last executing test programs: 3.342754149s ago: executing program 2 (id=1419): syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') syz_open_procfs(0x0, &(0x7f0000000000)='limits\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1b}}}, 0x4, 0x2}, &(0x7f0000000000)=0x90) 3.315933546s ago: executing program 4 (id=1422): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000001dc0), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000001f00)={0x0, 0x0, &(0x7f0000001ec0)={&(0x7f0000001e40)={0x1c, r4, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}}, 0x80) 3.140162138s ago: executing program 2 (id=1426): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00', 0x0}) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005f40)=[{{&(0x7f0000000140)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @empty, @multicast2}}}], 0x20}}], 0x1, 0x48c0) r2 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x1}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 2.392969802s ago: executing program 2 (id=1433): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x160, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @TCA_RATE={0x6, 0x5, {0xb, 0x40}}, @filter_kind_options=@f_bpf={{0x8}, {0x118, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xf0, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x48, 0x1e, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x9, 0x4, 0x10000000, 0x633, 0xe2d}}]}, {0x4}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_mpls={0x74, 0x13, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x400, 0x33c9, 0x3, 0x6, 0x5}, 0x3}}, @TCA_MPLS_TC={0x5, 0x6, 0x4}]}, {0x24, 0x6, "df76640d30b6ba21699aad3d084f7f7fa20bd027b7de9f27132e342ff43eb10f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}, @TCA_BPF_CLASSID={0x8, 0x3, {0xe, 0xfff2}}]}}]}, 0x160}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 2.316483048s ago: executing program 4 (id=1435): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x5}, {0x2, 0x0, 0x0, 0x8}]}, 0x94) sendmsg$inet(r0, &(0x7f00000029c0)={&(0x7f00000002c0)={0x2, 0x0, @private=0xa010100}, 0x10, &(0x7f0000002780)=[{&(0x7f00000006c0)='{', 0x1}], 0x1}, 0x4000040) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000001040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000140)="d7", 0x1}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xd, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0xfffffffc, 0x1, 0x200000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x94) close(0xffffffffffffffff) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x7b, &(0x7f0000000000)=r1, 0x8) 2.219723413s ago: executing program 2 (id=1437): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000140)={[{}]}) 2.13699022s ago: executing program 2 (id=1440): r0 = socket$inet6(0xa, 0x5, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x11) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0x3e92, 0xa, 0x1, 0x400, 0x8, 0x24000000, 0x558, 0xe55, r3}, &(0x7f00000000c0)=0x20) 1.999819053s ago: executing program 2 (id=1443): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket(0x1, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400003366"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r3}, 0x20) sendmmsg$unix(r3, &(0x7f0000001680), 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r5 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r6 = openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff) close(r6) execveat$binfmt(0xffffffffffffff9c, r5, 0x0, 0x0, 0x0) r7 = openat$binfmt(0xffffffffffffff9c, r5, 0x2, 0x0) close(r7) execveat$binfmt(0xffffffffffffff9c, r5, 0x0, 0x0, 0x0) execveat$binfmt(0xffffffffffffff9c, r5, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r8 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r10 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r9, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="0600"]) 935.791705ms ago: executing program 4 (id=1450): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='securityfs\x00', 0x4000, &(0x7f0000000180)=',\x00') 787.927285ms ago: executing program 0 (id=1453): r0 = fanotify_init(0x0, 0x40000) fanotify_mark(r0, 0x1, 0x8000008, r0, 0x0) r1 = gettid() r2 = signalfd4(0xffffffffffffffff, &(0x7f0000002140)={[0xfffffffffffffff5]}, 0x8, 0x0) readv(r2, &(0x7f0000002940)=[{&(0x7f0000000240)=""/136, 0x88}], 0x1) timer_create(0x2, &(0x7f0000000040)={0x0, 0x7, 0x4, @tid=r1}, &(0x7f0000044000)) timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000080)={{0x77359400}, {0x0, 0x9}}, 0x0) 787.797294ms ago: executing program 4 (id=1454): socket$packet(0x11, 0x3, 0x300) userfaultfd(0x80801) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) sendmmsg$inet(r0, 0x0, 0x0, 0x24044c41) pselect6(0x40, &(0x7f0000000240)={0x2, 0x0, 0x4, 0x7fff, 0x2, 0x4000000000000, 0x100, 0x5}, &(0x7f0000000040)={0x3d, 0xfffffffffffffffe, 0x40, 0x7eff, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x71e7, 0x4}, 0x0, 0x0, 0x0) 715.869436ms ago: executing program 1 (id=1455): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000140)=[@in={0x2, 0x4e63, @loopback}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000240)={r2, @in={{0x2, 0x4e20, @empty}}, 0x200, 0x7}, 0x0) 715.395412ms ago: executing program 3 (id=1456): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) msgsnd(0x0, 0x0, 0x0, 0x800) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1}, 0x6e) listen(r0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x1}, 0x6e) 645.893127ms ago: executing program 0 (id=1457): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x143042, 0x80) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f00000000c0)={0x2018}) 595.896344ms ago: executing program 4 (id=1458): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000100ffff0000000000000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='mm_khugepaged_scan_pmd\x00', r0}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) 525.501625ms ago: executing program 1 (id=1459): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = mq_open(&(0x7f0000000180)='%`\x01', 0x842, 0x57, 0x0) mq_timedsend(r0, 0xfffffffffffffffe, 0x0, 0x401, 0x0) 519.645065ms ago: executing program 3 (id=1460): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x66, &(0x7f0000000d40)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c6dd00", 0x30, 0x3a, 0x0, @private0, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x2, {0xb, 0x6, "9a6c6a", 0x7, 0x2e, 0x0, @remote, @private2={0xfc, 0x2, '\x00', 0xff}}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x400005aa, 0x0) 455.793502ms ago: executing program 4 (id=1461): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r0, 0x890c, &(0x7f0000000840)={0x0, {0x2, 0x4e22, @loopback}, {0x2, 0x8044, @rand_addr=0x64010102}, {0x2, 0x4e2b, @multicast2}, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}) 455.513588ms ago: executing program 0 (id=1462): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r0, r2, 0x25, 0x0, @val=@perf_event}, 0x18) syz_emit_ethernet(0x42, &(0x7f0000000380)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x1, @multicast, @private0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}}}}}, 0x0) 403.851016ms ago: executing program 3 (id=1463): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0) 376.047454ms ago: executing program 0 (id=1464): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x3e, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80000, 0x0) io_setup(0x34, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x7000000, 0x4, 0x0, 0x0, r0, 0x0, 0x0, 0x1000000000000000}]) 291.939702ms ago: executing program 1 (id=1465): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e5700", 0x2c}], 0x1) 279.218044ms ago: executing program 3 (id=1466): listen(0xffffffffffffffff, 0x8) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="20000000000000008400000002000000f238c4"], 0x20}, 0xc0) 206.428596ms ago: executing program 1 (id=1467): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x28001}, 0x8000002) 180.796301ms ago: executing program 1 (id=1468): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x9, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000fcffffff0000000002000004c32680000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x98, &(0x7f0000000080)=""/152, 0x41000, 0x62}, 0x94) 120.027559ms ago: executing program 3 (id=1469): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x2, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, {0xa, 0x4e25, 0x7, @empty, 0x7}, r1, 0xfffffff9}}, 0x48) 119.880334ms ago: executing program 0 (id=1470): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1}, 0x6e) 103.239286ms ago: executing program 0 (id=1471): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffc8a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x4, 0x4, 0x4, 0x10000, 0x808, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3000000, 0xffffffff}, 0x48) 75.665929ms ago: executing program 1 (id=1472): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e0301000000000064050000000000006916300000000000bf07000000000000260507000fff0720670600001f000000470600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) 0s ago: executing program 3 (id=1473): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000100)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000001c0)={0x2, {{0xa, 0x4e20, 0x8, @mcast2, 0x2}}, 0x1, 0x2, [{{0xa, 0x4e20, 0x8001, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3dde7417}}, {{0xa, 0x4e21, 0x4, @mcast2, 0xfffffffd}}]}, 0x190) syz_emit_ethernet(0x42, &(0x7f0000000040)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.213' (ED25519) to the list of known hosts. [ 65.360910][ T5813] cgroup: Unknown subsys name 'net' [ 65.468940][ T5813] cgroup: Unknown subsys name 'cpuset' [ 65.477428][ T5813] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.848482][ T5813] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 69.431669][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.440533][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.450086][ T5834] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.458413][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.467501][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.475562][ T5834] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.483463][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.490994][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.499913][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.507311][ T5834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.515705][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.516307][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.523983][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.532054][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.536867][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.545702][ T5834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.559511][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.561205][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.568739][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.576814][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.582021][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.595306][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.598348][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.622125][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.630315][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.114684][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 70.234011][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 70.351900][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 70.480611][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.488621][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.496174][ T5824] bridge_slave_0: entered allmulticast mode [ 70.504207][ T5824] bridge_slave_0: entered promiscuous mode [ 70.543463][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.550851][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.558815][ T5824] bridge_slave_1: entered allmulticast mode [ 70.567533][ T5824] bridge_slave_1: entered promiscuous mode [ 70.610904][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.618170][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.625353][ T5833] bridge_slave_0: entered allmulticast mode [ 70.633169][ T5833] bridge_slave_0: entered promiscuous mode [ 70.662381][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 70.680032][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.687232][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.694442][ T5833] bridge_slave_1: entered allmulticast mode [ 70.701663][ T5833] bridge_slave_1: entered promiscuous mode [ 70.708609][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 70.722336][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.777862][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.841360][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.848804][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.856944][ T5837] bridge_slave_0: entered allmulticast mode [ 70.864011][ T5837] bridge_slave_0: entered promiscuous mode [ 70.879582][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.916856][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.924691][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.932023][ T5837] bridge_slave_1: entered allmulticast mode [ 70.939592][ T5837] bridge_slave_1: entered promiscuous mode [ 70.953234][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.969767][ T5824] team0: Port device team_slave_0 added [ 70.977944][ T5824] team0: Port device team_slave_1 added [ 71.044494][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.051930][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.078354][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.130006][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.137449][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.163903][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.177940][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.201348][ T5833] team0: Port device team_slave_0 added [ 71.243564][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.252945][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.261396][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.268691][ T5823] bridge_slave_0: entered allmulticast mode [ 71.276007][ T5823] bridge_slave_0: entered promiscuous mode [ 71.285486][ T5833] team0: Port device team_slave_1 added [ 71.317406][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.324662][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.332341][ T5827] bridge_slave_0: entered allmulticast mode [ 71.339507][ T5827] bridge_slave_0: entered promiscuous mode [ 71.376908][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.384098][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.391477][ T5823] bridge_slave_1: entered allmulticast mode [ 71.399164][ T5823] bridge_slave_1: entered promiscuous mode [ 71.419891][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.427288][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.453325][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.463601][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.464745][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.472494][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.478912][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.490906][ T5827] bridge_slave_1: entered allmulticast mode [ 71.499218][ T5827] bridge_slave_1: entered promiscuous mode [ 71.507832][ T5837] team0: Port device team_slave_0 added [ 71.534713][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.541778][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.568094][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.592185][ T5837] team0: Port device team_slave_1 added [ 71.598104][ T5832] Bluetooth: hci1: command tx timeout [ 71.627451][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.669031][ T5824] hsr_slave_0: entered promiscuous mode [ 71.675419][ T5824] hsr_slave_1: entered promiscuous mode [ 71.675842][ T5832] Bluetooth: hci2: command tx timeout [ 71.681084][ T5834] Bluetooth: hci3: command tx timeout [ 71.687117][ T5843] Bluetooth: hci0: command tx timeout [ 71.692001][ T5839] Bluetooth: hci4: command tx timeout [ 71.715121][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.742960][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.753210][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.760450][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.786550][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.817074][ T5823] team0: Port device team_slave_0 added [ 71.836576][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.846668][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.853622][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.879670][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.904440][ T5823] team0: Port device team_slave_1 added [ 71.964485][ T5833] hsr_slave_0: entered promiscuous mode [ 71.970927][ T5833] hsr_slave_1: entered promiscuous mode [ 71.977417][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 71.983225][ T5833] Cannot create hsr debugfs directory [ 72.003947][ T5827] team0: Port device team_slave_0 added [ 72.029703][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.037106][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.063520][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.076527][ T5827] team0: Port device team_slave_1 added [ 72.107124][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.114109][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.140391][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.243841][ T5837] hsr_slave_0: entered promiscuous mode [ 72.250782][ T5837] hsr_slave_1: entered promiscuous mode [ 72.257265][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 72.263469][ T5837] Cannot create hsr debugfs directory [ 72.270651][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.277860][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.303917][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.322564][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.329587][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.355647][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.453575][ T5823] hsr_slave_0: entered promiscuous mode [ 72.460367][ T5823] hsr_slave_1: entered promiscuous mode [ 72.466688][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 72.472430][ T5823] Cannot create hsr debugfs directory [ 72.543721][ T5827] hsr_slave_0: entered promiscuous mode [ 72.550239][ T5827] hsr_slave_1: entered promiscuous mode [ 72.556674][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 72.562405][ T5827] Cannot create hsr debugfs directory [ 72.936779][ T5824] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 72.964662][ T5824] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 72.987451][ T5824] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.008296][ T5824] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.063013][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 73.082903][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 73.094538][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 73.104900][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 73.227342][ T5827] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 73.268010][ T5827] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 73.281954][ T5827] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 73.307997][ T5827] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 73.360664][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.377606][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.389065][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.398920][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.442927][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.529675][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 73.542154][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.553786][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.570492][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.593708][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.605268][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.643382][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.650647][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.675929][ T5839] Bluetooth: hci1: command tx timeout [ 73.690663][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.697800][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.733333][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.744908][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.756809][ T5839] Bluetooth: hci4: command tx timeout [ 73.762255][ T5839] Bluetooth: hci3: command tx timeout [ 73.768270][ T5834] Bluetooth: hci2: command tx timeout [ 73.769072][ T5832] Bluetooth: hci0: command tx timeout [ 73.795238][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.802461][ T1170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.813179][ T1170] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.820397][ T1170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.858624][ T5824] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.869043][ T5824] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.906165][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.931108][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.938399][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.998544][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.005942][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.054555][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.133702][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.191657][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.201119][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.208364][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.240566][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.247807][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.338594][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.455030][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.493407][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.506875][ T5824] veth0_vlan: entered promiscuous mode [ 74.528114][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.535334][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.569937][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.577229][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.633687][ T5824] veth1_vlan: entered promiscuous mode [ 74.814087][ T5824] veth0_macvtap: entered promiscuous mode [ 74.858939][ T5824] veth1_macvtap: entered promiscuous mode [ 74.875370][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.930756][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.950774][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.999032][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.053553][ T1170] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.063795][ T1170] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.109045][ T1170] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.121122][ T1170] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.165277][ T5827] veth0_vlan: entered promiscuous mode [ 75.187864][ T5823] veth0_vlan: entered promiscuous mode [ 75.238226][ T5827] veth1_vlan: entered promiscuous mode [ 75.248440][ T5823] veth1_vlan: entered promiscuous mode [ 75.296943][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.328698][ T5833] veth0_vlan: entered promiscuous mode [ 75.337887][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.361618][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.394296][ T5833] veth1_vlan: entered promiscuous mode [ 75.413605][ T5827] veth0_macvtap: entered promiscuous mode [ 75.435311][ T3502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.444067][ T5827] veth1_macvtap: entered promiscuous mode [ 75.457970][ T3502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.471532][ T5823] veth0_macvtap: entered promiscuous mode [ 75.521642][ T5823] veth1_macvtap: entered promiscuous mode [ 75.562216][ T5824] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 75.564768][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.588817][ T5837] veth0_vlan: entered promiscuous mode [ 75.620840][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.647711][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.658208][ T5833] veth0_macvtap: entered promiscuous mode [ 75.681240][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.694968][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.712543][ T5941] loop2: detected capacity change from 0 to 128 [ 75.727546][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.735918][ T5941] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 75.750380][ T5837] veth1_vlan: entered promiscuous mode [ 75.751994][ T5941] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 75.765322][ T5832] Bluetooth: hci1: command tx timeout [ 75.792258][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.794126][ T30] audit: type=1804 audit(1761007895.452:2): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3" name="/newroot/0/file0/bus" dev="loop2" ino=115 res=1 errno=0 [ 75.822822][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.836303][ T5832] Bluetooth: hci0: command tx timeout [ 75.838537][ T5839] Bluetooth: hci4: command tx timeout [ 75.841731][ T5832] Bluetooth: hci3: command tx timeout [ 75.847168][ T5834] Bluetooth: hci2: command tx timeout [ 75.861196][ T5833] veth1_macvtap: entered promiscuous mode [ 75.881459][ T3502] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.918275][ T3502] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.927970][ T3502] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.961933][ T3502] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.984153][ T5837] veth0_macvtap: entered promiscuous mode [ 76.008142][ T5837] veth1_macvtap: entered promiscuous mode [ 76.043261][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.061956][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.161349][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.177714][ T1170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.186218][ T1170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.202288][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.217741][ T3502] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.262018][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.271575][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.283725][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.296355][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.330792][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.349805][ T3502] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.361911][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.371206][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.380732][ T3502] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.432381][ T3502] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.443198][ T3502] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.503350][ T4522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.520749][ T4522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.650461][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.658912][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.725353][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.747681][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.803541][ T5946] loop2: detected capacity change from 0 to 64 [ 76.846894][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.873854][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.926552][ T5950] sock: sock_set_timeout: `syz.0.1' (pid 5950) tries to set negative timeout [ 76.968438][ T5946] minix_free_block (loop2:4): bit already cleared [ 76.988331][ T4522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.998717][ T5843] Bluetooth: hci0: unexpected cc 0x0c5b length: 5 > 1 [ 77.007148][ T5950] GUP no longer grows the stack in syz.0.1 (5950): 200000002000-200000005000 (200000001000) [ 77.015207][ T5946] minix_free_block (loop2:3): bit already cleared [ 77.029064][ T4522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.051387][ T5950] CPU: 1 UID: 0 PID: 5950 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) [ 77.051413][ T5950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 77.051430][ T5950] Call Trace: [ 77.051436][ T5950] [ 77.051444][ T5950] dump_stack_lvl+0x189/0x250 [ 77.051480][ T5950] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.051500][ T5950] ? __pfx__printk+0x10/0x10 [ 77.051516][ T5950] ? find_vma+0xe7/0x160 [ 77.051552][ T5950] __get_user_pages+0x2463/0x29f0 [ 77.051593][ T5950] ? down_read_killable+0x1d1/0x350 [ 77.051622][ T5950] __gup_longterm_locked+0x3dc/0x1660 [ 77.051648][ T5950] ? try_grab_folio_fast+0x3e9/0x6a0 [ 77.051684][ T5950] gup_fast_fallback+0x1d6b/0x22d0 [ 77.051739][ T5950] ? __pfx_gup_fast_fallback+0x10/0x10 [ 77.051753][ T5950] ? frame_vector_create+0x67/0x110 [ 77.051769][ T5950] ? rcu_is_watching+0x15/0xb0 [ 77.051786][ T5950] ? trace_kmalloc+0x1f/0xd0 [ 77.051806][ T5950] ? is_valid_gup_args+0x11f/0x200 [ 77.051828][ T5950] ? pin_user_pages_fast+0x4d/0xb0 [ 77.051850][ T5950] get_vaddr_frames+0x86/0x210 [ 77.051871][ T5950] vb2_create_framevec+0x58/0xd0 [ 77.051895][ T5950] vb2_vmalloc_get_userptr+0x108/0x450 [ 77.051918][ T5950] ? __pfx_vb2_vmalloc_get_userptr+0x10/0x10 [ 77.051935][ T5950] __buf_prepare+0xf4f/0x4740 [ 77.051976][ T5950] ? __pfx___buf_prepare+0x10/0x10 [ 77.052003][ T5950] ? is_bpf_text_address+0x26/0x2b0 [ 77.052024][ T5950] ? is_bpf_text_address+0x292/0x2b0 [ 77.052039][ T5950] ? is_bpf_text_address+0x26/0x2b0 [ 77.052057][ T5950] ? kernel_text_address+0xa5/0xe0 [ 77.052078][ T5950] ? __kernel_text_address+0xd/0x40 [ 77.052097][ T5950] ? unwind_get_return_address+0x4d/0x90 [ 77.052114][ T5950] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 77.052133][ T5950] ? arch_stack_walk+0xfc/0x150 [ 77.052168][ T5950] ? __lock_acquire+0xab9/0xd20 [ 77.052241][ T5950] vb2_core_prepare_buf+0xad/0x2c0 [ 77.052265][ T5950] v4l2_m2m_ioctl_prepare_buf+0x15d/0x440 [ 77.052282][ T5950] ? v4l_prepare_buf+0x71/0xd0 [ 77.052306][ T5950] __video_do_ioctl+0xa59/0xc10 [ 77.052331][ T5950] ? __pfx___video_do_ioctl+0x10/0x10 [ 77.052362][ T5950] video_usercopy+0x82d/0x1450 [ 77.052386][ T5950] ? __pfx___video_do_ioctl+0x10/0x10 [ 77.052401][ T5950] ? __pfx_video_usercopy+0x10/0x10 [ 77.052434][ T5950] ? __fget_files+0x3a0/0x420 [ 77.052452][ T5950] v4l2_ioctl+0x18d/0x1e0 [ 77.052466][ T5950] ? __pfx_v4l2_ioctl+0x10/0x10 [ 77.052480][ T5950] __se_sys_ioctl+0xfc/0x170 [ 77.052502][ T5950] do_syscall_64+0xfa/0xfa0 [ 77.052522][ T5950] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.052541][ T5950] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.052556][ T5950] ? clear_bhb_loop+0x60/0xb0 [ 77.052574][ T5950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.052589][ T5950] RIP: 0033:0x7f8c41b8efc9 [ 77.052615][ T5950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.052629][ T5950] RSP: 002b:00007f8c42a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.052647][ T5950] RAX: ffffffffffffffda RBX: 00007f8c41de5fa0 RCX: 00007f8c41b8efc9 [ 77.052660][ T5950] RDX: 0000200000002dc0 RSI: 00000000c058565d RDI: 0000000000000005 [ 77.052671][ T5950] RBP: 00007f8c41c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 77.052681][ T5950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.052698][ T5950] R13: 00007f8c41de6038 R14: 00007f8c41de5fa0 R15: 00007ffc87513cd8 [ 77.052730][ T5950] [ 77.657616][ T5952] loop3: detected capacity change from 0 to 32768 [ 77.677382][ T5952] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.8 (5952) [ 77.701156][ T5952] BTRFS info (device loop3): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 77.712303][ T5952] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 77.838462][ T5843] Bluetooth: hci1: command tx timeout [ 77.916020][ T5843] Bluetooth: hci3: command tx timeout [ 77.925698][ T5843] Bluetooth: hci4: command tx timeout [ 77.933451][ T5832] Bluetooth: hci2: command tx timeout [ 78.000111][ T5952] BTRFS info (device loop3): enabling ssd optimizations [ 78.037050][ T5952] BTRFS info (device loop3): turning on async discard [ 78.043899][ T5952] BTRFS info (device loop3): enabling free space tree [ 78.106965][ T5952] BTRFS info (device loop3): use lzo compression, level 1 [ 78.326463][ T5827] BTRFS info (device loop3): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 78.843355][ T5973] loop2: detected capacity change from 0 to 40427 [ 78.894602][ T5973] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 78.920128][ T5973] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 78.969384][ T5973] F2FS-fs (loop2): invalid crc value [ 79.240506][ T5999] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 79.275417][ T6001] netlink: 'syz.4.17': attribute type 1 has an invalid length. [ 79.297162][ T6003] sock: sock_set_timeout: `syz.3.18' (pid 6003) tries to set negative timeout [ 79.341395][ T5843] Bluetooth: hci2: unexpected cc 0x0c5b length: 5 > 1 [ 79.352227][ T5973] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 79.408372][ T6001] 8021q: adding VLAN 0 to HW filter on device bond1 [ 79.418881][ T5973] F2FS-fs (loop2): Start checkpoint disabled! [ 79.432576][ T5973] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 79.462205][ T5973] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 79.506585][ T5973] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 79.656580][ T13] kworker/u8:1: attempt to access beyond end of device [ 79.656580][ T13] loop2: rw=1, sector=53248, nr_sectors = 8 limit=40427 [ 79.681035][ T6014] loop4: detected capacity change from 0 to 164 [ 79.715030][ T6014] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 79.734427][ T13] kworker/u8:1: attempt to access beyond end of device [ 79.734427][ T13] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 79.939420][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) [ 79.939445][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 79.939456][ T13] Workqueue: writeback wb_workfn (flush-7:2) [ 79.939483][ T13] Call Trace: [ 79.939490][ T13] [ 79.939498][ T13] dump_stack_lvl+0x189/0x250 [ 79.939521][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.939539][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 79.939553][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 79.939573][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 79.939614][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 79.939644][ T13] f2fs_write_end_io+0x886/0xb60 [ 79.939680][ T13] __submit_merged_bio+0x27a/0x6a0 [ 79.939709][ T13] __submit_merged_write_cond+0x255/0x530 [ 79.939740][ T13] f2fs_write_data_pages+0x261d/0x3000 [ 79.939801][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 79.939840][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 79.939898][ T13] ? kvm_sched_clock_read+0x11/0x20 [ 79.939970][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 79.939994][ T13] do_writepages+0x32e/0x550 [ 79.940019][ T13] ? reacquire_held_locks+0x127/0x1d0 [ 79.940034][ T13] ? writeback_sb_inodes+0x384/0x1010 [ 79.940065][ T13] __writeback_single_inode+0x145/0xff0 [ 79.940086][ T13] ? do_raw_spin_unlock+0x122/0x240 [ 79.940109][ T13] writeback_sb_inodes+0x6c7/0x1010 [ 79.940160][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 79.940229][ T13] ? rcu_is_watching+0x15/0xb0 [ 79.940256][ T13] wb_writeback+0x43b/0xaf0 [ 79.940286][ T13] ? queue_io+0x311/0x590 [ 79.940310][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 79.940341][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 79.940365][ T13] wb_workfn+0x409/0xef0 [ 79.940400][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 79.940423][ T13] ? __lock_acquire+0xab9/0xd20 [ 79.940457][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 79.940487][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 79.940504][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 79.940524][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 79.940545][ T13] process_scheduled_works+0xae1/0x17b0 [ 79.940598][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 79.940648][ T13] worker_thread+0x8a0/0xda0 [ 79.940695][ T13] kthread+0x711/0x8a0 [ 79.940718][ T13] ? __pfx_worker_thread+0x10/0x10 [ 79.940732][ T13] ? __pfx_kthread+0x10/0x10 [ 79.940753][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 79.940771][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.940788][ T13] ? __pfx_kthread+0x10/0x10 [ 79.940807][ T13] ret_from_fork+0x4bc/0x870 [ 79.940832][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 79.940864][ T13] ? __switch_to_asm+0x39/0x70 [ 79.940881][ T13] ? __switch_to_asm+0x33/0x70 [ 79.940897][ T13] ? __pfx_kthread+0x10/0x10 [ 79.940917][ T13] ret_from_fork_asm+0x1a/0x30 [ 79.940956][ T13] [ 79.940963][ T13] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 80.518237][ T5965] loop0: detected capacity change from 0 to 131072 [ 80.599376][ T5965] F2FS-fs (loop0): invalid crc value [ 80.893664][ T5965] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 81.242862][ T6044] Zero length message leads to an empty skb [ 82.275953][ T5887] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 82.458998][ T5887] usb 2-1: Using ep0 maxpacket: 16 [ 82.471084][ T5887] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 82.515568][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 82.567263][ T5887] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 82.576632][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.584737][ T5887] usb 2-1: Product: syz [ 82.595599][ T5887] usb 2-1: Manufacturer: syz [ 82.604660][ T5887] usb 2-1: SerialNumber: syz [ 82.627498][ T5887] usb 2-1: config 0 descriptor?? [ 82.652377][ T5887] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 82.675626][ T5887] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 83.256357][ T5887] em28xx 2-1:0.0: chip ID is em2860 [ 83.830620][ T5887] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 83.839685][ T5887] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 83.848628][ T5887] em28xx 2-1:0.0: No AC97 audio processor [ 83.861654][ T5887] usb 2-1: USB disconnect, device number 2 [ 83.870722][ T5887] em28xx 2-1:0.0: Disconnecting em28xx [ 83.879617][ T5887] em28xx 2-1:0.0: Freeing device [ 84.043677][ T6076] loop0: detected capacity change from 0 to 32768 [ 84.100104][ T6076] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.46 (6076) [ 84.207143][ T6076] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 84.229503][ T6076] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 85.212106][ T6076] BTRFS info (device loop0): enabling ssd optimizations [ 85.255656][ T6076] BTRFS info (device loop0): turning on async discard [ 85.280646][ T6076] BTRFS info (device loop0): enabling free space tree [ 85.289980][ T6118] loop2: detected capacity change from 0 to 2048 [ 85.362804][ T6118] Alternate GPT is invalid, using primary GPT. [ 85.369944][ T6121] netlink: 24 bytes leftover after parsing attributes in process `syz.1.58'. [ 85.375987][ T6118] loop2: p2 p3 p7 [ 85.399999][ T30] audit: type=1804 audit(1761007905.052:3): pid=6076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.46" name="/newroot/3/file0/file1" dev="loop0" ino=260 res=1 errno=0 [ 85.520162][ T5823] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 85.741278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.750138][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.850013][ T6132] process 'syz.2.62' launched './file1' with NULL argv: empty string added [ 86.482908][ T6132] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.665612][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 86.896927][ T10] cfg80211: failed to load regulatory.db [ 87.388589][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 87.395447][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 87.411702][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 87.425062][ T9] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 87.435138][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.448877][ T9] usb 4-1: Product: syz [ 87.455050][ T9] usb 4-1: Manufacturer: syz [ 87.461962][ T9] usb 4-1: SerialNumber: syz [ 87.471254][ T9] usb 4-1: config 0 descriptor?? [ 87.480816][ T9] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 87.505622][ T9] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 88.251661][ T9] em28xx 4-1:0.0: chip ID is em2860 [ 88.466431][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 88.477695][ T9] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 88.506136][ T9] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 88.513129][ T9] em28xx 4-1:0.0: No AC97 audio processor [ 88.544191][ T9] usb 4-1: USB disconnect, device number 2 [ 88.551637][ T9] em28xx 4-1:0.0: Disconnecting em28xx [ 88.569162][ T9] em28xx 4-1:0.0: Freeing device [ 88.591389][ T6153] loop1: detected capacity change from 0 to 16 [ 88.604256][ T6153] ======================================================= [ 88.604256][ T6153] WARNING: The mand mount option has been deprecated and [ 88.604256][ T6153] and is ignored by this kernel. Remove the mand [ 88.604256][ T6153] option from the mount to silence this warning. [ 88.604256][ T6153] ======================================================= [ 88.650067][ T6157] netlink: 'syz.2.71': attribute type 29 has an invalid length. [ 88.662210][ T6157] netlink: 'syz.2.71': attribute type 29 has an invalid length. [ 88.677902][ T6153] erofs (device loop1): mounted with root inode @ nid 36. [ 88.689585][ T6157] netlink: 500 bytes leftover after parsing attributes in process `syz.2.71'. [ 88.703500][ T6157] unsupported nla_type 58 [ 89.583561][ T6180] binder: 6179:6180 ioctl 4018620d 0 returned -22 [ 90.580898][ T6199] binder: 6198:6199 ioctl c0306201 0 returned -14 [ 90.933646][ T30] audit: type=1400 audit(1761007910.562:4): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=":/" pid=6189 comm="syz.2.80" [ 91.525356][ T6203] loop1: detected capacity change from 0 to 32768 [ 91.563582][ T6203] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.87 (6203) [ 91.653164][ T6203] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 91.696126][ T6203] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 91.836937][ T6203] BTRFS info (device loop1): enabling ssd optimizations [ 91.842968][ T6234] binder: 6233:6234 ioctl c0306201 0 returned -14 [ 91.844347][ T6203] BTRFS info (device loop1): turning on async discard [ 91.895628][ T6203] BTRFS info (device loop1): enabling free space tree [ 92.119195][ T30] audit: type=1804 audit(1761007911.782:5): pid=6203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.87" name="/newroot/16/file0/file1" dev="loop1" ino=260 res=1 errno=0 [ 92.748739][ T5837] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 92.827420][ T6246] binder: 6245:6246 ioctl c0306201 0 returned -14 [ 92.858835][ T6252] loop3: detected capacity change from 0 to 8 [ 92.866126][ T6252] cramfs: Unknown parameter '1844674407370955161501777777777777777777777' [ 93.210821][ T6269] loop1: detected capacity change from 0 to 164 [ 93.228102][ T6269] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 94.552354][ T6288] binder: 6287:6288 ioctl c0306201 0 returned -14 [ 94.815467][ T6306] loop2: detected capacity change from 0 to 164 [ 94.834705][ T6308] netlink: 4 bytes leftover after parsing attributes in process `syz.3.125'. [ 94.857584][ T6306] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 94.927521][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.927823][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 94.986516][ T6305] syzkaller0: entered promiscuous mode [ 95.085765][ T6305] syzkaller0: entered allmulticast mode [ 95.701223][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 95.709051][ T9] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 95.719896][ T9] usb 5-1: config 155 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 95.735719][ T9] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 95.744850][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.759943][ T9] usb 5-1: Product: syz [ 95.764135][ T9] usb 5-1: Manufacturer: syz [ 95.778398][ T9] usb 5-1: SerialNumber: syz [ 95.807479][ T9] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 95.829896][ T9] imon 5-1:155.0: unable to initialize intf0, err -19 [ 95.850510][ T9] imon:imon_probe: failed to initialize context! [ 95.867968][ T9] imon 5-1:155.0: unable to register, err -19 [ 96.796592][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.872771][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.918800][ T6328] netlink: 20 bytes leftover after parsing attributes in process `syz.2.130'. [ 96.974510][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 97.784525][ T6327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.795174][ T6327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.811372][ T6327] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.819999][ T6327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 98.076874][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.156287][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.217495][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.558101][ T6360] syzkaller0: entered promiscuous mode [ 98.563844][ T6360] syzkaller0: entered allmulticast mode [ 98.588332][ T9] usb 5-1: USB disconnect, device number 2 [ 99.314826][ T6377] loop2: detected capacity change from 0 to 136 [ 99.440021][ T6379] 9pnet_fd: Insufficient options for proto=fd [ 100.214881][ T6391] loop4: detected capacity change from 0 to 32768 [ 100.244935][ T6391] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.156 (6391) [ 100.300993][ T6391] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 100.312767][ T6391] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 100.388269][ T6391] BTRFS info (device loop4): enabling ssd optimizations [ 100.396122][ T6391] BTRFS info (device loop4): turning on async discard [ 100.403023][ T6391] BTRFS info (device loop4): enabling free space tree [ 100.444391][ T30] audit: type=1800 audit(1761007920.102:6): pid=6391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.156" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 101.128583][ T5833] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 101.953988][ T6422] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 101.967332][ T6420] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 101.987138][ T6421] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 102.009631][ T6422] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 102.220147][ T6430] loop4: detected capacity change from 0 to 164 [ 102.237884][ T6430] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 102.372282][ T6440] tipc: Enabling of bearer rejected, failed to enable media [ 102.502599][ T6440] syzkaller0: entered promiscuous mode [ 102.535366][ T6440] syzkaller0: entered allmulticast mode [ 103.421597][ T6460] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 103.467199][ T6460] block device autoloading is deprecated and will be removed. [ 104.380730][ T6468] loop1: detected capacity change from 0 to 32768 [ 104.501402][ T6468] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 104.679445][ T6468] XFS (loop1): Ending clean mount [ 104.725990][ T6468] XFS (loop1): Quotacheck needed: Please wait. [ 104.800855][ T6468] XFS (loop1): Quotacheck: Done. [ 105.532190][ T5837] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 105.868870][ T6459] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 106.493388][ T6524] netlink: 'syz.4.200': attribute type 1 has an invalid length. [ 106.570870][ T6524] 8021q: adding VLAN 0 to HW filter on device bond2 [ 106.670954][ T6530] tipc: Enabling of bearer rejected, failed to enable media [ 106.719283][ T6524] gretap1: entered promiscuous mode [ 106.749827][ T6524] bond2: (slave gretap1): making interface the new active one [ 106.783296][ T6524] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 107.027377][ T6530] syzkaller0: entered promiscuous mode [ 107.045037][ T6530] syzkaller0: entered allmulticast mode [ 107.227762][ T6543] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 107.256581][ T6543] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 107.283814][ T6545] fuse: blksize only supported for fuseblk [ 107.663810][ T6560] netlink: 'syz.4.215': attribute type 1 has an invalid length. [ 108.311247][ T6579] netlink: 16 bytes leftover after parsing attributes in process `syz.2.223'. [ 109.212774][ T6560] 8021q: adding VLAN 0 to HW filter on device bond3 [ 109.270549][ T6564] vlan2: entered promiscuous mode [ 109.310653][ T6564] bond3: entered promiscuous mode [ 109.341866][ T6564] vlan2: entered allmulticast mode [ 109.369193][ T6564] bond3: entered allmulticast mode [ 109.522145][ T6603] binder: 6602:6603 ioctl c0306201 200000000180 returned -14 [ 109.557141][ T6603] binder: 6602:6603 ioctl c0306201 0 returned -14 [ 110.105965][ T5910] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 110.171628][ T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 110.171830][ T6625] tipc: Enabling of bearer rejected, failed to enable media [ 110.247351][ T6629] netlink: 'syz.4.244': attribute type 1 has an invalid length. [ 110.275577][ T5910] usb 2-1: Using ep0 maxpacket: 32 [ 110.284804][ T5910] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 110.297132][ T6625] syzkaller0: entered promiscuous mode [ 110.304729][ T6625] syzkaller0: entered allmulticast mode [ 110.311308][ T5910] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 110.333777][ T5910] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 110.355408][ T5910] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 110.363216][ T6629] 8021q: adding VLAN 0 to HW filter on device bond4 [ 110.366114][ T5910] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 110.373190][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 110.387912][ T5910] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 110.401164][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.409486][ T5910] usb 2-1: Product: syz [ 110.413737][ T5910] usb 2-1: Manufacturer: syz [ 110.418798][ T5910] usb 2-1: SerialNumber: syz [ 110.426612][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 110.444024][ T6631] vlan3: entered promiscuous mode [ 110.446343][ T5910] imon:imon_init_intf0: usb_submit_urb failed for intf0 (-90) [ 110.456788][ T5910] imon 2-1:155.0: unable to initialize intf0, err -90 [ 110.459411][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 110.463552][ T5910] imon:imon_probe: failed to initialize context! [ 110.463582][ T5910] imon 2-1:155.0: unable to register, err -19 [ 110.488765][ T6631] bond4: entered promiscuous mode [ 110.488922][ T6631] vlan3: entered allmulticast mode [ 110.488935][ T6631] bond4: entered allmulticast mode [ 110.506584][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 110.536786][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 110.555727][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 110.585460][ T10] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 110.599785][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 110.615911][ T10] usb 3-1: Product: syz [ 110.620488][ T10] usb 3-1: Manufacturer: syz [ 110.625168][ T10] usb 3-1: SerialNumber: syz [ 110.657113][ T10] usb 3-1: config 0 descriptor?? [ 110.873255][ T10] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 110.880623][ T10] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 111.073858][ T10] radio-si470x 3-1:0.0: software version 0, hardware version 0 [ 111.082047][ T10] radio-si470x 3-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 111.094917][ T10] radio-si470x 3-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 111.277795][ T10] radio-si470x 3-1:0.0: submitting int urb failed (-90) [ 112.092045][ T10] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 112.101836][ T6653] loop3: detected capacity change from 0 to 32768 [ 112.107685][ T10] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -22 [ 112.110528][ T6653] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.251 (6653) [ 112.130923][ T10] usb 3-1: USB disconnect, device number 2 [ 112.157427][ T6653] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 112.169517][ T6653] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 112.260767][ T6653] BTRFS info (device loop3): enabling ssd optimizations [ 112.268177][ T6653] BTRFS info (device loop3): turning on async discard [ 112.274970][ T6653] BTRFS info (device loop3): enabling free space tree [ 112.348699][ T30] audit: type=1804 audit(1761007932.012:7): pid=6653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.251" name="/newroot/68/file0/file1" dev="loop3" ino=260 res=1 errno=0 [ 112.370667][ T6671] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 112.454281][ T5827] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 112.509712][ T5843] Bluetooth: hci0: unexpected cc 0x0c5b length: 5 > 1 [ 112.930803][ T6693] loop0: detected capacity change from 0 to 2048 [ 112.947635][ T6695] netlink: 'syz.2.262': attribute type 1 has an invalid length. [ 112.981591][ T6693] Alternate GPT is invalid, using primary GPT. [ 112.986792][ T6695] 8021q: adding VLAN 0 to HW filter on device bond1 [ 112.988026][ T6693] loop0: p2 p3 p7 [ 113.011596][ T6695] vlan2: entered promiscuous mode [ 113.016298][ T6693] loop2: detected capacity change from 0 to 7 [ 113.016712][ T6695] bond1: entered promiscuous mode [ 113.024424][ T6693] Dev loop2: unable to read RDB block 7 [ 113.028297][ T6695] vlan2: entered allmulticast mode [ 113.034673][ T6693] loop2: unable to read partition table [ 113.039477][ T6695] bond1: entered allmulticast mode [ 113.046063][ T6693] loop2: partition table beyond EOD, truncated [ 113.058327][ T6693] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 113.138484][ T6698] tipc: Enabling of bearer rejected, failed to enable media [ 113.210973][ T5910] usb 2-1: USB disconnect, device number 3 [ 113.277453][ T6698] syzkaller0: entered promiscuous mode [ 113.282964][ T6698] syzkaller0: entered allmulticast mode [ 113.335468][ T5843] Bluetooth: hci4: unexpected cc 0x0c5b length: 5 > 1 [ 114.005792][ T5843] Bluetooth: hci0: unexpected cc 0x0c5b length: 5 > 1 [ 114.109865][ T6737] binder: BINDER_SET_CONTEXT_MGR already set [ 114.116182][ T6737] binder: 6735:6737 ioctl 4018620d 2000000002c0 returned -16 [ 114.134262][ T6737] binder: 6735:6737 ioctl c0306201 0 returned -14 [ 115.968575][ T6775] binder: 6774:6775 ioctl c0306201 0 returned -14 [ 115.976148][ T6775] binder: 6774:6775 ioctl c0306201 200000000680 returned -14 [ 117.253210][ T6802] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 117.464125][ T6807] loop4: detected capacity change from 0 to 512 [ 117.472409][ T6807] EXT4-fs: Ignoring removed nomblk_io_submit option [ 117.499888][ T6807] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 117.508361][ T6807] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 117.517520][ T6807] EXT4-fs (loop4): orphan cleanup on readonly fs [ 117.529353][ T6807] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 117.539050][ T6807] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 117.554792][ T6807] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 117.570099][ T6807] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.307: bg 0: block 40: padding at end of block bitmap is not set [ 117.598429][ T6807] EXT4-fs (loop4): Remounting filesystem read-only [ 117.605740][ T6807] EXT4-fs (loop4): 1 truncate cleaned up [ 117.614156][ T6807] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 117.630893][ T6807] EXT4-fs (loop4): shut down requested (2) [ 117.677766][ T6807] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.045969][ T5843] Bluetooth: hci0: unexpected cc 0x0c5b length: 5 > 1 [ 118.367753][ T6835] loop2: detected capacity change from 0 to 8 [ 118.387536][ T6835] cramfs: Unknown parameter '1844674407370955161501777777777777777777777' [ 118.532783][ T6842] loop2: detected capacity change from 0 to 256 [ 118.578628][ T6842] FAT-fs (loop2): Directory bread(block 64) failed [ 118.588737][ T6842] FAT-fs (loop2): Directory bread(block 65) failed [ 118.595450][ T6842] FAT-fs (loop2): Directory bread(block 66) failed [ 118.604965][ T6842] FAT-fs (loop2): Directory bread(block 67) failed [ 118.616013][ T6842] FAT-fs (loop2): Directory bread(block 68) failed [ 118.622698][ T6842] FAT-fs (loop2): Directory bread(block 69) failed [ 118.630474][ T6842] FAT-fs (loop2): Directory bread(block 70) failed [ 118.640348][ T6842] FAT-fs (loop2): Directory bread(block 71) failed [ 118.648970][ T6842] FAT-fs (loop2): Directory bread(block 72) failed [ 118.656082][ T6842] FAT-fs (loop2): Directory bread(block 73) failed [ 118.725817][ T5887] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 118.847796][ T6851] netlink: 'syz.4.327': attribute type 1 has an invalid length. [ 118.885995][ T5887] usb 1-1: Using ep0 maxpacket: 8 [ 118.897025][ T5887] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.907418][ T5887] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 118.929363][ T5887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 118.948266][ T6851] 8021q: adding VLAN 0 to HW filter on device bond5 [ 118.955049][ T5887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 118.966175][ T5887] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 118.982388][ T5887] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 118.993509][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 119.001710][ T5887] usb 1-1: Product: syz [ 119.006031][ T5887] usb 1-1: Manufacturer: syz [ 119.010631][ T5887] usb 1-1: SerialNumber: syz [ 119.031574][ T5887] usb 1-1: config 0 descriptor?? [ 119.047380][ T6853] vlan4: entered promiscuous mode [ 119.052999][ T6853] bond5: entered promiscuous mode [ 119.086281][ T6853] vlan4: entered allmulticast mode [ 119.101785][ T6853] bond5: entered allmulticast mode [ 120.140347][ T5887] radio-si470x 1-1:0.0: si470x_get_report: usb_control_msg returned -110 [ 120.169938][ T5887] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5 [ 120.264011][ T5887] usb 1-1: USB disconnect, device number 2 [ 120.592385][ T6872] netlink: 'syz.2.332': attribute type 1 has an invalid length. [ 120.689303][ T6872] 8021q: adding VLAN 0 to HW filter on device bond2 [ 120.748799][ T6872] gretap1: entered promiscuous mode [ 120.769792][ T5843] Bluetooth: hci3: unexpected cc 0x0c5b length: 5 > 1 [ 120.890471][ T6882] loop0: detected capacity change from 0 to 512 [ 120.917109][ T6882] EXT4-fs: Ignoring removed nomblk_io_submit option [ 120.956406][ T6882] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 120.964349][ T6882] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 120.979719][ T6882] EXT4-fs (loop0): orphan cleanup on readonly fs [ 120.987255][ T6882] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0 [ 120.996760][ T6882] EXT4-fs warning (device loop0): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 121.011435][ T6882] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 121.028451][ T6882] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.336: bg 0: block 40: padding at end of block bitmap is not set [ 121.046505][ T6882] EXT4-fs (loop0): Remounting filesystem read-only [ 121.053150][ T6882] EXT4-fs (loop0): 1 truncate cleaned up [ 121.058470][ T6891] netlink: 'syz.2.339': attribute type 1 has an invalid length. [ 121.068601][ T6882] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 121.092180][ T6882] EXT4-fs (loop0): shut down requested (2) [ 121.107625][ T6882] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.164717][ T6891] 8021q: adding VLAN 0 to HW filter on device bond3 [ 121.284923][ T6898] vlan3: entered promiscuous mode [ 121.347694][ T6898] bond3: entered promiscuous mode [ 121.352965][ T6898] vlan3: entered allmulticast mode [ 121.374576][ T6898] bond3: entered allmulticast mode [ 121.574098][ T6918] loop3: detected capacity change from 0 to 8 [ 121.581363][ T6918] cramfs: Unknown parameter '1844674407370955161501777777777777777777777' [ 121.686196][ T6924] autofs: Bad value for 'fd' [ 122.647621][ T6930] netlink: 32 bytes leftover after parsing attributes in process `syz.1.356'. [ 122.660054][ T6930] netlink: 12 bytes leftover after parsing attributes in process `syz.1.356'. [ 122.989927][ T6948] netlink: 'syz.3.361': attribute type 1 has an invalid length. [ 123.033347][ T6948] 8021q: adding VLAN 0 to HW filter on device bond1 [ 123.095855][ T6948] vlan3: entered promiscuous mode [ 123.116146][ T6948] bond1: entered promiscuous mode [ 123.122483][ T6948] vlan3: entered allmulticast mode [ 123.156647][ T6948] bond1: entered allmulticast mode [ 124.097993][ T5873] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 124.825567][ T5873] usb 4-1: Using ep0 maxpacket: 32 [ 124.834167][ T5873] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 124.845548][ T5873] usb 4-1: config 0 has no interface number 0 [ 124.851688][ T5873] usb 4-1: config 0 interface 12 has no altsetting 0 [ 124.887947][ T5873] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 124.897826][ T6982] loop2: detected capacity change from 0 to 4096 [ 124.905141][ T6982] EXT4-fs: Ignoring removed mblk_io_submit option [ 124.915687][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.923786][ T5873] usb 4-1: Product: syz [ 124.961100][ T6982] EXT4-fs (loop2): Test dummy encryption mode enabled [ 124.969923][ T5873] usb 4-1: Manufacturer: syz [ 124.974634][ T5873] usb 4-1: SerialNumber: syz [ 124.999302][ T6982] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.023104][ T5873] usb 4-1: config 0 descriptor?? [ 125.046890][ T6982] netlink: 32 bytes leftover after parsing attributes in process `syz.2.374'. [ 125.063486][ T6982] netlink: 12 bytes leftover after parsing attributes in process `syz.2.374'. [ 125.081539][ T6982] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 125.126532][ T5824] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.139661][ T6986] netlink: 'syz.0.375': attribute type 1 has an invalid length. [ 125.308354][ T6986] 8021q: adding VLAN 0 to HW filter on device bond1 [ 125.488539][ T6995] netlink: 'syz.0.377': attribute type 1 has an invalid length. [ 125.547963][ T6995] 8021q: adding VLAN 0 to HW filter on device bond2 [ 125.854230][ T7002] loop2: detected capacity change from 0 to 8 [ 125.866506][ T7002] cramfs: Unknown parameter '1844674407370955161501777777777777777777777' [ 126.089410][ T7012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.385'. [ 127.180317][ T7029] loop2: detected capacity change from 0 to 8 [ 127.246649][ T7029] cramfs: Unknown parameter '1844674407370955161501777777777777777777777' [ 127.326374][ T7019] mmap: syz.0.387 (7019) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 127.401466][ T5873] f81534 4-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 127.410496][ T5873] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 127.417863][ T5873] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 127.425591][ T5873] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 127.438887][ T5873] usb 4-1: USB disconnect, device number 3 [ 128.266994][ T7044] netlink: 'syz.4.397': attribute type 1 has an invalid length. [ 128.332874][ T7044] 8021q: adding VLAN 0 to HW filter on device bond6 [ 128.414981][ T7056] loop3: detected capacity change from 0 to 8 [ 128.425115][ T7056] cramfs: Unknown parameter '1844674407370955161501777777777777777777777' [ 131.533986][ T7138] syz.3.435 uses obsolete (PF_INET,SOCK_PACKET) [ 132.894070][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.903716][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.312199][ T7207] sctp: [Deprecated]: syz.4.460 (pid 7207) Use of struct sctp_assoc_value in delayed_ack socket option. [ 135.312199][ T7207] Use struct sctp_sack_info instead [ 136.572825][ T7241] syzkaller0: entered promiscuous mode [ 136.585681][ T7241] syzkaller0: entered allmulticast mode [ 136.630420][ T7244] netlink: 'syz.1.476': attribute type 1 has an invalid length. [ 136.947474][ T7254] netlink: 'syz.4.481': attribute type 1 has an invalid length. [ 137.045341][ T7254] 8021q: adding VLAN 0 to HW filter on device bond7 [ 137.063184][ T7259] loop3: detected capacity change from 0 to 16 [ 137.128366][ T7259] erofs (device loop3): mounted with root inode @ nid 36. [ 139.041141][ T7291] loop2: detected capacity change from 0 to 512 [ 139.073748][ T7291] EXT4-fs: Ignoring removed nomblk_io_submit option [ 139.092069][ T7291] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 139.103219][ T7291] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 139.113580][ T7291] EXT4-fs (loop2): orphan cleanup on readonly fs [ 139.129308][ T7296] netlink: 24 bytes leftover after parsing attributes in process `syz.3.493'. [ 139.138401][ T7296] netlink: 52 bytes leftover after parsing attributes in process `syz.3.493'. [ 139.147401][ T7291] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 139.165335][ T7291] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 139.226498][ T7291] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 139.251750][ T7291] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.491: bg 0: block 40: padding at end of block bitmap is not set [ 139.257127][ T7303] loop3: detected capacity change from 0 to 16 [ 139.279588][ T7303] erofs (device loop3): mounted with root inode @ nid 36. [ 139.365896][ T7291] EXT4-fs (loop2): Remounting filesystem read-only [ 139.383616][ T7291] EXT4-fs (loop2): 1 truncate cleaned up [ 139.405264][ T7291] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 139.487399][ T7291] EXT4-fs (loop2): shut down requested (2) [ 139.511825][ T7290] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.130868][ T7312] overlayfs: failed to resolve './file1': -2 [ 141.381164][ T7330] netlink: 24 bytes leftover after parsing attributes in process `syz.1.506'. [ 141.428263][ T7330] netlink: 52 bytes leftover after parsing attributes in process `syz.1.506'. [ 141.800384][ T7338] netlink: 16 bytes leftover after parsing attributes in process `syz.3.511'. [ 141.974316][ T7345] overlayfs: failed to resolve './file1': -2 [ 142.580155][ T7364] overlayfs: missing 'lowerdir' [ 143.000955][ T7369] fuse: Bad value for 'fd' [ 144.074404][ T7395] overlayfs: failed to clone upperpath [ 144.138501][ T7397] overlayfs: failed to clone upperpath [ 145.777663][ T7423] sctp: [Deprecated]: syz.2.544 (pid 7423) Use of struct sctp_assoc_value in delayed_ack socket option. [ 145.777663][ T7423] Use struct sctp_sack_info instead [ 146.917981][ T7441] netlink: 8 bytes leftover after parsing attributes in process `syz.1.551'. [ 146.956979][ T7441] netlink: 52 bytes leftover after parsing attributes in process `syz.1.551'. [ 147.299207][ T7451] loop3: detected capacity change from 0 to 1024 [ 147.309449][ T7451] EXT4-fs: Ignoring removed oldalloc option [ 147.323136][ T7451] EXT4-fs: Mount option(s) incompatible with ext3 [ 147.553549][ T7461] sctp: [Deprecated]: syz.0.558 (pid 7461) Use of struct sctp_assoc_value in delayed_ack socket option. [ 147.553549][ T7461] Use struct sctp_sack_info instead [ 148.934182][ T7508] sctp: [Deprecated]: syz.1.578 (pid 7508) Use of struct sctp_assoc_value in delayed_ack socket option. [ 148.934182][ T7508] Use struct sctp_sack_info instead [ 149.870258][ T7543] gretap1: entered promiscuous mode [ 150.169307][ T7530] loop3: detected capacity change from 0 to 32768 [ 150.213642][ T7552] netlink: 'syz.4.599': attribute type 2 has an invalid length. [ 150.300262][ T7530] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 150.615140][ T7573] overlayfs: missing 'lowerdir' [ 151.045612][ T7530] XFS (loop3): Ending clean mount [ 151.076708][ T7530] XFS (loop3): Quotacheck needed: Please wait. [ 151.109579][ T7583] sctp: [Deprecated]: syz.4.608 (pid 7583) Use of struct sctp_assoc_value in delayed_ack socket option. [ 151.109579][ T7583] Use struct sctp_sack_info instead [ 151.143173][ T7530] XFS (loop3): Quotacheck: Done. [ 152.233306][ T5827] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 152.635853][ T7616] sctp: [Deprecated]: syz.0.622 (pid 7616) Use of struct sctp_assoc_value in delayed_ack socket option. [ 152.635853][ T7616] Use struct sctp_sack_info instead [ 153.104270][ T7629] netlink: 16 bytes leftover after parsing attributes in process `syz.4.625'. [ 153.513253][ T7649] sch_tbf: burst 0 is lower than device macvtap0 mtu (1514) ! [ 153.544720][ T7655] netlink: 12 bytes leftover after parsing attributes in process `syz.3.635'. [ 153.798139][ T7668] netlink: 16 bytes leftover after parsing attributes in process `syz.1.641'. [ 154.406351][ T7699] netlink: 'syz.0.653': attribute type 1 has an invalid length. [ 154.414116][ T7699] netlink: 20 bytes leftover after parsing attributes in process `syz.0.653'. [ 156.053078][ T7738] netlink: 'syz.4.667': attribute type 2 has an invalid length. [ 158.963809][ T7795] netlink: 32 bytes leftover after parsing attributes in process `syz.0.692'. [ 159.185788][ T7812] netlink: 36 bytes leftover after parsing attributes in process `syz.2.701'. [ 159.279325][ T7820] sctp: [Deprecated]: syz.1.704 (pid 7820) Use of struct sctp_assoc_value in delayed_ack socket option. [ 159.279325][ T7820] Use struct sctp_sack_info instead [ 159.344723][ T7825] loop3: detected capacity change from 0 to 2048 [ 159.384535][ T7825] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 159.411664][ T7825] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.479690][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.616381][ T7835] netlink: 32 bytes leftover after parsing attributes in process `syz.4.710'. [ 159.797779][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 159.954688][ T7849] sctp: [Deprecated]: syz.0.716 (pid 7849) Use of int in max_burst socket option. [ 159.954688][ T7849] Use struct sctp_assoc_value instead [ 160.091818][ T7852] netlink: 36 bytes leftover after parsing attributes in process `syz.0.717'. [ 160.325196][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 160.436801][ T7856] sctp: [Deprecated]: syz.0.719 (pid 7856) Use of struct sctp_assoc_value in delayed_ack socket option. [ 160.436801][ T7856] Use struct sctp_sack_info instead [ 160.511397][ T10] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 160.535562][ T10] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 160.547414][ T10] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 161.017878][ T10] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 161.043635][ T10] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 161.065540][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.073573][ T10] usb 4-1: Product: syz [ 161.085558][ T10] usb 4-1: Manufacturer: syz [ 161.090191][ T10] usb 4-1: SerialNumber: syz [ 161.107830][ C0] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 161.119223][ T10] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input5 [ 161.317749][ T7869] netlink: 32 bytes leftover after parsing attributes in process `syz.0.723'. [ 161.326947][ T10] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 161.335204][ T10] (id 0x00) [ 161.505614][ T10] rc_core: IR keymap rc-imon-pad not found [ 161.516214][ T10] Registered IR keymap rc-empty [ 161.522764][ T10] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 161.552816][ T10] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 161.578369][ T7883] sctp: [Deprecated]: syz.0.731 (pid 7883) Use of struct sctp_assoc_value in delayed_ack socket option. [ 161.578369][ T7883] Use struct sctp_sack_info instead [ 161.698097][ T10] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0 [ 161.729650][ T10] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input6 [ 161.807764][ T10] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:4> initialized [ 162.769056][ T7915] sctp: [Deprecated]: syz.1.744 (pid 7915) Use of struct sctp_assoc_value in delayed_ack socket option. [ 162.769056][ T7915] Use struct sctp_sack_info instead [ 163.068249][ T7932] fuse: Bad value for 'fd' [ 163.476425][ T7943] sctp: [Deprecated]: syz.1.756 (pid 7943) Use of struct sctp_assoc_value in delayed_ack socket option. [ 163.476425][ T7943] Use struct sctp_sack_info instead [ 163.563572][ T7940] netlink: 32 bytes leftover after parsing attributes in process `syz.4.755'. [ 163.736213][ T5896] usb 4-1: USB disconnect, device number 4 [ 163.814410][ T7953] capability: warning: `syz.1.759' uses deprecated v2 capabilities in a way that may be insecure [ 163.896452][ T7962] loop3: detected capacity change from 0 to 512 [ 164.144828][ T7966] netlink: 32 bytes leftover after parsing attributes in process `syz.4.768'. [ 164.515627][ T5896] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 164.584683][ T7993] netlink: 32 bytes leftover after parsing attributes in process `syz.0.780'. [ 164.597463][ T7993] netlink: 28 bytes leftover after parsing attributes in process `syz.0.780'. [ 164.610800][ T7993] netlink: 28 bytes leftover after parsing attributes in process `syz.0.780'. [ 164.688009][ T5896] usb 4-1: Using ep0 maxpacket: 32 [ 164.697712][ T5896] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 164.709049][ T5896] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 164.722986][ T5896] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 164.736305][ T5896] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 164.757751][ T5896] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 164.782369][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.888726][ T5896] usb 4-1: Product: syz [ 164.893028][ T5896] usb 4-1: Manufacturer: syz [ 164.897731][ T5896] usb 4-1: SerialNumber: syz [ 164.917905][ C0] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 164.928753][ T5896] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input7 [ 165.078513][ T8015] netlink: 16 bytes leftover after parsing attributes in process `syz.4.791'. [ 165.088336][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.1.790'. [ 165.093234][ T8015] netlink: 16 bytes leftover after parsing attributes in process `syz.4.791'. [ 165.146004][ T5896] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 165.154795][ T5896] (id 0x00) [ 165.175316][ T8014] bond1: entered promiscuous mode [ 165.181957][ T8014] 8021q: adding VLAN 0 to HW filter on device bond1 [ 165.214561][ T8014] netlink: 28 bytes leftover after parsing attributes in process `syz.1.790'. [ 165.223856][ T8014] bond1: left promiscuous mode [ 165.304549][ T5896] rc_core: IR keymap rc-imon-pad not found [ 165.319775][ T5896] Registered IR keymap rc-empty [ 165.331202][ T5896] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 165.352905][ T5896] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 165.396669][ T5896] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0 [ 165.535397][ T5896] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input8 [ 165.659076][ T5896] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:5> initialized [ 166.252346][ T8047] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 166.312200][ T8051] netlink: 16 bytes leftover after parsing attributes in process `syz.0.804'. [ 166.316126][ T8050] netlink: 60 bytes leftover after parsing attributes in process `syz.2.805'. [ 167.171123][ T8095] 9pnet_fd: Insufficient options for proto=fd [ 167.198171][ T8097] bond0: Unable to set down delay as MII monitoring is disabled [ 167.413492][ T5910] usb 4-1: USB disconnect, device number 5 [ 170.121888][ T8197] sctp: [Deprecated]: syz.0.870 (pid 8197) Use of struct sctp_assoc_value in delayed_ack socket option. [ 170.121888][ T8197] Use struct sctp_sack_info instead [ 170.752096][ T8219] __nla_validate_parse: 8 callbacks suppressed [ 170.752115][ T8219] netlink: 44 bytes leftover after parsing attributes in process `syz.4.875'. [ 171.271291][ T8244] netlink: 'syz.1.886': attribute type 1 has an invalid length. [ 171.609290][ T8264] netlink: 44 bytes leftover after parsing attributes in process `syz.2.893'. [ 171.742073][ T8266] 8021q: adding VLAN 0 to HW filter on device bond8 [ 171.818349][ T8270] vlan5: entered promiscuous mode [ 171.845145][ T8270] bond8: entered promiscuous mode [ 171.865851][ T8270] vlan5: entered allmulticast mode [ 171.875741][ T8270] bond8: entered allmulticast mode [ 171.957573][ T8266] bond_slave_0: entered promiscuous mode [ 171.963574][ T8266] bond_slave_1: entered promiscuous mode [ 171.979486][ T8266] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 172.006425][ T8266] macvlan4: entered promiscuous mode [ 172.015657][ T8266] bond0: entered promiscuous mode [ 172.045934][ T8266] macvlan4: entered allmulticast mode [ 172.055651][ T8266] bond0: entered allmulticast mode [ 172.062245][ T8266] bond_slave_0: entered allmulticast mode [ 172.079057][ T8266] bond_slave_1: entered allmulticast mode [ 172.100311][ T8266] bond8: (slave macvlan4): Enslaving as an active interface with an up link [ 172.585907][ T8311] netlink: 'syz.2.909': attribute type 1 has an invalid length. [ 172.625146][ T8311] gretap1: entered promiscuous mode [ 172.874062][ T8323] loop3: detected capacity change from 0 to 164 [ 172.914874][ T8323] Unable to read rock-ridge attributes [ 173.114349][ T8340] netlink: 12 bytes leftover after parsing attributes in process `syz.3.919'. [ 173.194445][ T8349] netlink: 60 bytes leftover after parsing attributes in process `syz.2.924'. [ 173.209428][ T8347] ip6tnl1: entered allmulticast mode [ 173.215354][ T8347] bond2: (slave ip6tnl1): The slave device specified does not support setting the MAC address [ 173.292799][ T8347] bond2: (slave ip6tnl1): Error -95 calling set_mac_address [ 174.140924][ T8360] netlink: 'syz.1.927': attribute type 3 has an invalid length. [ 174.150632][ T8360] netlink: 'syz.1.927': attribute type 3 has an invalid length. [ 174.781283][ T8371] tipc: Enabling of bearer rejected, failed to enable media [ 175.847918][ T8408] tipc: Started in network mode [ 175.852931][ T8408] tipc: Node identity 2e9680ac9b79, cluster identity 4711 [ 175.865884][ T8408] tipc: Enabled bearer , priority 0 [ 175.888548][ T8407] tipc: Disabling bearer [ 180.289904][ T8522] overlayfs: missing 'lowerdir' [ 181.539037][ T8540] 9pnet_fd: Insufficient options for proto=fd [ 182.611862][ T8571] 9pnet_fd: Insufficient options for proto=fd [ 183.731454][ T8575] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 185.192766][ T8656] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1051'. [ 186.512922][ T8692] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 187.653261][ T8735] netlink: 'syz.4.1086': attribute type 1 has an invalid length. [ 188.300991][ T8735] 8021q: adding VLAN 0 to HW filter on device bond9 [ 188.333399][ T8738] vlan6: entered promiscuous mode [ 188.400679][ T8738] bond9: entered promiscuous mode [ 188.732512][ T8738] vlan6: entered allmulticast mode [ 188.740779][ T8738] bond9: entered allmulticast mode [ 189.108265][ T8742] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 189.117644][ T8742] macvlan5: entered promiscuous mode [ 189.125061][ T8742] macvlan5: entered allmulticast mode [ 189.145419][ T8742] bond9: (slave macvlan5): Enslaving as an active interface with an up link [ 189.183668][ T8749] netlink: 'syz.0.1089': attribute type 3 has an invalid length. [ 189.200614][ T8749] netlink: 'syz.0.1089': attribute type 3 has an invalid length. [ 189.499810][ T8774] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 189.754944][ T8785] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 190.473272][ T8789] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1107'. [ 190.505797][ T8789] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1107'. [ 193.493328][ T8844] sctp: [Deprecated]: syz.0.1127 (pid 8844) Use of struct sctp_assoc_value in delayed_ack socket option. [ 193.493328][ T8844] Use struct sctp_sack_info instead [ 194.433882][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.186686][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.012030][ T8908] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1155'. [ 196.335266][ T8920] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1160'. [ 196.351390][ T8920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1160'. [ 196.380178][ T8920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1160'. [ 197.218058][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 197.225164][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 197.231378][ T5835] Bluetooth: hci3: command 0x0406 tx timeout [ 197.233020][ T52] Bluetooth: hci1: command 0x0406 tx timeout [ 197.237470][ T5836] Bluetooth: hci4: command 0x0406 tx timeout [ 199.266070][ T30] audit: type=1326 audit(1761008018.892:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9007 comm="syz.4.1197" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f32a938efc9 code=0x0 [ 201.632545][ T30] audit: type=1800 audit(1761008021.292:9): pid=9065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1219" name="bus" dev="tmpfs" ino=1087 res=0 errno=0 [ 202.459976][ T9101] tipc: Enabled bearer , priority 0 [ 202.619273][ T9101] syzkaller0: entered promiscuous mode [ 202.624794][ T9101] syzkaller0: entered allmulticast mode [ 202.643891][ T9101] tipc: Resetting bearer [ 202.670359][ T9100] tipc: Resetting bearer [ 203.517582][ T5887] tipc: Node number set to 3052372140 [ 206.115033][ T9100] tipc: Disabling bearer [ 206.129901][ T9112] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1238'. [ 207.352800][ T9153] tipc: Enabled bearer , priority 0 [ 207.536415][ T9153] syzkaller0: entered promiscuous mode [ 207.542599][ T9153] syzkaller0: entered allmulticast mode [ 207.593546][ T9153] tipc: Resetting bearer [ 207.738192][ T9150] tipc: Resetting bearer [ 208.582885][ T9186] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 211.313954][ T9231] capability: warning: `syz.4.1285' uses 32-bit capabilities (legacy support in use) [ 211.830437][ T9231] io-wq is not configured for unbound workers [ 212.649683][ T9259] sctp: [Deprecated]: syz.0.1298 (pid 9259) Use of struct sctp_assoc_value in delayed_ack socket option. [ 212.649683][ T9259] Use struct sctp_sack_info instead [ 212.804452][ T9150] tipc: Disabling bearer [ 212.815071][ T9186] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 213.193510][ T9286] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1310'. [ 214.055055][ T30] audit: type=1326 audit(1761008033.712:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 214.215668][ T30] audit: type=1326 audit(1761008033.712:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 214.305342][ T30] audit: type=1326 audit(1761008033.742:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 214.329525][ T30] audit: type=1326 audit(1761008033.742:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 214.352098][ T30] audit: type=1326 audit(1761008033.742:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=453 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 214.868719][ T30] audit: type=1326 audit(1761008033.742:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 214.887187][ T9318] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1323'. [ 214.891944][ T30] audit: type=1326 audit(1761008033.742:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 214.933013][ T30] audit: type=1326 audit(1761008033.742:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 215.089876][ T30] audit: type=1326 audit(1761008033.742:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 215.126614][ T30] audit: type=1326 audit(1761008033.742:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.2.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 217.327888][ T9378] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1345'. [ 218.262577][ T9392] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1352'. [ 220.379696][ T9415] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1361'. [ 220.848249][ T9438] loop3: detected capacity change from 0 to 128 [ 221.047192][ T30] audit: type=1326 audit(1761008040.712:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 221.082100][ T9445] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1375'. [ 221.125621][ T30] audit: type=1326 audit(1761008040.732:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 221.692026][ T30] audit: type=1326 audit(1761008040.732:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 221.715509][ T30] audit: type=1326 audit(1761008040.732:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 221.738618][ T30] audit: type=1326 audit(1761008040.732:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 221.906913][ T30] audit: type=1326 audit(1761008040.732:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 221.975637][ T9462] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1383'. [ 221.984805][ T30] audit: type=1326 audit(1761008040.732:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 222.070586][ T30] audit: type=1326 audit(1761008040.742:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc38b38efc9 code=0x7ffc0000 [ 222.417530][ T9477] netlink: 'syz.0.1387': attribute type 3 has an invalid length. [ 222.426212][ T9477] netlink: 'syz.0.1387': attribute type 3 has an invalid length. [ 224.784391][ T9501] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1396'. [ 226.554454][ T1009] bond0: (slave bond_slave_0): interface is now down [ 226.565574][ T1009] bond0: (slave bond_slave_1): interface is now down [ 226.575179][ T1009] bond0: now running without any active interface! [ 227.897969][ T9591] loop3: detected capacity change from 0 to 256 [ 227.914394][ T9593] fuse: Bad value for 'fd' [ 227.926611][ T9591] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 227.973276][ T9596] overlayfs: missing 'lowerdir' [ 228.985674][ T9620] fuse: Bad value for 'fd' [ 230.353245][ T9680] ------------[ cut here ]------------ [ 230.358878][ T9680] verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0xffffdfcd, 0xffffffffffffdfcc] s64=[0x80000000ffffdfcd, 0x7fffffffffffdfcc] u32=[0xffffdfcd, 0xffffdfcc] s32=[0xffffdfcd, 0xffffdfcc] var_off=(0xffffdfcc, 0xffffffff00000000) [ 230.383753][ T9680] WARNING: kernel/bpf/verifier.c:2737 at reg_bounds_sanity_check+0x6e6/0xc20, CPU#0: syz.1.1472/9680 [ 230.394725][ T9680] Modules linked in: [ 230.398701][ T9680] CPU: 0 UID: 0 PID: 9680 Comm: syz.1.1472 Not tainted syzkaller #0 PREEMPT(full) [ 230.408924][ T9680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 230.419856][ T9680] RIP: 0010:reg_bounds_sanity_check+0x6e6/0xc20 [ 230.426165][ T9680] Code: 24 20 4c 8b 44 24 60 4c 8b 4c 24 58 41 ff 75 00 53 41 57 55 ff 74 24 38 ff 74 24 70 ff 74 24 40 e8 df f0 a8 ff 48 83 c4 38 90 <0f> 0b 90 90 48 bb 00 00 00 00 00 fc ff df 4d 89 f7 4c 8b 74 24 08 [ 230.446039][ T9680] RSP: 0018:ffffc90003016ee8 EFLAGS: 00010286 [ 230.452121][ T9680] RAX: e2dd1638e74faf00 RBX: 00000000ffffdfcc RCX: 0000000000080000 [ 230.460162][ T9680] RDX: ffffc9000f5c1000 RSI: 00000000000195e1 RDI: 00000000000195e2 [ 230.468523][ T9680] RBP: 00000000ffffdfcd R08: 0000000000000003 R09: 0000000000000004 [ 230.476678][ T9680] R10: dffffc0000000000 R11: fffffbfff1bfa6c0 R12: ffff88807cd16230 [ 230.484662][ T9680] R13: ffff88807cd16250 R14: ffff88807cd16268 R15: 00000000ffffdfcc [ 230.492714][ T9680] FS: 00007fdc1ffd56c0(0000) GS:ffff888125cf6000(0000) knlGS:0000000000000000 [ 230.501690][ T9680] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 230.509162][ T9680] CR2: 00007fdc1ffd4f98 CR3: 000000002ee84000 CR4: 00000000003526f0 [ 230.517805][ T9680] Call Trace: [ 230.521089][ T9680] [ 230.524037][ T9680] reg_set_min_max+0x214/0x300 [ 230.528868][ T9680] check_cond_jmp_op+0x1985/0x2d50 [ 230.534005][ T9680] ? __pfx_check_cond_jmp_op+0x10/0x10 [ 230.539530][ T9680] ? bpf_reset_stack_write_marks+0x1eb/0x260 [ 230.545582][ T9680] do_check+0x5ac2/0xee10 [ 230.549946][ T9680] ? do_check+0xf91/0xee10 [ 230.554409][ T9680] ? __pfx_do_check+0x10/0x10 [ 230.559147][ T9680] ? init_func_state+0x1ab2/0x28d0 [ 230.564273][ T9680] do_check_common+0x1963/0x2540 [ 230.569294][ T9680] bpf_check+0x1704b/0x1d210 [ 230.574076][ T9680] ? __schedule+0x17da/0x4d60 [ 230.578878][ T9680] ? __pfx___schedule+0x10/0x10 [ 230.583765][ T9680] ? trace_irq_disable+0x37/0x110 [ 230.589053][ T9680] ? preempt_schedule_irq+0xde/0x150 [ 230.594359][ T9680] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 230.600147][ T9680] ? irqentry_exit+0x74/0x90 [ 230.604766][ T9680] ? __lock_acquire+0xab9/0xd20 [ 230.610391][ T9680] ? __pfx_bpf_check+0x10/0x10 [ 230.615850][ T9680] ? seqcount_lockdep_reader_access+0x122/0x1c0 [ 230.622136][ T9680] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.627440][ T9680] ? ktime_get_with_offset+0x93/0x2a0 [ 230.632814][ T9680] ? seqcount_lockdep_reader_access+0x174/0x1c0 [ 230.639113][ T9680] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 230.645758][ T9680] ? __asan_memset+0x22/0x50 [ 230.650340][ T9680] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 230.655602][ T9680] ? security_bpf_prog_load+0x125/0x3f0 [ 230.661142][ T9680] bpf_prog_load+0x13ba/0x19e0 [ 230.665949][ T9680] ? __pfx_bpf_prog_load+0x10/0x10 [ 230.671058][ T9680] ? bpf_lsm_bpf+0x9/0x20 [ 230.675373][ T9680] ? security_bpf+0x7e/0x300 [ 230.679991][ T9680] __sys_bpf+0x507/0x860 [ 230.684228][ T9680] ? __pfx___sys_bpf+0x10/0x10 [ 230.689029][ T9680] ? count_memcg_event_mm+0x21/0x260 [ 230.694316][ T9680] __x64_sys_bpf+0x7c/0x90 [ 230.698750][ T9680] do_syscall_64+0xfa/0xfa0 [ 230.703242][ T9680] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.709037][ T9680] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.715094][ T9680] ? clear_bhb_loop+0x60/0xb0 [ 230.720133][ T9680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.726058][ T9680] RIP: 0033:0x7fdc21d8efc9 [ 230.730468][ T9680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.750108][ T9680] RSP: 002b:00007fdc1ffd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 230.758567][ T9680] RAX: ffffffffffffffda RBX: 00007fdc21fe6180 RCX: 00007fdc21d8efc9 [ 230.766592][ T9680] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 230.774642][ T9680] RBP: 00007fdc21e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 230.782704][ T9680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 230.790712][ T9680] R13: 00007fdc21fe6218 R14: 00007fdc21fe6180 R15: 00007ffd8728e668 [ 230.798851][ T9680] [ 230.801895][ T9680] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 230.809169][ T9680] CPU: 0 UID: 0 PID: 9680 Comm: syz.1.1472 Not tainted syzkaller #0 PREEMPT(full) [ 230.818437][ T9680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 230.828480][ T9680] Call Trace: [ 230.831917][ T9680] [ 230.834829][ T9680] dump_stack_lvl+0x99/0x250 [ 230.839404][ T9680] ? __asan_memcpy+0x40/0x70 [ 230.843983][ T9680] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.849273][ T9680] ? __pfx__printk+0x10/0x10 [ 230.853863][ T9680] vpanic+0x237/0x6d0 [ 230.858100][ T9680] ? __pfx_vpanic+0x10/0x10 [ 230.862585][ T9680] ? is_bpf_text_address+0x292/0x2b0 [ 230.867843][ T9680] ? is_bpf_text_address+0x26/0x2b0 [ 230.873019][ T9680] panic+0xb9/0xc0 [ 230.876755][ T9680] ? __pfx_panic+0x10/0x10 [ 230.881163][ T9680] __warn+0x334/0x4c0 [ 230.885133][ T9680] ? reg_bounds_sanity_check+0x6e6/0xc20 [ 230.890746][ T9680] ? reg_bounds_sanity_check+0x6e6/0xc20 [ 230.896360][ T9680] report_bug+0x2be/0x4f0 [ 230.900679][ T9680] ? reg_bounds_sanity_check+0x6e6/0xc20 [ 230.906304][ T9680] ? reg_bounds_sanity_check+0x6e6/0xc20 [ 230.911936][ T9680] ? reg_bounds_sanity_check+0x6e8/0xc20 [ 230.917613][ T9680] handle_bug+0x84/0x160 [ 230.921875][ T9680] exc_invalid_op+0x1a/0x50 [ 230.926366][ T9680] asm_exc_invalid_op+0x1a/0x20 [ 230.931200][ T9680] RIP: 0010:reg_bounds_sanity_check+0x6e6/0xc20 [ 230.937442][ T9680] Code: 24 20 4c 8b 44 24 60 4c 8b 4c 24 58 41 ff 75 00 53 41 57 55 ff 74 24 38 ff 74 24 70 ff 74 24 40 e8 df f0 a8 ff 48 83 c4 38 90 <0f> 0b 90 90 48 bb 00 00 00 00 00 fc ff df 4d 89 f7 4c 8b 74 24 08 [ 230.957030][ T9680] RSP: 0018:ffffc90003016ee8 EFLAGS: 00010286 [ 230.963092][ T9680] RAX: e2dd1638e74faf00 RBX: 00000000ffffdfcc RCX: 0000000000080000 [ 230.971065][ T9680] RDX: ffffc9000f5c1000 RSI: 00000000000195e1 RDI: 00000000000195e2 [ 230.979043][ T9680] RBP: 00000000ffffdfcd R08: 0000000000000003 R09: 0000000000000004 [ 230.986999][ T9680] R10: dffffc0000000000 R11: fffffbfff1bfa6c0 R12: ffff88807cd16230 [ 230.994953][ T9680] R13: ffff88807cd16250 R14: ffff88807cd16268 R15: 00000000ffffdfcc [ 231.002929][ T9680] reg_set_min_max+0x214/0x300 [ 231.007683][ T9680] check_cond_jmp_op+0x1985/0x2d50 [ 231.012785][ T9680] ? __pfx_check_cond_jmp_op+0x10/0x10 [ 231.018259][ T9680] ? bpf_reset_stack_write_marks+0x1eb/0x260 [ 231.024248][ T9680] do_check+0x5ac2/0xee10 [ 231.028582][ T9680] ? do_check+0xf91/0xee10 [ 231.033005][ T9680] ? __pfx_do_check+0x10/0x10 [ 231.037664][ T9680] ? init_func_state+0x1ab2/0x28d0 [ 231.042766][ T9680] do_check_common+0x1963/0x2540 [ 231.047697][ T9680] bpf_check+0x1704b/0x1d210 [ 231.052296][ T9680] ? __schedule+0x17da/0x4d60 [ 231.056965][ T9680] ? __pfx___schedule+0x10/0x10 [ 231.061811][ T9680] ? trace_irq_disable+0x37/0x110 [ 231.066830][ T9680] ? preempt_schedule_irq+0xde/0x150 [ 231.072110][ T9680] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 231.077813][ T9680] ? irqentry_exit+0x74/0x90 [ 231.082390][ T9680] ? __lock_acquire+0xab9/0xd20 [ 231.087230][ T9680] ? __pfx_bpf_check+0x10/0x10 [ 231.091981][ T9680] ? seqcount_lockdep_reader_access+0x122/0x1c0 [ 231.098203][ T9680] ? lockdep_hardirqs_on+0x9c/0x150 [ 231.103386][ T9680] ? ktime_get_with_offset+0x93/0x2a0 [ 231.108738][ T9680] ? seqcount_lockdep_reader_access+0x174/0x1c0 [ 231.114963][ T9680] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 231.121542][ T9680] ? __asan_memset+0x22/0x50 [ 231.126126][ T9680] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 231.131326][ T9680] ? security_bpf_prog_load+0x125/0x3f0 [ 231.136864][ T9680] bpf_prog_load+0x13ba/0x19e0 [ 231.141624][ T9680] ? __pfx_bpf_prog_load+0x10/0x10 [ 231.146736][ T9680] ? bpf_lsm_bpf+0x9/0x20 [ 231.151114][ T9680] ? security_bpf+0x7e/0x300 [ 231.155708][ T9680] __sys_bpf+0x507/0x860 [ 231.159970][ T9680] ? __pfx___sys_bpf+0x10/0x10 [ 231.164756][ T9680] ? count_memcg_event_mm+0x21/0x260 [ 231.170046][ T9680] __x64_sys_bpf+0x7c/0x90 [ 231.174454][ T9680] do_syscall_64+0xfa/0xfa0 [ 231.178953][ T9680] ? lockdep_hardirqs_on+0x9c/0x150 [ 231.184151][ T9680] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.190242][ T9680] ? clear_bhb_loop+0x60/0xb0 [ 231.194922][ T9680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.200800][ T9680] RIP: 0033:0x7fdc21d8efc9 [ 231.205204][ T9680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.224975][ T9680] RSP: 002b:00007fdc1ffd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 231.233385][ T9680] RAX: ffffffffffffffda RBX: 00007fdc21fe6180 RCX: 00007fdc21d8efc9 [ 231.241352][ T9680] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 231.249316][ T9680] RBP: 00007fdc21e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 231.257279][ T9680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.265496][ T9680] R13: 00007fdc21fe6218 R14: 00007fdc21fe6180 R15: 00007ffd8728e668 [ 231.273467][ T9680] [ 231.276774][ T9680] Kernel Offset: disabled [ 231.281084][ T9680] Rebooting in 86400 seconds..