvtap: entered promiscuous mode [ 72.281788][ T5780] veth1_macvtap: entered promiscuous mode [ 72.333263][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.375532][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.388668][ T5781] veth0_macvtap: entered promiscuous mode [ 72.399109][ T5783] veth0_vlan: entered promiscuous mode [ 72.423828][ T5781] veth1_macvtap: entered promiscuous mode [ 72.434887][ T5783] veth1_vlan: entered promiscuous mode [ 72.443855][ T5780] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.455142][ T5780] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.464192][ T5780] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.473142][ T5780] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.515748][ T5782] veth0_vlan: entered promiscuous mode [ 72.549752][ T5782] veth1_vlan: entered promiscuous mode [ 72.563960][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.575273][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.586706][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.628262][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.643352][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.658736][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.684517][ T5781] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.696539][ T5781] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.705379][ T5781] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.714249][ T5781] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.768952][ T5782] veth0_macvtap: entered promiscuous mode [ 72.783549][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.809470][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.809860][ T5782] veth1_macvtap: entered promiscuous mode [ 72.828887][ T5783] veth0_macvtap: entered promiscuous mode [ 72.866469][ T5783] veth1_macvtap: entered promiscuous mode [ 72.896117][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.907173][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.917223][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.927727][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.939569][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.975622][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.986444][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.007746][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.018560][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.028928][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.040016][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.053841][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.064480][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.071352][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.080297][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.084077][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.101470][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.112062][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.122130][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.132807][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.143787][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.168394][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.179785][ T5782] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.190088][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.196635][ T5782] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.207638][ T5782] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.216554][ T5782] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.239727][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.250606][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.260926][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.271467][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.282062][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.296525][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.308186][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.364093][ T5783] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.375274][ T5783] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.384294][ T5783] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.394520][ T5783] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.533605][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.578716][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.648279][ T3477] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.686890][ T3477] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.705824][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.750494][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.824243][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.855967][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.940880][ T5873] syz.1.6[5873]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 73.976378][ T5873] loop1: detected capacity change from 0 to 256 [ 74.082888][ T5793] Bluetooth: hci0: command tx timeout [ 74.192042][ T5873] FAT-fs (loop1): Directory bread(block 64) failed [ 74.198885][ T5873] FAT-fs (loop1): Directory bread(block 65) failed [ 74.242555][ T5873] FAT-fs (loop1): Directory bread(block 66) failed [ 74.243888][ T5793] Bluetooth: hci1: command tx timeout [ 74.249122][ T5873] FAT-fs (loop1): Directory bread(block 67) failed [ 74.255600][ T5790] Bluetooth: hci2: command tx timeout [ 74.262109][ T5794] Bluetooth: hci3: command tx timeout [ 74.306078][ T5873] FAT-fs (loop1): Directory bread(block 68) failed [ 74.315399][ T5873] FAT-fs (loop1): Directory bread(block 69) failed [ 74.322945][ T5873] FAT-fs (loop1): Directory bread(block 70) failed [ 74.378970][ T5873] FAT-fs (loop1): Directory bread(block 71) failed [ 74.407085][ T5873] FAT-fs (loop1): Directory bread(block 72) failed [ 74.435188][ T5873] FAT-fs (loop1): Directory bread(block 73) failed [ 74.585524][ T5887] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11'. [ 74.631103][ T5887] netlink: 'syz.0.11': attribute type 1 has an invalid length. [ 74.700809][ T5865] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 74.908897][ T5865] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 74.940549][ T5865] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 74.962892][ T5865] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 74.999346][ T5865] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 75.030150][ T5865] usb 3-1: config 1 has no interface number 0 [ 75.057940][ T5865] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 75.105244][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.186441][ T5865] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 75.309507][ T5902] loop3: detected capacity change from 0 to 4096 [ 75.354355][ T5902] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 75.377794][ T5865] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values [ 75.422391][ T5865] snd_usb_pod 3-1:1.1: invalid control EP [ 75.428214][ T5865] snd_usb_pod 3-1:1.1: cannot start listening: -22 [ 75.440148][ T5865] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 75.441261][ T5902] ntfs: (device loop3): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 75.460206][ T5865] snd_usb_pod: probe of 3-1:1.1 failed with error -22 [ 75.487778][ T5902] ntfs: (device loop3): read_ntfs_boot_sector(): Hot-fix: Recovery of primary boot sector failed: Read-only mount. [ 75.535231][ T5902] ntfs: (device loop3): read_ntfs_boot_sector(): Using backup boot sector. [ 75.581771][ T5902] ntfs: (device loop3): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 75.617960][ T5902] ntfs: (device loop3): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 75.677021][ T5865] usb 3-1: USB disconnect, device number 2 [ 75.683460][ T5902] ntfs: (device loop3): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 75.683519][ T5902] ntfs: (device loop3): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 75.683592][ T5902] ntfs: (device loop3): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 75.683637][ T5902] ntfs: (device loop3): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 75.753858][ T5902] ntfs: volume version 3.1. [ 75.806748][ T5893] loop0: detected capacity change from 0 to 32768 [ 75.887637][ T5893] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 76.145034][ T5893] XFS (loop0): Ending clean mount [ 76.160735][ T5794] Bluetooth: hci0: command tx timeout [ 76.204725][ T5893] XFS (loop0): Quotacheck needed: Please wait. [ 76.301748][ T5893] XFS (loop0): Quotacheck: Done. [ 76.320561][ T5794] Bluetooth: hci3: command tx timeout [ 76.320592][ T5793] Bluetooth: hci1: command tx timeout [ 76.326029][ T5794] Bluetooth: hci2: command tx timeout [ 76.424109][ T5932] block device autoloading is deprecated and will be removed. [ 76.597728][ T5782] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 77.280515][ T5950] netlink: 80 bytes leftover after parsing attributes in process `syz.2.36'. [ 77.320388][ T5950] netlink: 80 bytes leftover after parsing attributes in process `syz.2.36'. [ 77.631294][ T5961] netlink: 5 bytes leftover after parsing attributes in process `syz.3.41'. [ 77.664849][ T5961] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 77.781889][ T5964] netlink: 12 bytes leftover after parsing attributes in process `syz.2.42'. [ 78.491178][ T5990] Cannot find set identified by id 0 to match [ 78.940501][ T6006] netlink: 132 bytes leftover after parsing attributes in process `syz.3.63'. [ 79.001560][ T6008] netlink: 'syz.1.64': attribute type 1 has an invalid length. [ 79.009427][ T6008] netlink: 'syz.1.64': attribute type 1 has an invalid length. [ 79.324870][ T6020] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 79.366005][ T6020] overlayfs: missing 'lowerdir' [ 79.543957][ T6028] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 79.613320][ T6028] x_tables: unsorted entry at hook 1 [ 79.720956][ T6030] netlink: 92 bytes leftover after parsing attributes in process `syz.1.75'. [ 80.014962][ T6017] loop0: detected capacity change from 0 to 32768 [ 80.058613][ T6017] ======================================================= [ 80.058613][ T6017] WARNING: The mand mount option has been deprecated and [ 80.058613][ T6017] and is ignored by this kernel. Remove the mand [ 80.058613][ T6017] option from the mount to silence this warning. [ 80.058613][ T6017] ======================================================= [ 80.167575][ T6017] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 80.224552][ T6017] (syz.0.69,6017,0):ocfs2_remount:630 ERROR: Cannot change data mode on remount [ 80.346328][ T5782] ocfs2: Unmounting device (7,0) on (node local) [ 80.862511][ T6063] loop2: detected capacity change from 0 to 4096 [ 80.947915][ T6063] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.284038][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.528550][ T1187] cfg80211: failed to load regulatory.db [ 81.624739][ T5794] Bluetooth: hci0: Malformed HCI Event [ 82.153677][ T6104] loop1: detected capacity change from 0 to 4096 [ 82.246514][ T6104] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.012437][ T6122] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 83.078694][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.083689][ T6086] syz.2.98 (6086): drop_caches: 2 [ 83.467643][ T6135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.123'. [ 83.743386][ T6144] loop3: detected capacity change from 0 to 2048 [ 83.772682][ T6144] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 83.815227][ T6144] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 84.691320][ T6169] geneve2: entered promiscuous mode [ 84.816715][ T6171] loop2: detected capacity change from 0 to 256 [ 84.944821][ T6153] loop0: detected capacity change from 0 to 32768 [ 84.995055][ T6171] FAT-fs (loop2): Directory bread(block 64) failed [ 85.028236][ T6153] (syz.0.132,6153,0):ocfs2_journal_addressable:1993 ERROR: The journal cannot address the entire volume. Enable the 'block64' journal option with tunefs.ocfs2 [ 85.028277][ T6153] (syz.0.132,6153,0):ocfs2_check_volume:2490 ERROR: status = -27 [ 85.059343][ T6171] FAT-fs (loop2): Directory bread(block 65) failed [ 85.101259][ T6158] loop3: detected capacity change from 0 to 32768 [ 85.106688][ T6171] FAT-fs (loop2): Directory bread(block 66) failed [ 85.137202][ T6158] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 85.145353][ T6171] FAT-fs (loop2): Directory bread(block 67) failed [ 85.149261][ T6158] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 85.162521][ T6153] (syz.0.132,6153,1):ocfs2_mount_volume:1822 ERROR: status = -27 [ 85.177825][ T6153] (syz.0.132,6153,1):ocfs2_fill_super:1178 ERROR: status = -27 [ 85.186885][ T6171] FAT-fs (loop2): Directory bread(block 68) failed [ 85.193553][ T6171] FAT-fs (loop2): Directory bread(block 69) failed [ 85.200662][ T6171] FAT-fs (loop2): Directory bread(block 70) failed [ 85.207329][ T6171] FAT-fs (loop2): Directory bread(block 71) failed [ 85.214222][ T6171] FAT-fs (loop2): Directory bread(block 72) failed [ 85.221032][ T6171] FAT-fs (loop2): Directory bread(block 73) failed [ 85.243901][ T6158] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 85.384563][ T6153] Mount JFS Failure: -22 [ 85.405801][ T6153] jfs_mount failed w/return code = -22 [ 85.440892][ T6158] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 85.662311][ T6179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.144'. [ 87.064515][ T6215] netlink: 32 bytes leftover after parsing attributes in process `syz.3.158'. [ 87.177806][ T6194] loop2: detected capacity change from 0 to 32768 [ 87.233303][ T6194] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.152 (6194) [ 87.387828][ T6194] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 87.417870][ T6194] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 87.457329][ T6194] BTRFS info (device loop2): force clearing of disk cache [ 87.480420][ T6194] BTRFS info (device loop2): enabling auto defrag [ 87.518958][ T6194] BTRFS info (device loop2): max_inline at 0 [ 87.546719][ T6194] BTRFS info (device loop2): enabling disk space caching [ 87.562068][ T6194] BTRFS info (device loop2): disk space caching is enabled [ 87.827270][ T6194] BTRFS info (device loop2): enabling ssd optimizations [ 87.828552][ T6251] netlink: 48 bytes leftover after parsing attributes in process `syz.0.165'. [ 87.867191][ T6194] BTRFS info (device loop2): rebuilding free space tree [ 88.055005][ T6194] BTRFS info (device loop2): disabling free space tree [ 88.092659][ T6194] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 88.136539][ T6194] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.501473][ T5781] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 88.844211][ T6249] loop1: detected capacity change from 0 to 32768 [ 88.877682][ T6227] loop3: detected capacity change from 0 to 32768 [ 88.941220][ T6227] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.162 (6227) [ 88.991723][ T6249] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 89.020427][ T6227] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 89.030800][ T6227] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.040079][ T6227] BTRFS info (device loop3): force zlib compression, level 3 [ 89.048095][ T6227] BTRFS info (device loop3): force clearing of disk cache [ 89.056454][ T6227] BTRFS info (device loop3): setting nodatasum [ 89.062855][ T6227] BTRFS info (device loop3): disabling tree log [ 89.069177][ T6227] BTRFS info (device loop3): enabling disk space caching [ 89.076427][ T6227] BTRFS info (device loop3): disk space caching is enabled [ 89.210790][ T6282] netlink: 'syz.2.172': attribute type 21 has an invalid length. [ 89.218707][ T6282] netlink: 152 bytes leftover after parsing attributes in process `syz.2.172'. [ 89.403363][ T5780] ocfs2: Unmounting device (7,1) on (node local) [ 89.412446][ T6227] BTRFS info (device loop3): auto enabling async discard [ 89.721317][ T6302] xt_TCPMSS: Only works on TCP SYN packets [ 90.045649][ T5783] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 90.480054][ T5796] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 10 /dev/loop3 scanned by udevd (5796) [ 90.996522][ T6347] netlink: 20 bytes leftover after parsing attributes in process `syz.3.192'. [ 91.880754][ T6381] netlink: 164 bytes leftover after parsing attributes in process `syz.0.204'. [ 92.027775][ T6388] netlink: set zone limit has 4 unknown bytes [ 92.809782][ T6420] xt_hashlimit: max too large, truncated to 1048576 [ 93.223485][ T6434] ax25_connect(): syz.2.225 uses autobind, please contact jreuter@yaina.de [ 93.322001][ T6441] loop0: detected capacity change from 0 to 512 [ 93.430236][ T6441] __quota_error: 11 callbacks suppressed [ 93.437928][ T6441] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 93.459878][ T6441] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 93.512480][ T6441] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.228: Failed to acquire dquot type 1 [ 93.537759][ T6441] EXT4-fs (loop0): 1 truncate cleaned up [ 93.559951][ T6441] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.600679][ T6441] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.737753][ T6441] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 93.745723][ T6458] netlink: 12 bytes leftover after parsing attributes in process `syz.3.233'. [ 93.776353][ T6441] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 93.782904][ T6458] tc_dump_action: action bad kind [ 93.807271][ T6441] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.228: Failed to acquire dquot type 1 [ 94.053655][ T5782] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.132087][ T6470] loop1: detected capacity change from 0 to 2048 [ 94.152593][ T6472] netlink: 4 bytes leftover after parsing attributes in process `syz.2.239'. [ 94.269916][ T6477] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.709702][ T6477] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 94.749911][ T6477] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 94.774125][ T6477] Remounting filesystem read-only [ 94.784972][ T6491] netlink: 20 bytes leftover after parsing attributes in process `syz.0.245'. [ 94.794206][ T42] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 94.794303][ T42] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 94.794322][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794339][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794355][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794399][ T42] NILFS (loop1): discard dirty page: offset=0, ino=2 [ 94.794415][ T42] NILFS (loop1): discard dirty block: blocknr=18, size=1024 [ 94.794432][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794449][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794464][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794516][ T42] NILFS (loop1): discard dirty page: offset=0, ino=5 [ 94.794533][ T42] NILFS (loop1): discard dirty block: blocknr=41, size=1024 [ 94.794550][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794567][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794584][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794627][ T42] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 94.794644][ T42] NILFS (loop1): discard dirty block: blocknr=42, size=1024 [ 94.794660][ T42] NILFS (loop1): discard dirty block: blocknr=43, size=1024 [ 94.794676][ T42] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 94.794692][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794715][ T42] NILFS (loop1): discard dirty page: offset=196608, ino=3 [ 94.794732][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794749][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794767][ T42] NILFS (loop1): discard dirty block: blocknr=49, size=1024 [ 94.794784][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794821][ T42] NILFS (loop1): discard dirty page: offset=0, ino=4 [ 94.794837][ T42] NILFS (loop1): discard dirty block: blocknr=40, size=1024 [ 94.794854][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794871][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.794888][ T42] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 94.810341][ T5780] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 94.811476][ T5780] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 94.811498][ T5780] NILFS (loop1): discard dirty block: blocknr=35, size=1024 [ 94.811514][ T5780] NILFS (loop1): discard dirty block: blocknr=36, size=1024 [ 94.816432][ T5780] NILFS (loop1): discard dirty block: blocknr=37, size=1024 [ 94.816453][ T5780] NILFS (loop1): discard dirty block: blocknr=38, size=1024 [ 94.851419][ T6491] netlink: 152 bytes leftover after parsing attributes in process `syz.0.245'. [ 95.343192][ T6511] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 95.510220][ T6511] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 95.519617][ T6511] overlayfs: missing 'lowerdir' [ 95.660579][ T6518] netlink: 8 bytes leftover after parsing attributes in process `syz.2.254'. [ 96.150919][ T6533] netlink: 28 bytes leftover after parsing attributes in process `syz.2.259'. [ 96.336515][ T6506] loop1: detected capacity change from 0 to 32768 [ 96.395799][ T6506] XFS (loop1): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 96.493615][ T6506] XFS (loop1): ro->rw transition prohibited on norecovery mount [ 96.628465][ T5780] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 96.716240][ T6550] comedi comedi0: Minor 3 could not be opened [ 96.910335][ T28] audit: type=1326 audit(1756509775.419:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e55f8ebe9 code=0x7ffc0000 [ 96.968446][ T6554] loop3: detected capacity change from 0 to 2048 [ 97.001916][ T28] audit: type=1326 audit(1756509775.419:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e55f8ebe9 code=0x7ffc0000 [ 97.062315][ T28] audit: type=1326 audit(1756509775.429:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0e55f8ebe9 code=0x7ffc0000 [ 97.107767][ T6554] Alternate GPT is invalid, using primary GPT. [ 97.139799][ T28] audit: type=1326 audit(1756509775.429:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0e55f8ec23 code=0x7ffc0000 [ 97.143611][ T6554] loop3: p2 p3 p7 [ 97.210441][ T28] audit: type=1326 audit(1756509775.429:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0e55f8d69f code=0x7ffc0000 [ 97.284802][ T28] audit: type=1326 audit(1756509775.479:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f0e55f8ec77 code=0x7ffc0000 [ 98.486821][ T6601] capability: warning: `syz.1.287' uses deprecated v2 capabilities in a way that may be insecure [ 98.790099][ T6608] netlink: 24 bytes leftover after parsing attributes in process `syz.3.292'. [ 99.736289][ T6642] netlink: 8 bytes leftover after parsing attributes in process `syz.2.308'. [ 100.774912][ T6674] loop3: detected capacity change from 0 to 2048 [ 100.819184][ T6674] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 100.853046][ T6676] loop1: detected capacity change from 0 to 4096 [ 100.858866][ T6674] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 100.883442][ T6674] UDF-fs: Scanning with blocksize 512 failed [ 100.891277][ T6676] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 100.903860][ T6674] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 101.090927][ T6681] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.880966][ T6701] syz.3.338 (6701) used greatest stack depth: 20968 bytes left [ 102.748954][ T6697] loop2: detected capacity change from 0 to 32768 [ 102.822120][ T6697] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 102.860740][ T6697] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 102.904949][ T6732] loop3: detected capacity change from 0 to 1024 [ 102.935335][ T6697] XFS (loop2): Ending clean mount [ 103.022112][ T6697] XFS (loop2): Quotacheck needed: Please wait. [ 103.174737][ T6697] XFS (loop2): Quotacheck: Done. [ 103.446132][ T6744] netlink: 20 bytes leftover after parsing attributes in process `syz.0.353'. [ 103.484423][ T5781] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 104.450608][ T6768] netlink: 8 bytes leftover after parsing attributes in process `syz.1.365'. [ 104.519026][ T6747] loop3: detected capacity change from 0 to 32768 [ 104.730939][ T6775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.369'. [ 104.776778][ T6775] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 105.440429][ T6791] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 105.648725][ T6797] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 106.205944][ T6817] netlink: 'syz.3.390': attribute type 21 has an invalid length. [ 106.241032][ T6817] netlink: 132 bytes leftover after parsing attributes in process `syz.3.390'. [ 106.727836][ T6833] xt_CT: You must specify a L4 protocol and not use inversions on it [ 106.961769][ T6843] xt_CT: You must specify a L4 protocol and not use inversions on it [ 107.012468][ T6847] netlink: 14 bytes leftover after parsing attributes in process `syz.0.404'. [ 107.538221][ T6867] Illegal XDP return value 4294967274 on prog (id 16) dev N/A, expect packet loss! [ 108.067247][ T6889] loop2: detected capacity change from 0 to 2048 [ 108.146279][ T6889] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.176931][ T6889] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 108.200033][ T6899] loop0: detected capacity change from 0 to 64 [ 108.338571][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.111831][ T6931] loop2: detected capacity change from 0 to 512 [ 109.602908][ T6938] mmap: syz.0.441 (6938) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 109.811760][ T6924] loop1: detected capacity change from 0 to 32768 [ 109.880865][ T6924] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 110.007295][ T6924] (syz.1.439,6924,0):ocfs2_mknod:502 ERROR: status = -2 [ 110.040932][ T6924] (syz.1.439,6924,1):ocfs2_create:676 ERROR: status = -2 [ 110.225025][ T5780] (syz-executor,5780,0):ocfs2_inode_is_valid_to_delete:852 ERROR: Skipping delete of root inode. [ 110.273426][ T5780] ocfs2: Unmounting device (7,1) on (node local) [ 110.303547][ T6935] loop3: detected capacity change from 0 to 32768 [ 110.360126][ T6935] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 110.404706][ T6935] (syz.3.444,6935,0):ocfs2_find_entry:1086 ERROR: status = -117 [ 110.416055][ T6935] (syz.3.444,6935,0):ocfs2_find_entry:1086 ERROR: status = -117 [ 110.423949][ T6935] (syz.3.444,6935,0):ocfs2_symlink:2068 ERROR: status = -117 [ 110.481319][ T6952] loop0: detected capacity change from 0 to 4096 [ 110.498235][ T6952] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 110.512939][ T5783] (syz-executor,5783,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 110.530333][ T5783] ocfs2: Unmounting device (7,3) on (node local) [ 110.596742][ T6952] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 110.704135][ T6960] tmpfs: Bad value for 'mpol' [ 111.277405][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 111.277422][ T28] audit: type=1326 audit(1756509789.789:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 111.371131][ T28] audit: type=1326 audit(1756509789.789:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 111.422068][ T28] audit: type=1326 audit(1756509789.819:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 111.510348][ T28] audit: type=1326 audit(1756509789.819:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 111.560401][ T28] audit: type=1326 audit(1756509789.819:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 111.602894][ T6950] loop2: detected capacity change from 0 to 32768 [ 111.681197][ T6950] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 111.768772][ T6950] XFS (loop2): Ending clean mount [ 111.853468][ T6950] XFS (loop2): Quotacheck needed: Please wait. [ 111.956959][ T6950] XFS (loop2): Quotacheck: Done. [ 112.101875][ T6999] loop0: detected capacity change from 0 to 164 [ 112.151317][ T7001] netlink: 'syz.1.471': attribute type 1 has an invalid length. [ 112.170540][ T6999] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 112.172437][ T7001] netlink: 224 bytes leftover after parsing attributes in process `syz.1.471'. [ 112.199468][ T5781] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 112.222988][ T6999] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 112.263307][ T6999] Symlink component flag not implemented [ 112.269104][ T6999] Symlink component flag not implemented [ 112.310728][ T6999] Symlink component flag not implemented (7) [ 112.316785][ T6999] Symlink component flag not implemented (116) [ 112.571412][ T7009] comedi comedi0: ni_at_a2150: I/O port conflict (0x3,28) [ 112.792089][ T7016] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.479'. [ 112.801521][ T7017] netlink: 164 bytes leftover after parsing attributes in process `syz.3.477'. [ 112.994065][ T7023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.481'. [ 113.096652][ T7027] warning: `syz.2.483' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 113.350835][ T7037] xt_connbytes: Forcing CT accounting to be enabled [ 113.394441][ T7040] netlink: 56 bytes leftover after parsing attributes in process `syz.3.490'. [ 113.423139][ T7040] netlink: 12 bytes leftover after parsing attributes in process `syz.3.490'. [ 113.450552][ T7040] netlink: 31 bytes leftover after parsing attributes in process `syz.3.490'. [ 113.469948][ T7040] netlink: 'syz.3.490': attribute type 2 has an invalid length. [ 113.485632][ T7040] netlink: 31 bytes leftover after parsing attributes in process `syz.3.490'. [ 113.734925][ T7052] netlink: 48 bytes leftover after parsing attributes in process `syz.3.495'. [ 113.997883][ T7063] netlink: 12 bytes leftover after parsing attributes in process `syz.0.500'. [ 114.438755][ T7075] loop2: detected capacity change from 0 to 4096 [ 114.476559][ T7075] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 114.639292][ T7075] ntfs: volume version 3.1. [ 115.298224][ T7106] netlink: 'syz.2.519': attribute type 2 has an invalid length. [ 117.827401][ T7180] loop2: detected capacity change from 0 to 2048 [ 117.959912][ T7162] syz.3.546 (7162): drop_caches: 2 [ 118.022734][ T7180] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 118.040412][ T7180] UDF-fs: Scanning with blocksize 512 failed [ 118.095635][ T7180] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 118.185637][ T7172] loop1: detected capacity change from 0 to 32768 [ 118.257721][ T7172] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 118.448565][ T7172] XFS (loop1): Ending clean mount [ 118.482015][ T7172] XFS (loop1): Quotacheck needed: Please wait. [ 118.568552][ T7172] XFS (loop1): Quotacheck: Done. [ 118.753860][ T5780] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 119.912786][ T7230] netdevsim netdevsim2: Direct firmware load for .. failed with error -2 [ 119.948494][ T7230] netdevsim netdevsim2: Falling back to sysfs fallback for: .. [ 120.012783][ T7232] __nla_validate_parse: 2 callbacks suppressed [ 120.012799][ T7232] netlink: 1 bytes leftover after parsing attributes in process `syz.3.575'. [ 122.421848][ T1187] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 122.660392][ T1187] usb 4-1: Using ep0 maxpacket: 16 [ 122.696950][ T1187] usb 4-1: config index 0 descriptor too short (expected 1828, got 36) [ 122.710294][ T1187] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 122.730387][ T1187] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 122.744810][ T1187] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 122.775289][ T1187] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 122.800823][ T1187] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 122.833829][ T1187] usb 4-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=1a.1e [ 122.857194][ T1187] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.887478][ T1187] usb 4-1: Product: syz [ 122.895411][ T1187] usb 4-1: Manufacturer: syz [ 122.900164][ T1187] usb 4-1: SerialNumber: syz [ 122.931601][ T1187] usb 4-1: config 0 descriptor?? [ 122.968505][ T1187] keyspan 4-1:0.0: Keyspan 2 port adapter converter detected [ 122.980565][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 87 [ 122.999003][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 7 [ 123.023757][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81 [ 123.060433][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1 [ 123.070475][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2 [ 123.078215][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 85 [ 123.120646][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 5 [ 123.150057][ T1187] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 123.211360][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83 [ 123.219194][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 4 [ 123.278707][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 86 [ 123.308542][ T1187] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 6 [ 123.344356][ T1187] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 123.373621][ T7308] loop1: detected capacity change from 0 to 32768 [ 123.401845][ T1187] usb 4-1: USB disconnect, device number 2 [ 123.454158][ T1187] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 123.468587][ T7308] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 123.471022][ T1187] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 123.487918][ T1187] keyspan 4-1:0.0: device disconnected [ 123.856932][ T5780] ocfs2: Unmounting device (7,1) on (node local) [ 124.850573][ T7359] netlink: 8 bytes leftover after parsing attributes in process `syz.2.637'. [ 124.880951][ T7359] netlink: 540 bytes leftover after parsing attributes in process `syz.2.637'. [ 124.889972][ T7359] netlink: 32 bytes leftover after parsing attributes in process `syz.2.637'. [ 125.883645][ T7396] loop1: detected capacity change from 0 to 64 [ 126.443290][ T7417] loop0: detected capacity change from 0 to 8 [ 126.616965][ T7417] SQUASHFS error: Failed to read block 0x2d7: -5 [ 126.637488][ T7417] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 126.660873][ T7423] misc userio: The device must be registered before sending interrupts [ 126.684575][ T7417] SQUASHFS error: Failed to read block 0x8f: -5 [ 126.734830][ T28] audit: type=1800 audit(1756509805.249:31): pid=7417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.665" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 127.294931][ T7447] misc userio: The device must be registered before sending interrupts [ 127.440106][ T7451] loop1: detected capacity change from 0 to 1024 [ 127.471251][ T7454] xt_bpf: check failed: parse error [ 127.512636][ T7451] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 127.540763][ T7451] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 127.585021][ T7451] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 127.607811][ T7451] EXT4-fs (loop1): orphan cleanup on readonly fs [ 127.641800][ T7451] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.682: Inode bitmap for bg 0 marked uninitialized [ 127.673271][ T7451] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 127.687463][ T7462] loop3: detected capacity change from 0 to 8 [ 127.711988][ T7462] SQUASHFS error: Failed to read block 0x2d7: -5 [ 127.712041][ T7462] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 127.713948][ T7462] SQUASHFS error: Failed to read block 0x8f: -5 [ 127.728907][ T28] audit: type=1800 audit(1756509806.229:32): pid=7462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.685" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 127.735791][ T7451] EXT4-fs (loop1): ext4_remount: Checksum for group 0 failed (32298!=35945) [ 127.792009][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.062016][ T7471] netlink: 2 bytes leftover after parsing attributes in process `syz.2.692'. [ 128.127901][ T7475] misc userio: The device must be registered before sending interrupts [ 128.204988][ T7477] tmpfs: Group quota block hardlimit too large. [ 128.248725][ T7479] loop2: detected capacity change from 0 to 1024 [ 128.380416][ T5865] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 128.435316][ T11] hfsplus: b-tree write err: -5, ino 4 [ 128.585646][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 128.610402][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 128.631614][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 128.668675][ T5865] usb 4-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4 [ 128.714401][ T5865] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.747179][ T5865] usb 4-1: Product: syz [ 128.751771][ T5865] usb 4-1: Manufacturer: syz [ 128.756406][ T5865] usb 4-1: SerialNumber: syz [ 128.783530][ T5865] usb 4-1: config 0 descriptor?? [ 128.903272][ T7501] loop2: detected capacity change from 0 to 256 [ 129.029097][ T7501] FAT-fs (loop2): Directory bread(block 64) failed [ 129.060438][ T7501] FAT-fs (loop2): Directory bread(block 65) failed [ 129.080653][ T7501] FAT-fs (loop2): Directory bread(block 66) failed [ 129.087254][ T7501] FAT-fs (loop2): Directory bread(block 67) failed [ 129.118764][ T5865] usb 4-1: USB disconnect, device number 3 [ 129.128814][ T7501] FAT-fs (loop2): Directory bread(block 68) failed [ 129.154396][ T7501] FAT-fs (loop2): Directory bread(block 69) failed [ 129.164328][ T7501] FAT-fs (loop2): Directory bread(block 70) failed [ 129.173386][ T7505] netlink: 20 bytes leftover after parsing attributes in process `syz.1.709'. [ 129.182501][ T7501] FAT-fs (loop2): Directory bread(block 71) failed [ 129.189161][ T7501] FAT-fs (loop2): Directory bread(block 72) failed [ 129.196124][ T7505] netlink: 36 bytes leftover after parsing attributes in process `syz.1.709'. [ 129.205744][ T7501] FAT-fs (loop2): Directory bread(block 73) failed [ 130.397875][ T7528] loop3: detected capacity change from 0 to 4096 [ 130.430554][ T7528] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 130.517821][ T7528] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 130.546335][ T7503] loop0: detected capacity change from 0 to 65536 [ 130.625176][ T7503] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 130.814323][ T7503] XFS (loop0): Ending clean mount [ 131.153800][ T5782] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 131.549978][ T7561] loop3: detected capacity change from 0 to 1024 [ 131.557384][ T7559] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 131.600549][ T7561] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 131.620528][ T7561] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 131.645253][ T7561] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 131.681877][ T7561] EXT4-fs (loop3): orphan cleanup on readonly fs [ 131.717741][ T7561] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.732: Inode bitmap for bg 0 marked uninitialized [ 131.798057][ T7561] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 131.829620][ T7569] trusted_key: encrypted_key: master key parameter 'trusted:' is invalid [ 131.995215][ T7561] EXT4-fs (loop3): ext4_remount: Checksum for group 0 failed (32298!=35945) [ 132.040453][ T7574] netlink: 72 bytes leftover after parsing attributes in process `syz.1.737'. [ 132.073037][ T7574] netlink: 72 bytes leftover after parsing attributes in process `syz.1.737'. [ 132.087235][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.662992][ T7593] netlink: 'syz.0.748': attribute type 1 has an invalid length. [ 132.703715][ T7593] netlink: 224 bytes leftover after parsing attributes in process `syz.0.748'. [ 132.724718][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.733494][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.863835][ T7600] netlink: 72 bytes leftover after parsing attributes in process `syz.2.750'. [ 132.890500][ T7600] netlink: 72 bytes leftover after parsing attributes in process `syz.2.750'. [ 133.125268][ T7584] loop1: detected capacity change from 0 to 32768 [ 133.190516][ T7584] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 133.356738][ T7584] XFS (loop1): Ending clean mount [ 133.443670][ T7584] XFS (loop1): Quotacheck needed: Please wait. [ 133.569165][ T7584] XFS (loop1): Quotacheck: Done. [ 133.802380][ T7635] kernel read not supported for file /!selinuxwk1m9ɞ*T#jYmVvm(p-QZ#{ (pid: 7635 comm: syz.0.763) [ 133.859518][ T5780] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 134.608520][ T7662] kernel read not supported for file /!selinuxwk1m9ɞ*T#jYmVvm(p-QZ#{ (pid: 7662 comm: syz.3.777) [ 135.448240][ T28] audit: type=1326 audit(1756509813.959:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 135.470616][ C0] vkms_vblank_simulate: vblank timer overrun [ 135.518664][ T28] audit: type=1326 audit(1756509813.959:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 135.592512][ T28] audit: type=1326 audit(1756509813.989:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 135.648746][ T7660] loop0: detected capacity change from 0 to 32768 [ 135.658695][ T28] audit: type=1326 audit(1756509813.989:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 135.710978][ T28] audit: type=1326 audit(1756509813.989:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc4bb8ebe9 code=0x7ffc0000 [ 135.737777][ T7660] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 135.789265][ T7660] XFS (loop0): Ending clean mount [ 135.827346][ T7660] XFS (loop0): Quotacheck needed: Please wait. [ 135.912770][ T7660] XFS (loop0): Quotacheck: Done. [ 136.119519][ T5782] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 136.328175][ T7685] loop2: detected capacity change from 0 to 32768 [ 136.328846][ T7711] netlink: 'syz.3.798': attribute type 3 has an invalid length. [ 136.394840][ T7711] netlink: 'syz.3.798': attribute type 3 has an invalid length. [ 136.411706][ T7713] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 136.413800][ T7685] read_mapping_page failed! [ 136.431759][ T7713] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 136.433930][ T7685] ERROR: (device loop2): txCommit: [ 136.433930][ T7685] [ 136.440133][ T7713] overlayfs: missing 'lowerdir' [ 136.460475][ T7711] netlink: 'syz.3.798': attribute type 3 has an invalid length. [ 136.468256][ T7711] netlink: 'syz.3.798': attribute type 3 has an invalid length. [ 136.490605][ T7711] netlink: 'syz.3.798': attribute type 3 has an invalid length. [ 136.508630][ T7711] netlink: 'syz.3.798': attribute type 3 has an invalid length. [ 136.528909][ T7711] netlink: 'syz.3.798': attribute type 3 has an invalid length. [ 136.549212][ T7711] netlink: 'syz.3.798': attribute type 3 has an invalid length. [ 136.559364][ T7711] netlink: 'syz.3.798': attribute type 3 has an invalid length. [ 136.654098][ T58] read_mapping_page failed! [ 136.658993][ T58] ERROR: (device loop2): txCommit: [ 136.658993][ T58] [ 136.689408][ T58] jfs_write_inode: jfs_commit_inode failed! [ 136.843094][ T28] audit: type=1326 audit(1756509815.349:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7718 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94f58ebe9 code=0x7ffc0000 [ 136.920426][ T28] audit: type=1326 audit(1756509815.349:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7718 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94f58ebe9 code=0x7ffc0000 [ 136.991389][ T28] audit: type=1326 audit(1756509815.369:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7718 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7fa94f58ebe9 code=0x7ffc0000 [ 137.087718][ T28] audit: type=1326 audit(1756509815.369:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7718 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94f58ebe9 code=0x7ffc0000 [ 137.167512][ T28] audit: type=1326 audit(1756509815.369:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7718 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94f58ebe9 code=0x7ffc0000 [ 137.211293][ T7731] nfs: Deprecated parameter 'nointr' [ 137.940686][ T7759] netlink: 372 bytes leftover after parsing attributes in process `syz.0.821'. [ 138.317029][ T7773] validate_nla: 45 callbacks suppressed [ 138.317047][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.331773][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.339577][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.370860][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.378639][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.403895][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.428853][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.488955][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.497728][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.505908][ T7773] netlink: 'syz.2.827': attribute type 3 has an invalid length. [ 138.550694][ T7778] xt_CT: You must specify a L4 protocol and not use inversions on it [ 139.006772][ T7792] nfs: Deprecated parameter 'nointr' [ 139.710510][ T7814] netlink: 16 bytes leftover after parsing attributes in process `syz.0.847'. [ 140.201931][ T7832] netlink: 372 bytes leftover after parsing attributes in process `syz.1.856'. [ 140.220420][ T7832] ================================================================== [ 140.228627][ T7832] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x598/0x11f0 [ 140.236364][ T7832] Read of size 4 at addr ffff88802d3a44a0 by task syz.1.856/7832 [ 140.244085][ T7832] [ 140.246416][ T7832] CPU: 1 PID: 7832 Comm: syz.1.856 Not tainted syzkaller #0 [ 140.253703][ T7832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 140.263759][ T7832] Call Trace: [ 140.267040][ T7832] [ 140.269971][ T7832] dump_stack_lvl+0x16c/0x230 [ 140.274661][ T7832] ? __lock_acquire+0x7c80/0x7c80 [ 140.279696][ T7832] ? show_regs_print_info+0x20/0x20 [ 140.284947][ T7832] ? load_image+0x3b0/0x3b0 [ 140.289455][ T7832] ? __virt_addr_valid+0x469/0x540 [ 140.294572][ T7832] print_report+0xac/0x220 [ 140.298993][ T7832] ? xfrm_alloc_spi+0x598/0x11f0 [ 140.304041][ T7832] kasan_report+0x117/0x150 [ 140.308597][ T7832] ? xfrm_alloc_spi+0x598/0x11f0 [ 140.313556][ T7832] xfrm_alloc_spi+0x598/0x11f0 [ 140.318340][ T7832] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 140.323290][ T7832] ? verify_spi_info+0x120/0x120 [ 140.328235][ T7832] ? xfrm_find_acq+0x79/0x90 [ 140.332852][ T7832] xfrm_alloc_userspi+0x5d1/0xa90 [ 140.337886][ T7832] ? end_current_label_crit_section+0x170/0x170 [ 140.344137][ T7832] ? apparmor_capable+0x137/0x1a0 [ 140.349161][ T7832] ? xfrm_dump_policy_done+0x90/0x90 [ 140.354535][ T7832] ? __nla_parse+0x40/0x50 [ 140.358960][ T7832] xfrm_user_rcv_msg+0x596/0x870 [ 140.363911][ T7832] ? lockdep_hardirqs_on+0x98/0x150 [ 140.369208][ T7832] ? xfrm_netlink_rcv+0x90/0x90 [ 140.374071][ T7832] ? __local_bh_enable_ip+0x12e/0x1c0 [ 140.379484][ T7832] ? __dev_queue_xmit+0x245/0x35a0 [ 140.384603][ T7832] ? __mutex_trylock_common+0x153/0x250 [ 140.390172][ T7832] netlink_rcv_skb+0x216/0x480 [ 140.394949][ T7832] ? xfrm_netlink_rcv+0x90/0x90 [ 140.399896][ T7832] ? netlink_ack+0x1110/0x1110 [ 140.404665][ T7832] ? netlink_deliver_tap+0x2e/0x1b0 [ 140.409869][ T7832] ? __lock_acquire+0x7c80/0x7c80 [ 140.414899][ T7832] xfrm_netlink_rcv+0x79/0x90 [ 140.419585][ T7832] netlink_unicast+0x751/0x8d0 [ 140.424358][ T7832] netlink_sendmsg+0x8c1/0xbe0 [ 140.429137][ T7832] ? netlink_getsockopt+0x580/0x580 [ 140.434348][ T7832] ? aa_sock_msg_perm+0x94/0x150 [ 140.439293][ T7832] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 140.444590][ T7832] ? security_socket_sendmsg+0x80/0xa0 [ 140.450082][ T7832] ? netlink_getsockopt+0x580/0x580 [ 140.455291][ T7832] ____sys_sendmsg+0x5bf/0x950 [ 140.460172][ T7832] ? __asan_memset+0x22/0x40 [ 140.464791][ T7832] ? __sys_sendmsg_sock+0x30/0x30 [ 140.469825][ T7832] ? __import_iovec+0x5f2/0x860 [ 140.474697][ T7832] ? import_iovec+0x73/0xa0 [ 140.479331][ T7832] ___sys_sendmsg+0x220/0x290 [ 140.484082][ T7832] ? __sys_sendmsg+0x270/0x270 [ 140.488878][ T7832] __se_sys_sendmsg+0x1a5/0x270 [ 140.493741][ T7832] ? __x64_sys_sendmsg+0x80/0x80 [ 140.498691][ T7832] ? lockdep_hardirqs_on+0x98/0x150 [ 140.503901][ T7832] do_syscall_64+0x55/0xb0 [ 140.508320][ T7832] ? clear_bhb_loop+0x40/0x90 [ 140.513010][ T7832] ? clear_bhb_loop+0x40/0x90 [ 140.517687][ T7832] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 140.523588][ T7832] RIP: 0033:0x7efc4bb8ebe9 [ 140.528091][ T7832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.547968][ T7832] RSP: 002b:00007efc4cabf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.556396][ T7832] RAX: ffffffffffffffda RBX: 00007efc4bdc5fa0 RCX: 00007efc4bb8ebe9 [ 140.564542][ T7832] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003 [ 140.572513][ T7832] RBP: 00007efc4bc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 140.580508][ T7832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 140.588488][ T7832] R13: 00007efc4bdc6038 R14: 00007efc4bdc5fa0 R15: 00007ffe752da468 [ 140.596481][ T7832] [ 140.599499][ T7832] [ 140.601819][ T7832] Allocated by task 6561: [ 140.606137][ T7832] kasan_set_track+0x4e/0x70 [ 140.610728][ T7832] __kasan_slab_alloc+0x6c/0x80 [ 140.615575][ T7832] slab_post_alloc_hook+0x6e/0x4d0 [ 140.620693][ T7832] kmem_cache_alloc+0x11e/0x2e0 [ 140.625554][ T7832] xfrm_state_alloc+0x22/0x2a0 [ 140.630329][ T7832] __find_acq_core+0x7d8/0x19d0 [ 140.635190][ T7832] xfrm_find_acq+0x6a/0x90 [ 140.639607][ T7832] xfrm_alloc_userspi+0x57a/0xa90 [ 140.644630][ T7832] xfrm_user_rcv_msg+0x596/0x870 [ 140.649561][ T7832] netlink_rcv_skb+0x216/0x480 [ 140.654331][ T7832] xfrm_netlink_rcv+0x79/0x90 [ 140.659016][ T7832] netlink_unicast+0x751/0x8d0 [ 140.663782][ T7832] netlink_sendmsg+0x8c1/0xbe0 [ 140.668543][ T7832] ____sys_sendmsg+0x5bf/0x950 [ 140.673401][ T7832] ___sys_sendmsg+0x220/0x290 [ 140.678082][ T7832] __se_sys_sendmsg+0x1a5/0x270 [ 140.682968][ T7832] do_syscall_64+0x55/0xb0 [ 140.687484][ T7832] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 140.693405][ T7832] [ 140.695731][ T7832] The buggy address belongs to the object at ffff88802d3a4400 [ 140.695731][ T7832] which belongs to the cache xfrm_state of size 848 [ 140.709706][ T7832] The buggy address is located 160 bytes inside of [ 140.709706][ T7832] freed 848-byte region [ffff88802d3a4400, ffff88802d3a4750) [ 140.723507][ T7832] [ 140.725832][ T7832] The buggy address belongs to the physical page: [ 140.732239][ T7832] page:ffffea0000b4e900 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802d3a4400 pfn:0x2d3a4 [ 140.743690][ T7832] head:ffffea0000b4e900 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 140.752802][ T7832] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 140.760798][ T7832] page_type: 0xffffffff() [ 140.765135][ T7832] raw: 00fff00000000840 ffff888141a44c80 dead000000000122 0000000000000000 [ 140.773890][ T7832] raw: ffff88802d3a4400 000000008010000e 00000001ffffffff 0000000000000000 [ 140.782580][ T7832] page dumped because: kasan: bad access detected [ 140.788993][ T7832] page_owner tracks the page as allocated [ 140.794791][ T7832] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5904, tgid 5903 (syz.1.17), ts 75305626306, free_ts 75293144812 [ 140.815113][ T7832] post_alloc_hook+0x1cd/0x210 [ 140.819889][ T7832] get_page_from_freelist+0x195c/0x19f0 [ 140.825465][ T7832] __alloc_pages+0x1e3/0x460 [ 140.830058][ T7832] alloc_slab_page+0x5d/0x170 [ 140.834741][ T7832] new_slab+0x87/0x2e0 [ 140.838906][ T7832] ___slab_alloc+0xc6d/0x12f0 [ 140.843589][ T7832] kmem_cache_alloc+0x1b7/0x2e0 [ 140.848447][ T7832] xfrm_state_alloc+0x22/0x2a0 [ 140.853305][ T7832] xfrm_add_sa+0xfe5/0x30a0 [ 140.857805][ T7832] xfrm_user_rcv_msg+0x596/0x870 [ 140.862746][ T7832] netlink_rcv_skb+0x216/0x480 [ 140.867518][ T7832] xfrm_netlink_rcv+0x79/0x90 [ 140.872203][ T7832] netlink_unicast+0x751/0x8d0 [ 140.876969][ T7832] netlink_sendmsg+0x8c1/0xbe0 [ 140.881739][ T7832] ____sys_sendmsg+0x5bf/0x950 [ 140.886511][ T7832] ___sys_sendmsg+0x220/0x290 [ 140.891199][ T7832] page last free stack trace: [ 140.895870][ T7832] free_unref_page_prepare+0x7ce/0x8e0 [ 140.901334][ T7832] free_unref_page+0x32/0x2e0 [ 140.906019][ T7832] __slab_free+0x35e/0x410 [ 140.910441][ T7832] qlist_free_all+0x75/0xe0 [ 140.914947][ T7832] kasan_quarantine_reduce+0x143/0x160 [ 140.920412][ T7832] __kasan_slab_alloc+0x22/0x80 [ 140.925260][ T7832] slab_post_alloc_hook+0x6e/0x4d0 [ 140.930376][ T7832] kmem_cache_alloc+0x11e/0x2e0 [ 140.935236][ T7832] __pmd_alloc+0x116/0x880 [ 140.939657][ T7832] handle_mm_fault+0xb3d/0x4920 [ 140.944513][ T7832] do_user_addr_fault+0xad0/0x12e0 [ 140.949623][ T7832] exc_page_fault+0x67/0x110 [ 140.954221][ T7832] asm_exc_page_fault+0x26/0x30 [ 140.959166][ T7832] [ 140.961501][ T7832] Memory state around the buggy address: [ 140.967135][ T7832] ffff88802d3a4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 140.975202][ T7832] ffff88802d3a4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 140.983439][ T7832] >ffff88802d3a4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 140.991511][ T7832] ^ [ 140.996614][ T7832] ffff88802d3a4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 141.004671][ T7832] ffff88802d3a4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 141.012745][ T7832] ================================================================== [ 141.020984][ T7832] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 141.028219][ T7832] CPU: 1 PID: 7832 Comm: syz.1.856 Not tainted syzkaller #0 [ 141.035527][ T7832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 141.045601][ T7832] Call Trace: [ 141.048884][ T7832] [ 141.051906][ T7832] dump_stack_lvl+0x16c/0x230 [ 141.056592][ T7832] ? show_regs_print_info+0x20/0x20 [ 141.061794][ T7832] ? load_image+0x3b0/0x3b0 [ 141.066298][ T7832] panic+0x2c0/0x710 [ 141.070225][ T7832] ? bpf_jit_dump+0xd0/0xd0 [ 141.074758][ T7832] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 141.080685][ T7832] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 141.086611][ T7832] ? _raw_spin_unlock+0x40/0x40 [ 141.091553][ T7832] ? print_memory_metadata+0x314/0x400 [ 141.097020][ T7832] ? xfrm_alloc_spi+0x598/0x11f0 [ 141.101984][ T7832] check_panic_on_warn+0x84/0xa0 [ 141.107014][ T7832] ? xfrm_alloc_spi+0x598/0x11f0 [ 141.111954][ T7832] end_report+0x6f/0x140 [ 141.116198][ T7832] kasan_report+0x128/0x150 [ 141.120706][ T7832] ? xfrm_alloc_spi+0x598/0x11f0 [ 141.125650][ T7832] xfrm_alloc_spi+0x598/0x11f0 [ 141.130431][ T7832] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 141.135410][ T7832] ? verify_spi_info+0x120/0x120 [ 141.140360][ T7832] ? xfrm_find_acq+0x79/0x90 [ 141.144965][ T7832] xfrm_alloc_userspi+0x5d1/0xa90 [ 141.150023][ T7832] ? end_current_label_crit_section+0x170/0x170 [ 141.156362][ T7832] ? apparmor_capable+0x137/0x1a0 [ 141.161389][ T7832] ? xfrm_dump_policy_done+0x90/0x90 [ 141.166672][ T7832] ? __nla_parse+0x40/0x50 [ 141.171103][ T7832] xfrm_user_rcv_msg+0x596/0x870 [ 141.176042][ T7832] ? lockdep_hardirqs_on+0x98/0x150 [ 141.181251][ T7832] ? xfrm_netlink_rcv+0x90/0x90 [ 141.186117][ T7832] ? __local_bh_enable_ip+0x12e/0x1c0 [ 141.191499][ T7832] ? __dev_queue_xmit+0x245/0x35a0 [ 141.196616][ T7832] ? __mutex_trylock_common+0x153/0x250 [ 141.202186][ T7832] netlink_rcv_skb+0x216/0x480 [ 141.206956][ T7832] ? xfrm_netlink_rcv+0x90/0x90 [ 141.211815][ T7832] ? netlink_ack+0x1110/0x1110 [ 141.216587][ T7832] ? netlink_deliver_tap+0x2e/0x1b0 [ 141.221881][ T7832] ? __lock_acquire+0x7c80/0x7c80 [ 141.226910][ T7832] xfrm_netlink_rcv+0x79/0x90 [ 141.231770][ T7832] netlink_unicast+0x751/0x8d0 [ 141.236540][ T7832] netlink_sendmsg+0x8c1/0xbe0 [ 141.241312][ T7832] ? netlink_getsockopt+0x580/0x580 [ 141.246514][ T7832] ? aa_sock_msg_perm+0x94/0x150 [ 141.251453][ T7832] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 141.256827][ T7832] ? security_socket_sendmsg+0x80/0xa0 [ 141.262354][ T7832] ? netlink_getsockopt+0x580/0x580 [ 141.267572][ T7832] ____sys_sendmsg+0x5bf/0x950 [ 141.272371][ T7832] ? __asan_memset+0x22/0x40 [ 141.276978][ T7832] ? __sys_sendmsg_sock+0x30/0x30 [ 141.282014][ T7832] ? __import_iovec+0x5f2/0x860 [ 141.286952][ T7832] ? import_iovec+0x73/0xa0 [ 141.291461][ T7832] ___sys_sendmsg+0x220/0x290 [ 141.296151][ T7832] ? __sys_sendmsg+0x270/0x270 [ 141.300938][ T7832] __se_sys_sendmsg+0x1a5/0x270 [ 141.305792][ T7832] ? __x64_sys_sendmsg+0x80/0x80 [ 141.310737][ T7832] ? lockdep_hardirqs_on+0x98/0x150 [ 141.315943][ T7832] do_syscall_64+0x55/0xb0 [ 141.320361][ T7832] ? clear_bhb_loop+0x40/0x90 [ 141.325076][ T7832] ? clear_bhb_loop+0x40/0x90 [ 141.329755][ T7832] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 141.335745][ T7832] RIP: 0033:0x7efc4bb8ebe9 [ 141.340176][ T7832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.359788][ T7832] RSP: 002b:00007efc4cabf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.368209][ T7832] RAX: ffffffffffffffda RBX: 00007efc4bdc5fa0 RCX: 00007efc4bb8ebe9 [ 141.376179][ T7832] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003 [ 141.384155][ T7832] RBP: 00007efc4bc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 141.392126][ T7832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.400097][ T7832] R13: 00007efc4bdc6038 R14: 00007efc4bdc5fa0 R15: 00007ffe752da468 [ 141.408074][ T7832] [ 141.411346][ T7832] Kernel Offset: disabled [ 141.415663][ T7832] Rebooting in 86400 seconds..