last executing test programs: 4m26.673924638s ago: executing program 0 (id=297): mmap$IORING_OFF_CQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x7cc74eb8cea4227f, 0x4c032, 0xffffffffffffffff, 0x8000000) mremap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil) r0 = userfaultfd(0x80001) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000080)={0x4, {{0x2, 0x4e20, @multicast2=0xe000006a}}, {{0x2, 0x4e24, @multicast1}}}, 0x108) r2 = open(&(0x7f0000000000)='./file0\x00', 0x4142, 0xa) lseek(r2, 0x1, 0x4) ioctl$IOC_PR_RESERVE(r2, 0x401070c9, &(0x7f0000000000)={0x4, 0x81}) close_range(r0, 0xffffffffffffffff, 0x0) 4m25.85439837s ago: executing program 0 (id=289): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x100, 0x6}, 0x4) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000407d1ef62c00000400000109022400010000000009040000010300020009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000000)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00!\a'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000001500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="200103"], 0x0}) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000002140)=ANY=[@ANYBLOB='@\r\r'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r1, 0x0, 0x0) 4m22.313672435s ago: executing program 0 (id=306): socket(0xa, 0x5, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x1, 0x7fc00100}]}) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000002c0)={0x0}) r2 = syz_io_uring_setup(0x8ad, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000001c0)={r1}) 4m20.124615598s ago: executing program 0 (id=315): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@block_validity}, {@errors_remount}, {@nombcache}]}, 0x1, 0x44f, &(0x7f0000000640)="$eJzs28tvG8UfAPDvrpP219cvoSqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSoUIbVwMlp7N7Ed23nUiaH+fKRtZ3bXnfl6drwzO90A+tZI9kcSsTcifo2IoVq28YSR2l+3lxam/lpamEqiUnnjj6R63q2lhani1OJze4rMQET6SRKHW5Q7d+XqhclyeeZynh+bv/ju2NyVq8+cvzh5bubczKWJ06dPnhh/7tTEs12JM4vr1qEPZo8cfOWt669Nnbn+9o9fJ0X8TXF0yUing49XKl0urrf21aWTgR5WhA0p1bppDFb7/1CUYqXxhuLlj3taOWBLVSqVyn3tDy9WgLtYEr2uAdAbxY0+m//mW3Hr34bRR+/dfKE2Acpiv51vtSMDkebnDDbNb7tpJCLOLP79RbbFRp9DpFtUKQDgrvZtNv55umH8l48/0qh/LvT/fA1lOCLuiYj9EXEqIg5ExL0R1XPvj4gHWhWStC+/eZFk9fgnvbHp4NYhG/89n69tNY7/lgdXw6U8t68a/2By9nx55nj+nRyLwZ1ZfrxDGd+99Mtn7Y7Vj/+yLSu/GAvm9bgxsLPxM9OT85N3EnO9mx9FHBpoFX+yvBKQNd/BiDi0yTLOP/nVkSJ9uNR4bO34O+jCOlPly4gnau2/GE3xF5LO65Nj/4vyzPGx4qpY7aefr73ervw7ir8Lsvbf3fL6X45/OKlfr53beBnXfvu07Zxms9f/juTNhn3vT87PXx6P2JG8Wqt0/f6JpvMmVs7P4j92tHX/3x8r38Th7PpPIx6MiIci4uG87o9ExKMRcbRD/D+8+Ng7HeP/s138Ozv8q92RxT/d0P7FD1+79l9J7IjmPa0TpQvff9NQ6HBT/Gu2/8lq6li+Zz2/f+up1+auZgAAAPjvySb7eyNJR5fTaTo6Wvs//Adid1qenZt/6uzse5ema+8IDMdgWjzpGqp7HjqeT+uL/ERT/kT+3Pjz0q5qfnRqtjzd6+Chz+1p0/8zv5d6XTtgy3lfC/qX/g99q/49AKDPuP9D/2rR/3f1oh7A9mt1//+wB/UAtl9T/7fsB33E/B/6l/4P/Uv/h740tyvWfkleQmJVItJ/RTUktijR618mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7vgnAAD//wW66qg=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 4m18.821701093s ago: executing program 0 (id=321): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d903"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000e"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 4m17.837868091s ago: executing program 0 (id=326): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x34, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) sendmmsg$sock(r4, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) 4m15.362816855s ago: executing program 32 (id=326): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x34, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) sendmmsg$sock(r4, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) 6.604559232s ago: executing program 3 (id=1344): r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = io_uring_setup(0x7d95, &(0x7f0000000940)={0x0, 0xdf07, 0x40, 0x1, 0x91}) close_range(r1, 0xffffffffffffffff, 0x0) bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r3 = accept4(r0, 0x0, 0x0, 0x0) sendto(r3, &(0x7f0000000000)='\x00', 0x1, 0x0, 0x0, 0x0) recvfrom(r2, &(0x7f00000001c0)=""/62, 0x3e, 0x10120, 0x0, 0x0) 5.997068898s ago: executing program 3 (id=1348): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f00000002c0)='\\ ', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) sendmmsg(0xffffffffffffffff, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000180)="4166deb08f5490e60cbd5dc80404c8a1d8b1dcefa938cbb0a2ca79523b6cc1574a6c7282edd54fa942633e7cf2fddaf1b19a9bd2aded624ffe3ed905bd5bc2ef28c3c689bdc609239748afb03e5201f0edcb4e0edfc9f07805d021a76bd013330c33937875ea24a4e7b7c9150afbfb67c43037a0f32d72c4b8b6a70cd359878738", 0x81}], 0x1}}], 0x1, 0x0) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000280)={0x0, 0x80003734, 0x100, 0xfffffffe, 0x280}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x4000000000000000, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, 0x94) 5.240012068s ago: executing program 4 (id=1352): r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) r3 = socket$kcm(0x29, 0x5, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a) sendfile(r3, r4, 0x0, 0xffffffff000) 4.970463963s ago: executing program 1 (id=1353): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2ff49051d920611, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x2e) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0}, 0x94) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0xe) 4.934746794s ago: executing program 5 (id=1354): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0xa95f, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c) listen(r0, 0x204) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a09000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1) 4.308765536s ago: executing program 5 (id=1355): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000c40)=ANY=[], 0x13) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], &(0x7f0000000180)=[0x2], 0x0, 0x1, 0x1}}, 0x40) mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.30860214s ago: executing program 2 (id=1356): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000010651fbe347b322b00000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x0) 3.563054647s ago: executing program 5 (id=1357): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) socket$alg(0x26, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6_udplite(0xa, 0x2, 0x88) r2 = dup(r0) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB='A']) 3.504361737s ago: executing program 2 (id=1358): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) 3.25162072s ago: executing program 4 (id=1359): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newqdisc={0x4c, 0x24, 0xe0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xfff3, 0xd064db0e491fa98f}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x842}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x3}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000021}, 0x4044080) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 3.20223517s ago: executing program 1 (id=1360): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='highspeed', 0x9) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) sendto$inet(r0, &(0x7f00000001c0)="6c68e5", 0x3, 0x24048015, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 3.023610433s ago: executing program 3 (id=1361): writev(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES64=r0], 0x118) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) r2 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@loopback, 0x0, 0x0, 0xffff, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x3}}, 0xe8) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) write(0xffffffffffffffff, 0x0, 0x0) 2.757594723s ago: executing program 2 (id=1362): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$unix(0x1, 0x1, 0x0) ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000004700)) syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0) 2.540402644s ago: executing program 1 (id=1363): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x2c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x2c}}, 0x0) 2.266530951s ago: executing program 3 (id=1364): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$kcm(0x2a, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x24f6, &(0x7f0000000b80)={0x0, 0xde5f, 0x10100, 0x2, 0x33a}, &(0x7f0000002bc0)=0x0, &(0x7f0000002900)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}, 0x1, 0x0, 0x0, 0x44054}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 2.225406081s ago: executing program 4 (id=1365): r0 = socket(0xa, 0x5, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x1000, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000480)=@gcm_128={{0x304}, "68c40110c3a2c2a1", "43ce39d444a021c82eca1cc4bc46c789", '/:)N', "5f7b960b7f9d5422"}, 0x28) sendto$inet6(r1, &(0x7f0000000140)="b9", 0x1, 0x8000, 0x0, 0x0) write$binfmt_aout(r1, 0x0, 0xfdef) sendto$inet6(r1, &(0x7f0000000280)='F', 0x1, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.190350027s ago: executing program 5 (id=1366): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f00000025c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1cs1F59\xcdR\xc1\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9b\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\xe7\xd6\xa3', 0x6) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r1, 0x0) socket$netlink(0x10, 0x3, 0x1) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) 1.93323345s ago: executing program 1 (id=1367): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000780)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000380)={@flat=@weak_handle={0x77682a85, 0x1000, 0x1}, @flat=@binder={0x73622a85, 0x100a, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x37}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 1.643244324s ago: executing program 4 (id=1368): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xffff}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0xb868}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x20040000) r4 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r4, &(0x7f0000004cc0)=[{{0x0, 0x0, 0x0}, 0xeca874b}], 0x1, 0x60012060, 0x0) sendmsg$netlink(r2, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000002840)=ANY=[@ANYBLOB="14010000270001007352c472000000000101008024d4e3455c7216da3484447f8a081f930884b55764ca84de3d0e7bc8d6f29cd84ba9408cf2351604f1724e10a8fcc3988de886d82375980e92a1ba2f8410b06773cbbf6293af17222761aa1289e6a8f1d888f4809cdccfe1c8695630dcb6bad9b53d1d97f2f820a715ce709fcaa40a70dc4c98ebbe761c0eec46d4f50508215e72fc781a471b788fbb7296ae39bb35439c66437fa3347adfaca46f74fbc95f1b070287096cc9bdc953ea637c118a68a8ddc03aa44e8aa8ca5dac063a052d0000008bb982eb4ec7e08b552a2807c00bbfbbb5369dd1e04690a1267e29e89d27673d"], 0x114}], 0x1, 0x0, 0x0, 0x8041}, 0x0) 1.573474708s ago: executing program 3 (id=1369): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$ITER_CREATE(0xb, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb96f37538e486dd637288a8"], 0xe) 1.374272152s ago: executing program 2 (id=1370): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10) sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000001400)={0x0, 0x0, 0x107a}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x7a}, 0x8) 1.307633176s ago: executing program 1 (id=1371): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f00000007c0)=0x40000401, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f00000007c0)=0x40000401, 0x4) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3c}}, 0x2}, 0x1c) 1.067007142s ago: executing program 5 (id=1372): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10) bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r1, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r2, &(0x7f0000002640)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10, 0x0}, 0x0) 798.925076ms ago: executing program 3 (id=1373): syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x2, 0x10, 0x4, 0x64, 0x2, 0x5, 0x4b, 0xa7, @loopback, @dev={0xac, 0x14, 0x14, 0x35}}}}}}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 792.61767ms ago: executing program 2 (id=1374): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x3}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket(0x10, 0x3, 0x0) listen(r0, 0x1ad72f7) accept4(r0, 0x0, 0x0, 0x80000) accept4$netrom(r0, 0x0, 0x0, 0x80000) connect$netrom(r2, 0x0, 0x0) 598.575953ms ago: executing program 1 (id=1375): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newqdisc={0x4c, 0x24, 0xe0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xfff3, 0xd064db0e491fa98f}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x842}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x3}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000021}, 0x4044080) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 596.1187ms ago: executing program 4 (id=1376): socket$kcm(0x10, 0xd, 0x0) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) socket$kcm(0xa, 0x2, 0x0) socket(0x2, 0x80805, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, 0x0, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x640100ff, 0x4e20, 0x3, 'lblc\x00', 0x20, 0xa7e, 0x400070}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x3, 'lblcr\x00', 0x1, 0x8000, 0x100077}, {@remote, 0x4e20, 0x3, 0x8, 0x200}}, 0x44) 422.876982ms ago: executing program 5 (id=1377): bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000000)={0x2, 0x0}, 0x8) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r0, 0x3}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0x1f400, 0x8, 0xc1}) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)={0x14, r3, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8844}, 0x0) 10.950833ms ago: executing program 4 (id=1378): prlimit64(0x0, 0xc, &(0x7f00000000c0)={0x4, 0x7cd}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4004045}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x1, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x4000, 0x10bc1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 2 (id=1379): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f00000004c0)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000800)={@flat=@weak_handle={0x77682a85, 0x110b, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, @fda={0x66646185, 0x9, 0x1, 0x1078}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): n_adv: batadv0: Interface activated: batadv_slave_0 [ 220.898744][ T5785] veth1_macvtap: entered promiscuous mode [ 220.945502][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.960230][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.083760][ T3469] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.100269][ T3469] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.111196][ T5780] veth1_vlan: entered promiscuous mode [ 221.140807][ T3469] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.157085][ T1041] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.181523][ T5792] veth0_vlan: entered promiscuous mode [ 221.229254][ T1041] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.247010][ T1041] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.281905][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.335270][ T1041] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.398665][ T5792] veth1_vlan: entered promiscuous mode [ 221.415009][ T1041] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.481956][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.618160][ T1041] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.659890][ T1041] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.716198][ T1041] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.761292][ T1041] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.798510][ T5780] veth0_macvtap: entered promiscuous mode [ 221.974923][ T5780] veth1_macvtap: entered promiscuous mode [ 222.127952][ T5792] veth0_macvtap: entered promiscuous mode [ 222.230467][ T5792] veth1_macvtap: entered promiscuous mode [ 222.297003][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.418022][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.535223][ T1041] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.591247][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.627232][ T1041] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.693173][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.717486][ T1041] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.770693][ T1041] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.815479][ T1041] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.870426][ T1041] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.907222][ T1041] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.968841][ T1041] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.896958][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.905256][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.051664][ T3469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.062571][ T3469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.320066][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.329932][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.412024][ T194] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.420239][ T194] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.773132][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.781233][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.974638][ T5791] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 229.062834][ T3469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.070923][ T3469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.597067][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.605624][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.010675][ T4811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.019026][ T4811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.253533][ T5971] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 230.297942][ T5973] futex_wake_op: syz.0.1 tries to shift op by 32; fix this program [ 230.306959][ T5971] block device autoloading is deprecated and will be removed. [ 230.336222][ T5970] warning: `syz.0.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 230.452661][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.460720][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.882039][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.894891][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.366023][ T5977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'. [ 232.057925][ T5979] process 'syz.2.6' launched './file0' with NULL argv: empty string added [ 232.247670][ T5986] 9pnet: p9_errstr2errno: server reported unknown error 0x000000 [ 234.911979][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 234.919173][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 234.998178][ T30] audit: type=1326 audit(1770442575.978:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.020506][ T30] audit: type=1326 audit(1770442575.978:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.075251][ T6021] batman_adv: batadv0: Adding interface: dummy0 [ 235.087493][ T6021] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 235.144106][ T6021] batman_adv: batadv0: Interface activated: dummy0 [ 235.222910][ T30] audit: type=1326 audit(1770442576.028:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.245678][ T30] audit: type=1326 audit(1770442576.048:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.267825][ T30] audit: type=1326 audit(1770442576.048:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.294396][ T30] audit: type=1326 audit(1770442576.048:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.317888][ T30] audit: type=1326 audit(1770442576.058:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.340126][ T30] audit: type=1326 audit(1770442576.058:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.363033][ T30] audit: type=1326 audit(1770442576.058:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.385412][ T30] audit: type=1326 audit(1770442576.078:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd539 code=0x7ffc0000 [ 235.444201][ T6025] batadv0: mtu less than device minimum [ 235.452725][ T6025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.466011][ T6025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.479436][ T6025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.492770][ T6025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.505983][ T6025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.519210][ T6025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.532514][ T6025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.545738][ T6025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.559001][ T6025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 236.733111][ T5951] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 236.923063][ T5951] usb 1-1: Using ep0 maxpacket: 8 [ 237.022447][ T5951] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 237.035999][ T5951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.046257][ T5951] usb 1-1: Product: syz [ 237.050633][ T5951] usb 1-1: Manufacturer: syz [ 237.055542][ T5951] usb 1-1: SerialNumber: syz [ 237.134762][ T5951] usb 1-1: config 0 descriptor?? [ 237.523404][ T5951] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 238.322986][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 238.533572][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 238.569069][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.612774][ T24] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 238.623037][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.716147][ T24] usb 5-1: config 0 descriptor?? [ 238.851177][ T24] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 239.230171][ T5951] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 239.277032][ T5951] usb 1-1: USB disconnect, device number 2 [ 239.645191][ T6069] syz.3.37 uses obsolete (PF_INET,SOCK_PACKET) [ 240.497660][ T24] gspca_vc032x: reg_w err -71 [ 240.503076][ T24] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 240.620215][ T24] usb 5-1: USB disconnect, device number 2 [ 240.853099][ T5835] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 241.043482][ T5835] usb 1-1: Using ep0 maxpacket: 8 [ 241.116960][ T5835] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 241.132660][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.140921][ T5835] usb 1-1: Product: syz [ 241.147286][ T5835] usb 1-1: Manufacturer: syz [ 241.152092][ T5835] usb 1-1: SerialNumber: syz [ 241.221744][ T5835] usb 1-1: config 0 descriptor?? [ 241.310432][ T5835] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 241.402576][ T5951] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 241.609769][ T5951] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 241.621349][ T5951] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 241.682106][ T5951] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 241.693860][ T5951] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 241.859355][ T5951] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 241.869178][ T5951] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.877656][ T5951] usb 3-1: Product: syz [ 241.882031][ T5951] usb 3-1: Manufacturer: syz [ 241.886991][ T5951] usb 3-1: SerialNumber: syz [ 241.990309][ T6082] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 242.289931][ T6089] netlink: 56 bytes leftover after parsing attributes in process `syz.1.45'. [ 242.316858][ T6082] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 242.344607][ T6082] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 242.530751][ T6089] vlan2: entered promiscuous mode [ 242.536550][ T6089] bond0: entered promiscuous mode [ 242.542146][ T6089] bond_slave_0: entered promiscuous mode [ 242.550380][ T6089] bond_slave_1: entered promiscuous mode [ 243.023318][ T5835] gspca_sonixj: i2c_w8 err -71 [ 243.083851][ T5835] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 243.105586][ T6082] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 243.140373][ T5835] usb 1-1: USB disconnect, device number 3 [ 243.150917][ T6082] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 243.207880][ T6093] netlink: 4 bytes leftover after parsing attributes in process `syz.4.46'. [ 243.397295][ T5951] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 243.404347][ T5951] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 243.412077][ T5951] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 243.666553][ T5951] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 243.860933][ T5835] usb 3-1: USB disconnect, device number 2 [ 243.930288][ T5835] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 245.041613][ T6110] netlink: 'syz.0.53': attribute type 10 has an invalid length. [ 245.187454][ T6110] bond0: (slave netdevsim3): Enslaving as an active interface with an up link [ 246.646563][ T6126] netlink: 4 bytes leftover after parsing attributes in process `syz.1.60'. [ 247.839830][ T6138] netlink: 'syz.0.65': attribute type 2 has an invalid length. [ 247.928551][ T6138] loop0: detected capacity change from 0 to 256 [ 248.260995][ T6138] FAT-fs (loop0): Directory bread(block 64) failed [ 248.288573][ T6138] FAT-fs (loop0): Directory bread(block 65) failed [ 248.316516][ T6138] FAT-fs (loop0): Directory bread(block 66) failed [ 248.375554][ T6138] FAT-fs (loop0): Directory bread(block 67) failed [ 248.423918][ T6138] FAT-fs (loop0): Directory bread(block 68) failed [ 248.430815][ T6138] FAT-fs (loop0): Directory bread(block 69) failed [ 248.457025][ T6138] FAT-fs (loop0): Directory bread(block 70) failed [ 248.474796][ T6138] FAT-fs (loop0): Directory bread(block 71) failed [ 248.481736][ T6138] FAT-fs (loop0): Directory bread(block 72) failed [ 248.563226][ T6138] FAT-fs (loop0): Directory bread(block 73) failed [ 248.889065][ T6149] FAT-fs (loop0): Filesystem has been set read-only [ 248.918365][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 248.918444][ T30] audit: type=1800 audit(1770442589.898:59): pid=6149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.65" name="cpu.stat" dev="loop0" ino=1048606 res=0 errno=0 [ 249.527192][ T6154] loop1: detected capacity change from 0 to 512 [ 249.610160][ T6154] EXT4-fs (loop1): Test dummy encryption mode enabled [ 249.617504][ T6154] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 249.635312][ T6154] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 249.770796][ T6154] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.70: bad orphan inode 131083 [ 249.857233][ T6154] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 250.613979][ T6154] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))" [ 250.940639][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.663768][ T6174] loop2: detected capacity change from 0 to 1024 [ 251.729941][ T6174] ======================================================= [ 251.729941][ T6174] WARNING: The mand mount option has been deprecated and [ 251.729941][ T6174] and is ignored by this kernel. Remove the mand [ 251.729941][ T6174] option from the mount to silence this warning. [ 251.729941][ T6174] ======================================================= [ 251.897805][ T6174] EXT4-fs: Ignoring removed orlov option [ 251.963361][ T6174] EXT4-fs: Ignoring removed bh option [ 252.112088][ T6174] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.355302][ T6182] netlink: 24 bytes leftover after parsing attributes in process `syz.0.80'. [ 252.397997][ T6182] netlink: 4 bytes leftover after parsing attributes in process `syz.0.80'. [ 252.651528][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.354924][ T6190] netlink: 'syz.2.83': attribute type 4 has an invalid length. [ 253.556503][ T6192] netlink: 'syz.2.83': attribute type 4 has an invalid length. [ 254.041999][ T6198] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 254.525782][ T5835] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 254.737367][ T5835] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 254.751621][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.790157][ T5835] usb 4-1: config 0 descriptor?? [ 255.181215][ T6208] netlink: 4 bytes leftover after parsing attributes in process `syz.1.90'. [ 255.510608][ T6212] netlink: 48 bytes leftover after parsing attributes in process `syz.0.91'. [ 255.630595][ T6212] netlink: 48 bytes leftover after parsing attributes in process `syz.0.91'. [ 255.919619][ T6218] netlink: 56 bytes leftover after parsing attributes in process `syz.4.93'. [ 256.160887][ T6218] vlan2: entered promiscuous mode [ 256.166480][ T6218] bond0: entered promiscuous mode [ 256.171946][ T6218] bond_slave_0: entered promiscuous mode [ 256.185481][ T6218] bond_slave_1: entered promiscuous mode [ 256.502870][ T6223] capability: warning: `syz.0.94' uses deprecated v2 capabilities in a way that may be insecure [ 256.517693][ T5835] usb 4-1: Cannot set autoneg [ 256.548129][ T5835] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 256.663513][ T5835] usb 4-1: USB disconnect, device number 2 [ 257.020049][ T6229] fuse: Bad value for 'fd' [ 258.200049][ T6243] netlink: 48 bytes leftover after parsing attributes in process `syz.1.104'. [ 258.343407][ T6243] netlink: 48 bytes leftover after parsing attributes in process `syz.1.104'. [ 259.939315][ T6262] loop1: detected capacity change from 0 to 128 [ 262.576782][ T6288] netlink: 28 bytes leftover after parsing attributes in process `syz.0.123'. [ 263.023060][ T6293] mmap: syz.3.124 (6293) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 263.268397][ T6292] loop1: detected capacity change from 0 to 4096 [ 263.348885][ T6292] EXT4-fs (loop1): Test dummy encryption mode enabled [ 263.605209][ T6292] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 265.320376][ T6310] netlink: 8 bytes leftover after parsing attributes in process `syz.4.130'. [ 265.329742][ T6310] netlink: 8 bytes leftover after parsing attributes in process `syz.4.130'. [ 265.359718][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.255618][ T6327] netlink: 16 bytes leftover after parsing attributes in process `syz.1.134'. [ 266.265171][ T6327] netlink: 12 bytes leftover after parsing attributes in process `syz.1.134'. [ 268.025637][ T6343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.140'. [ 268.600004][ T6355] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 269.164475][ T6360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.146'. [ 271.196872][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.4.155'. [ 272.978577][ T6409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.163'. [ 272.987842][ T6409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.163'. [ 274.197671][ T6425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.169'. [ 274.367787][ T6425] nbd: socks must be embedded in a SOCK_ITEM attr [ 274.401195][ T6067] block nbd64: NBD_DISCONNECT [ 274.454160][ T6430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.169'. [ 274.502859][ T6430] nbd: device at index 64 is going down [ 274.527285][ T6428] netlink: 156 bytes leftover after parsing attributes in process `syz.0.171'. [ 275.401140][ T30] audit: type=1804 audit(1770442616.378:60): pid=6446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.176" name="/newroot/32/file0" dev="tmpfs" ino=184 res=1 errno=0 [ 277.034456][ T6472] loop2: detected capacity change from 0 to 512 [ 277.188790][ T6472] capability: warning: `syz.2.186' uses 32-bit capabilities (legacy support in use) [ 278.994430][ T6496] netlink: 'syz.3.194': attribute type 4 has an invalid length. [ 279.211688][ T6499] tipc: Failed to obtain node identity [ 279.223099][ T6499] tipc: Enabling of bearer rejected, failed to enable media [ 279.246087][ T6500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.195'. [ 280.520666][ T6508] loop0: detected capacity change from 0 to 512 [ 280.649120][ T6508] EXT4-fs: Ignoring removed nobh option [ 280.913429][ T6508] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 280.925595][ T6508] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 280.936215][ T6508] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.199: Corrupt directory, running e2fsck is recommended [ 281.075838][ T6508] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 281.109101][ T6508] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.199: corrupted in-inode xattr: invalid ea_ino [ 281.187443][ T6508] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.199: couldn't read orphan inode 15 (err -117) [ 281.259906][ T6508] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 281.528150][ T6508] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 281.541356][ T6508] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 281.552160][ T6508] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.199: Corrupt directory, running e2fsck is recommended [ 281.658682][ T6523] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.711423][ T6526] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 281.723889][ T6526] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 281.734521][ T6526] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.199: Corrupt directory, running e2fsck is recommended [ 281.851259][ T6527] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 281.864280][ T6527] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 281.875026][ T6527] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.199: Corrupt directory, running e2fsck is recommended [ 281.961196][ T6523] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.595614][ T5835] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 282.824076][ T5835] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 282.834957][ T5835] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 282.870693][ T6523] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.942171][ T5835] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 282.954636][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 282.963577][ T5835] usb 3-1: SerialNumber: syz [ 283.035559][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 283.196246][ T6523] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.360361][ T5835] usb 3-1: 0:2 : does not exist [ 283.377714][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.600184][ T5835] usb 3-1: USB disconnect, device number 3 [ 283.878044][ T5891] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.919202][ T6538] netlink: 'syz.0.208': attribute type 1 has an invalid length. [ 284.068790][ T5891] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.094348][ T6067] udevd[6067]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 284.380681][ T6538] 8021q: adding VLAN 0 to HW filter on device bond1 [ 284.721261][ T6308] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.937727][ T6307] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.047720][ T6552] netlink: 4 bytes leftover after parsing attributes in process `syz.3.212'. [ 287.131372][ T6572] fuse: Bad value for 'fd' [ 287.214843][ T6574] netlink: 8 bytes leftover after parsing attributes in process `syz.3.220'. [ 287.274724][ T6574] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.283075][ T6574] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.744126][ T6578] netlink: 'syz.2.223': attribute type 4 has an invalid length. [ 288.257060][ T6584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.225'. [ 288.532053][ T6592] overlayfs: failed to clone lowerpath [ 289.088484][ T6599] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 289.096113][ T6599] IPv6: NLM_F_CREATE should be set when creating new route [ 289.141923][ T6603] lo: entered allmulticast mode [ 289.177154][ T6603] tunl0: entered allmulticast mode [ 289.204866][ T6599] Zero length message leads to an empty skb [ 289.316809][ T6603] gre0: entered allmulticast mode [ 289.447024][ T6603] gretap0: entered allmulticast mode [ 289.493321][ T6603] erspan0: entered allmulticast mode [ 289.533821][ T6603] ip_vti0: entered allmulticast mode [ 289.600538][ T6603] ip6_vti0: entered allmulticast mode [ 289.657385][ T6603] sit0: entered allmulticast mode [ 289.739861][ T6603] ip6tnl0: entered allmulticast mode [ 289.816464][ T6603] ip6gre0: entered allmulticast mode [ 289.886593][ T6603] syz_tun: entered allmulticast mode [ 289.946890][ T6603] ip6gretap0: entered allmulticast mode [ 290.008140][ T6603] bridge0: entered allmulticast mode [ 290.035980][ T6603] vcan0: entered allmulticast mode [ 290.064957][ T6603] bond0: entered allmulticast mode [ 290.076331][ T6603] bond_slave_0: entered allmulticast mode [ 290.085653][ T6603] bond_slave_1: entered allmulticast mode [ 290.120683][ T6603] team0: entered allmulticast mode [ 290.126727][ T6603] team_slave_0: entered allmulticast mode [ 290.133022][ T6603] team_slave_1: entered allmulticast mode [ 290.169989][ T6603] dummy0: entered allmulticast mode [ 290.242668][ T6603] nlmon0: entered allmulticast mode [ 290.256729][ T6603] caif0: entered allmulticast mode [ 290.304411][ T6603] batadv0: entered allmulticast mode [ 290.307592][ C0] hrtimer: interrupt took 619843 ns [ 290.342725][ T6603] vxcan0: entered allmulticast mode [ 290.365464][ T6603] vxcan1: entered allmulticast mode [ 290.386260][ T6603] veth0: entered allmulticast mode [ 290.416090][ T6603] veth1: entered allmulticast mode [ 290.435830][ T6603] veth0_to_bridge: entered allmulticast mode [ 290.467544][ T6603] veth1_to_bridge: entered allmulticast mode [ 290.507431][ T6603] veth0_to_bond: entered allmulticast mode [ 290.531315][ T6603] veth1_to_bond: entered allmulticast mode [ 290.589161][ T6603] veth0_to_team: entered allmulticast mode [ 290.627866][ T6603] veth1_to_team: entered allmulticast mode [ 290.674990][ T6603] veth0_to_batadv: entered allmulticast mode [ 290.754231][ T6603] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.761926][ T6603] batadv_slave_0: entered allmulticast mode [ 290.827069][ T6603] veth1_to_batadv: entered allmulticast mode [ 290.856134][ T6603] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.866380][ T6603] batadv_slave_1: entered allmulticast mode [ 290.904938][ T6603] xfrm0: entered allmulticast mode [ 290.926411][ T6603] veth0_to_hsr: entered allmulticast mode [ 290.947917][ T6603] hsr_slave_0: entered allmulticast mode [ 290.964637][ T6603] veth1_to_hsr: entered allmulticast mode [ 290.988153][ T6603] hsr_slave_1: entered allmulticast mode [ 291.016156][ T6603] hsr0: entered allmulticast mode [ 291.033942][ T6603] veth1_virt_wifi: entered allmulticast mode [ 291.052144][ T6603] veth0_virt_wifi: entered allmulticast mode [ 291.077483][ T6603] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 291.090068][ T6603] veth1_vlan: entered allmulticast mode [ 291.131007][ T6603] veth0_vlan: entered allmulticast mode [ 291.263384][ T6603] vlan0: entered allmulticast mode [ 291.269674][ T6603] vlan1: entered allmulticast mode [ 291.334020][ T6603] macvlan0: entered allmulticast mode [ 291.392489][ T6603] macvlan1: entered allmulticast mode [ 291.438701][ T6603] ipvlan0: entered allmulticast mode [ 291.445405][ T6603] ipvlan1: entered allmulticast mode [ 291.473323][ T6603] veth1_macvtap: entered allmulticast mode [ 291.518197][ T6603] veth0_macvtap: entered allmulticast mode [ 291.576982][ T6603] macvtap0: entered allmulticast mode [ 291.636630][ T6603] macsec0: entered allmulticast mode [ 291.690165][ T6603] geneve0: entered allmulticast mode [ 291.747376][ T6603] geneve1: entered allmulticast mode [ 291.794256][ T6603] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 291.830637][ T6603] netdevsim netdevsim3 netdevsim1: entered allmulticast mode [ 291.875743][ T6603] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 291.906278][ T6603] netdevsim netdevsim3 netdevsim3: entered allmulticast mode [ 291.958488][ T6603] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 291.992994][ T6603] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 292.058764][ T6603] gre1: entered allmulticast mode [ 292.155389][ T6307] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.171236][ T6307] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.224526][ T6308] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.250534][ T6308] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.516235][ T6640] netlink: 44 bytes leftover after parsing attributes in process `syz.4.248'. [ 293.797167][ T6649] netlink: 16 bytes leftover after parsing attributes in process `syz.3.251'. [ 293.806595][ T6649] netlink: 12 bytes leftover after parsing attributes in process `syz.3.251'. [ 295.142827][ T6660] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.254'. [ 295.152106][ T6660] netlink: 24 bytes leftover after parsing attributes in process `syz.0.254'. [ 296.374788][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 296.381549][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 297.565709][ T6701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.269'. [ 297.626013][ T6701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.269'. [ 297.691031][ T6705] netlink: 4 bytes leftover after parsing attributes in process `syz.4.269'. [ 297.717615][ T6701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.269'. [ 297.738376][ T6701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.269'. [ 298.304269][ T30] audit: type=1326 audit(1770442639.288:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 298.402665][ T30] audit: type=1326 audit(1770442639.288:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 298.425668][ T30] audit: type=1326 audit(1770442639.328:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 298.448297][ T30] audit: type=1326 audit(1770442639.338:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 298.473606][ T30] audit: type=1326 audit(1770442639.338:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 298.497041][ T30] audit: type=1326 audit(1770442639.338:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 298.519723][ T30] audit: type=1326 audit(1770442639.358:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 298.542069][ T30] audit: type=1326 audit(1770442639.358:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 298.564899][ T30] audit: type=1326 audit(1770442639.358:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 298.589677][ T30] audit: type=1326 audit(1770442639.358:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 299.924424][ T6733] net_ratelimit: 10 callbacks suppressed [ 299.924523][ T6733] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 299.989928][ T6734] loop3: detected capacity change from 0 to 512 [ 300.145309][ T6734] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 300.657964][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.102755][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 303.320324][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 303.331731][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 303.397082][ T10] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 303.409872][ T10] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 303.418598][ T10] usb 1-1: Manufacturer: syz [ 303.449561][ T10] usb 1-1: config 0 descriptor?? [ 303.511213][ T796] Process accounting resumed [ 303.847168][ T6770] netlink: 8 bytes leftover after parsing attributes in process `syz.2.292'. [ 303.890696][ T10] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 303.903423][ T10] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 303.910508][ T10] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 303.922452][ T10] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 303.929521][ T10] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 303.937181][ T10] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 303.944395][ T10] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 303.960446][ T6770] netlink: 8 bytes leftover after parsing attributes in process `syz.2.292'. [ 304.039336][ T10] pyra 0003:1E7D:2CF6.0001: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 304.064955][ T6770] netlink: 8 bytes leftover after parsing attributes in process `syz.2.292'. [ 304.135826][ T6770] netlink: 8 bytes leftover after parsing attributes in process `syz.2.292'. [ 304.376350][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.4.296'. [ 304.912938][ T10] pyra 0003:1E7D:2CF6.0001: couldn't init struct pyra_device [ 304.926290][ T10] pyra 0003:1E7D:2CF6.0001: couldn't install mouse [ 304.999939][ T10] pyra 0003:1E7D:2CF6.0001: probe with driver pyra failed with error -71 [ 305.100168][ T10] usb 1-1: USB disconnect, device number 4 [ 305.358571][ T6787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.303'. [ 305.796032][ T6793] netlink: 156 bytes leftover after parsing attributes in process `syz.2.304'. [ 305.864083][ T6793] netlink: 12 bytes leftover after parsing attributes in process `syz.2.304'. [ 306.305318][ T6794] fido_id[6794]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 308.336462][ T6827] netlink: 2028 bytes leftover after parsing attributes in process `syz.4.314'. [ 308.346106][ T6827] netlink: 24 bytes leftover after parsing attributes in process `syz.4.314'. [ 308.549325][ T6829] loop0: detected capacity change from 0 to 512 [ 308.590772][ T6829] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 308.690780][ T6829] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 308.861585][ T6829] EXT4-fs (loop0): 1 truncate cleaned up [ 308.925304][ T6829] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 309.460213][ T5783] EXT4-fs error (device loop0): mb_free_blocks:2037: group 0, inode 11: block 54:freeing already freed block (bit 53); block bitmap corrupt. [ 309.515444][ T5783] EXT4-fs (loop0): Remounting filesystem read-only [ 309.539033][ T6831] loop3: detected capacity change from 0 to 8192 [ 309.675442][ T6067] loop3: p1 < > p4 < > [ 309.783545][ T6831] loop3: p1 < > p4 < > [ 310.207319][ T6307] bond0: (slave netdevsim3): Releasing backup interface [ 310.223092][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.269266][ T6307] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.357981][ T6851] 9p: Bad value for 'wfdno' [ 310.406482][ T6851] tipc: Started in network mode [ 310.411969][ T6851] tipc: Node identity ac14140f, cluster identity 4711 [ 310.505952][ T6851] tipc: New replicast peer: 255.255.255.255 [ 310.516768][ T6851] tipc: Enabled bearer , priority 10 [ 310.605264][ T6307] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.759224][ T6307] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.838503][ T6856] lo: entered allmulticast mode [ 310.975977][ T6307] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.189721][ T6853] lo: left allmulticast mode [ 311.584728][ T6307] bridge_slave_1: left allmulticast mode [ 311.590660][ T6307] bridge_slave_1: left promiscuous mode [ 311.597838][ T6307] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.694260][ T6307] bridge_slave_0: left allmulticast mode [ 311.700176][ T6307] bridge_slave_0: left promiscuous mode [ 311.708676][ T6307] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.801792][ T6067] udevd[6067]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 311.825671][ T6030] udevd[6030]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 311.995792][ T6030] udevd[6030]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 312.013833][ T6067] udevd[6067]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 312.540422][ T6307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 312.559812][ T6307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 312.587478][ T6307] bond0 (unregistering): Released all slaves [ 312.610995][ T6307] bond1 (unregistering): Released all slaves [ 312.634544][ T24] tipc: Node number set to 2886997007 [ 313.335013][ T6307] hsr_slave_0: left promiscuous mode [ 313.383604][ T6307] hsr_slave_1: left promiscuous mode [ 313.414541][ T6307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 313.425090][ T6307] batadv0: mtu less than device minimum [ 313.434477][ T6307] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 313.447599][ T6307] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 313.460824][ T6307] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 313.474052][ T6307] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 313.487245][ T6307] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 313.500403][ T6307] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 313.513691][ T6307] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 313.526841][ T6307] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 313.541306][ T6307] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 313.583380][ T6307] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.826094][ T6307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 313.884873][ T6307] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 314.060949][ T6307] batman_adv: batadv0: Interface deactivated: dummy0 [ 314.068457][ T6307] batman_adv: batadv0: Removing interface: dummy0 [ 314.133497][ T6307] veth1_macvtap: left promiscuous mode [ 314.163384][ T6307] veth0_macvtap: left promiscuous mode [ 314.187432][ T6307] veth1_vlan: left promiscuous mode [ 314.209279][ T5782] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 314.223249][ T6307] veth0_vlan: left promiscuous mode [ 314.241622][ T5782] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 314.263420][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 314.264219][ T6879] loop1: detected capacity change from 0 to 1024 [ 314.305148][ T5782] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 314.347473][ T5782] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 316.115464][ T6307] team0 (unregistering): Port device team_slave_1 removed [ 316.221608][ T6307] team0 (unregistering): Port device team_slave_0 removed [ 316.422445][ T5077] Bluetooth: hci1: command tx timeout [ 317.617227][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 317.719751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 317.924434][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 318.483280][ T5077] Bluetooth: hci1: command tx timeout [ 319.056826][ T6925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.346'. [ 320.017221][ T6946] evm: overlay not supported [ 320.128357][ T6881] chnl_net:caif_netlink_parms(): no params data found [ 320.563000][ T5077] Bluetooth: hci1: command tx timeout [ 321.535531][ T6968] loop2: detected capacity change from 0 to 256 [ 321.645312][ T6968] exFAT-fs (loop2): failed to test first cluster bit of root dir(5) [ 321.767862][ T30] kauditd_printk_skb: 53 callbacks suppressed [ 321.767945][ T30] audit: type=1800 audit(1770442662.738:124): pid=6968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.355" name="file1" dev="loop2" ino=1048607 res=0 errno=0 [ 321.856354][ T797] Process accounting resumed [ 322.156768][ T6881] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.168742][ T6881] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.227541][ T6881] bridge_slave_0: entered allmulticast mode [ 322.287241][ T6881] bridge_slave_0: entered promiscuous mode [ 322.376027][ T6881] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.383758][ T6881] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.435353][ T6881] bridge_slave_1: entered allmulticast mode [ 322.461765][ T6881] bridge_slave_1: entered promiscuous mode [ 322.644467][ T5077] Bluetooth: hci1: command tx timeout [ 322.948641][ T6881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.039342][ T6881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.361979][ T6984] netlink: 8 bytes leftover after parsing attributes in process `syz.3.360'. [ 323.417405][ T6881] team0: Port device team_slave_0 added [ 323.567347][ T6881] team0: Port device team_slave_1 added [ 324.130130][ T6995] bond1: entered promiscuous mode [ 324.203660][ T6996] vcan1: entered promiscuous mode [ 324.208947][ T6996] vcan1: entered allmulticast mode [ 324.233350][ T6996] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 324.284301][ T6996] bond1: (slave vcan1): Error -95 calling set_mac_address [ 324.372475][ T6881] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.381955][ T6881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 324.408834][ T6881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.532879][ T6881] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.540051][ T6881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 324.567193][ T6881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.075791][ T6881] hsr_slave_0: entered promiscuous mode [ 325.106547][ T6881] hsr_slave_1: entered promiscuous mode [ 325.125775][ T6881] debugfs: 'hsr0' already exists in 'hsr' [ 325.131711][ T6881] Cannot create hsr debugfs directory [ 326.660642][ T6881] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 326.784717][ T6881] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 326.898717][ T6881] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 327.008056][ T6881] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 327.186102][ T7025] loop3: detected capacity change from 0 to 128 [ 327.254922][ T7025] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 327.294204][ T7030] netlink: 24 bytes leftover after parsing attributes in process `syz.2.374'. [ 327.537806][ T7038] netlink: 112 bytes leftover after parsing attributes in process `syz.1.373'. [ 327.675710][ T7039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.374'. [ 329.133823][ T7026] Bluetooth: hci2: command 0x0406 tx timeout [ 329.140104][ T7026] Bluetooth: hci4: command 0x0406 tx timeout [ 329.150896][ T5787] Bluetooth: hci0: command 0x0406 tx timeout [ 329.157741][ T7026] Bluetooth: hci3: command 0x0406 tx timeout [ 329.333589][ T6881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.572060][ T6881] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.654011][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.661702][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.792405][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.799985][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.451663][ T7061] netlink: 'syz.2.379': attribute type 1 has an invalid length. [ 330.683340][ T7061] 8021q: adding VLAN 0 to HW filter on device bond1 [ 332.822674][ T6881] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 333.143398][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 334.499138][ T7121] overlayfs: failed to clone upperpath [ 335.586744][ T6881] veth0_vlan: entered promiscuous mode [ 335.595941][ T7133] FAT-fs (loop3): unable to read boot sector [ 335.754008][ T6881] veth1_vlan: entered promiscuous mode [ 335.855493][ T5077] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 336.207117][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.3.400'. [ 336.207280][ T6881] veth0_macvtap: entered promiscuous mode [ 336.273744][ T7140] netlink: 12 bytes leftover after parsing attributes in process `syz.3.400'. [ 336.283747][ T7140] netlink: 12 bytes leftover after parsing attributes in process `syz.3.400'. [ 336.330089][ T6881] veth1_macvtap: entered promiscuous mode [ 336.629327][ T6881] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 336.801353][ T6881] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 337.013542][ T1041] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.066865][ T1041] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.178511][ T1041] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.249415][ T1041] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.745753][ T7168] netlink: 8 bytes leftover after parsing attributes in process `syz.4.407'. [ 339.133004][ T7173] netlink: 232 bytes leftover after parsing attributes in process `syz.1.408'. [ 339.142814][ T7173] netlink: 232 bytes leftover after parsing attributes in process `syz.1.408'. [ 339.164035][ T7175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.410'. [ 339.923415][ T5077] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 339.932092][ T5077] Bluetooth: hci0: Injecting HCI hardware error event [ 339.943536][ T50] Bluetooth: hci0: hardware error 0x00 [ 340.306831][ T7188] netlink: 4 bytes leftover after parsing attributes in process `syz.2.413'. [ 340.388284][ T7188] netlink: 12 bytes leftover after parsing attributes in process `syz.2.413'. [ 341.302885][ T7204] overlayfs: failed to clone upperpath [ 342.004460][ T50] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 343.125876][ T7228] netlink: 16 bytes leftover after parsing attributes in process `syz.2.425'. [ 343.308771][ T7230] loop3: detected capacity change from 0 to 8 [ 343.579493][ T5891] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.589834][ T5891] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.950227][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.958520][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.305867][ T7240] netlink: 'syz.4.429': attribute type 1 has an invalid length. [ 344.765450][ T7240] 8021q: adding VLAN 0 to HW filter on device bond1 [ 345.046323][ T7242] macvlan2: entered promiscuous mode [ 345.052070][ T7242] macvlan2: entered allmulticast mode [ 345.093426][ T7242] bond1: entered promiscuous mode [ 345.116258][ T7242] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 345.204798][ T7242] bond1: left promiscuous mode [ 345.841499][ T7259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.432'. [ 345.855367][ T7259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.432'. [ 346.023866][ T7263] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 347.139780][ T7280] netlink: 4 bytes leftover after parsing attributes in process `syz.1.439'. [ 347.293949][ T7280] netlink: 4 bytes leftover after parsing attributes in process `syz.1.439'. [ 347.468216][ T7284] netlink: 4 bytes leftover after parsing attributes in process `syz.1.439'. [ 347.605623][ T7280] netlink: 4 bytes leftover after parsing attributes in process `syz.1.439'. [ 349.415460][ T7311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.450'. [ 349.424918][ T7311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.450'. [ 351.854121][ T7341] ªªªªªª: renamed from vlan0 (while UP) [ 352.412897][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 352.590101][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 352.601643][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 352.611889][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 352.625618][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 352.635046][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.841170][ T10] usb 4-1: config 0 descriptor?? [ 353.351171][ T10] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd [ 353.580291][ T10] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 353.744131][ T10] usb 4-1: USB disconnect, device number 3 [ 353.918258][ T7364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.468'. [ 354.310401][ T7357] fido_id[7357]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 355.011015][ T7377] netlink: 16 bytes leftover after parsing attributes in process `syz.2.471'. [ 355.125457][ T7377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.471'. [ 355.134679][ T7377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.471'. [ 356.455297][ T7398] netlink: 1304 bytes leftover after parsing attributes in process `syz.5.477'. [ 357.813950][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 357.820609][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 359.524931][ T7441] netlink: 4 bytes leftover after parsing attributes in process `syz.4.492'. [ 359.589709][ T7441] netlink: 4 bytes leftover after parsing attributes in process `syz.4.492'. [ 360.638432][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 360.742767][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 361.287913][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 361.343307][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 362.731461][ T7486] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 362.857881][ T7485] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.134670][ T7510] netlink: 4 bytes leftover after parsing attributes in process `syz.2.511'. [ 364.979551][ T7525] netlink: 16 bytes leftover after parsing attributes in process `syz.4.516'. [ 365.029337][ T7525] netlink: 16 bytes leftover after parsing attributes in process `syz.4.516'. [ 366.251444][ T7539] loop3: detected capacity change from 0 to 512 [ 366.323030][ T7539] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 366.532699][ T7539] EXT4-fs (loop3): 1 truncate cleaned up [ 366.540770][ T7539] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 366.707888][ T30] audit: type=1800 audit(1770442707.688:125): pid=7539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.523" name="file1" dev="loop3" ino=19 res=0 errno=0 [ 367.218519][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 367.389685][ T7552] netlink: 4 bytes leftover after parsing attributes in process `syz.1.527'. [ 367.428589][ T7553] fuse: Bad value for 'fd' [ 367.536988][ T7552] netlink: 4 bytes leftover after parsing attributes in process `syz.1.527'. [ 368.520322][ T7560] 9pnet: p9_errstr2errno: server reported unknown error 000000000 [ 371.033538][ T7637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.533'. [ 372.049734][ T7656] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 372.731759][ T7651] loop5: detected capacity change from 0 to 8192 [ 373.858513][ T7677] netlink: 'syz.3.547': attribute type 4 has an invalid length. [ 373.935340][ T7677] netlink: 'syz.3.547': attribute type 4 has an invalid length. [ 375.583200][ T7699] netlink: 8 bytes leftover after parsing attributes in process `syz.2.554'. [ 375.592999][ T7699] netlink: 8 bytes leftover after parsing attributes in process `syz.2.554'. [ 376.253573][ T7709] netlink: 16 bytes leftover after parsing attributes in process `syz.2.559'. [ 376.344556][ T7709] netlink: 28 bytes leftover after parsing attributes in process `syz.2.559'. [ 376.636191][ T7715] netlink: 4 bytes leftover after parsing attributes in process `syz.3.561'. [ 377.392023][ T7725] loop5: detected capacity change from 0 to 512 [ 377.635099][ T7727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.566'. [ 377.644361][ T7727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.566'. [ 377.661591][ T7725] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 377.731955][ T7725] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 377.801319][ T7734] netlink: 4 bytes leftover after parsing attributes in process `syz.4.568'. [ 378.183720][ T7738] Bluetooth: hci5: Frame reassembly failed (-90) [ 378.357561][ T6881] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 379.437668][ T7755] netlink: 4 bytes leftover after parsing attributes in process `syz.5.574'. [ 380.166398][ T5077] Bluetooth: hci5: command 0x1003 tx timeout [ 380.173551][ T50] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 380.373606][ T7767] overlayfs: failed to clone upperpath [ 381.138858][ T30] audit: type=1326 audit(1770442722.118:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.2.585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 381.247845][ T30] audit: type=1326 audit(1770442722.148:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.2.585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=29 compat=1 ip=0xf7f33539 code=0x7ffc0000 [ 381.250408][ T7769] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 381.359271][ T7768] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 382.778462][ T7789] loop3: detected capacity change from 0 to 256 [ 382.901393][ T7789] vfat: Unknown parameter 'nnonumtail' [ 382.995345][ T7789] netlink: 25 bytes leftover after parsing attributes in process `syz.3.588'. [ 382.995461][ T7789] gretap0: entered promiscuous mode [ 383.010716][ T7789] gretap0: left allmulticast mode [ 383.171158][ T7799] netlink: 45349 bytes leftover after parsing attributes in process `syz.3.588'. [ 383.171606][ T7799] 0ªX¹¦Dö»: renamed from gretap0 [ 383.285822][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 383.447686][ T7799] 0ªX¹¦Dö»: left promiscuous mode [ 383.447796][ T7799] 0ªX¹¦Dö»: entered allmulticast mode [ 383.680847][ T7802] overlayfs: failed to clone upperpath [ 384.436684][ T7812] netlink: 28 bytes leftover after parsing attributes in process `syz.1.597'. [ 385.948773][ C0] net_ratelimit: 30 callbacks suppressed [ 385.948861][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 386.012544][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 386.029695][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 386.826889][ T7844] netlink: 107460 bytes leftover after parsing attributes in process `syz.3.611'. [ 387.165841][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 387.180404][ T7843] overlayfs: failed to get inode (-116) [ 387.228065][ T7843] overlayfs: failed to get inode (-116) [ 387.843439][ T10] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 387.853218][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.861543][ T10] usb 2-1: Product: syz [ 387.867917][ T10] usb 2-1: Manufacturer: syz [ 387.873539][ T10] usb 2-1: SerialNumber: syz [ 388.375325][ T50] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 388.385495][ T50] CPU: 1 UID: 0 PID: 50 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(voluntary) [ 388.385650][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 388.385790][ T50] Workqueue: hci3 hci_rx_work [ 388.385957][ T50] Call Trace: [ 388.386017][ T50] [ 388.386071][ T50] __dump_stack+0x26/0x30 [ 388.386252][ T50] dump_stack_lvl+0x14c/0x1c0 [ 388.386484][ T50] dump_stack+0x1e/0x25 [ 388.386648][ T50] sysfs_create_dir_ns+0x46c/0x540 [ 388.386840][ T50] kobject_add_internal+0x1084/0x19b0 [ 388.387033][ T50] kobject_add+0x2c1/0x410 [ 388.387275][ T50] ? kmsan_get_metadata+0xf1/0x160 [ 388.387497][ T50] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 388.387729][ T50] device_add+0xa70/0x1c00 [ 388.387935][ T50] hci_conn_add_sysfs+0x159/0x2e0 [ 388.388154][ T50] le_conn_complete_evt+0x1d0a/0x2250 [ 388.388392][ T50] hci_le_enh_conn_complete_evt+0x158/0x260 [ 388.388603][ T50] hci_le_meta_evt+0x6eb/0x960 [ 388.388777][ T50] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 388.388989][ T50] hci_event_packet+0xce2/0x1e40 [ 388.389136][ T50] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 388.389352][ T50] hci_rx_work+0x8c3/0xfc0 [ 388.389514][ T50] ? kmsan_get_metadata+0xf1/0x160 [ 388.389730][ T50] ? __pfx_hci_rx_work+0x10/0x10 [ 388.389886][ T50] process_scheduled_works+0xae7/0x1d60 [ 388.390156][ T50] worker_thread+0x1741/0x1de0 [ 388.390421][ T50] kthread+0xd5a/0xf00 [ 388.390565][ T50] ? __pfx_worker_thread+0x10/0x10 [ 388.390794][ T50] ? __pfx_kthread+0x10/0x10 [ 388.390940][ T50] ret_from_fork+0x207/0x6f0 [ 388.391138][ T50] ? __switch_to+0x521/0x750 [ 388.391310][ T50] ? __pfx_kthread+0x10/0x10 [ 388.391470][ T50] ret_from_fork_asm+0x1a/0x30 [ 388.391696][ T50] [ 388.391821][ T50] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 388.590158][ T50] Bluetooth: hci3: failed to register connection device [ 388.593365][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 388.609563][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 389.973678][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 390.017754][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 390.044724][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 390.057899][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 390.092683][ T7871] netlink: 8 bytes leftover after parsing attributes in process `syz.5.623'. [ 390.101834][ T7871] netlink: 8 bytes leftover after parsing attributes in process `syz.5.623'. [ 390.129654][ T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 390.189952][ T10] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 390.266652][ T10] usb 2-1: USB disconnect, device number 2 [ 390.274670][ T7869] loop3: detected capacity change from 0 to 4096 [ 390.341859][ T7869] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 391.192030][ T7886] fuse: Bad value for 'fd' [ 391.366337][ T7887] overlayfs: failed to get inode (-116) [ 391.393422][ T7887] overlayfs: failed to get inode (-116) [ 391.949020][ T7891] 9p: Bad value for 'wfdno' [ 392.046306][ T7891] tipc: Started in network mode [ 392.051464][ T7891] tipc: Node identity ac14140f, cluster identity 4711 [ 392.124066][ T7891] tipc: New replicast peer: 255.255.255.255 [ 392.135467][ T7891] tipc: Enabled bearer , priority 10 [ 392.413470][ T7899] netlink: 8 bytes leftover after parsing attributes in process `syz.5.633'. [ 392.603349][ T7899] netlink: 236 bytes leftover after parsing attributes in process `syz.5.633'. [ 393.046819][ T7906] netlink: 8 bytes leftover after parsing attributes in process `syz.3.635'. [ 393.056775][ T7906] netlink: 8 bytes leftover after parsing attributes in process `syz.3.635'. [ 393.242625][ T10] tipc: Node number set to 2886997007 [ 394.487063][ T7934] fuse: Bad value for 'fd' [ 395.103098][ T7941] loop5: detected capacity change from 0 to 512 [ 395.140767][ T7941] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 395.269063][ T7941] EXT4-fs (loop5): 1 truncate cleaned up [ 395.303588][ T7941] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 395.331405][ T30] audit: type=1800 audit(2000000000.800:128): pid=7941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.651" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 395.927468][ T7953] lo: entered allmulticast mode [ 395.954166][ T6881] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.218023][ T7958] netlink: 60 bytes leftover after parsing attributes in process `syz.1.658'. [ 396.240216][ T7951] lo: left allmulticast mode [ 396.317605][ T7959] netlink: 8 bytes leftover after parsing attributes in process `syz.1.658'. [ 396.952762][ T7966] overlayfs: failed to clone upperpath [ 396.984680][ T7967] netlink: 12 bytes leftover after parsing attributes in process `syz.2.662'. [ 397.577735][ T7979] loop3: detected capacity change from 0 to 256 [ 397.651346][ T7979] exFAT-fs (loop3): failed to test first cluster bit of root dir(5) [ 397.805172][ T30] audit: type=1800 audit(2000000003.280:129): pid=7979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.665" name="file1" dev="loop3" ino=1048616 res=0 errno=0 [ 397.919828][ T24] Process accounting resumed [ 398.585912][ T7987] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.806034][ T7992] netlink: 5128 bytes leftover after parsing attributes in process `syz.3.671'. [ 398.839959][ T7992] netlink: 5128 bytes leftover after parsing attributes in process `syz.3.671'. [ 398.849764][ T7992] netlink: 584 bytes leftover after parsing attributes in process `syz.3.671'. [ 398.880517][ T7987] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.056978][ T7987] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.172861][ T7987] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.355417][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.4.676'. [ 399.430862][ T8004] netlink: 12 bytes leftover after parsing attributes in process `syz.4.676'. [ 399.494710][ T6307] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.647428][ T6307] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.657353][ T8007] netlink: 8 bytes leftover after parsing attributes in process `syz.5.677'. [ 399.667560][ T8006] netlink: 156 bytes leftover after parsing attributes in process `syz.4.676'. [ 399.720803][ T6307] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.829523][ T6307] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.646606][ T8020] bond1: entered promiscuous mode [ 400.725651][ T8022] vcan1: entered promiscuous mode [ 400.731215][ T8022] vcan1: entered allmulticast mode [ 400.766769][ T8022] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 400.810921][ T8022] bond1: (slave vcan1): Error -95 calling set_mac_address [ 400.840053][ T50] Bluetooth: hci3: unexpected cc 0x2039 length: 9 > 1 [ 400.847826][ T50] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 400.896236][ T8027] Process accounting resumed [ 402.560516][ T8046] __nla_validate_parse: 3 callbacks suppressed [ 402.560595][ T8046] netlink: 24 bytes leftover after parsing attributes in process `syz.3.691'. [ 402.847220][ T8053] A link change request failed with some changes committed already. Interface gre2 may have been left with an inconsistent configuration, please check. [ 403.637992][ T8060] bond2: entered promiscuous mode [ 403.695416][ T8065] vcan0: entered promiscuous mode [ 403.700787][ T8065] vcan0: entered allmulticast mode [ 403.710556][ T8065] bond2: (slave vcan0): The slave device specified does not support setting the MAC address [ 403.765886][ T8065] bond2: (slave vcan0): Error -95 calling set_mac_address [ 404.883185][ T50] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 404.892056][ T50] Bluetooth: hci3: Injecting HCI hardware error event [ 404.900445][ T50] Bluetooth: hci3: hardware error 0x00 [ 406.130937][ T8089] netlink: 8 bytes leftover after parsing attributes in process `syz.4.708'. [ 407.044931][ T50] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 409.473051][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 409.536844][ T8128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.722'. [ 409.591562][ T8128] netlink: 12 bytes leftover after parsing attributes in process `syz.1.722'. [ 409.701418][ T10] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 409.711157][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.719810][ T10] usb 6-1: Product: syz [ 409.724413][ T10] usb 6-1: Manufacturer: syz [ 409.729261][ T10] usb 6-1: SerialNumber: syz [ 410.205129][ T8140] netlink: 232 bytes leftover after parsing attributes in process `syz.3.725'. [ 410.214698][ T8140] netlink: 232 bytes leftover after parsing attributes in process `syz.3.725'. [ 410.263206][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 410.275910][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 411.588817][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 411.643189][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 411.724368][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 411.737052][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 411.775030][ T8148] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 411.788148][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 411.811346][ T10] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71 [ 411.852973][ T10] usb 6-1: USB disconnect, device number 2 [ 411.917113][ T8148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 412.138811][ T8150] erspan0: entered promiscuous mode [ 412.229437][ T8150] netlink: 8 bytes leftover after parsing attributes in process `syz.4.728'. [ 412.782732][ T8163] netlink: 'syz.4.735': attribute type 39 has an invalid length. [ 412.879655][ T8163] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.990339][ T8163] bridge_slave_0 (unregistering): left allmulticast mode [ 412.998087][ T8163] bridge_slave_0 (unregistering): left promiscuous mode [ 413.005630][ T8163] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.188425][ T8170] netlink: 232 bytes leftover after parsing attributes in process `syz.2.737'. [ 413.199158][ T8170] netlink: 232 bytes leftover after parsing attributes in process `syz.2.737'. [ 413.434329][ T8166] loop5: detected capacity change from 0 to 4096 [ 413.504510][ T8166] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 415.767310][ T8200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.749'. [ 415.789089][ T8200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.749'. [ 415.821340][ T8200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.749'. [ 415.851999][ T8200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.749'. [ 416.506145][ T8206] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 418.412822][ T8230] netlink: 12 bytes leftover after parsing attributes in process `syz.5.770'. [ 418.924238][ T8241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.764'. [ 418.933480][ T8241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.764'. [ 419.227443][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 419.234468][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 421.333406][ T8268] netlink: 4 bytes leftover after parsing attributes in process `syz.5.776'. [ 421.363605][ T8268] netlink: 8 bytes leftover after parsing attributes in process `syz.5.776'. [ 422.686230][ T8292] fuse: Bad value for 'fd' [ 423.211141][ T30] audit: type=1326 audit(2000000028.680:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 423.234458][ T30] audit: type=1326 audit(2000000028.680:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 423.256933][ T30] audit: type=1326 audit(2000000028.680:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 423.378224][ T30] audit: type=1326 audit(2000000028.760:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 423.403156][ T30] audit: type=1326 audit(2000000028.760:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 423.426395][ T30] audit: type=1326 audit(2000000028.770:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 423.448602][ T30] audit: type=1326 audit(2000000028.770:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 423.470958][ T30] audit: type=1326 audit(2000000028.780:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 423.493744][ T30] audit: type=1326 audit(2000000028.780:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 423.517396][ T30] audit: type=1326 audit(2000000028.790:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.1.788" exe="/root/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 424.136889][ T8304] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.195653][ T8312] overlayfs: failed to clone lowerpath [ 424.220555][ T8312] overlayfs: failed to clone lowerpath [ 424.229053][ T8314] netlink: 'syz.1.793': attribute type 4 has an invalid length. [ 424.279832][ T8310] netlink: 'syz.1.793': attribute type 4 has an invalid length. [ 424.448366][ T8316] fuse: Bad value for 'fd' [ 424.509629][ T8304] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.744642][ T8304] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.949463][ T8304] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.349813][ T13] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.511512][ T13] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.601886][ T6308] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.692626][ T6308] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.145276][ T8341] overlayfs: failed to clone upperpath [ 426.969149][ T8356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.807'. [ 427.005831][ T8356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.807'. [ 427.040373][ T8356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.807'. [ 427.074881][ T797] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 427.266389][ T797] usb 6-1: Using ep0 maxpacket: 8 [ 427.294117][ T797] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 427.332424][ T797] usb 6-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 427.341989][ T797] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.395380][ T797] usb 6-1: config 0 descriptor?? [ 427.445027][ T797] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 427.739943][ T8365] loop1: detected capacity change from 0 to 1024 [ 428.876294][ T797] gspca_vc032x: reg_w err -71 [ 428.881468][ T797] vc032x 6-1:0.0: probe with driver vc032x failed with error -71 [ 428.921913][ T797] usb 6-1: USB disconnect, device number 3 [ 429.196841][ T8375] netlink: 4 bytes leftover after parsing attributes in process `syz.4.816'. [ 430.687319][ T8398] netlink: 4 bytes leftover after parsing attributes in process `syz.3.825'. [ 432.297844][ T8418] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.554555][ T8418] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.690362][ T8418] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.103067][ T8418] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.014764][ T35] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.180364][ T35] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.392099][ T35] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.634070][ T35] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.046523][ T8441] fuse: Bad value for 'fd' [ 435.493875][ T8445] xt_connbytes: Forcing CT accounting to be enabled [ 436.311873][ T8461] loop5: detected capacity change from 0 to 256 [ 436.504626][ T8461] exFAT-fs (loop5): failed to test first cluster bit of root dir(5) [ 436.604052][ T8461] exFAT-fs (loop5): failed to exfat_utf8_to_utf16 (err : -22) nls len : 1 [ 436.645623][ T5077] Bluetooth: hci1: command 0x0406 tx timeout [ 437.441464][ T8470] xt_CT: You must specify a L4 protocol and not use inversions on it [ 438.661364][ T8490] netlink: 'syz.3.857': attribute type 83 has an invalid length. [ 438.861579][ T8494] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 438.931006][ T8494] netlink: 12 bytes leftover after parsing attributes in process `syz.4.858'. [ 441.191432][ T8531] netlink: 4 bytes leftover after parsing attributes in process `syz.5.870'. [ 441.248470][ T8531] netlink: 4 bytes leftover after parsing attributes in process `syz.5.870'. [ 441.268285][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 441.268379][ T30] audit: type=1326 audit(2000000046.740:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8516 comm="syz.1.866" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7fc00000 [ 441.304150][ T8533] netlink: 4 bytes leftover after parsing attributes in process `syz.5.870'. [ 442.522468][ T8549] 8021q: VLANs not supported on ip6gre0 [ 444.294108][ T8568] netlink: 4 bytes leftover after parsing attributes in process `syz.3.883'. [ 444.363849][ T8573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.883'. [ 444.414241][ T8565] bond3: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 444.425092][ T8568] netlink: 4 bytes leftover after parsing attributes in process `syz.3.883'. [ 444.528930][ T8574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.886'. [ 444.538407][ T8574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.886'. [ 444.565969][ T8565] bond3 (unregistering): Released all slaves [ 447.113720][ T8602] netlink: 4 bytes leftover after parsing attributes in process `syz.4.895'. [ 447.258409][ T8602] bridge_slave_1: left allmulticast mode [ 447.266038][ T8602] bridge_slave_1: left promiscuous mode [ 447.272978][ T8602] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.488430][ T8606] lo: left allmulticast mode [ 447.519735][ T8606] tunl0: left allmulticast mode [ 447.529310][ T8606] gre0: left allmulticast mode [ 447.538307][ T8606] 0ªX¹¦Dö»: left allmulticast mode [ 447.615139][ T8606] erspan0: left allmulticast mode [ 447.621336][ T8606] ip_vti0: left allmulticast mode [ 447.633438][ T8606] ip6_vti0: left allmulticast mode [ 447.639463][ T8606] sit0: left allmulticast mode [ 447.645364][ T8606] ip6tnl0: left allmulticast mode [ 447.651395][ T8606] ip6gre0: left allmulticast mode [ 447.660309][ T8606] syz_tun: left allmulticast mode [ 447.669402][ T8606] ip6gretap0: left allmulticast mode [ 447.675724][ T8606] bridge0: left allmulticast mode [ 447.681867][ T8606] vcan0: left allmulticast mode [ 447.693718][ T8606] bond0: left allmulticast mode [ 447.699642][ T8606] team0: left allmulticast mode [ 447.726017][ T8606] dummy0: left allmulticast mode [ 447.734336][ T8606] nlmon0: left allmulticast mode [ 447.740474][ T8606] caif0: left allmulticast mode [ 447.746620][ T8606] batadv0: left allmulticast mode [ 447.755859][ T8606] veth0: left allmulticast mode [ 447.761848][ T8606] veth1: left allmulticast mode [ 447.771031][ T8606] veth0_to_bridge: left allmulticast mode [ 447.779230][ T8606] veth1_to_bridge: left allmulticast mode [ 447.789981][ T8606] veth0_to_bond: left allmulticast mode [ 447.796796][ T8606] bond_slave_0: left allmulticast mode [ 447.803525][ T8606] veth1_to_bond: left allmulticast mode [ 447.810137][ T8606] bond_slave_1: left allmulticast mode [ 447.819891][ T8606] veth0_to_team: left allmulticast mode [ 447.826787][ T8606] team_slave_0: left allmulticast mode [ 447.833578][ T8606] veth1_to_team: left allmulticast mode [ 447.840250][ T8606] team_slave_1: left allmulticast mode [ 447.850106][ T8606] veth0_to_batadv: left allmulticast mode [ 447.857101][ T8606] batadv_slave_0: left allmulticast mode [ 447.864052][ T8606] veth1_to_batadv: left allmulticast mode [ 447.876929][ T8606] batadv_slave_1: left allmulticast mode [ 447.883945][ T8606] xfrm0: left allmulticast mode [ 447.889944][ T8606] veth0_to_hsr: left allmulticast mode [ 447.897565][ T8606] veth1_to_hsr: left allmulticast mode [ 447.908133][ T8606] hsr0: left allmulticast mode [ 447.913238][ T8606] hsr_slave_0: left allmulticast mode [ 447.918838][ T8606] hsr_slave_1: left allmulticast mode [ 447.925591][ T8606] veth1_virt_wifi: left allmulticast mode [ 447.935502][ T8606] veth0_virt_wifi: left allmulticast mode [ 447.942653][ T8606] net veth1_virt_wifi virt_wifi0: left allmulticast mode [ 447.950856][ T8606] veth1_vlan: left allmulticast mode [ 447.958399][ T8606] vlan0: left allmulticast mode [ 447.967339][ T8606] vlan1: left allmulticast mode [ 447.976373][ T8606] macvlan0: left allmulticast mode [ 447.982780][ T8606] macvlan1: left allmulticast mode [ 447.989038][ T8606] ipvlan0: left allmulticast mode [ 447.998245][ T8606] ipvlan1: left allmulticast mode [ 448.003738][ T8606] veth0_vlan: left allmulticast mode [ 448.010188][ T8606] veth1_macvtap: left allmulticast mode [ 448.017090][ T8606] veth0_macvtap: left allmulticast mode [ 448.026953][ T8606] macvtap0: left allmulticast mode [ 448.033343][ T8606] macsec0: left allmulticast mode [ 448.039327][ T8606] geneve0: left allmulticast mode [ 448.045659][ T8606] geneve1: left allmulticast mode [ 448.051869][ T8606] mac80211_hwsim hwsim6 wlan0: left allmulticast mode [ 448.063306][ T8606] gre1: left allmulticast mode [ 448.711383][ T8614] netlink: 8 bytes leftover after parsing attributes in process `syz.4.901'. [ 449.107854][ T8622] netlink: 4 bytes leftover after parsing attributes in process `syz.3.900'. [ 449.165805][ T8624] binder: 8623:8624 unknown command 0 [ 449.169950][ T8614] 8021q: adding VLAN 0 to HW filter on device bond2 [ 449.193047][ T8624] binder: 8623:8624 ioctl c0306201 80000080 returned -22 [ 449.222706][ T796] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 449.456397][ T796] usb 2-1: Using ep0 maxpacket: 8 [ 449.491147][ T796] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 449.541960][ T796] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 449.554847][ T796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.617328][ T796] usb 2-1: config 0 descriptor?? [ 449.661176][ T796] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 450.006259][ T8631] netlink: 12 bytes leftover after parsing attributes in process `syz.4.905'. [ 450.176255][ T30] audit: type=1326 audit(2000000055.640:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8629 comm="syz.3.907" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x0 [ 451.115617][ T796] gspca_vc032x: reg_w err -71 [ 451.120760][ T796] vc032x 2-1:0.0: probe with driver vc032x failed with error -71 [ 451.207787][ T796] usb 2-1: USB disconnect, device number 3 [ 452.131999][ T8660] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 456.035263][ T8710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.930'. [ 456.044828][ T8710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.930'. [ 456.769751][ T30] audit: type=1804 audit(2000000062.240:149): pid=8716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.933" name="file0" dev="tmpfs" ino=1074 res=1 errno=0 [ 458.351051][ T8741] sch_tbf: burst 1821 is lower than device lo mtu (11337746) ! [ 458.383476][ T8741] netlink: 12 bytes leftover after parsing attributes in process `syz.3.941'. [ 458.816214][ T8746] netlink: 'syz.5.943': attribute type 39 has an invalid length. [ 458.993502][ T8746] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.130696][ T8746] bridge_slave_0 (unregistering): left allmulticast mode [ 459.144719][ T8746] bridge_slave_0 (unregistering): left promiscuous mode [ 459.154788][ T8746] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.061439][ T30] audit: type=1326 audit(2000000065.530:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8764 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 460.200892][ T30] audit: type=1326 audit(2000000065.570:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8764 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 460.227533][ T30] audit: type=1326 audit(2000000065.570:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8764 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f86567 code=0x7ffc0000 [ 460.250296][ T30] audit: type=1326 audit(2000000065.570:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8764 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=42 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 460.276774][ T30] audit: type=1326 audit(2000000065.570:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8764 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 460.300978][ T30] audit: type=1326 audit(2000000065.580:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8764 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 460.326337][ T30] audit: type=1326 audit(2000000065.580:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8764 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f86567 code=0x7ffc0000 [ 460.348698][ T30] audit: type=1326 audit(2000000065.580:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8764 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf718572b code=0x7ffc0000 [ 460.376076][ T30] audit: type=1326 audit(2000000065.600:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8764 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 461.036228][ T8752] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.046580][ T8752] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.088334][ T5842] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 461.243026][ T5842] usb 6-1: Using ep0 maxpacket: 32 [ 461.281355][ T5842] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 461.292709][ T5842] usb 6-1: config 0 has no interface number 0 [ 461.320266][ T5842] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 461.330024][ T5842] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.343520][ T5842] usb 6-1: Product: syz [ 461.347913][ T5842] usb 6-1: Manufacturer: syz [ 461.353542][ T5842] usb 6-1: SerialNumber: syz [ 461.444794][ T5842] usb 6-1: config 0 descriptor?? [ 461.497876][ T5842] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 461.507516][ T5842] usb 6-1: selecting invalid altsetting 1 [ 461.516973][ T5842] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 461.580926][ T5842] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 461.607214][ T5842] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 461.689741][ T5842] usb 6-1: media controller created [ 462.173650][ T5842] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 462.526568][ T8752] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 462.725742][ T8775] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 462.787826][ T5842] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 462.795332][ T5842] zl10353_read_register: readreg error (reg=127, ret==-32) [ 462.837825][ T8752] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 465.459479][ T4811] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.582025][ T4811] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.602854][ T4811] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.653892][ T4811] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.782556][ T5842] usb 6-1: USB disconnect, device number 4 [ 466.087190][ T8817] netlink: 12 bytes leftover after parsing attributes in process `syz.2.958'. [ 466.380884][ T8826] netlink: 'syz.3.962': attribute type 13 has an invalid length. [ 466.389372][ T8826] netlink: 'syz.3.962': attribute type 17 has an invalid length. [ 467.033769][ T8831] netlink: 'syz.4.963': attribute type 4 has an invalid length. [ 467.667101][ T8835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.966'. [ 467.930799][ T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 467.968675][ T8826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 468.025784][ T8826] 8021q: adding VLAN 0 to HW filter on device team0 [ 468.114163][ T8826] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 468.151730][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 468.167775][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 468.178270][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 468.192013][ T24] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 468.204504][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.414958][ T24] usb 6-1: config 0 descriptor?? [ 468.920611][ T24] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 469.331895][ T8849] bond2: option downdelay: invalid value (18446744073709551615) [ 469.340177][ T8849] bond2: option downdelay: allowed values 0 - 2147483647 [ 469.362815][ T8849] bond2 (unregistering): Released all slaves [ 470.161673][ T8860] netlink: 12 bytes leftover after parsing attributes in process `syz.3.974'. [ 470.298877][ T5842] usb 6-1: reset high-speed USB device number 5 using dummy_hcd [ 470.505145][ T5842] usb 6-1: device descriptor read/64, error -32 [ 470.752533][ T5842] usb 6-1: reset high-speed USB device number 5 using dummy_hcd [ 471.501287][ T8873] batman_adv: batadv0: Adding interface: dummy0 [ 471.511136][ T8873] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 471.570478][ T10] usb 6-1: USB disconnect, device number 5 [ 471.619258][ T8873] batman_adv: batadv0: Interface activated: dummy0 [ 471.778817][ T8872] batadv0: mtu less than device minimum [ 471.787559][ T8872] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 471.800736][ T8872] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 471.814182][ T8872] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 471.827394][ T8872] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 471.840716][ T8872] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 471.854050][ T8872] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 471.867343][ T8872] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 471.880612][ T8872] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 472.998888][ T8887] bridge2: entered promiscuous mode [ 473.007766][ T8887] bridge2: entered allmulticast mode [ 473.114618][ T8887] team0: Port device bridge2 added [ 473.228870][ T8892] bridge0: port 3(team0) entered blocking state [ 473.235954][ T8892] bridge0: port 3(team0) entered disabled state [ 473.276404][ T8892] team0: entered allmulticast mode [ 473.281873][ T8892] team_slave_0: entered allmulticast mode [ 473.288203][ T8892] team_slave_1: entered allmulticast mode [ 473.336424][ T8892] team0: entered promiscuous mode [ 473.341814][ T8892] team_slave_0: entered promiscuous mode [ 473.349054][ T8892] team_slave_1: entered promiscuous mode [ 473.414689][ T8892] bridge0: port 3(team0) entered blocking state [ 473.421580][ T8892] bridge0: port 3(team0) entered forwarding state [ 475.808181][ T30] kauditd_printk_skb: 101 callbacks suppressed [ 475.808263][ T30] audit: type=1804 audit(2000000081.280:260): pid=8919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.994" name="/newroot/104/file0" dev="tmpfs" ino=589 res=1 errno=0 [ 476.616549][ T8931] netlink: 24 bytes leftover after parsing attributes in process `syz.2.998'. [ 478.055766][ T8954] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1006'. [ 478.159643][ T8954] netlink: 'syz.2.1006': attribute type 10 has an invalid length. [ 478.281060][ T8954] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 480.030855][ T8959] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.683165][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 480.689950][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 480.807473][ T8959] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 480.886707][ T8959] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 481.745394][ T8969] syz_tun: entered allmulticast mode [ 481.755220][ T8969] syz_tun: left allmulticast mode [ 481.771202][ T12] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.795777][ T12] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.805120][ T12] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.835914][ T12] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.611013][ T8998] loop1: detected capacity change from 0 to 512 [ 482.745999][ T8994] netlink: 'syz.5.1018': attribute type 9 has an invalid length. [ 482.762788][ T8994] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1018'. [ 482.809998][ T8998] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 482.899405][ T8998] ext4 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 483.071406][ T8998] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 483.102926][ T8998] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 483.153039][ T8998] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.1021: Failed to acquire dquot type 0 [ 483.467245][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 483.762439][ T9011] netlink: 'syz.4.1025': attribute type 1 has an invalid length. [ 483.930620][ T9014] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1027'. [ 483.943334][ T9014] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1027'. [ 484.160956][ T9015] macvlan2: entered promiscuous mode [ 484.173682][ T9015] macvlan2: entered allmulticast mode [ 484.232925][ T9015] bond3: entered promiscuous mode [ 484.284232][ T9015] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 484.316818][ T9015] bond3: left promiscuous mode [ 484.769157][ T9025] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 486.350284][ T9038] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1033'. [ 487.649190][ T9044] binder: BINDER_SET_CONTEXT_MGR already set [ 487.769711][ T9044] binder: 9043:9044 ioctl 4018620d 80000040 returned -16 [ 487.848550][ T9050] binder: 9043:9050 ioctl c0306201 800003c0 returned -14 [ 490.397289][ T9075] bridge0: port 3(team0) entered disabled state [ 490.404994][ T9075] bridge0: port 2(bridge_slave_1) entered disabled state [ 490.413703][ T9075] bridge0: port 1(bridge_slave_0) entered disabled state [ 491.094902][ T9075] batman_adv: batadv0: Interface deactivated: dummy0 [ 491.720449][ T9075] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 491.815751][ T9075] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 492.538146][ T9075] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 492.587905][ T9075] vlan2: left promiscuous mode [ 492.594778][ T9075] bond0: left promiscuous mode [ 492.600747][ T9075] bond_slave_0: left promiscuous mode [ 492.611651][ T9075] bond_slave_1: left promiscuous mode [ 492.739497][ T9098] lo speed is unknown, defaulting to 1000 [ 492.748396][ T12] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.758772][ T9098] lo speed is unknown, defaulting to 1000 [ 492.777215][ T12] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.795506][ T9098] lo speed is unknown, defaulting to 1000 [ 492.828021][ T9098] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 492.828032][ T12] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.828355][ T12] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.951866][ T9098] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 493.231406][ T9106] bridge3: entered promiscuous mode [ 493.243165][ T9106] bridge3: entered allmulticast mode [ 493.319139][ T9106] team0: Port device bridge3 added [ 493.325281][ T9098] lo speed is unknown, defaulting to 1000 [ 493.354318][ T9107] bridge0: port 3(team0) entered blocking state [ 493.361193][ T9107] bridge0: port 3(team0) entered disabled state [ 493.383343][ T9107] team0: entered allmulticast mode [ 493.388707][ T9107] team_slave_0: entered allmulticast mode [ 493.395196][ T9107] team_slave_1: entered allmulticast mode [ 493.417433][ T9107] team0: entered promiscuous mode [ 493.423328][ T9107] team_slave_0: entered promiscuous mode [ 493.430169][ T9107] team_slave_1: entered promiscuous mode [ 493.451647][ T9098] lo speed is unknown, defaulting to 1000 [ 493.461679][ T9098] lo speed is unknown, defaulting to 1000 [ 493.479080][ T9098] lo speed is unknown, defaulting to 1000 [ 493.526847][ T9098] lo speed is unknown, defaulting to 1000 [ 494.125993][ T9116] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1063'. [ 494.386797][ T9120] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1063'. [ 495.223691][ T9130] loop5: detected capacity change from 0 to 1024 [ 495.389890][ T9130] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 495.701048][ T9132] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 171: padding at end of block bitmap is not set [ 495.738713][ T5842] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 495.748577][ T9134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1068'. [ 495.779763][ T9134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1068'. [ 495.906942][ T5842] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 495.918843][ T5842] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.935056][ T5842] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 495.944576][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.990671][ T9136] pimreg: entered allmulticast mode [ 496.075577][ T9136] pimreg: left allmulticast mode [ 496.244893][ T5842] usb 6-1: config 0 descriptor?? [ 496.324891][ T5842] hub 6-1:0.0: USB hub found [ 496.465465][ T5842] hub 6-1:0.0: 1 port detected [ 496.656241][ T9140] netlink: 'syz.1.1069': attribute type 4 has an invalid length. [ 496.711217][ T9141] netlink: 'syz.1.1069': attribute type 4 has an invalid length. [ 496.983009][ T9144] Illegal XDP return value 256 on prog (id 56) dev N/A, expect packet loss! [ 497.425767][ T10] hub 6-1:0.0: activate --> -90 [ 497.555571][ T9150] loop1: detected capacity change from 0 to 128 [ 497.725322][ T10] usb 6-1: USB disconnect, device number 6 [ 498.455323][ T6881] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 498.967405][ T9164] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1076'. [ 499.728328][ T9174] netlink: 'syz.3.1080': attribute type 3 has an invalid length. [ 499.754339][ T9174] netlink: 'syz.3.1080': attribute type 3 has an invalid length. [ 499.988562][ T5842] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 500.169914][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 500.187474][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 500.197640][ T5842] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 500.211159][ T5842] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 500.228672][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.257120][ T9179] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1082'. [ 500.341847][ T5842] usb 2-1: config 0 descriptor?? [ 500.385587][ T9179] vxlan0: entered promiscuous mode [ 500.443942][ T4811] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 500.477813][ T4811] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 500.509513][ T4811] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 500.522778][ T4811] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 500.991179][ T5842] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 502.288604][ T5842] usb 2-1: reset high-speed USB device number 4 using dummy_hcd [ 502.422603][ T5842] usb 2-1: device descriptor read/64, error -32 [ 502.476266][ T9196] lo speed is unknown, defaulting to 1000 [ 502.519240][ T9201] netlink: 'syz.4.1089': attribute type 4 has an invalid length. [ 502.648333][ T9203] netlink: 'syz.4.1089': attribute type 4 has an invalid length. [ 502.669895][ T5842] usb 2-1: reset high-speed USB device number 4 using dummy_hcd [ 502.826619][ T5842] usb 2-1: device descriptor read/64, error -32 [ 503.095267][ T5842] usb 2-1: reset high-speed USB device number 4 using dummy_hcd [ 503.192765][ T5842] usb 2-1: device descriptor read/8, error -32 [ 503.448890][ T5842] usb 2-1: reset high-speed USB device number 4 using dummy_hcd [ 503.480113][ T5842] usb 2-1: device descriptor read/8, error -32 [ 503.562748][ T9207] bridge0: entered promiscuous mode [ 503.594593][ T5842] raw-gadget.0 gadget.1: failed to queue suspend event [ 503.625506][ T8779] usb 2-1: USB disconnect, device number 4 [ 503.834384][ T8779] raw-gadget.0 gadget.1: failed to queue reset event [ 503.904056][ T9212] 9p: Unknown uid 00000000004294967295 [ 503.964371][ T8779] raw-gadget.0 gadget.1: failed to queue resume event [ 504.060731][ T8779] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 504.082789][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 504.090568][ T8779] raw-gadget.0 gadget.1: failed to queue reset event [ 504.091802][ T9196] raw-gadget.0 gadget.1: failed to queue reset event [ 504.152522][ T9196] raw-gadget.0 gadget.1: failed to queue disconnect event [ 504.961237][ T9227] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1098'. [ 505.246446][ T9229] bridge1: entered promiscuous mode [ 505.255442][ T9229] bridge1: entered allmulticast mode [ 505.352500][ T9229] team0: Port device bridge1 added [ 505.479005][ T9233] bridge0: port 3(team0) entered blocking state [ 505.486491][ T9233] bridge0: port 3(team0) entered disabled state [ 505.496602][ T9233] team0: entered allmulticast mode [ 505.502368][ T9233] team_slave_0: entered allmulticast mode [ 505.508282][ T9233] team_slave_1: entered allmulticast mode [ 505.555321][ T9233] team0: entered promiscuous mode [ 505.560871][ T9233] team_slave_0: entered promiscuous mode [ 505.567959][ T9233] team_slave_1: entered promiscuous mode [ 505.681226][ T9237] loop1: detected capacity change from 0 to 1024 [ 505.775185][ T9237] EXT4-fs: Ignoring removed orlov option [ 505.781173][ T9237] EXT4-fs: Ignoring removed nomblk_io_submit option [ 506.390558][ T9237] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 507.471969][ T9239] INFO: The task syz.4.1101:9239 has been waiting for writeback completion for more than 1 seconds. [ 507.478210][ T9239] INFO: The task syz.4.1101:9239 has been waiting for writeback completion for more than 1 seconds. [ 507.494037][ T9239] INFO: The task syz.4.1101:9239 has been waiting for writeback completion for more than 1 seconds. [ 507.511106][ T9239] INFO: The task syz.4.1101:9239 has been waiting for writeback completion for more than 1 seconds. [ 507.644187][ T9239] INFO: The task syz.4.1101:9239 has been waiting for writeback completion for more than 1 seconds. [ 507.967808][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 510.578038][ T9288] 9pnet_virtio: no channels available for device syz [ 510.770969][ T9292] loop1: detected capacity change from 0 to 512 [ 510.983003][ T9292] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 511.096201][ T9292] ext4 filesystem being mounted at /221/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 514.681116][ T9321] netlink: 'syz.3.1130': attribute type 1 has an invalid length. [ 514.828170][ T9321] 8021q: adding VLAN 0 to HW filter on device bond1 [ 515.126776][ T9324] bond1: (slave veth3): Enslaving as an active interface with a down link [ 515.289442][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 515.311161][ T9331] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1132'. [ 515.358863][ T9331] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1132'. [ 515.898315][ T9335] netlink: 1335 bytes leftover after parsing attributes in process `syz.2.1134'. [ 516.064147][ T9337] 9pnet_virtio: no channels available for device syz [ 516.128427][ T9339] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1135'. [ 518.481425][ T9367] loop1: detected capacity change from 0 to 8 [ 518.495655][ T9367] squashfs: Unknown parameter '' [ 519.150401][ T9371] netlink: 1319 bytes leftover after parsing attributes in process `syz.5.1149'. [ 521.670927][ T9408] tipc: Failed to remove unknown binding: 66,0,0/0:1537812084/1537812085 [ 521.695065][ T9408] tipc: Failed to remove unknown binding: 66,0,0/0:1537812084/1537812085 [ 522.335772][ T9421] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1166'. [ 522.383050][ T9421] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1166'. [ 522.978244][ T9425] bond0: (slave bridge0): Releasing backup interface [ 523.031034][ T9425] team0: left allmulticast mode [ 523.043991][ T9425] team_slave_0: left allmulticast mode [ 523.049705][ T9425] team_slave_1: left allmulticast mode [ 523.055673][ T9425] team0: left promiscuous mode [ 523.060654][ T9425] team_slave_0: left promiscuous mode [ 523.070433][ T9425] team_slave_1: left promiscuous mode [ 523.079284][ T9425] bridge0: port 3(team0) entered disabled state [ 523.219814][ T9427] netlink: 'syz.2.1168': attribute type 10 has an invalid length. [ 523.299485][ T9425] bridge_slave_0: left allmulticast mode [ 523.308898][ T9425] bridge_slave_0: left promiscuous mode [ 523.320118][ T9425] bridge0: port 1(bridge_slave_0) entered disabled state [ 523.509119][ T9425] bridge_slave_1: left allmulticast mode [ 523.515168][ T9425] bridge_slave_1: left promiscuous mode [ 523.522308][ T9425] bridge0: port 2(bridge_slave_1) entered disabled state [ 523.710506][ T9425] bond0: (slave bond_slave_0): Releasing backup interface [ 523.846582][ T9425] bond0: (slave bond_slave_1): Releasing backup interface [ 524.015511][ T9425] team0: Port device team_slave_0 removed [ 524.106299][ T9425] team0: Port device team_slave_1 removed [ 524.148532][ T9425] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 524.231281][ T9425] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 524.308943][ T9425] net_ratelimit: 11 callbacks suppressed [ 524.309031][ T9425] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 524.434861][ T9427] 8021q: adding VLAN 0 to HW filter on device bond0 [ 524.479649][ T9427] team0: Port device bond0 added [ 526.699635][ T9483] loop1: detected capacity change from 0 to 1024 [ 526.892810][ T9483] syz.1.1185: attempt to access beyond end of device [ 526.892810][ T9483] loop1: rw=8388608, sector=393218, nr_sectors = 2 limit=1024 [ 526.998067][ T9483] syz.1.1185: attempt to access beyond end of device [ 526.998067][ T9483] loop1: rw=8388608, sector=393218, nr_sectors = 2 limit=1024 [ 527.488068][ T30] audit: type=1804 audit(2000000132.950:261): pid=9490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1188" name="file0" dev="ramfs" ino=21509 res=1 errno=0 [ 527.801650][ T9497] tipc: Failed to remove unknown binding: 66,0,0/0:379404636/379404637 [ 527.817442][ T9497] tipc: Failed to remove unknown binding: 66,0,0/0:379404636/379404637 [ 528.054283][ T9500] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1192'. [ 528.601171][ T9504] netlink: 1363 bytes leftover after parsing attributes in process `syz.5.1195'. [ 529.025992][ T9511] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1197'. [ 529.581226][ T9522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1201'. [ 529.593678][ T9522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1201'. [ 529.738795][ T9517] lo speed is unknown, defaulting to 1000 [ 530.137811][ T9529] netlink: 'syz.5.1203': attribute type 4 has an invalid length. [ 530.178061][ T9527] netlink: 'syz.5.1203': attribute type 4 has an invalid length. [ 530.375984][ T8779] lo speed is unknown, defaulting to 1000 [ 530.385409][ T8779] syz2: Port: 1 Link ACTIVE [ 530.539622][ T30] audit: type=1804 audit(2000000136.010:262): pid=9535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1205" name="file0" dev="tmpfs" ino=1339 res=1 errno=0 [ 530.566234][ T9536] loop1: detected capacity change from 0 to 512 [ 530.859793][ T9536] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 530.957583][ T9536] ext4 filesystem being mounted at /239/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 531.127177][ T9543] loop5: detected capacity change from 0 to 8 [ 531.257738][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 531.290640][ T9543] SQUASHFS error: Failed to read block 0x707: -5 [ 531.297460][ T9543] SQUASHFS error: Unable to read metadata cache entry [705] [ 531.305316][ T9543] SQUASHFS error: Unable to read inode 0x11f [ 531.698332][ T9552] syz_tun: entered allmulticast mode [ 532.602818][ T9560] 9pnet: p9_errstr2errno: server reported unknown error di3 [ 534.183752][ T9589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1222'. [ 534.306257][ T9589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1222'. [ 534.337925][ T9589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1222'. [ 534.398929][ T9589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1222'. [ 535.785773][ T9607] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 537.706238][ T9637] overlayfs: failed to clone upperpath [ 538.326703][ T9650] netlink: 'syz.4.1241': attribute type 10 has an invalid length. [ 538.547970][ T9648] bond0: (slave bond_slave_0): Releasing backup interface [ 538.575883][ T9648] bond_slave_0: left promiscuous mode [ 538.604231][ T9648] bond0: (slave bond_slave_1): Releasing backup interface [ 538.627536][ T9648] bond_slave_1: left promiscuous mode [ 538.711354][ T9648] team0: Port device team_slave_0 removed [ 538.809782][ T9648] team0: Port device team_slave_1 removed [ 538.824615][ T9648] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 538.836376][ T9648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 538.863711][ T9648] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 538.989931][ T9650] team0: Port device bond0 added [ 540.457882][ T9670] vlan2: entered promiscuous mode [ 540.463460][ T9670] veth0_virt_wifi: entered promiscuous mode [ 540.470677][ T9670] vlan2: entered allmulticast mode [ 540.476171][ T9670] veth0_virt_wifi: entered allmulticast mode [ 540.517806][ T9675] loop5: detected capacity change from 0 to 8 [ 541.449751][ T9678] lo speed is unknown, defaulting to 1000 [ 541.736016][ T9681] lo speed is unknown, defaulting to 1000 [ 542.175048][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 542.181758][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 542.971120][ T9696] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1259'. [ 544.967054][ T9703] team0: left allmulticast mode [ 544.972436][ T9703] team_slave_0: left allmulticast mode [ 544.978241][ T9703] team_slave_1: left allmulticast mode [ 544.987270][ T9703] team0: left promiscuous mode [ 544.992668][ T9703] team_slave_0: left promiscuous mode [ 544.999366][ T9703] team_slave_1: left promiscuous mode [ 545.008451][ T9703] bridge0: port 3(team0) entered disabled state [ 545.187857][ T9703] bridge_slave_0: left allmulticast mode [ 545.194224][ T9703] bridge_slave_0: left promiscuous mode [ 545.201531][ T9703] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.326067][ T9703] bridge_slave_1: left allmulticast mode [ 545.331978][ T9703] bridge_slave_1: left promiscuous mode [ 545.343169][ T9703] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.408557][ T9703] bond0: (slave bond_slave_0): Releasing backup interface [ 545.497616][ T9703] bond0: (slave bond_slave_1): Releasing backup interface [ 545.650543][ T9703] team0: Port device team_slave_0 removed [ 545.706260][ T9703] team0: Port device team_slave_1 removed [ 545.741142][ T9703] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 545.781850][ T9703] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 545.815606][ T9703] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 547.637776][ T9728] bond3: entered allmulticast mode [ 547.794513][ T9732] bridge4: entered promiscuous mode [ 547.800461][ T9732] bridge4: entered allmulticast mode [ 547.908042][ T9732] bond3: (slave bridge4): Enslaving as an active interface with an up link [ 548.605023][ T8779] IPVS: starting estimator thread 0... [ 548.692786][ T9744] IPVS: using max 192 ests per chain, 9600 per kthread [ 549.307462][ T9751] loop5: detected capacity change from 0 to 1024 [ 549.328664][ T9751] EXT4-fs: Ignoring removed orlov option [ 549.338238][ T9751] EXT4-fs: Ignoring removed nomblk_io_submit option [ 549.463131][ T9751] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 549.816966][ T6881] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 550.029609][ T9768] team0: left allmulticast mode [ 550.034917][ T9768] team_slave_0: left allmulticast mode [ 550.040691][ T9768] team_slave_1: left allmulticast mode [ 550.046551][ T9768] bridge2: left allmulticast mode [ 550.051815][ T9768] team0: left promiscuous mode [ 550.060096][ T9768] team_slave_0: left promiscuous mode [ 550.067990][ T9768] team_slave_1: left promiscuous mode [ 550.075236][ T9768] bridge2: left promiscuous mode [ 550.085620][ T9768] bridge0: port 3(team0) entered disabled state [ 550.176145][ T9768] batman_adv: batadv0: Removing interface: dummy0 [ 550.205366][ T9772] netlink: 'syz.1.1282': attribute type 10 has an invalid length. [ 550.227320][ T9768] bridge_slave_0: left allmulticast mode [ 550.236607][ T9768] bridge_slave_0: left promiscuous mode [ 550.243738][ T9768] bridge0: port 1(bridge_slave_0) entered disabled state [ 550.309501][ T9768] bridge_slave_1: left allmulticast mode [ 550.315919][ T9768] bridge_slave_1: left promiscuous mode [ 550.322871][ T9768] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.389600][ T9768] bond0: (slave bond_slave_0): Releasing backup interface [ 550.397575][ T9765] overlayfs: failed to clone upperpath [ 550.441368][ T9768] bond0: (slave bond_slave_1): Releasing backup interface [ 550.546295][ T9768] team0: Port device team_slave_0 removed [ 550.580520][ T9768] team0: Port device team_slave_1 removed [ 550.593862][ T9768] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 550.658859][ T9768] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 550.777537][ T9768] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 550.978043][ T9772] team0: Port device bond0 added [ 551.467835][ T30] audit: type=1804 audit(2000000156.940:263): pid=9785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1290" name="file0" dev="tmpfs" ino=1468 res=1 errno=0 [ 551.591172][ T9783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 552.028090][ T9791] overlayfs: failed to clone upperpath [ 552.952917][ T9802] loop1: detected capacity change from 0 to 128 [ 553.045480][ T9802] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 553.130207][ T9802] ext4 filesystem being mounted at /259/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 553.592010][ T5780] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 554.248995][ T9819] 8021q: adding VLAN 0 to HW filter on device bond4 [ 554.537287][ T9825] bond4: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 554.563418][ T35] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 554.706233][ T35] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 555.371624][ T9840] bridge3: entered promiscuous mode [ 555.377317][ T9840] bridge3: entered allmulticast mode [ 555.839946][ T9847] vlan2: entered promiscuous mode [ 555.849332][ T9847] syz_tun: entered promiscuous mode [ 556.613258][ T9858] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1317'. [ 556.670214][ T9862] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1317'. [ 556.739904][ T9862] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 556.831451][ T9865] 9pnet: p9_errstr2errno: server reported unknown error 0x00000000 [ 557.554015][ T9876] bridge_slave_1: left allmulticast mode [ 557.560053][ T9876] bridge_slave_1: left promiscuous mode [ 557.567397][ T9876] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.610678][ T9876] bond0: (slave bond_slave_0): Releasing backup interface [ 557.653800][ T9876] bond0: (slave bond_slave_1): Releasing backup interface [ 557.671321][ T9878] netlink: 'syz.5.1326': attribute type 10 has an invalid length. [ 557.702563][ T5842] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 557.713870][ T9876] team0: Port device team_slave_0 removed [ 557.743510][ T9876] team0: Port device team_slave_1 removed [ 557.781491][ T9876] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 557.856464][ T9876] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 557.895409][ T5842] usb 2-1: Using ep0 maxpacket: 32 [ 557.926447][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 557.938379][ T5842] usb 2-1: New USB device found, idVendor=056a, idProduct=4004, bcdDevice= 0.00 [ 557.948936][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.965219][ T9878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 558.002860][ T9878] team0: Port device bond0 added [ 558.053685][ T5842] usb 2-1: config 0 descriptor?? [ 558.422879][ T5842] usbhid 2-1:0.0: can't add hid device: -71 [ 558.429556][ T5842] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 558.504339][ T5842] usb 2-1: USB disconnect, device number 6 [ 559.689732][ T9901] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 560.810497][ T9914] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1338'. [ 561.809347][ T9930] netlink: 'syz.4.1342': attribute type 10 has an invalid length. [ 561.839029][ T9927] team0: Port device bond0 removed [ 561.981861][ T9927] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 562.138010][ T9930] team0: Port device bond0 added [ 564.302304][ T30] audit: type=1804 audit(2000000169.760:264): pid=9960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1355" name="/newroot/162/file0" dev="tmpfs" ino=896 res=1 errno=0 [ 565.420314][ T9968] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1359'. [ 565.753000][ T9976] team0: Port device bond0 removed [ 565.778156][ T9976] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 565.875581][ T9977] netlink: 'syz.2.1362': attribute type 10 has an invalid length. [ 565.989393][ T9977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 566.030225][ T9977] team0: Port device bond0 added [ 567.070753][ T9995] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1368'. [ 567.081641][ T9995] unsupported nlmsg_type 40 [ 567.811169][ T5842] IPVS: starting estimator thread 0... [ 567.906267][T10008] IPVS: using max 192 ests per chain, 9600 per kthread [ 568.159742][T10010] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1375'. [ 568.645980][ C0] ===================================================== [ 568.653418][ C0] BUG: KMSAN: uninit-value in __skb_checksum_complete+0x371/0x480 [ 568.661445][ C0] __skb_checksum_complete+0x371/0x480 [ 568.667296][ C0] icmp_rcv+0xbfa/0x2450 [ 568.671738][ C0] ip_protocol_deliver_rcu+0xb25/0x13c0 [ 568.677639][ C0] ip_local_deliver_finish+0x409/0x720 [ 568.683424][ C0] ip_local_deliver+0x228/0x4a0 [ 568.688501][ C0] ip_rcv_finish+0x4f7/0x5b0 [ 568.693436][ C0] ip_rcv+0xcb/0x370 [ 568.697582][ C0] process_backlog+0x8d7/0x1500 [ 568.702763][ C0] __napi_poll+0xdc/0x8f0 [ 568.707279][ C0] net_rx_action+0xa5b/0x1c70 [ 568.712251][ C0] handle_softirqs+0x168/0x6f0 [ 568.717200][ C0] run_ksoftirqd+0x29/0x50 [ 568.721888][ C0] smpboot_thread_fn+0x56b/0xa10 [ 568.727193][ C0] kthread+0xd5a/0xf00 [ 568.731435][ C0] ret_from_fork+0x207/0x6f0 [ 568.736363][ C0] ret_from_fork_asm+0x1a/0x30 [ 568.741349][ C0] [ 568.743887][ C0] Uninit was stored to memory at: [ 568.749240][ C0] skb_copy_and_csum_bits+0x844/0x1580 [ 568.755028][ C0] icmp_glue_bits+0x8e/0x2f0 [ 568.759820][ C0] __ip_append_data+0x60ed/0x7030 [ 568.765172][ C0] ip_append_data+0x144/0x220 [ 568.770042][ C0] icmp_push_reply+0xb7/0x760 [ 568.775053][ C0] __icmp_send+0x1a3f/0x1bb0 [ 568.780062][ C0] ipv4_link_failure+0x8c1/0xbe0 [ 568.785364][ C0] arp_error_report+0xe5/0x160 [ 568.790430][ C0] neigh_invalidate+0x2aa/0x700 [ 568.795633][ C0] neigh_timer_handler+0x1004/0x1450 [ 568.801140][ C0] call_timer_fn+0x4c/0x4b0 [ 568.805998][ C0] __run_timer_base+0x80f/0xd90 [ 568.811055][ C0] run_timer_softirq+0x3a/0x70 [ 568.816222][ C0] handle_softirqs+0x168/0x6f0 [ 568.821175][ C0] __irq_exit_rcu+0x65/0x170 [ 568.826068][ C0] irq_exit_rcu+0x12/0x20 [ 568.830573][ C0] sysvec_apic_timer_interrupt+0x84/0x90 [ 568.836527][ C0] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 568.842820][ C0] [ 568.845280][ C0] Uninit was created at: [ 568.849824][ C0] __alloc_frozen_pages_noprof+0x6df/0xf50 [ 568.855969][ C0] alloc_pages_mpol+0x328/0x860 [ 568.861058][ C0] alloc_pages_noprof+0x101/0x280 [ 568.866384][ C0] skb_page_frag_refill+0x34e/0x730 [ 568.871770][ C0] sk_page_frag_refill+0x59/0x190 [ 568.877088][ C0] tcp_sendmsg_locked+0x23d8/0x76f0 [ 568.882577][ C0] tcp_sendmsg+0x4b/0x90 [ 568.887025][ C0] inet_sendmsg+0x134/0x290 [ 568.891700][ C0] __sys_sendto+0x8ea/0xb90 [ 568.896546][ C0] __ia32_sys_sendto+0x12f/0x200 [ 568.901812][ C0] ia32_sys_call+0x1a3d/0x4340 [ 568.906966][ C0] __do_fast_syscall_32+0x14a/0x310 [ 568.912475][ C0] do_fast_syscall_32+0x37/0x80 [ 568.917539][ C0] do_SYSENTER_32+0x1f/0x30 [ 568.922412][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 568.928969][ C0] [ 568.931517][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 568.943154][ C0] Tainted: [L]=SOFTLOCKUP [ 568.947591][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 568.957940][ C0] ===================================================== [ 568.965077][ C0] Disabling lock debugging due to kernel taint [ 568.971372][ C0] Kernel panic - not syncing: kmsan.panic set ... [ 568.977947][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G B L syzkaller #0 PREEMPT(voluntary) [ 568.989396][ C0] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP [ 568.995059][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 569.005258][ C0] Call Trace: [ 569.008658][ C0] [ 569.011713][ C0] __dump_stack+0x26/0x30 [ 569.016270][ C0] dump_stack_lvl+0x50/0x1c0 [ 569.021071][ C0] ? dump_stack+0x12/0x25 [ 569.025615][ C0] dump_stack+0x1e/0x25 [ 569.029981][ C0] vpanic+0x435/0xd40 [ 569.034197][ C0] panic+0x15d/0x160 [ 569.038358][ C0] kmsan_report+0x31a/0x320 [ 569.043125][ C0] ? __msan_warning+0x1b/0x30 [ 569.048025][ C0] ? __skb_checksum_complete+0x371/0x480 [ 569.053874][ C0] ? icmp_rcv+0xbfa/0x2450 [ 569.058484][ C0] ? ip_protocol_deliver_rcu+0xb25/0x13c0 [ 569.064448][ C0] ? ip_local_deliver_finish+0x409/0x720 [ 569.070331][ C0] ? ip_local_deliver+0x228/0x4a0 [ 569.075592][ C0] ? ip_rcv_finish+0x4f7/0x5b0 [ 569.080603][ C0] ? ip_rcv+0xcb/0x370 [ 569.084917][ C0] ? process_backlog+0x8d7/0x1500 [ 569.090147][ C0] ? __napi_poll+0xdc/0x8f0 [ 569.094829][ C0] ? net_rx_action+0xa5b/0x1c70 [ 569.099968][ C0] ? handle_softirqs+0x168/0x6f0 [ 569.105104][ C0] ? run_ksoftirqd+0x29/0x50 [ 569.109901][ C0] ? smpboot_thread_fn+0x56b/0xa10 [ 569.115249][ C0] ? kthread+0xd5a/0xf00 [ 569.119670][ C0] ? ret_from_fork+0x207/0x6f0 [ 569.124678][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 569.129863][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 569.135951][ C0] ? csum_partial+0x424/0x480 [ 569.140885][ C0] ? skb_checksum+0x11ad/0x12a0 [ 569.145940][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 569.151301][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 569.156679][ C0] __msan_warning+0x1b/0x30 [ 569.161419][ C0] __skb_checksum_complete+0x371/0x480 [ 569.167110][ C0] icmp_rcv+0xbfa/0x2450 [ 569.171581][ C0] ? __pfx_icmp_rcv+0x10/0x10 [ 569.176466][ C0] ip_protocol_deliver_rcu+0xb25/0x13c0 [ 569.182295][ C0] ip_local_deliver_finish+0x409/0x720 [ 569.188024][ C0] ip_local_deliver+0x228/0x4a0 [ 569.193115][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 569.199365][ C0] ? __pfx_ip_local_deliver+0x10/0x10 [ 569.204981][ C0] ip_rcv_finish+0x4f7/0x5b0 [ 569.209834][ C0] ip_rcv+0xcb/0x370 [ 569.213962][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 569.219323][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 569.224057][ C0] process_backlog+0x8d7/0x1500 [ 569.229121][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 569.235200][ C0] ? filter_irq_stacks+0x49/0x190 [ 569.240448][ C0] ? __pfx_process_backlog+0x10/0x10 [ 569.245954][ C0] __napi_poll+0xdc/0x8f0 [ 569.250489][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 569.256571][ C0] net_rx_action+0xa5b/0x1c70 [ 569.261462][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 569.267629][ C0] ? sched_clock_cpu+0x59/0xa70 [ 569.272683][ C0] ? __run_timer_base+0xe1/0xd90 [ 569.277824][ C0] ? rcu_core+0x1896/0x2000 [ 569.282585][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 569.287916][ C0] handle_softirqs+0x168/0x6f0 [ 569.292902][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 569.298233][ C0] run_ksoftirqd+0x29/0x50 [ 569.302862][ C0] smpboot_thread_fn+0x56b/0xa10 [ 569.308079][ C0] kthread+0xd5a/0xf00 [ 569.312345][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 569.318082][ C0] ? __pfx_kthread+0x10/0x10 [ 569.322860][ C0] ret_from_fork+0x207/0x6f0 [ 569.327688][ C0] ? __switch_to+0x521/0x750 [ 569.332519][ C0] ? __pfx_kthread+0x10/0x10 [ 569.337311][ C0] ret_from_fork_asm+0x1a/0x30 [ 569.342377][ C0] [ 569.346222][ C0] Kernel Offset: disabled [ 569.350625][ C0] Rebooting in 86400 seconds..