last executing test programs: 1m48.604619629s ago: executing program 2 (id=1108): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x20004e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x6, 0x4, 0x6, 0xbaa}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000008c0), &(0x7f0000000b80), 0x2000005, r4}, 0x38) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) 1m46.265168038s ago: executing program 2 (id=1112): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 1m45.156736197s ago: executing program 2 (id=1116): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r3 = syz_clone(0x40011, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = gettid() kcmp(r4, r3, 0xb44c031f136537ae, 0xffffffffffffffff, 0xffffffffffffffff) 1m44.060336005s ago: executing program 2 (id=1119): openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback, 0x1}, 0x1c) 1m39.181546064s ago: executing program 2 (id=1121): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) chdir(&(0x7f0000000080)='./file0\x00') setpgid(r0, r0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x220901, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200) setpgid(0x0, r0) statx(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0\x00', 0x4800, 0x100, 0x0) 1m34.055617887s ago: executing program 2 (id=1129): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x7, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x24, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1m18.108254833s ago: executing program 32 (id=1129): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x7, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x24, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) 7.408897863s ago: executing program 3 (id=1326): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setreuid(0xffffffffffffffff, 0xee01) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000002040)='./file0\x00', 0x800800, &(0x7f0000000040)=ANY=[@ANYBLOB="6e6f6465636f6d1837baeb78706f73652c6e6f6c65636f6d70"], 0x1, 0x5f1, &(0x7f0000002340)="$eJzs3U9vHGcdB/DvbmxnN0DquEkbUCWsHnogItm1JZJyAUpBEapQJQ6cLeIkVjZpZW+R2wMKCImKU19COfgNII5FyoH2CKeeDT0icTcnVzM7693Y63916l23n480+zzPPDPP/OY3s7Mza1kb4Gvr/9s9t6+9sV60NzcWO5sbiw/79STnk9STRpJaMftvST5LHqc35dv9jqFyj08/atz75IOP3++1GtVULl87aL2j2YllthdrWT6r8RZOPN5gD+eTzFUljN12379Hdp/wfQkATLJacm7v3J1Zjeo5oHdX3LvHPtMejzsAAAAAOAXPbWUr67k47jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLKl+/79WTfV+fT61C9Xv/89U81LVz7Qn4w4AAAAAAAAAAJ6B725lK+u52G9v18q/+b9cNi6Xr9/IO1nLclZzPetZSjfdrKadZHZooJn1pW53tX2ENRdGrrlwOvsLAAAAAAAAAF9Rf8jtwd//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgEtSSc72inC7367OpTyVpJJkplnuc/KtfP8uejDsAAAAAOAXPbWUr67nYb2/Xymf+F8rn/kbeyaN0s5JuOlnOnfK7gN5Tf31zY7GzubH4sJj2jvuT/x0rjHLE9L57GL3lq+USzdzNSjnnen6Tt9LJndTLNQtX+/GMjuv3RUy1H1X2BtEYFdmdqiz2/Bdl+Z9vHWvXvjSzZUamdzLSqo5OkY1LB2fimEdn95baqe9883P5SDn/5n45H+lCVRb783pVTobdmVgYOvteODgTydyv/3zzfufRg/t3165Nzi59QbszsTiUiRe/VplolZm4stO+nZ/nV7mW+byZ1azkt1lKN8uZz+tlbak6n4vX2YMz9eOnWm8eFslMdVx6V9HjxfRyue7FrOSXeSt3yiPays3czEJ+kFfTeuoIXynjnc5B7/r6/lfaEQanwXSSn1XlZCjyemkor8PX3Nmyb3jOIEtzJ/s8GmXqO1WlyNdrE3dtvLTrU6KfiecPzsRftovXtc6jB6v3l94+4vZeqcoiAz+dqEwU58tccbDK1tNnR9H3/Mi+dtl3eaevOM+e/Kk3Yq/vyk7fYe/UmeoebjDS4BOr6HtxZF9vvatDfaPutwCYeBe+d2Gm+d/mP5sfNv/YvN98o/Ha+VvnX5rJ9D+mfzjVOvdK/aXaX/Nhfjd4/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL64tXffe7DU6SyvqhyjMp1k32WakxChisrJKuO+MgFfthvdh2/fWHv3ve+vPFy6t3xv+dGrrVu32u32zdaNuyud5ep13FECAM/S4Kb/kAXnTykgAAAAAAAAAAAAAABgj9P4d+Jx7yMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDVdvtapp6klnbreqtob24sdoqpXx8s2UhSKyp/T/JZ8ji9KbNDw9X2286nHzXuffLBx+8Pxmr0l68dtN7RPBVLfVdMe9SmjjXewmHjHWqwh/NJ5qoSxu7zAAAA//+SHgey") 6.142822367s ago: executing program 3 (id=1329): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa04710, &(0x7f00000002c0)={[{@nouid32}, {@i_version}, {@noblock_validity}, {@abort}, {@mblk_io_submit}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x80222a}}, {@delalloc}, {@test_dummy_encryption}]}, 0xfd, 0x461, &(0x7f0000000bc0)="$eJzs3M9vFFUcAPDvzLb8EmhF/AGi4q9I/EFpQeXgRaOJB01M9IDHWgpBChi2JkIaW43BoyHxbjya+Bd40otRTyZe9W5IiOkF9LRmdma23W13acuWLd3PJ5nue/Pe9r23b97Om3nTBtC3DmY/koidEfFnRAzl0eYMB/OXm/MzE//Oz0wkUau9+09Sz3djfmaizFq+754iciiNSL9IikKaVS9dPjs+NTV5sYiPTJ/7aKR66fILZ86Nn548PXl+7PjxY0dHX35p7MWVNyZJ2ibtyuq6/9MLB/a9+f7VtydOXP3g1++z3DuL9MXtuB1pI7S9eK3VteZ7uhuFbSC7FoWTgVvnYWOoRETWXYP18T8UlVjovKF44/OeVg5YV9m5aWv75LkasIkl0esaAL1RnOdns+vfcrtTc4+N4Pqr+QXQjWRm4uZ8vuUpA41r+cF1vHY9GBEn5v77Jtuii/chAADa+TGb/zyfzzua539pPLAo3+5ibWg4Iu6NiD0RcV9E7I2I+yPqeR+MiIeWlJB2LL91aWjp/Ce9tubGrUA2/3ulWNtqnv816j1cKWK76u0fTE6dmZo8Unwmh2JwaxYf7VDGT6//8VW7tMXzv2zLyi/ngkU9rg203KA7OT49Xp+UdsH1zyL2DyzX/qSxEpBExL6I2L+6X727DJx59rsD7TLduv0dtFlnWo3atxHP5P0/Fy3tLyWd1ydHtsXU5JGR8qhY6rffr7zTrvzban8XZP2/o/n4b80ynMTswnptdfVlXPnry7bXNGs9/rck79X7ZUux75Px6emLoxFbkrfq8ab9YwvvLeNl/tJy439PkZaV83BEZAfxIxHxaEQ8VtT98Yh4IiKe7ND+X1576sOle2tDK2v/+sr6/+Sy7W8c/8NZqFqbzWMLB8KKA5WzP//Qrvx27Z9r5Mj6/1g9dKjYU//+u4WVVnDtnxwAAADcPdL6M/BJergRTtPDh/Nn+PfGjnTqQnX6uVMXPj5/Mn9WfjgG0/JO19Ci+6GjSXnFnsfHinvFZfrR4r7x15XtyamImOtxu4F8nC83/jN/V3pdO2DdrW4dbdu61QO481rHf+dHNoDNpAvP0QB3KeMf+pfxD/1rufE/2xK3FgCbk/M/9C/jH/qX8Q/9y/iHvrSGP+cXEKheuhzphqhGfwXK/9d5B8rq8RcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl/wfAAD//ztj5Wo=") r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_emit_ethernet(0x5a, &(0x7f00000007c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000025000086dd6000000000242b00fe8000000000000000000000000000aafe8000000000000000000000000000aa2c00000000ffffff88"], 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x109) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@gettaction={0x14, 0x32, 0x801, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x880e) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000240)={0xff, "9765feb17ce1c66c9bceb596c4c85a1473c844e619be1c4d090c2f9c1357b918b69a4a990c333006b602fcfbc4071d81fa38cf942bd4b6805edb39c8fe53288e97a51146e13ea517aee4b8f57d2e2a17311a3b331f958c29bb45de88030037be9d5034a17962aed5c7e8f30374ed1b6684bf4e1a1d088215ef32c794e5f336d6c12a43d953761a64493e49f334b422ff4fed4e89009b25b176f68709beebbffaf39ba776dc1468116b830dc2c13f7145955afbccbbc17808519670c05baed069fb9ba8ef65c1be9d4d4b5562e3208188703a68638e47470425acf58b518538009c8f5c0a0c399c9115123e16ab777732aa5fb8b6b7fbd375ed6f96e378f6a1e0e58a37c725c0a973c9a0e78f4f4e0e6dc63da3a9cae8d267f449281f5482c94c7643f1bbab5783d99aaa123c05a414e6d276d8cb0505dd13b0d60ed81adb8b7faddf1d8d390bc3e853fe108215d0fd22805ed99c7bb0b53ddca3f7559c483518fe0f33bbced4a0a63dcb8eb77eb94b1ffd63ceaf2a98927f4d7b1a449400621dab47fba21c4c2146651491fae64db45d0eb80e86220370a807592da59d50a724b15c8ae1a2ed371547bc7cb0daca814929ec1a562312b2f574c8975737f8879fc4ce73a20a13f7db7e84e547ecf98141f13e4a50c235ab6e19f689f0ca7026899e943d283053785f4772ce5fff8e8f74f8c54f4af2835ecc0bed0218429b75d0"}) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) 6.076066204s ago: executing program 4 (id=1330): bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x48, 0x4, 0x23, 0x7}, {0x6, 0x6, 0x47, 0x57e}]}, 0x10) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x9ffc) 4.762556053s ago: executing program 1 (id=1331): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0xb8f1, 0x1, 0xffffffee, 0x1c3}, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000500)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x48, 0x0, 0x10000, 0x3, 0x0, 0x1, 0x0, 0x1, {0x3}}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 4.761211173s ago: executing program 4 (id=1332): r0 = io_uring_setup(0x6f94, &(0x7f0000001240)={0x0, 0xfffffffd, 0x0, 0x2}) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r2, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) bind$tipc(r1, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.594057629s ago: executing program 4 (id=1334): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r4 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf98886eaac01b08aa753b8727f25773c98cd6a78c06b758992b03b81e2e09cf103dc16a5658a3b58626b457ee4773d41b3548f2258a2e11cc22555da4ef9035cbfe8dc1e", 0xc0, r3) r5 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, r3) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r5, r4, r5}, &(0x7f0000000700)=""/259, 0x103, &(0x7f0000000400)={&(0x7f0000000100)={'streebog256-generic\x00'}}) 3.580785088s ago: executing program 1 (id=1336): prlimit64(0x0, 0xe, &(0x7f0000000040)={0xb, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) setpriority(0x2, 0x0, 0xffffffffffffffcd) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e0, 0x120, 0x130, 0x26010000, 0x0, 0x130, 0x210, 0x220, 0x220, 0x210, 0x220, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback, [0x0, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0xff000000], 'ip6_vti0\x00', 'vxcan1\x00', {}, {0x589b843e1c2c028}, 0x2e, 0xd4, 0x6, 0xa}, 0x0, 0xf8, 0x120, 0x0, {0x0, 0x25e}, [@inet=@rpfilter={{0x28}, {0xa}}, @common=@unspec=@state={{0x28}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4, 0x2}}}, {{@ipv6={@dev, @mcast1, [], [], 'bridge_slave_0\x00', 'dummy0\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x340) 3.579952999s ago: executing program 4 (id=1337): socket$netlink(0x10, 0x3, 0x0) mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb08000300"], 0x2c}}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r4, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}}, 0x0) sendfile(r3, r1, 0x0, 0x100000000) 3.432569754s ago: executing program 4 (id=1338): r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@allocspi={0x100, 0x16, 0x1, 0x70bd2b, 0x25dfdbfe, {{{@in=@private=0xa010101, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e23, 0x0, 0x4e24, 0x0, 0xa, 0x80, 0x20, 0x1d}, {@in6=@local, 0x4d5, 0x33}, @in=@dev={0xac, 0x14, 0x14, 0x10}, {0x8, 0x7b5, 0x0, 0x6, 0x9, 0xfffffffffffffffa, 0xffffffff, 0x3}, {0x2, 0x3, 0x1, 0xfffffffffffffffa}, {0x0, 0x10001, 0xfffffff9}, 0x70bd2a, 0x0, 0x0, 0x2, 0x6, 0x1}, 0x8, 0x74f}, [@XFRMA_IF_ID={0x8, 0x1f, 0x4}]}, 0x100}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0) r2 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x5b, 0x0) sendmsg$key(r0, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x2, 0xa, 0xfc, 0x0, 0x7, 0x0, 0x70bd28, 0x25dfdbfe, [@sadb_x_filter={0x5, 0x1a, @in=@empty, @in=@rand_addr=0x64010100, 0x2c, 0x30}]}, 0x38}}, 0x40408c0) r3 = getpgrp(0x0) r4 = fspick(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) syz_pidfd_open(r3, 0x0) sched_setattr(r3, &(0x7f0000000000)={0x38, 0x6, 0x8, 0x4, 0x4, 0x20000000000000, 0x7ff, 0xfffffffffffff801, 0xffffffff}, 0x0) lseek(r4, 0x3e3, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000010100000000000000000000109022400010000000009040000"], 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) 3.431196913s ago: executing program 0 (id=1339): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c4600040000ff7f00000000000003003e00ecffffff88020000000000004000000000000000feffffffffffffff0f00000006003800010000000200000003000000"], 0xbe) close(r0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000000c0)=0x13) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) mlockall(0x7) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f0000000280)=0x11) ioctl$VT_OPENQRY(r2, 0x5600, &(0x7f0000000080)) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x541c, &(0x7f0000000000)) 2.65110685s ago: executing program 3 (id=1340): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='kmem_cache_free\x00', r1}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f00000006c0)='%-010d \x00'}, 0x20) sendmsg$TIPC_CMD_SHOW_PORTS(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, 0x0, 0x1}, 0x1c}}, 0x0) capset(&(0x7f0000000080)={0x20071026}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x403, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_OPERSTATE={0x5, 0x10, 0xfc}]}, 0x28}, 0x1, 0xba01}, 0x0) setresgid(0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8001, 0x0) r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) 2.559045409s ago: executing program 1 (id=1341): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x0) fanotify_mark(r1, 0x105, 0x5000003a, r0, 0x0) creat(&(0x7f0000000200)='./file5\x00', 0x10) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r2 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x800, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x0, 0xd}, {0xe, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000a40)='./file5\x00', 0x2) 2.531761232s ago: executing program 0 (id=1342): openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$xdp(0x2c, 0x3, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) socket$can_j1939(0x1d, 0x2, 0x7) socket$kcm(0x10, 0x2, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) 2.372978827s ago: executing program 3 (id=1343): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e06000d08"], 0x9) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0xc8d0, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2ed, &(0x7f00000001c0)="$eJzs3E1PE10UwPHT0pZSAtPFk8doYrjRjW4mUPfGxkBibCJBanxJjANMtenYkk6DqTGCK7fGD+GCsGRHonwBNu5cuXHHxsSFLIhjOi+lQBEshRH4/xJyL5x7pvfOADl3kpn1+++elwq2XjBqEk0qiYiIbIikJSqBiN9G3X5CWi3I1f4fXy7effDwdjaXG51Qaiw7eS2jlBoc+vjiVZ8/bKVX1tKP179nvq39v3Z+/dfks6KtirYqV2rKUFOVrzVjyjLVTNEu6UqNW6Zhm6pYts2qF6948YJVmZ2tK6M8M5CarZq2rYxyXZXMuqpVVK1aV8ZTo1hWuq6rgZRgP/nFiQkj22HydJcngyNSrWaNHhHp2xXJL4YyIQAAECq//m9W+9FGSd9J/R9rW/8vXVqt9d9bHvTr/5VEo/4Xaan/n2wda1v9nxSRbfX/poh0u/7fXRGdLo7z5/ih6n+cEI36P+X//brePFoadjvU/wAAAAAAAAAAAAAAAAAAAAAAnAQbjqM5jqMFbfDVKyJJ9wkS7/uw54mjwfU/27Ze3BEbFLHezuXn8l7rD1gVEUtMGRZNNt3fB1+jnxDlDlINaflkzfv583P5HjeSLUjRzR8RTdI78x1n7FZudER5tufHJdWanxFN/mufn9mZH2+0CblyuSVfF00+T0tFLJnxn4wL8l+PKHXzTm7H5/e54wAAAAAAOA101dTcv/e2xvXdcW9/7MWb++u29we8/fVw2/19TC7Ewlo1AAAAAABni11/WTIsy6ye3E5P+1CwwoMeJ3iv8R5jIhLZK9SFTvDhoZ9My4wf6IxFO5rqUKLdRVn4y+MEt432GiPjnazd0UQOew7Pvf/ws0vXImJY15eT+6y0005iv5XGj+8/EAAAAIDjslX0Bz+5Ee6EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4g47jxXJhrxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4V/wOAAD//xznB3g=") syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e451204"], 0x9) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x0) r2 = fcntl$dupfd(r0, 0x406, r1) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000000)={0x20000002}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)={0x20000001}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x10000000}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f00000004004298f006ffff0800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) socket(0x1, 0x2, 0x0) syz_read_part_table(0x5dd, &(0x7f0000000600)="$eJzs2z+rHFUYB+DfzO7O7EL0fgOzkMZCSGtzTUCSS7o09rY2FnaCcndRFARttBDUwtIU5gtoG4K1RRAkFqJ2YmWj98iZP3sv2AjXIMLzwJ4zc/Y973tm90x5wv9bOVqsh/6slDKMtPXTNqsp4OjPbGq/SnOY9MJz9T556d6t23e2d5tuGm9qzK+7MUeSZW265JnNYep26r9a5v17J+9+8NEbfZLd49MknyW7pPTz0pJNOyaoPr2w6mZOzn/r2aGd/4ppj6znb28cbq4nWSR9FodttEj3zqXr3z9+sK9VUpqUwYVtmtwcu3lBbU6vzSv97SyrdjvtpclPuZFvv9ztkuwvZOnTllK+eHrYkjVN3005Dy9F/QUe/nCafTe+N4++nifvhvb7zRhzKNZe+tEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgCyuC959fT/edDu/w4TbKcg5bj9YvdMikPx1mbUkp2l65///jB0Vtvv9bm9eNXHr365o8nv6xr6UWun1wpfZ/kj1LjXk7fnc9aJu3ZpWtXpd/2w8UqydUyD2+zzzfXvrvaLtKVo/PwVTNGDvZ1pQAAAAAAAAAAAAAAAAAAAPAvuHX7zvZuu8l4CD5tpquS9d+Dy++llJs1oFkmn0yjm6TL4+Es/M8p85H4UkdrvqdqwGCdNFmcp/vwypN8Mv6JvwIAAP//SkZjiA==") 2.280215717s ago: executing program 0 (id=1344): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000200)='syzkaller\x00', 0xd, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0x2, 0x232, &(0x7f0000000500)="$eJzslbFrFEEUxr+Z3du7BA1YaGFzKQJGMHu7G5U0FrEXhETU8jCTcLrJhcsVSUBIsBHEWvwD7KwtUlnYaWVtoYJgYUobBUdmdvZ2Nrt78bhgk/eDm/vmzbyZN7Nv34IgiFPL1y8/Pz+/ubB8BcAZzKBu7N+dbA635n966dSMfLcx9fjAGmqohgGQMjO6x+zvAXi76AB7ybJSZt6vzb9acxkcM6Z/BxyXjb4LBj+NVWbeAgz3jfnhphycpjthRCzYg268stqJRaCaUDXRaudVLRefiv9wn2HFHFDtwKzxrZ3dR+0Y6CUiFqmoyXSfwlAqkpMBJUM5Mez+dHyLHDesK1DP697TJ/uq7xt7YN1fCI7Q6HkwLBm9gDp832+argit8190s/Wd5LEl7FXHXRSNUSaPL87N5SzTUEJl+HD3iVio055YGH/kkDn1kRdkJqu8XAqOEeGz8U+q4hjdizeLXl5xnYY5qLaIY16Sf9idHbUwOyUuHB68L3p9+29Je/IC5gLtoRfqoj5OxvGtUq/zOct0xSvj4awuCZUpkdQP5gKXrPrkWl+FVn99s7W1szvXWW+viTWxEUXz14OrQXAtaunanLR2uTtS/xq6Pk1a69cqaqXHPGy3+/1euA30e+GgHyWtlUxLb7o/tA/X9Y9j9reU6edFv3jph5Ll92Dmx/W/UrNObgKvCI4gCIIgCIIgCIIgCIIgCKKUX5ZuguHD1KAry3Gj23r4bwAAAP//c8NPrw==") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0xfff, 0xcf6, 0x59455247, 0x2, 0xfffffffe, 0x0, 0xa, 0x1, 0x0, 0x2}}) openat(0xffffffffffffff9c, 0x0, 0x42, 0x85) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000c80)={0x34, 0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x8, 0x1, 0xff}, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x20) fadvise64(r1, 0xfcff, 0x20000, 0x3) 2.279989376s ago: executing program 1 (id=1345): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x406, r1) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r3 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc8df, 0xc000, 0x20000a, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x800, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xd}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) sendmsg$NL80211_CMD_DEL_TX_TS(r2, 0x0, 0x24004014) syz_genetlink_get_family_id$team(&(0x7f0000000180), r2) 1.927021491s ago: executing program 3 (id=1346): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff3, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x4f8, 0x0, 0x72}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20008850) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x38}}, 0x200c8080) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) 1.770274326s ago: executing program 3 (id=1347): syz_open_procfs(0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) syz_usb_connect(0x2, 0x2d, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) pread64(r3, 0x0, 0x0, 0x1) 1.394416073s ago: executing program 1 (id=1348): prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000480)={0x0, 0x669f, 0x8, 0x0, 0xfffffffc}, &(0x7f0000000380)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = socket$packet(0x11, 0x2, 0x300) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r6, 0x0, &(0x7f00000019c0)={0x0, 0x0, 0x0}, 0x0, 0x6040, 0x1, {0x1}}) io_uring_enter(r3, 0x47f9, 0x3f, 0x0, 0x0, 0x0) 1.393359213s ago: executing program 0 (id=1356): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f626172726965722c63726561746f723d5c5d07842c63726561746f723dbd3cfff52c6e6c733d63703433372c756d61736b3d3030303030303030303030303030000000000000dc599bad22eebebb0002372c6e6f6465000000000000000000"], 0x1, 0x6a4, &(0x7f0000001380)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0) r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0) 100.61944ms ago: executing program 1 (id=1349): dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r6, @ANYBLOB="01"], 0x20}}, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newlink={0x50, 0x10, 0xf11, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x104, 0x780}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x20, 0xa0}}}}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 99.75481ms ago: executing program 0 (id=1358): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[], 0x188}}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={@private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, @mcast1, 0x800000, 0xa, 0x0, 0x100, 0x7ffffffe, 0x140192}) r2 = socket$tipc(0x1e, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='syzkaller\x00'}, 0x80) socket(0x10, 0x3, 0x0) socket(0x2a, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r1, &(0x7f0000000400)={&(0x7f00000008c0), 0x58, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) sendmsg$tipc(r2, &(0x7f0000000080)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0xd4043f9e78e97721}, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x24000000) 62.312824ms ago: executing program 4 (id=1350): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private=0xe0, @multicast1=0xe000c800}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{}, 0xfffff788}}}}}}}, 0x0) r2 = socket(0x10, 0x2, 0x0) write(r2, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r2, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x4f}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r3, 0x18000000000002a0, 0x116, 0x0, &(0x7f0000000480)="a9958673f0dad0ee5a9ba64c0a4bbb68f38649bfebb44f669e4d812e1b09c1a0d5090abc89b6d1baac445064b61587f5fc760a50c57db6655b3165d4ed830472533893b7ddfbaca135b0c0d09810e35ed9450850feef41690c8f150b3c63b36a3f05cd2e939e93c5fbe19a19623d501790f60c75077c51d98eaa1a0d2fe4e7906d2c3acad83e837f84adb7d7c3bf334569f854ee1db9a8e484dbe3643c3eac24b61de2eb27ce1129e9c1b132777d3d9fad2f2560cf10625c7733d934844b85048f5ea7be5f68a301a32d2390fb19bb2f2db3f3cebb3a8ddb41fd76821a45ae2fa76ff7e6ebbad94029d98be9cb8f009478b896510079cc2e5c0881a38d14ce020a3cc0b3da3428e08ff433c4e3f3b44ff733d1b4e177", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50) 0s ago: executing program 0 (id=1351): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001e008d2afcff"], 0x1c}}, 0x0) kernel console output (not intermixed with test programs): ======= [ 113.889482][ T6367] WARNING: The mand mount option has been deprecated and [ 113.889482][ T6367] and is ignored by this kernel. Remove the mand [ 113.889482][ T6367] option from the mount to silence this warning. [ 113.889482][ T6367] ======================================================= [ 114.090779][ T6378] Cannot find add_set index 0 as target [ 114.109495][ T6367] FAT-fs (loop3): Directory bread(block 64) failed [ 114.119398][ T6367] FAT-fs (loop3): Directory bread(block 65) failed [ 114.126111][ T6367] FAT-fs (loop3): Directory bread(block 66) failed [ 114.148333][ T6380] netlink: 24 bytes leftover after parsing attributes in process `syz.1.136'. [ 114.149582][ T6367] FAT-fs (loop3): Directory bread(block 67) failed [ 114.165944][ T6367] FAT-fs (loop3): Directory bread(block 68) failed [ 114.172736][ T6367] FAT-fs (loop3): Directory bread(block 69) failed [ 114.187314][ T6367] FAT-fs (loop3): Directory bread(block 70) failed [ 114.195029][ T6367] FAT-fs (loop3): Directory bread(block 71) failed [ 114.205420][ T6367] FAT-fs (loop3): Directory bread(block 72) failed [ 114.214949][ T6367] FAT-fs (loop3): Directory bread(block 73) failed [ 114.462944][ T6386] netlink: 'syz.1.138': attribute type 1 has an invalid length. [ 114.508925][ T6386] bond1: entered promiscuous mode [ 114.516133][ T6386] bond1: entered allmulticast mode [ 114.745681][ T6386] netlink: 8 bytes leftover after parsing attributes in process `syz.1.138'. [ 114.958051][ T6386] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 114.978974][ T6386] bond1: (slave bridge1): making interface the new active one [ 114.986715][ T6386] bridge1: entered promiscuous mode [ 114.992851][ T6386] bridge1: entered allmulticast mode [ 115.003660][ T6386] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 115.610852][ T6386] netlink: 24 bytes leftover after parsing attributes in process `syz.1.138'. [ 115.631440][ T6386] 8021q: adding VLAN 0 to HW filter on device bond1 [ 115.699050][ T6386] syz.1.138 (6386) used greatest stack depth: 20392 bytes left [ 116.817954][ T6401] hugetlbfs: syz.2.142 (6401): Using mlock ulimits for SHM_HUGETLB is obsolete [ 117.598495][ T6414] netlink: 'syz.0.147': attribute type 11 has an invalid length. [ 119.459972][ T6435] capability: warning: `syz.1.154' uses deprecated v2 capabilities in a way that may be insecure [ 120.127613][ T6416] loop2: detected capacity change from 0 to 40427 [ 120.147551][ T6416] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 120.167461][ T6416] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 120.193576][ T6416] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x7ffff [ 120.220845][ T6416] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x1f8 [ 120.252339][ T6439] netlink: 20 bytes leftover after parsing attributes in process `syz.0.155'. [ 120.264459][ T6416] F2FS-fs (loop2): invalid crc value [ 120.362917][ T6416] F2FS-fs (loop2): Found nat_bits in checkpoint [ 121.464767][ T6456] overlayfs: failed to clone upperpath [ 121.837058][ T6465] loop2: detected capacity change from 0 to 1024 [ 121.854290][ T6465] EXT4-fs: Ignoring removed bh option [ 121.874891][ T6465] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 121.911513][ T6465] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.058090][ T5799] Bluetooth: hci0: ACL packet too small [ 122.076636][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.119385][ T5799] Bluetooth: Unexpected continuation frame (len 10) [ 123.260244][ T6486] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -14123, delta: 1 [ 123.271026][ T6486] ref_ctr increment failed for inode: 0xf6 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff8880255d8980 [ 123.318202][ T6486] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -14123, delta: -1 [ 123.328778][ T6486] ref_ctr decrement failed for inode: 0xf6 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff8880255d8980 [ 123.345051][ T6488] xt_socket: unknown flags 0x4c [ 124.074155][ T6493] netlink: 4 bytes leftover after parsing attributes in process `syz.3.173'. [ 124.156625][ T6497] netlink: 4 bytes leftover after parsing attributes in process `syz.3.173'. [ 124.202608][ T6498] netlink: 'syz.3.173': attribute type 10 has an invalid length. [ 124.276262][ T6498] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 125.060676][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 125.060690][ T28] audit: type=1804 audit(1761249389.918:98): pid=6521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.182" name="bus" dev="ramfs" ino=8670 res=1 errno=0 [ 125.260223][ T28] audit: type=1804 audit(1761249390.108:99): pid=6521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.182" name="bus" dev="ramfs" ino=8670 res=1 errno=0 [ 127.558022][ T6550] macsec0: entered promiscuous mode [ 128.426384][ T6555] loop2: detected capacity change from 0 to 128 [ 128.475523][ T6555] FAT-fs (loop2): bogus number of FAT sectors [ 128.496332][ T6555] FAT-fs (loop2): Can't find a valid FAT filesystem [ 128.612198][ T5802] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 128.647502][ T6555] netlink: 20 bytes leftover after parsing attributes in process `syz.2.193'. [ 129.145214][ T6555] netlink: 16 bytes leftover after parsing attributes in process `syz.2.193'. [ 130.067570][ T6587] loop3: detected capacity change from 0 to 1024 [ 130.090555][ T6587] EXT4-fs: Ignoring removed nobh option [ 130.101392][ T6587] EXT4-fs: Ignoring removed bh option [ 130.879500][ T6587] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 131.042293][ T6587] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.133722][ T6587] netlink: 'syz.3.204': attribute type 4 has an invalid length. [ 131.141703][ T6587] netlink: 17 bytes leftover after parsing attributes in process `syz.3.204'. [ 131.210794][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.115996][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.122660][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.483062][ T6629] openvswitch: netlink: Message has 4 unknown bytes. [ 135.377207][ T6655] netlink: 44 bytes leftover after parsing attributes in process `syz.1.224'. [ 135.391523][ T6655] netlink: 8 bytes leftover after parsing attributes in process `syz.1.224'. [ 135.402544][ T6655] netlink: 16 bytes leftover after parsing attributes in process `syz.1.224'. [ 136.536681][ T6669] tipc: Started in network mode [ 136.555036][ T6669] tipc: Node identity 4, cluster identity 4711 [ 136.575810][ T6669] tipc: Node number set to 4 [ 137.041766][ T6686] netlink: 132 bytes leftover after parsing attributes in process `syz.2.231'. [ 141.786571][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'. [ 144.467108][ T6743] netlink: 9 bytes leftover after parsing attributes in process `syz.3.250'. [ 144.528015][ T6743] gretap0: entered promiscuous mode [ 145.346560][ T6775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.262'. [ 145.436843][ T6775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.262'. [ 146.582190][ T6799] netlink: 4 bytes leftover after parsing attributes in process `syz.1.267'. [ 146.690101][ T28] audit: type=1326 audit(1761249411.538:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6794 comm="syz.2.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7fc00000 [ 146.735362][ T28] audit: type=1326 audit(1761249411.568:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6794 comm="syz.2.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdfa9b8efc9 code=0x7fc00000 [ 146.789106][ T28] audit: type=1326 audit(1761249411.568:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6794 comm="syz.2.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7fc00000 [ 146.833340][ T6808] sctp: [Deprecated]: syz.1.270 (pid 6808) Use of struct sctp_assoc_value in delayed_ack socket option. [ 146.833340][ T6808] Use struct sctp_sack_info instead [ 146.976873][ T6811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.234299][ T6818] netlink: 'syz.1.272': attribute type 10 has an invalid length. [ 147.262264][ T6818] netlink: 40 bytes leftover after parsing attributes in process `syz.1.272'. [ 147.398835][ T6818] team0: Port device geneve0 added [ 147.741703][ T6818] syz.1.272 (6818) used greatest stack depth: 20264 bytes left [ 148.267726][ T6853] xt_nat: multiple ranges no longer supported [ 149.342053][ T6863] netlink: 36 bytes leftover after parsing attributes in process `syz.0.280'. [ 150.628808][ T6879] netlink: 24 bytes leftover after parsing attributes in process `syz.1.285'. [ 150.858544][ T6883] overlayfs: statfs failed on './file0' [ 151.128017][ T6896] loop2: detected capacity change from 0 to 1024 [ 151.167954][ T6896] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 152.756342][ T6923] netlink: 'syz.1.303': attribute type 13 has an invalid length. [ 153.704858][ T6923] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.713299][ T6923] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.026647][ T6923] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.050639][ T6923] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.287386][ T6923] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.297910][ T6923] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.309228][ T6923] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.318308][ T6923] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.401018][ T6930] netlink: 'syz.2.304': attribute type 10 has an invalid length. [ 154.420562][ T6930] bridge_slave_1: left allmulticast mode [ 154.427179][ T6930] bridge_slave_1: left promiscuous mode [ 154.444916][ T6930] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.468899][ T6930] bridge_slave_1: entered allmulticast mode [ 154.482723][ T6930] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 154.547644][ T6937] tipc: Started in network mode [ 154.565898][ T6937] tipc: Node identity 080211, cluster identity 4711 [ 154.713375][ T6937] tipc: Enabled bearer , priority 10 [ 154.729627][ T6939] netlink: 12 bytes leftover after parsing attributes in process `syz.3.306'. [ 155.410474][ T6956] SET target dimension over the limit! [ 155.852500][ T5944] tipc: Node number set to 134353152 [ 157.018529][ T6973] loop2: detected capacity change from 0 to 1024 [ 157.036475][ T6973] EXT4-fs: Ignoring removed orlov option [ 157.048419][ T6973] EXT4-fs: Ignoring removed nomblk_io_submit option [ 157.107280][ T6973] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.337590][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.015116][ T6993] netlink: 'syz.0.321': attribute type 1 has an invalid length. [ 159.226261][ T7001] loop2: detected capacity change from 0 to 256 [ 159.240334][ T6997] bond1: (slave bridge2): making interface the new active one [ 159.260233][ T6997] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 159.305048][ T6999] macvlan0: entered promiscuous mode [ 159.330941][ T7001] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 159.348217][ T6999] macvlan0: entered allmulticast mode [ 159.365284][ T7001] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 159.387158][ T6999] bond1: entered promiscuous mode [ 159.407037][ T7001] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000ff98, chksum : 0x65b64522, utbl_chksum : 0xe619d30d) [ 159.429345][ T6999] bridge2: entered promiscuous mode [ 159.459715][ T6999] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 159.488108][ T6999] bond1: (slave macvlan0): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 159.531937][ T6999] bond1: left promiscuous mode [ 159.537115][ T6999] bridge2: left promiscuous mode [ 159.687121][ T7007] tipc: Started in network mode [ 159.692325][ T7007] tipc: Node identity ac1414aa, cluster identity 4711 [ 159.701463][ T7007] tipc: Enabled bearer , priority 10 [ 159.850961][ T7009] tipc: Enabled bearer , priority 0 [ 161.879726][ T5944] tipc: Node number set to 2886997162 [ 163.534798][ T7047] vxcan2: entered allmulticast mode [ 163.564323][ T7054] bond0: (slave syz_tun): Releasing backup interface [ 163.587069][ T7054] bridge_slave_0: left allmulticast mode [ 163.596686][ T7054] bridge_slave_0: left promiscuous mode [ 163.605087][ T7054] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.624856][ T7054] bridge_slave_1: left allmulticast mode [ 163.632928][ T7054] bridge_slave_1: left promiscuous mode [ 163.638749][ T7054] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.653404][ T7054] bond0: (slave bond_slave_0): Releasing backup interface [ 163.690733][ T7054] bond0: (slave bond_slave_1): Releasing backup interface [ 163.761144][ T7054] team0: Port device team_slave_0 removed [ 163.791822][ T7054] team0: Port device team_slave_1 removed [ 163.812268][ T7054] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.840451][ T7054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.859687][ T7054] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.867330][ T7054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.884237][ T7054] bond0: (slave wlan1): Releasing backup interface [ 163.950977][ T7055] team0: Mode changed to "loadbalance" [ 163.958694][ T7056] vlan0: entered promiscuous mode [ 163.987794][ T7056] team0: Port device vlan0 added [ 164.017106][ T7061] vlan2: entered promiscuous mode [ 164.022338][ T7061] bridge0: entered promiscuous mode [ 166.448021][ T7093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.348'. [ 166.540525][ T7096] veth1: entered promiscuous mode [ 166.547435][ T7096] bridge3: entered promiscuous mode [ 166.559789][ T7096] hsr1: entered promiscuous mode [ 166.643994][ T28] audit: type=1326 audit(1761249431.498:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 166.692696][ T28] audit: type=1326 audit(1761249431.498:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 166.722256][ T28] audit: type=1326 audit(1761249431.528:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 166.753455][ T28] audit: type=1326 audit(1761249431.528:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 166.794862][ T28] audit: type=1326 audit(1761249431.528:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 166.826875][ T28] audit: type=1326 audit(1761249431.528:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 166.857082][ T28] audit: type=1326 audit(1761249431.528:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 166.879960][ T28] audit: type=1326 audit(1761249431.528:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 166.903385][ T28] audit: type=1326 audit(1761249431.528:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 167.041568][ T28] audit: type=1326 audit(1761249431.528:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.1.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7fc00000 [ 169.402072][ T7122] netlink: 'syz.1.356': attribute type 10 has an invalid length. [ 169.419396][ T7122] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.430241][ T7122] bond0: (slave team0): Enslaving as an active interface with an up link [ 169.500701][ T7122] netlink: 'syz.1.356': attribute type 10 has an invalid length. [ 169.530933][ T7122] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 169.602982][ T7122] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 169.627753][ T7128] mmap: syz.2.357 (7128) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 169.650721][ T7122] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 174.041779][ T7167] loop2: detected capacity change from 0 to 128 [ 174.712220][ T7171] netlink: 16 bytes leftover after parsing attributes in process `syz.0.367'. [ 175.008973][ T7154] loop3: detected capacity change from 0 to 40427 [ 175.039332][ T7154] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 175.046347][ T7154] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 175.092078][ T7154] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x7ffff [ 175.126731][ T7154] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8 [ 175.166041][ T7154] F2FS-fs (loop3): invalid crc value [ 175.203565][ T7154] F2FS-fs (loop3): Found nat_bits in checkpoint [ 175.343853][ T7154] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 175.379870][ T7154] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 175.995710][ T5789] syz-executor: attempt to access beyond end of device [ 175.995710][ T5789] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 176.024728][ T5789] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 176.035170][ T5789] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 178.111439][ T7203] netlink: 'syz.0.378': attribute type 10 has an invalid length. [ 178.169274][ T7203] netlink: 40 bytes leftover after parsing attributes in process `syz.0.378'. [ 178.269262][ T7203] team0: Port device geneve0 added [ 178.417959][ T7208] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 178.444629][ T7208] CIFS: Unable to determine destination address [ 178.609422][ T7213] tc_dump_action: action bad kind [ 178.644804][ T7213] loop2: detected capacity change from 0 to 256 [ 178.655740][ T7212] netlink: 'syz.0.381': attribute type 1 has an invalid length. [ 179.779339][ T7213] FAT-fs (loop2): IO charset cp8 not found [ 179.880414][ T7213] capability: warning: `syz.2.380' uses 32-bit capabilities (legacy support in use) [ 181.891798][ T7209] syz.3.377 (7209) used greatest stack depth: 20200 bytes left [ 182.425271][ T7240] netdevsim netdevsim0: Direct firmware load for ./file0/file1 failed with error -2 [ 182.436733][ T7240] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0/file1 [ 183.905073][ T28] kauditd_printk_skb: 59 callbacks suppressed [ 183.905086][ T28] audit: type=1804 audit(1761249448.758:172): pid=7257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.402" name="bus" dev="ramfs" ino=11989 res=1 errno=0 [ 183.946404][ T28] audit: type=1804 audit(1761249448.798:173): pid=7257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.402" name="bus" dev="ramfs" ino=11989 res=1 errno=0 [ 184.103124][ T7259] tipc: Started in network mode [ 184.110433][ T7259] tipc: Node identity 080211, cluster identity 4711 [ 184.121954][ T7259] tipc: Enabled bearer , priority 10 [ 185.010588][ T7274] vlan2: entered allmulticast mode [ 185.018566][ T7274] veth0_to_bond: entered allmulticast mode [ 185.029905][ T5799] Bluetooth: hci3: command 0x0405 tx timeout [ 185.171609][ T6933] tipc: Node number set to 134353152 [ 185.255095][ T7279] loop2: detected capacity change from 0 to 7 [ 185.265694][ T7279] loop2: [POWERTEC] p1 p2 p3 [ 185.284514][ T7279] loop2: p1 start 1109983488 is beyond EOD, truncated [ 185.295881][ T7279] loop2: p2 size 1885929472 extends beyond EOD, truncated [ 185.510265][ T7279] loop2: p3 start 4294967295 is beyond EOD, truncated [ 185.972824][ T5802] udevd[5802]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 190.077266][ T28] audit: type=1804 audit(1761249454.928:174): pid=7316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.411" name="/newroot/87/file0" dev="fuse" ino=1 res=1 errno=0 [ 190.098834][ T7321] netlink: 'syz.2.414': attribute type 1 has an invalid length. [ 190.115081][ T28] audit: type=1804 audit(1761249454.968:175): pid=7316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.411" name="/newroot/87/file0" dev="fuse" ino=1 res=1 errno=0 [ 191.134144][ T7339] netlink: 'syz.0.418': attribute type 4 has an invalid length. [ 191.256239][ T7339] netlink: 17 bytes leftover after parsing attributes in process `syz.0.418'. [ 191.417825][ T28] audit: type=1804 audit(1761249456.258:176): pid=7342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.421" name="bus" dev="ramfs" ino=12132 res=1 errno=0 [ 191.489813][ T28] audit: type=1804 audit(1761249456.268:177): pid=7342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.421" name="bus" dev="ramfs" ino=12132 res=1 errno=0 [ 191.535559][ T5791] Bluetooth: hci3: command 0x0405 tx timeout [ 191.543130][ T5103] Bluetooth: hci2: command 0x0406 tx timeout [ 191.543148][ T5798] Bluetooth: hci0: command 0x0406 tx timeout [ 191.591117][ T5798] Bluetooth: hci1: command 0x0406 tx timeout [ 192.832432][ T7366] loop3: detected capacity change from 0 to 16 [ 192.867511][ T7366] erofs: (device loop3): mounted with root inode @ nid 36. [ 193.027272][ T7368] netlink: 'syz.0.430': attribute type 1 has an invalid length. [ 193.074519][ T7370] loop3: detected capacity change from 0 to 1024 [ 193.093644][ T7370] EXT4-fs: Ignoring removed nomblk_io_submit option [ 193.164227][ T7370] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.206935][ T7375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.432'. [ 193.346230][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.551101][ T7381] vlan2: entered allmulticast mode [ 193.764065][ T7385] xt_hashlimit: max too large, truncated to 1048576 [ 193.771254][ T7385] xt_hashlimit: overflow, try lower: 3/0 [ 193.850523][ T7379] loop3: detected capacity change from 0 to 32768 [ 193.882023][ T7379] BTRFS info (device loop3): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 193.894779][ T7379] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 193.905554][ T7379] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 193.918058][ T7379] BTRFS info (device loop3): use lzo compression, level 0 [ 193.925742][ T7379] BTRFS info (device loop3): using free space tree [ 194.015242][ T7379] BTRFS info (device loop3): enabling ssd optimizations [ 194.029304][ T7379] BTRFS info (device loop3): auto enabling async discard [ 194.147415][ T7407] netlink: 'syz.2.438': attribute type 10 has an invalid length. [ 194.176118][ T7407] team0: left allmulticast mode [ 194.184146][ T7407] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.194148][ T7407] team0: entered allmulticast mode [ 194.214131][ T7407] bond0: (slave team0): Enslaving as an active interface with an up link [ 194.224211][ T7408] netlink: 'syz.2.438': attribute type 10 has an invalid length. [ 194.246144][ T7408] syz_tun: left allmulticast mode [ 194.278481][ T7408] syz_tun: entered allmulticast mode [ 194.302553][ T7408] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 194.304039][ T7407] siw: device registration error -23 [ 194.556397][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.567315][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.382881][ T7414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 196.463643][ T5789] BTRFS info (device loop3): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 196.959031][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 197.191834][ T7431] vlan0: entered allmulticast mode [ 197.197058][ T7431] veth0_to_bond: entered allmulticast mode [ 197.228023][ T28] audit: type=1804 audit(1761249462.078:178): pid=7429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.445" name="/newroot/101/file0" dev="fuse" ino=1 res=1 errno=0 [ 197.304025][ T28] audit: type=1804 audit(1761249462.138:179): pid=7429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.445" name="/newroot/101/file0" dev="fuse" ino=1 res=1 errno=0 [ 203.700619][ T7478] loop3: detected capacity change from 0 to 8 [ 204.468417][ T7478] SQUASHFS error: Failed to read block 0x4de: -5 [ 204.500632][ T7478] SQUASHFS error: Failed to read block 0x4de: -5 [ 204.524214][ T28] audit: type=1800 audit(1761249469.378:180): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.460" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 204.588807][ T7485] gtp0: entered promiscuous mode [ 205.860155][ T28] audit: type=1326 audit(1761249470.718:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 205.908061][ T28] audit: type=1326 audit(1761249470.718:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 205.935914][ T28] audit: type=1326 audit(1761249470.718:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 205.959950][ T6933] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 205.969397][ T28] audit: type=1326 audit(1761249470.718:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 205.997674][ T28] audit: type=1326 audit(1761249470.718:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 206.024797][ T28] audit: type=1326 audit(1761249470.718:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 206.068785][ T28] audit: type=1326 audit(1761249470.718:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 206.095676][ T28] audit: type=1326 audit(1761249470.718:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 206.279216][ T6933] usb 3-1: Using ep0 maxpacket: 16 [ 206.299982][ T28] audit: type=1326 audit(1761249470.718:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 206.349187][ T6933] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 206.365165][ T6933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 206.387305][ T6933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 206.397436][ T6933] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 206.410548][ T6933] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 207.052605][ T6933] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 207.086524][ T6933] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 207.125500][ T6933] usb 3-1: Manufacturer: syz [ 207.155294][ T6933] usb 3-1: config 0 descriptor?? [ 207.491172][ T6933] rc_core: IR keymap rc-hauppauge not found [ 207.497129][ T6933] Registered IR keymap rc-empty [ 207.512307][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 207.609034][ T7519] netdevsim netdevsim3: Direct firmware load for ./file0/file1 failed with error -2 [ 207.620605][ T7519] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0/file1 [ 208.067353][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.089673][ T7516] bridge0: entered allmulticast mode [ 208.127306][ T7516] bridge_slave_1: left allmulticast mode [ 208.158689][ T6933] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 208.172801][ T7516] bridge_slave_1: left promiscuous mode [ 208.181314][ T7516] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.208045][ T6933] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input5 [ 208.223007][ T7516] bridge_slave_0: left allmulticast mode [ 208.228710][ T7516] bridge_slave_0: left promiscuous mode [ 208.248840][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.249973][ T7516] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.305760][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.383573][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.440121][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.469302][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.480904][ T7523] netlink: 20 bytes leftover after parsing attributes in process `syz.3.475'. [ 208.519440][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.559490][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.612037][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.650524][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.683806][ T6933] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 208.733086][ T6933] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 208.751194][ T6933] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 208.759747][ T6943] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 208.802017][ T6933] usb 3-1: USB disconnect, device number 2 [ 208.995329][ T6943] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 209.006317][ T6943] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 209.020646][ T6943] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 209.033228][ T6943] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 209.042803][ T6943] usb 4-1: SerialNumber: syz [ 209.269479][ T6943] usb 4-1: 0:2 : does not exist [ 209.274883][ T6943] usb 4-1: unit 255 not found! [ 209.343156][ T7537] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 209.351638][ T7537] openvswitch: netlink: Actions may not be safe on all matching packets [ 210.199516][ T6943] usb 4-1: 5:0: cannot get min/max values for control 5 (id 5) [ 210.879410][ T6943] usb 4-1: USB disconnect, device number 3 [ 211.140102][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 211.140119][ T28] audit: type=1326 audit(1761249475.948:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 211.224056][ T7312] udevd[7312]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 211.256188][ T28] audit: type=1326 audit(1761249475.948:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 211.283764][ T28] audit: type=1326 audit(1761249475.948:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 211.308634][ T28] audit: type=1326 audit(1761249475.948:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 211.851646][ T28] audit: type=1326 audit(1761249475.948:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 212.276695][ T28] audit: type=1326 audit(1761249475.948:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 212.370786][ T28] audit: type=1326 audit(1761249475.948:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 212.449499][ T28] audit: type=1326 audit(1761249475.948:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 212.598523][ T28] audit: type=1326 audit(1761249475.948:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 212.785061][ T28] audit: type=1326 audit(1761249475.948:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz.3.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 216.219351][ T5944] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 217.342401][ T7618] syzkaller0: entered promiscuous mode [ 217.346071][ T5944] usb 4-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62 [ 217.347916][ T7618] syzkaller0: entered allmulticast mode [ 217.365315][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=6, SerialNumber=3 [ 217.375622][ T5944] usb 4-1: Product: syz [ 217.383652][ T5944] usb 4-1: Manufacturer: syz [ 217.388702][ T5944] usb 4-1: SerialNumber: syz [ 217.398465][ T7621] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82 [ 217.413497][ T5944] usb 4-1: config 0 descriptor?? [ 217.436932][ T5944] usb 4-1: selecting invalid altsetting 1 [ 217.460761][ T5944] comedi comedi5: could not switch to alternate setting 1 [ 217.467946][ T5944] usbduxfast 4-1:0.0: driver 'usbduxfast' failed to auto-configure device. [ 217.673599][ T5944] usb 4-1: USB disconnect, device number 4 [ 218.315165][ T7627] bridge0: entered allmulticast mode [ 219.103419][ T7638] netlink: 'syz.3.509': attribute type 5 has an invalid length. [ 219.518479][ T7648] netdevsim netdevsim1: Direct firmware load for ./file0/file1 failed with error -2 [ 219.529718][ T7648] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0/file1 [ 221.519878][ T7665] bridge2: entered allmulticast mode [ 221.538135][ T7661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.524'. [ 221.597424][ T7661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.524'. [ 223.059370][ T5855] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 223.273918][ T7684] netdevsim netdevsim2: Direct firmware load for ./file0/file1 failed with error -2 [ 223.284575][ T7684] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0/file1 [ 223.364452][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 223.364465][ T28] audit: type=1326 audit(1761249488.218:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 223.364487][ T5855] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.376059][ T28] audit: type=1326 audit(1761249488.228:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 223.393492][ T5855] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 223.449657][ T28] audit: type=1326 audit(1761249488.268:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 223.506838][ T28] audit: type=1326 audit(1761249488.268:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 223.525191][ T5855] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 223.550543][ T5855] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 223.559863][ T5855] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.573383][ T5855] usb 4-1: config 0 descriptor?? [ 223.629432][ T28] audit: type=1326 audit(1761249488.268:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 223.687955][ T28] audit: type=1326 audit(1761249488.268:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 223.739623][ T28] audit: type=1326 audit(1761249488.268:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 223.786199][ T7696] netlink: 12 bytes leftover after parsing attributes in process `syz.1.529'. [ 223.799547][ T28] audit: type=1326 audit(1761249488.268:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 223.834565][ T28] audit: type=1326 audit(1761249488.268:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=40000003 syscall=247 compat=1 ip=0x200000000006 code=0x7ffc0000 [ 223.863196][ T7698] netlink: 16 bytes leftover after parsing attributes in process `syz.2.530'. [ 223.882826][ T28] audit: type=1326 audit(1761249488.268:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 223.936659][ T7698] netlink: 12 bytes leftover after parsing attributes in process `syz.2.530'. [ 224.137978][ T5855] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 224.162400][ T5855] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 225.122741][ T7717] Driver unsupported XDP return value 0 on prog (id 159) dev N/A, expect packet loss! [ 227.368695][ T6934] usb 4-1: USB disconnect, device number 5 [ 228.254471][ T7745] gtp0: entered promiscuous mode [ 234.444600][ T7821] Cannot find add_set index 65532 as target [ 236.326024][ T7834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.565'. [ 236.361476][ T7834] macvtap1: entered promiscuous mode [ 236.366905][ T7834] macvtap1: entered allmulticast mode [ 236.378648][ T7834] syz_tun: entered allmulticast mode [ 236.419907][ T7837] syz_tun: left allmulticast mode [ 236.559401][ T6934] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 236.985468][ T6934] usb 3-1: Using ep0 maxpacket: 32 [ 237.593898][ T6934] usb 3-1: config 0 has an invalid interface number: 221 but max is 0 [ 237.617648][ T6934] usb 3-1: config 0 has no interface number 0 [ 237.674929][ T6934] usb 3-1: config 0 interface 221 altsetting 1 endpoint 0x8 has invalid maxpacket 528, setting to 64 [ 237.715293][ T6934] usb 3-1: config 0 interface 221 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 237.730975][ T6934] usb 3-1: config 0 interface 221 has no altsetting 0 [ 237.745445][ T6934] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=34.88 [ 237.757157][ T6934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.765438][ T6934] usb 3-1: Product: syz [ 237.774985][ T6934] usb 3-1: Manufacturer: syz [ 237.779732][ T6934] usb 3-1: SerialNumber: syz [ 237.787784][ T6934] usb 3-1: config 0 descriptor?? [ 238.669448][ T6934] usb 3-1: USB disconnect, device number 3 [ 240.019821][ T7866] netlink: 'syz.1.574': attribute type 4 has an invalid length. [ 240.078699][ T7866] netlink: 'syz.1.574': attribute type 4 has an invalid length. [ 240.210166][ C1] 0: reclassify loop, rule prio 0, protocol 800 [ 241.109534][ C1] 0: reclassify loop, rule prio 0, protocol 800 [ 241.235778][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 241.235792][ T28] audit: type=1326 audit(1761249506.088:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 241.268528][ T7886] loop3: detected capacity change from 0 to 4096 [ 241.306386][ T28] audit: type=1326 audit(1761249506.088:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 241.370501][ T28] audit: type=1326 audit(1761249506.088:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 241.439712][ T28] audit: type=1326 audit(1761249506.088:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 241.505977][ T28] audit: type=1326 audit(1761249506.088:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 241.631850][ T28] audit: type=1326 audit(1761249506.088:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 241.702420][ T28] audit: type=1326 audit(1761249506.088:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 241.731211][ T28] audit: type=1326 audit(1761249506.108:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 241.774570][ T28] audit: type=1326 audit(1761249506.108:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 241.823285][ T28] audit: type=1326 audit(1761249506.108:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 245.592276][ T7910] team0: Port device team_slave_0 removed [ 245.598585][ T7910] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 247.783792][ T51] Bluetooth: hci1: unexpected event for opcode 0x2024 [ 248.109985][ T7959] syz.3.603 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 251.716815][ T7967] netlink: 4 bytes leftover after parsing attributes in process `syz.2.606'. [ 251.841604][ T7973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.609'. [ 251.854650][ T7973] netlink: 12 bytes leftover after parsing attributes in process `syz.2.609'. [ 256.016755][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.024935][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.980531][ T7979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.610'. [ 257.097186][ T7979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.610'. [ 261.495263][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 261.495277][ T28] audit: type=1326 audit(1761249526.348:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 261.581545][ T8034] xt_TCPMSS: Only works on TCP SYN packets [ 261.652763][ T28] audit: type=1326 audit(1761249526.348:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 262.309340][ T28] audit: type=1326 audit(1761249527.098:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 262.429323][ T28] audit: type=1326 audit(1761249527.098:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 262.525539][ T8039] netlink: 'syz.0.628': attribute type 4 has an invalid length. [ 262.533357][ T28] audit: type=1326 audit(1761249527.098:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 262.533398][ T28] audit: type=1326 audit(1761249527.098:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 262.533431][ T28] audit: type=1326 audit(1761249527.128:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 262.533464][ T28] audit: type=1326 audit(1761249527.128:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 262.533498][ T28] audit: type=1326 audit(1761249527.128:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 262.533532][ T28] audit: type=1326 audit(1761249527.128:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.2.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 262.917937][ T8043] netlink: 'syz.0.628': attribute type 4 has an invalid length. [ 265.197344][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 268.240469][ T8067] netlink: 'syz.0.636': attribute type 1 has an invalid length. [ 268.445371][ T8067] bond2: (slave ip6gretap2): Enslaving as a backup interface with an up link [ 268.618421][ T8067] 8021q: adding VLAN 0 to HW filter on device bond2 [ 268.622581][ T6838] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 268.748644][ T8074] 9pnet: Could not find request transport: 0xffffffffffffffff [ 268.761483][ T6838] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 268.970309][ T5855] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 269.874929][ T8088] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 271.997509][ T5855] usb 4-1: Using ep0 maxpacket: 32 [ 272.107005][ T5855] usb 4-1: device descriptor read/all, error -71 [ 274.395675][ T8121] netlink: 32 bytes leftover after parsing attributes in process `syz.2.651'. [ 274.425078][ T8121] netlink: 32 bytes leftover after parsing attributes in process `syz.2.651'. [ 278.829386][ T8181] netlink: 'syz.2.667': attribute type 1 has an invalid length. [ 278.985457][ T8184] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 279.132015][ T8188] netlink: 'syz.1.670': attribute type 11 has an invalid length. [ 280.355358][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.669'. [ 280.375202][ T8181] 8021q: adding VLAN 0 to HW filter on device bond1 [ 280.384856][ T6838] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 280.406224][ T8197] netlink: 'syz.1.672': attribute type 1 has an invalid length. [ 280.509060][ T8197] 8021q: adding VLAN 0 to HW filter on device bond2 [ 280.528760][ T8198] bond2: entered allmulticast mode [ 280.534231][ T11] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 280.565756][ T8199] bond2: (slave ip6gretap1): making interface the new active one [ 280.573879][ T8199] ip6gretap1: entered allmulticast mode [ 280.581291][ T8199] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 280.722495][ T8203] xt_recent: Unsupported userspace flags (000000de) [ 280.729785][ T8204] syz_tun: entered allmulticast mode [ 280.769757][ T8201] syz_tun: left allmulticast mode [ 280.896768][ T51] Bluetooth: hci0: unexpected event for opcode 0x0804 [ 280.981201][ T8212] xt_TCPMSS: Only works on TCP SYN packets [ 282.589603][ T8230] netlink: 'syz.1.682': attribute type 10 has an invalid length. [ 282.605108][ T8230] netlink: 40 bytes leftover after parsing attributes in process `syz.1.682'. [ 282.659109][ T8230] debugfs: Directory 'netdev:nicvf0' with parent 'phy6' already present! [ 287.687720][ T8281] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 287.695064][ T8281] IPv6: NLM_F_CREATE should be set when creating new route [ 287.885143][ T8281] lo: entered allmulticast mode [ 288.137831][ T8281] tunl0: entered allmulticast mode [ 288.237130][ T8281] gre0: entered allmulticast mode [ 288.975875][ T8281] gretap0: entered allmulticast mode [ 289.008645][ T8294] siw: device registration error -23 [ 289.014254][ T8281] erspan0: entered allmulticast mode [ 289.059640][ T8281] ip_vti0: entered allmulticast mode [ 289.085827][ T8281] ip6_vti0: entered allmulticast mode [ 289.115203][ T8281] sit0: entered allmulticast mode [ 289.166689][ T8281] ip6tnl0: entered allmulticast mode [ 289.195151][ T8281] ip6gre0: entered allmulticast mode [ 289.223963][ T8281] syz_tun: entered allmulticast mode [ 289.251789][ T8281] ip6gretap0: entered allmulticast mode [ 289.277923][ T8281] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.285600][ T8281] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.295662][ T8281] bridge0: entered allmulticast mode [ 289.316884][ T8281] vcan0: entered allmulticast mode [ 289.330560][ T8281] bond0: entered allmulticast mode [ 289.335790][ T8281] bond_slave_0: entered allmulticast mode [ 289.342519][ T8281] bond_slave_1: entered allmulticast mode [ 289.366466][ T8281] team0: entered allmulticast mode [ 289.375736][ T8281] team_slave_0: entered allmulticast mode [ 289.382180][ T8281] team_slave_1: entered allmulticast mode [ 289.388265][ T8281] geneve0: entered allmulticast mode [ 289.408507][ T8281] dummy0: entered allmulticast mode [ 289.463707][ T8281] nlmon0: entered allmulticast mode [ 289.475651][ T8281] caif0: entered allmulticast mode [ 289.493054][ T8281] batadv0: entered allmulticast mode [ 289.525322][ T8281] vxcan0: entered allmulticast mode [ 289.535858][ T8281] vxcan1: entered allmulticast mode [ 289.547108][ T8281] veth0: entered allmulticast mode [ 289.567551][ T8281] veth1: entered allmulticast mode [ 289.612282][ T8281] wg0: entered allmulticast mode [ 289.625638][ T8281] wg1: entered allmulticast mode [ 289.639892][ T8281] wg2: entered allmulticast mode [ 289.666669][ T8281] veth0_to_bridge: entered allmulticast mode [ 289.713801][ T8281] veth1_to_bridge: entered allmulticast mode [ 289.791638][ T8281] veth1_to_bond: entered allmulticast mode [ 289.821241][ T8281] veth0_to_team: entered allmulticast mode [ 289.846293][ T8281] veth1_to_team: entered allmulticast mode [ 289.904563][ T8281] veth0_to_batadv: entered allmulticast mode [ 289.920542][ T8281] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 289.943739][ T8281] batadv_slave_0: entered allmulticast mode [ 290.000730][ T8281] veth1_to_batadv: entered allmulticast mode [ 290.044583][ T8281] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.077252][ T8281] batadv_slave_1: entered allmulticast mode [ 290.094199][ T8281] xfrm0: entered allmulticast mode [ 290.116722][ T8281] veth0_to_hsr: entered allmulticast mode [ 290.148138][ T8281] hsr_slave_0: entered allmulticast mode [ 290.170747][ T8281] veth1_to_hsr: entered allmulticast mode [ 290.207131][ T8281] hsr_slave_1: entered allmulticast mode [ 290.229867][ T8281] hsr0: entered allmulticast mode [ 290.266473][ T8281] veth1_virt_wifi: entered allmulticast mode [ 290.331666][ T8281] veth0_virt_wifi: entered allmulticast mode [ 290.349492][ T8281] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 290.365747][ T8281] veth1_macvtap: entered allmulticast mode [ 290.386622][ T8281] veth0_macvtap: entered allmulticast mode [ 290.406050][ T8281] macvtap0: entered allmulticast mode [ 290.421755][ T8281] macsec0: entered allmulticast mode [ 290.446396][ T8281] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.455705][ T8281] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.464706][ T8281] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.474999][ T8281] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.484213][ T8281] geneve1: entered allmulticast mode [ 290.502945][ T8281] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 290.523771][ T8281] netdevsim netdevsim0 netdevsim1: entered allmulticast mode [ 290.535646][ T8281] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 290.556547][ T8281] netdevsim netdevsim0 netdevsim3: entered allmulticast mode [ 290.579967][ T8281] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 290.597273][ T8281] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 290.609312][ T8281] ip6gretap1: entered allmulticast mode [ 290.615576][ T8281] bridge1: entered allmulticast mode [ 290.623586][ T8281] veth2: entered allmulticast mode [ 290.632270][ T8281] veth4: entered allmulticast mode [ 290.641438][ T8281] vlan2: entered allmulticast mode [ 290.647912][ T8281] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode [ 290.656272][ T8281] bond1: entered allmulticast mode [ 290.666205][ T8281] bridge2: entered allmulticast mode [ 290.677891][ T8281] bridge3: entered allmulticast mode [ 290.692549][ T8281] hsr1: left promiscuous mode [ 290.697386][ T8281] hsr1: entered allmulticast mode [ 290.707680][ T8281] batadv1: entered allmulticast mode [ 290.719503][ T8281] bond2: entered allmulticast mode [ 290.725021][ T8281] ip6gretap2: entered allmulticast mode [ 290.971194][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 290.971207][ T28] audit: type=1326 audit(1761249555.828:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.013401][ T28] audit: type=1326 audit(1761249555.828:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.040362][ T28] audit: type=1326 audit(1761249555.868:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.063553][ T28] audit: type=1326 audit(1761249555.868:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.173597][ T28] audit: type=1326 audit(1761249555.868:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.203905][ T28] audit: type=1326 audit(1761249555.868:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.227718][ T28] audit: type=1326 audit(1761249555.868:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.258605][ T28] audit: type=1326 audit(1761249555.868:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.287851][ T28] audit: type=1326 audit(1761249555.898:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.312146][ T8315] netlink: 24 bytes leftover after parsing attributes in process `syz.3.703'. [ 291.353076][ T28] audit: type=1326 audit(1761249555.898:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2643b8efc9 code=0x7ffc0000 [ 291.395398][ T8315] netlink: 4 bytes leftover after parsing attributes in process `syz.3.703'. [ 292.633945][ T8333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.711'. [ 293.518030][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 296.908369][ T8368] loop2: detected capacity change from 0 to 256 [ 296.940713][ T8368] exfat: Bad value for 'time_offset' [ 297.409481][ T8380] netlink: 'syz.3.720': attribute type 1 has an invalid length. [ 297.525097][ T8380] 8021q: adding VLAN 0 to HW filter on device bond1 [ 297.857843][ T8383] veth3: entered promiscuous mode [ 297.896204][ T8383] bond1: (slave veth3): Enslaving as an active interface with a down link [ 297.937627][ T8389] netlink: 28 bytes leftover after parsing attributes in process `syz.2.723'. [ 298.010257][ T8391] Cannot find add_set index 65532 as target [ 298.077550][ T8380] veth5: entered promiscuous mode [ 298.115181][ T8380] bond1: (slave veth5): Enslaving as an active interface with a down link [ 298.131061][ T8390] netlink: 28 bytes leftover after parsing attributes in process `syz.2.723'. [ 298.176140][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 298.176149][ T28] audit: type=1326 audit(1761249563.028:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 298.267568][ T28] audit: type=1326 audit(1761249563.068:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 298.299604][ T28] audit: type=1326 audit(1761249563.068:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 298.337410][ T28] audit: type=1326 audit(1761249563.068:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 298.469761][ T28] audit: type=1326 audit(1761249563.068:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 300.047991][ T28] audit: type=1326 audit(1761249563.068:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 300.219241][ T28] audit: type=1326 audit(1761249563.068:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 300.279812][ T28] audit: type=1326 audit(1761249563.068:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 300.449338][ T28] audit: type=1326 audit(1761249563.068:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 302.381438][ T28] audit: type=1326 audit(1761249563.078:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 302.827745][ T8419] loop2: detected capacity change from 0 to 4096 [ 302.855354][ T8419] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 302.862324][ T8421] overlayfs: statfs failed on './file0' [ 302.926599][ T8419] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 306.038060][ T8435] xt_recent: Unsupported userspace flags (000000de) [ 306.137497][ T8438] netlink: 28 bytes leftover after parsing attributes in process `syz.1.740'. [ 306.155152][ T8440] netlink: 24 bytes leftover after parsing attributes in process `syz.2.738'. [ 306.212083][ T8442] netlink: 28 bytes leftover after parsing attributes in process `syz.1.740'. [ 306.236514][ T8440] netlink: 4 bytes leftover after parsing attributes in process `syz.2.738'. [ 307.159590][ T8449] netlink: 4 bytes leftover after parsing attributes in process `syz.1.750'. [ 307.238408][ T5944] IPVS: starting estimator thread 0... [ 307.339484][ T8459] Cannot find add_set index 65532 as target [ 307.345702][ T8457] IPVS: using max 35 ests per chain, 84000 per kthread [ 307.393855][ T8461] netlink: 'syz.3.745': attribute type 1 has an invalid length. [ 307.559077][ T8461] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 307.602073][ T8461] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 308.294991][ T8461] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 308.304874][ T8461] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 308.316127][ T8461] bond2: (slave geneve2): making interface the new active one [ 308.345352][ T8461] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 308.394459][ T8469] netlink: 28 bytes leftover after parsing attributes in process `syz.3.745'. [ 308.409423][ T8469] 8021q: adding VLAN 0 to HW filter on device bond2 [ 308.553703][ T8474] netlink: 24 bytes leftover after parsing attributes in process `syz.1.752'. [ 308.775180][ T8474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.752'. [ 311.739019][ T8518] lo: left allmulticast mode [ 311.755023][ T8518] tunl0: left allmulticast mode [ 311.764002][ T8518] gre0: left allmulticast mode [ 311.966133][ T8518] gretap0: left allmulticast mode [ 312.084148][ T8518] ip_vti0: left allmulticast mode [ 312.173737][ T8518] ip6_vti0: left allmulticast mode [ 312.334663][ T8518] sit0: left allmulticast mode [ 312.357719][ T8518] ip6tnl0: left allmulticast mode [ 312.376945][ T8518] ip6gre0: left allmulticast mode [ 312.383851][ T8518] syz_tun: left allmulticast mode [ 312.391126][ T8518] ip6gretap0: left allmulticast mode [ 312.398663][ T8518] bridge0: left allmulticast mode [ 312.407768][ T8518] vcan0: left allmulticast mode [ 312.426346][ T8518] bond0: left allmulticast mode [ 312.434083][ T8518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 312.447676][ T8518] team0: left allmulticast mode [ 312.454639][ T8518] 8021q: adding VLAN 0 to HW filter on device team0 [ 312.468444][ T8518] dummy0: left allmulticast mode [ 312.476564][ T8518] nlmon0: left allmulticast mode [ 312.488950][ T8518] caif0: left allmulticast mode [ 312.499606][ T8518] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 313.250698][ T8518] syz.0.764 (8518) used greatest stack depth: 20104 bytes left [ 314.072248][ T8541] Cannot find add_set index 65532 as target [ 314.961683][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 314.961693][ T28] audit: type=1326 audit(1761249579.808:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 315.128486][ T28] audit: type=1326 audit(1761249579.808:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 315.150714][ C0] vkms_vblank_simulate: vblank timer overrun [ 315.158576][ T28] audit: type=1326 audit(1761249579.808:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 315.181308][ T28] audit: type=1326 audit(1761249579.808:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 315.203449][ C0] vkms_vblank_simulate: vblank timer overrun [ 316.352919][ T28] audit: type=1326 audit(1761249579.818:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 316.449300][ T28] audit: type=1326 audit(1761249579.818:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 316.594481][ T28] audit: type=1326 audit(1761249579.818:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 316.616719][ C0] vkms_vblank_simulate: vblank timer overrun [ 316.784974][ T28] audit: type=1326 audit(1761249579.858:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 316.904618][ T28] audit: type=1326 audit(1761249579.858:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 317.030682][ T28] audit: type=1326 audit(1761249579.858:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8544 comm="syz.0.772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 317.052881][ C0] vkms_vblank_simulate: vblank timer overrun [ 317.436912][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.454675][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.555645][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 319.648366][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 319.675367][ T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 319.732663][ T8] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 319.772479][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.804641][ T8] usb 3-1: Product: syz [ 319.808873][ T8] usb 3-1: Manufacturer: syz [ 319.847827][ T8] usb 3-1: SerialNumber: syz [ 319.873624][ T8] usb 3-1: config 0 descriptor?? [ 319.893556][ T8582] netlink: 28 bytes leftover after parsing attributes in process `syz.0.783'. [ 319.913851][ T8569] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 319.954607][ T8] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 320.173980][ T8593] netlink: zone id is out of range [ 320.181979][ T8593] netlink: zone id is out of range [ 320.188371][ T8593] netlink: zone id is out of range [ 320.207018][ T8593] netlink: zone id is out of range [ 320.217163][ T8593] netlink: zone id is out of range [ 320.228504][ T8593] netlink: zone id is out of range [ 320.239268][ T8593] netlink: zone id is out of range [ 320.247706][ T8593] netlink: zone id is out of range [ 320.264991][ T8593] netlink: zone id is out of range [ 320.268583][ T8] usb 3-1: USB disconnect, device number 4 [ 320.300346][ T8593] netlink: zone id is out of range [ 332.655612][ T8696] netlink: 'syz.0.824': attribute type 1 has an invalid length. [ 332.701185][ T8696] 8021q: adding VLAN 0 to HW filter on device bond3 [ 332.748734][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.285068][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.307787][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.320942][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.350104][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.378235][ T8706] gretap1: entered promiscuous mode [ 333.406847][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.410553][ T8706] bond3: (slave gretap1): making interface the new active one [ 333.437093][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.461626][ T8706] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 333.482772][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.632284][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.650074][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 333.841754][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 334.372595][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 334.384000][ T8713] bridge4: entered allmulticast mode [ 334.449018][ T8702] 9pnet_fd: p9_fd_create_tcp (8702): problem connecting socket to 127.0.0.1 [ 338.230592][ T8756] netlink: 12 bytes leftover after parsing attributes in process `syz.1.843'. [ 338.250007][ T8756] 8021q: VLANs not supported on ip6gre0 [ 338.268325][ T8757] ptrace attach of "./syz-executor exec"[5789] was attempted by ""[8757] [ 339.457879][ T8766] netlink: 'syz.2.837': attribute type 9 has an invalid length. [ 339.740257][ T8772] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 339.752650][ T8772] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 346.565220][ T8819] xfrm0: entered promiscuous mode [ 346.742013][ T8819] xfrm0: entered allmulticast mode [ 347.084485][ T8826] ptrace attach of "./syz-executor exec"[8827] was attempted by "./syz-executor exec"[8826] [ 347.638354][ T8828] (null): rxe_set_mtu: Set mtu to 1024 [ 348.300430][ T8835] loop3: detected capacity change from 0 to 512 [ 348.342856][ T8835] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 348.376073][ T8835] EXT4-fs (loop3): orphan cleanup on readonly fs [ 348.411668][ T8828] infiniband syz0: set down [ 348.417889][ T8828] infiniband syz0: added bond0 [ 348.424382][ T8828] syz0: rxe_create_cq: returned err = -12 [ 348.430643][ T8828] infiniband syz0: Couldn't create ib_mad CQ [ 348.436995][ T8828] infiniband syz0: Couldn't open port 1 [ 348.474184][ T8828] RDS/IB: syz0: added [ 348.478878][ T8828] smc: adding ib device syz0 with port count 1 [ 348.485916][ T8828] smc: ib device syz0 port 1 has pnetid [ 348.511974][ T8835] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 348.580713][ T8835] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 348.616735][ T8835] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #13: comm syz.3.858: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 348.677985][ T8835] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.858: couldn't read orphan inode 13 (err -117) [ 348.765626][ T8835] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 349.148129][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 349.328372][ T8840] bridge3: entered allmulticast mode [ 351.339998][ T8854] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 353.179662][ T8] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 353.278676][ T8894] team0: Device bond0 is already an upper device of the team interface [ 353.396292][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 353.411737][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.429544][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.451993][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 353.466769][ T8] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 353.479331][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.543008][ T8] usb 3-1: config 0 descriptor?? [ 353.733895][ T8897] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 353.749757][ T8899] (null): rxe_set_mtu: Set mtu to 1024 [ 353.796545][ T8899] rdma_rxe: rxe_newlink: failed to add bond0 [ 353.808744][ T8897] bond3: (slave macvlan2): making interface the new active one [ 353.831786][ T8897] bond3: (slave macvlan2): Enslaving as an active interface with an up link [ 353.994003][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.029571][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.036865][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.067825][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.078681][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.381316][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.389947][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.397386][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.404918][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.800655][ T8] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 354.845100][ T8] microsoft 0003:045E:07DA.0002: No inputs registered, leaving [ 354.868889][ T8] microsoft 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 354.964322][ T8] microsoft 0003:045E:07DA.0002: no inputs found [ 355.041269][ T8] microsoft 0003:045E:07DA.0002: could not initialize ff, continuing anyway [ 355.057199][ T8] usb 3-1: USB disconnect, device number 5 [ 355.168074][ T8911] fido_id[8911]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 357.324263][ T8932] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 357.334324][ T8932] bond3: (slave macvlan2): Enslaving as an active interface with a down link [ 357.362478][ T8947] (null): rxe_set_mtu: Set mtu to 1024 [ 357.369602][ T8947] rdma_rxe: rxe_newlink: failed to add bond0 [ 360.951227][ T8999] netlink: 24 bytes leftover after parsing attributes in process `syz.2.901'. [ 361.731387][ T9000] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 361.806001][ T9000] bond4: (slave macvlan0): making interface the new active one [ 361.846015][ T9000] bond4: (slave macvlan0): Enslaving as an active interface with an up link [ 362.018323][ T8997] (null): rxe_set_mtu: Set mtu to 1024 [ 362.448116][ T8997] rdma_rxe: rxe_newlink: failed to add bond0 [ 366.383383][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 366.383396][ T28] audit: type=1326 audit(1761249631.238:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 366.532990][ T28] audit: type=1326 audit(1761249631.238:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 366.913344][ T28] audit: type=1326 audit(1761249631.248:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 366.941812][ T28] audit: type=1326 audit(1761249631.248:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 367.058548][ T28] audit: type=1326 audit(1761249631.248:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 367.301780][ T28] audit: type=1326 audit(1761249631.248:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 367.324688][ T28] audit: type=1326 audit(1761249631.248:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 367.351407][ T28] audit: type=1326 audit(1761249631.248:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 367.383061][ T28] audit: type=1326 audit(1761249631.268:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 367.413454][ T28] audit: type=1326 audit(1761249631.278:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9031 comm="syz.1.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 368.574437][ T9055] dvmrp0: entered allmulticast mode [ 368.601200][ T9055] dvmrp0: left allmulticast mode [ 375.120716][ T9144] netlink: 12 bytes leftover after parsing attributes in process `syz.0.945'. [ 375.130833][ T9144] net_ratelimit: 23 callbacks suppressed [ 375.130869][ T9144] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 377.435171][ T9166] x_tables: unsorted underflow at hook 3 [ 378.541710][ T9175] ptrace attach of "./syz-executor exec"[5786] was attempted by "   jC*p\x1bŖ 3Hej$x2e|yOkYxMxOB B͒GMP%OޜtĎ\x0dT[g]LJ;2$|gP\x22̏R׾{Vd,ru\x0da1i-6M+\x07}T#a5Zd0ƌ{w$)i%L>Q,oQeꮰHrʏ.ҿɷ0JVw^{'ǁo_8v:7>LpF,Z3R<\x07}A\x07B{ g`g/3`0=\x1bJ-^0eyJq -ʹ\x0bL\x0c [ 378.881349][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.995904][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.691503][ T9182] loop2: detected capacity change from 0 to 16 [ 379.724705][ T9182] erofs: (device loop2): mounted with root inode @ nid 36. [ 379.739981][ T9183] netlink: 'syz.1.959': attribute type 2 has an invalid length. [ 381.694654][ T9206] netlink: 12 bytes leftover after parsing attributes in process `syz.0.964'. [ 383.656870][ T9224] netlink: 24 bytes leftover after parsing attributes in process `syz.0.968'. [ 384.748036][ T9234] ecryptfs_parse_options: eCryptfs: unrecognized option [(] [ 384.755634][ T9234] ecryptfs_parse_options: eCryptfs: unrecognized option [{\)] [ 384.763317][ T9234] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 384.779025][ T9234] Error parsing options; rc = [-22] [ 388.412518][ T9247] vlan2: entered promiscuous mode [ 388.417700][ T9247] bond0: entered promiscuous mode [ 388.449505][ T9247] vlan2: entered allmulticast mode [ 388.459517][ T9247] bond0: entered allmulticast mode [ 390.706052][ T9269] netlink: 'syz.2.980': attribute type 29 has an invalid length. [ 390.714256][ T9269] netlink: 'syz.2.980': attribute type 29 has an invalid length. [ 390.802429][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 390.802441][ T28] audit: type=1326 audit(1761249655.658:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 390.832850][ T28] audit: type=1326 audit(1761249655.688:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 390.995972][ T28] audit: type=1326 audit(1761249655.688:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 391.069016][ T28] audit: type=1326 audit(1761249655.688:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 391.079581][ T9280] netlink: 24 bytes leftover after parsing attributes in process `syz.0.984'. [ 391.139353][ T28] audit: type=1326 audit(1761249655.848:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 391.181453][ T28] audit: type=1326 audit(1761249655.848:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 391.199451][ T9279] loop2: detected capacity change from 0 to 512 [ 391.205914][ T28] audit: type=1326 audit(1761249655.848:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 391.238111][ T28] audit: type=1326 audit(1761249655.848:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 391.344703][ T28] audit: type=1326 audit(1761249655.848:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 391.459964][ T9279] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002] [ 391.468121][ T9279] System zones: 0-2, 18-18, 34-35 [ 391.474291][ T9280] netlink: 4 bytes leftover after parsing attributes in process `syz.0.984'. [ 391.477801][ T28] audit: type=1326 audit(1761249655.848:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9275 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7e00d8efc9 code=0x7ffc0000 [ 391.542665][ T9279] EXT4-fs error (device loop2): ext4_quota_enable:7124: inode #4: comm syz.2.983: iget: bad i_size value: 5910974510929920 [ 391.558582][ T9279] EXT4-fs error (device loop2): ext4_quota_enable:7127: comm syz.2.983: Bad quota inode: 4, type: 1 [ 391.571604][ T9279] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 391.587408][ T9279] EXT4-fs (loop2): mount failed [ 393.508133][ T9314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.991'. [ 393.750207][ T9319] ptrace attach of ""[9321] was attempted by "./syz-executor exec"[9319] [ 394.551253][ T9327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.995'. [ 395.891249][ T28] kauditd_printk_skb: 57 callbacks suppressed [ 395.891263][ T28] audit: type=1326 audit(1761249660.748:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7e00d85e67 code=0x7ffc0000 [ 395.940539][ T28] audit: type=1326 audit(1761249660.748:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e00d2b099 code=0x7ffc0000 [ 396.685296][ T28] audit: type=1326 audit(1761249660.748:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7e00d85e67 code=0x7ffc0000 [ 396.801452][ T28] audit: type=1326 audit(1761249660.748:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e00d2b099 code=0x7ffc0000 [ 396.868259][ T28] audit: type=1326 audit(1761249660.748:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7e00d85e67 code=0x7ffc0000 [ 397.107483][ T28] audit: type=1326 audit(1761249660.748:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e00d2b099 code=0x7ffc0000 [ 397.179784][ T28] audit: type=1326 audit(1761249660.748:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7e00d85e67 code=0x7ffc0000 [ 397.316808][ T28] audit: type=1326 audit(1761249660.748:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e00d2b099 code=0x7ffc0000 [ 397.448648][ T28] audit: type=1326 audit(1761249660.788:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7e00d85e67 code=0x7ffc0000 [ 397.619959][ T28] audit: type=1326 audit(1761249660.788:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.1.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e00d2b099 code=0x7ffc0000 [ 398.265266][ T1109] Bluetooth: hci4: Frame reassembly failed (-84) [ 399.894043][ T9375] tipc: Enabling of bearer rejected, already enabled [ 399.908851][ T9376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1010'. [ 399.988596][ T9376] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 400.309782][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 400.318204][ T5799] Bluetooth: hci4: command 0x1003 tx timeout [ 400.997840][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 400.997857][ T28] audit: type=1326 audit(1761249665.838:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9387 comm="syz.2.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 401.168778][ T28] audit: type=1326 audit(1761249665.838:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9387 comm="syz.2.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 401.197557][ T28] audit: type=1326 audit(1761249665.838:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9387 comm="syz.2.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 401.245168][ T28] audit: type=1326 audit(1761249665.838:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9387 comm="syz.2.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 401.369678][ T8] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 401.378741][ T28] audit: type=1326 audit(1761249665.848:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9387 comm="syz.2.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fdfa9b8efc9 code=0x7ffc0000 [ 401.433080][ T28] audit: type=1326 audit(1761249665.848:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9387 comm="syz.2.1013" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdfa9b8efc9 code=0x0 [ 401.585939][ T8] usb 4-1: config 3 has an invalid interface number: 173 but max is 0 [ 401.595624][ T8] usb 4-1: config 3 has no interface number 0 [ 401.638898][ T8] usb 4-1: config 3 interface 173 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 401.710443][ T8] usb 4-1: config 3 interface 173 has no altsetting 0 [ 401.771683][ T8] usb 4-1: New USB device found, idVendor=03f0, idProduct=0f9b, bcdDevice=d2.cf [ 401.972113][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.987192][ T8] usb 4-1: Product: syz [ 401.997323][ T8] usb 4-1: Manufacturer: syz [ 402.014375][ T8] usb 4-1: SerialNumber: syz [ 402.028807][ T9384] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 402.071079][ T8] pl2303 4-1:3.173: required interrupt-in endpoint missing [ 402.515799][ T6934] usb 4-1: USB disconnect, device number 8 [ 406.585621][ T9441] loop3: detected capacity change from 0 to 512 [ 406.933332][ T8590] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 407.789730][ T5799] Bluetooth: hci2: unknown advertising packet type: 0x6c [ 407.789841][ T5799] Bluetooth: hci2: unknown advertising packet type: 0x20 [ 407.809289][ T5799] Bluetooth: hci2: unknown advertising packet type: 0x40 [ 407.816400][ T5799] Bluetooth: hci2: unknown advertising packet type: 0x09 [ 407.825306][ T5799] Bluetooth: hci2: Malformed LE Event: 0x02 [ 408.553636][ T28] audit: type=1326 audit(1761249673.408:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9455 comm="syz.1.1033" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x0 [ 408.766409][ T9459] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1034'. [ 408.875547][ T9459] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1034'. [ 408.876088][ T9464] loop3: detected capacity change from 0 to 128 [ 409.036379][ T9467] CIFS: Unable to determine destination address [ 409.044753][ T9467] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1036'. [ 409.227801][ T49] kworker/u4:3: attempt to access beyond end of device [ 409.227801][ T49] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 409.271360][ T9472] ipt_REJECT: ECHOREPLY no longer supported. [ 409.308952][ T9472] loop2: detected capacity change from 0 to 512 [ 409.359626][ T9472] EXT4-fs error (device loop2): ext4_quota_enable:7124: comm syz.2.1038: inode #50331648: comm syz.2.1038: iget: illegal inode # [ 409.412536][ T9463] syz.3.1035: attempt to access beyond end of device [ 409.412536][ T9463] loop3: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 409.427909][ T9472] EXT4-fs (loop2): Remounting filesystem read-only [ 409.438672][ T9472] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=50331648). Please run e2fsck to fix. [ 409.454578][ T9472] EXT4-fs (loop2): mount failed [ 409.506137][ T9478] tipc: Enabling of bearer rejected, already enabled [ 409.536799][ T9480] netem: change failed [ 409.652273][ T9484] tipc: New replicast peer: 255.255.255.255 [ 409.661434][ T9484] tipc: Enabled bearer , priority 10 [ 411.497177][ T9506] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1049'. [ 411.528525][ T9506] IPv6: sit1: Disabled Multicast RS [ 411.547184][ T9506] sit1: entered allmulticast mode [ 412.519038][ T9529] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.1057'. [ 412.854746][ T5835] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 412.893646][ T9531] loop2: detected capacity change from 0 to 2048 [ 413.035099][ T9531] EXT4-fs: quotafile must be on filesystem root [ 413.091493][ T5835] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 413.942965][ T9536] fido_id[9536]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 414.026658][ T9545] netlink: 'syz.3.1061': attribute type 3 has an invalid length. [ 415.550271][ T9563] overlayfs: failed to clone upperpath [ 417.212911][ T9580] ptrace attach of ""[9581] was attempted by "./syz-executor exec"[9580] [ 419.716812][ T9596] CIFS: Unable to determine destination address [ 419.730226][ T9596] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1076'. [ 419.921159][ T9603] batman_adv: batadv0: Adding interface: dummy0 [ 419.927475][ T9603] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 419.962429][ T9603] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 420.266339][ T9611] ipt_REJECT: ECHOREPLY no longer supported. [ 426.895001][ T9661] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1093'. [ 426.917586][ T9661] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 427.043988][ T9663] sit0: entered promiscuous mode [ 427.051088][ T9663] netlink: 21 bytes leftover after parsing attributes in process `syz.1.1096'. [ 427.212890][ T9665] syzkaller0: entered promiscuous mode [ 427.233742][ T9665] syzkaller0: entered allmulticast mode [ 428.299449][ T51] Bluetooth: hci3: command 0x0405 tx timeout [ 431.397763][ T9704] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1106'. [ 431.716270][ T9704] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 433.556094][ T9716] dummy0: entered promiscuous mode [ 433.572416][ T9716] vlan2: entered promiscuous mode [ 434.382454][ T9735] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 434.398866][ T9735] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 435.093122][ T9740] syzkaller0: entered promiscuous mode [ 435.098696][ T9740] syzkaller0: entered allmulticast mode [ 440.661401][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.667789][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.857275][ T9763] mac80211_hwsim hwsim2 syzkaller0: left allmulticast mode [ 446.718405][ T9783] team0: Port device vlan0 removed [ 446.735145][ T9783] bond1: (slave veth3): Releasing active interface [ 446.742726][ T9783] bond1: (slave veth3): the permanent HWaddr of slave - 02:30:4e:28:52:2b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 446.767545][ T9783] bond1: (slave veth5): Releasing active interface [ 446.782176][ T9783] bond2: (slave geneve2): Releasing active interface [ 446.792594][ T9783] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 446.801905][ T9783] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 446.811531][ T9783] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 446.820578][ T9783] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 446.834060][ T9783] bond3: (slave macvlan2): Releasing active interface [ 446.918255][ T49] tipc: Resetting bearer [ 446.928512][ T9787] team0: Unable to change to the same mode the team is in [ 447.662640][ T9798] netlink: 27 bytes leftover after parsing attributes in process `syz.3.1133'. [ 448.374839][ T28] audit: type=1326 audit(1761249718.233:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9810 comm="syz.0.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7fc00000 [ 448.439878][ T28] audit: type=1326 audit(1761249718.263:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9810 comm="syz.0.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f587418efc9 code=0x7fc00000 [ 448.477737][ T28] audit: type=1326 audit(1761249718.263:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9810 comm="syz.0.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7fc00000 [ 449.608395][ T9819] syz_tun: entered allmulticast mode [ 462.136682][ T8523] bond0: (slave syz_tun): Releasing backup interface [ 462.158014][ T8523] syz_tun (unregistering): left allmulticast mode [ 462.244933][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 462.260741][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 462.269766][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 462.277971][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 462.286590][ T5799] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 462.296585][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 462.433745][ T9832] bridge_slave_0: left promiscuous mode [ 462.456640][ T9832] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.368217][ T9832] bridge_slave_1: left promiscuous mode [ 463.380674][ T9832] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.459887][ T9832] bond0: (slave bond_slave_0): Releasing backup interface [ 463.477871][ T9832] bond0: (slave bond_slave_1): Releasing backup interface [ 463.504130][ T9832] team0: Port device team_slave_0 removed [ 463.521528][ T9832] team0: Port device team_slave_1 removed [ 463.528083][ T9832] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 463.536808][ T9832] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 463.548075][ T9832] team0: Port device geneve0 removed [ 463.556577][ T9832] veth3: left promiscuous mode [ 463.563805][ T9832] bridge1: port 1(veth3) entered disabled state [ 463.781130][ T9832] veth5: left promiscuous mode [ 463.845653][ T9832] bridge1: port 2(veth5) entered disabled state [ 464.033414][ T9832] bond1: (slave bridge2): Releasing active interface [ 464.148969][ T9832] bond2: (slave ip6gretap2): Removing an active aggregator [ 464.230515][ T9832] bond2: (slave ip6gretap2): Releasing backup interface [ 464.272152][ T9832] bond3: (slave gretap1): Releasing active interface [ 464.285704][ T9832] bond4: (slave macvlan0): Releasing active interface [ 464.309733][ T9835] team0: Mode changed to "loadbalance" [ 464.405762][ T51] Bluetooth: hci3: command tx timeout [ 464.684498][ T28] audit: type=1326 audit(1761249734.543:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 464.707344][ T28] audit: type=1326 audit(1761249734.543:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 465.192616][ T28] audit: type=1326 audit(1761249734.573:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 465.217182][ T28] audit: type=1326 audit(1761249734.573:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 465.338793][ T28] audit: type=1326 audit(1761249734.573:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 465.431593][ T28] audit: type=1326 audit(1761249734.573:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 465.458405][ T28] audit: type=1326 audit(1761249734.573:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 465.506087][ T28] audit: type=1326 audit(1761249734.573:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 465.578347][ T9856] overlayfs: failed to clone upperpath [ 465.582821][ T28] audit: type=1326 audit(1761249734.573:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 465.607359][ T28] audit: type=1326 audit(1761249734.833:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.0.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 466.274588][ T9827] chnl_net:caif_netlink_parms(): no params data found [ 466.469510][ T51] Bluetooth: hci3: command tx timeout [ 466.980846][ T9873] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1155'. [ 467.016515][ T9873] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 467.216754][ T9827] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.228939][ T9827] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.263810][ T9827] bridge_slave_0: entered allmulticast mode [ 467.272561][ T9827] bridge_slave_0: entered promiscuous mode [ 467.282706][ T9827] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.289978][ T9827] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.297709][ T9827] bridge_slave_1: entered allmulticast mode [ 467.313023][ T9827] bridge_slave_1: entered promiscuous mode [ 467.371889][ T9827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 467.401474][ T9827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.596859][ T9827] team0: Port device team_slave_0 added [ 468.618430][ T51] Bluetooth: hci3: command tx timeout [ 468.896088][ T9827] team0: Port device team_slave_1 added [ 470.570060][ T9827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 470.577071][ T9827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 470.796037][ T51] Bluetooth: hci3: command tx timeout [ 470.814205][ T9827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 471.258331][ T9827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 471.274145][ T9827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.301258][ T9827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 471.681585][ T9827] hsr_slave_0: entered promiscuous mode [ 471.705641][ T9827] hsr_slave_1: entered promiscuous mode [ 471.729539][ T9827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 471.758282][ T9827] Cannot create hsr debugfs directory [ 472.469698][ T9929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1168'. [ 472.595863][ T9929] syz_tun (unregistering): left allmulticast mode [ 472.648247][ T9929] bond0: (slave syz_tun): Releasing backup interface [ 473.847775][ T9827] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 473.862763][ T9827] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 473.933057][ T9827] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 473.951654][ T9827] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 476.144859][ T9827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 476.316557][ T9827] 8021q: adding VLAN 0 to HW filter on device team0 [ 476.344465][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state [ 476.351620][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 476.415882][ T9960] rdma_op ffff88805d3329f0 conn xmit_rdma 0000000000000000 [ 477.123994][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.131283][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 477.457842][ T9966] loop3: detected capacity change from 0 to 164 [ 478.788720][ T9827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 479.300868][ T9827] veth0_vlan: entered promiscuous mode [ 479.326761][ T9827] veth1_vlan: entered promiscuous mode [ 479.397309][ T9827] veth0_macvtap: entered promiscuous mode [ 479.418105][ T9827] veth1_macvtap: entered promiscuous mode [ 479.437872][ T9827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 479.451256][ T9827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 479.467593][ T9827] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.484646][ T9827] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.501191][ T9827] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.512653][ T9827] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.960022][ T6943] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 480.093212][ T6723] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 480.105033][ T6723] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 480.150493][ T6723] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 480.158891][ T6723] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 480.167991][ T6943] usb 4-1: Using ep0 maxpacket: 32 [ 480.184225][ T6943] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 480.195567][ T6943] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 480.216178][ T6943] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 480.228340][ T6943] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.249971][ T6943] usb 4-1: config 0 descriptor?? [ 480.348445][ T6943] hub 4-1:0.0: USB hub found [ 480.535785][ T9992] loop3: detected capacity change from 0 to 1764 [ 480.729807][ T6943] hub 4-1:0.0: 1 port detected [ 480.743002][T10005] syzkaller0: entered promiscuous mode [ 480.748702][T10005] syzkaller0: entered allmulticast mode [ 480.840286][T10011] rdma_op ffff8880794e89f0 conn xmit_rdma 0000000000000000 [ 481.617835][ T6934] hub 4-1:0.0: activate --> -90 [ 483.121197][ T5855] usb 4-1: USB disconnect, device number 9 [ 483.299324][ T6934] usb 4-1-port1: config error [ 483.305045][ T6934] usb 4-1-port1: attempt power cycle [ 483.320171][T10024] netlink: 'syz.3.1188': attribute type 21 has an invalid length. [ 483.328464][T10024] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1188'. [ 483.344027][T10024] syz.3.1188 uses obsolete (PF_INET,SOCK_PACKET) [ 483.496281][T10028] Falling back ldisc for ttyS3. [ 483.811003][T10037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1192'. [ 484.015083][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 484.015097][ T28] audit: type=1326 audit(1761249753.873:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 484.066285][ T28] audit: type=1326 audit(1761249753.883:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 484.233903][ T28] audit: type=1326 audit(1761249753.883:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 484.340174][ T28] audit: type=1326 audit(1761249753.883:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 484.366322][ T28] audit: type=1326 audit(1761249753.893:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 484.443090][ T28] audit: type=1326 audit(1761249753.893:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 484.483909][ T28] audit: type=1326 audit(1761249753.893:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 484.507326][ T28] audit: type=1326 audit(1761249753.893:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 484.530263][ T28] audit: type=1326 audit(1761249753.893:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 484.553106][ T28] audit: type=1326 audit(1761249753.893:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587418efc9 code=0x7ffc0000 [ 486.642068][T10072] loop4: detected capacity change from 0 to 164 [ 487.422296][ T9825] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 488.084848][T10079] syzkaller0: entered promiscuous mode [ 488.090488][T10079] syzkaller0: entered allmulticast mode [ 488.935316][ T9999] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 489.329314][ T9999] usb 4-1: Using ep0 maxpacket: 8 [ 489.380134][ T9999] usb 4-1: unable to get BOS descriptor or descriptor too short [ 489.389405][ T9999] usb 4-1: config 246 has an invalid interface number: 233 but max is 0 [ 489.405944][ T9999] usb 4-1: config 246 has no interface number 0 [ 489.419582][ T9999] usb 4-1: config 246 interface 233 has no altsetting 0 [ 489.438296][ T9999] usb 4-1: New USB device found, idVendor=0b05, idProduct=18f0, bcdDevice=af.9c [ 489.452156][ T9999] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.476123][ T9999] usb 4-1: Product: syz [ 489.513495][T10102] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1211'. [ 489.632861][ T9999] usb 4-1: Manufacturer: ࠌ [ 489.665367][ T9999] usb 4-1: SerialNumber: syz [ 490.408203][ T9999] usb 4-1: USB disconnect, device number 14 [ 492.017749][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 492.017764][ T28] audit: type=1326 audit(1761249761.873:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10120 comm="syz.1.1216" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e00d8efc9 code=0x0 [ 498.405675][T10175] netlink: 'syz.4.1228': attribute type 1 has an invalid length. [ 498.621985][T10175] bond1 (unregistering): Released all slaves [ 499.226561][T10183] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1228'. [ 499.268374][ T28] audit: type=1804 audit(1761249769.123:555): pid=10187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1231" name="bus" dev="ramfs" ino=20701 res=1 errno=0 [ 499.384008][ T28] audit: type=1804 audit(1761249769.123:556): pid=10187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1231" name="bus" dev="ramfs" ino=20701 res=1 errno=0 [ 499.640410][T10193] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1234'. [ 499.759987][T10193] team0: entered promiscuous mode [ 499.777033][T10193] team_slave_0: entered promiscuous mode [ 499.791658][T10193] team_slave_1: entered promiscuous mode [ 499.836165][T10193] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 499.866973][T10193] bridge0: port 3(macvlan2) entered blocking state [ 499.990342][T10193] bridge0: port 3(macvlan2) entered disabled state [ 500.035983][T10193] macvlan2: entered allmulticast mode [ 500.041602][T10193] team0: entered allmulticast mode [ 500.046924][T10193] team_slave_0: entered allmulticast mode [ 500.052943][T10193] team_slave_1: entered allmulticast mode [ 500.062449][T10193] macvlan2: entered promiscuous mode [ 500.070339][T10193] bridge0: port 3(macvlan2) entered blocking state [ 500.077032][T10193] bridge0: port 3(macvlan2) entered forwarding state [ 501.841173][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.856241][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.699370][ T5835] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 504.579395][ T5835] usb 5-1: Using ep0 maxpacket: 32 [ 504.589853][ T5835] usb 5-1: config index 0 descriptor too short (expected 786, got 18) [ 504.754467][ T5835] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 504.765586][ T5835] usb 5-1: config 0 has no interface number 0 [ 504.775598][ T5835] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 504.789289][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.797330][ T5835] usb 5-1: Product: syz [ 505.420536][ T5835] usb 5-1: Manufacturer: syz [ 506.024920][ T5835] usb 5-1: SerialNumber: syz [ 506.051527][ T5835] usb 5-1: config 0 descriptor?? [ 506.068689][ T5835] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 506.228188][T10254] loop3: detected capacity change from 0 to 8192 [ 506.321292][ T5835] usb 5-1: qt2_setup_urbs - submit read urb failed -8 [ 506.328340][ T5835] quatech2: probe of 5-1:0.51 failed with error -8 [ 506.576904][T10256] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.1260'. [ 506.586516][T10256] openvswitch: netlink: ct_state flags 00030000 unsupported [ 507.654498][ T9999] usb 5-1: USB disconnect, device number 2 [ 508.812277][T10277] loop4: detected capacity change from 0 to 256 [ 509.178927][T10281] UBIFS error (pid: 10281): cannot open "ubifs", error -22 [ 510.917018][T10295] loop3: detected capacity change from 0 to 2048 [ 511.355748][T10295] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 511.693955][T10309] loop4: detected capacity change from 0 to 16 [ 511.712876][T10309] erofs: (device loop4): mounted with root inode @ nid 36. [ 511.798090][T10309] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 511.830249][T10309] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -3 in[47, 4049] out[1851] [ 513.523600][T10309] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 513.552776][T10319] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 513.583769][T10319] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -3 in[47, 4049] out[1851] [ 513.748459][T10319] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 515.150073][T10349] netlink: 'syz.0.1279': attribute type 1 has an invalid length. [ 515.367330][T10353] 8021q: adding VLAN 0 to HW filter on device bond5 [ 515.454261][T10349] veth7: entered promiscuous mode [ 515.767586][T10349] bond5: (slave veth7): Enslaving as a backup interface with a down link [ 522.689697][T10424] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1297'. [ 524.834717][T10447] loop3: detected capacity change from 0 to 4096 [ 524.882081][T10447] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 525.489356][ T28] audit: type=1800 audit(1761249795.323:557): pid=10447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1306" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 525.710658][ T28] audit: type=1800 audit(1761249795.403:558): pid=10462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1306" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 525.892816][ T28] audit: type=1804 audit(1761249795.733:559): pid=10447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1306" name="/newroot/306/file0/file1" dev="loop3" ino=15 res=1 errno=0 [ 525.916364][ T51] Bluetooth: hci1: unexpected event for opcode 0x0c24 [ 526.150479][T10468] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1308'. [ 526.186443][T10468] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.196085][T10468] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.205182][T10468] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.214019][T10468] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 526.645903][T10468] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1308'. [ 527.276283][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 530.121362][ T51] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 530.134076][ T51] Bluetooth: hci1: Injecting HCI hardware error event [ 530.144470][ T51] Bluetooth: hci1: hardware error 0x00 [ 530.429657][ T5799] Bluetooth: hci1: command 0x0406 tx timeout [ 531.395699][T10509] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1318'. [ 532.223932][ T28] audit: type=1326 audit(1761249802.083:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10524 comm="syz.1.1325" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7e00d8efc9 code=0x0 [ 532.248960][T10523] loop4: detected capacity change from 0 to 2048 [ 532.268429][T10523] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 532.376984][T10528] netlink: 'syz.0.1324': attribute type 10 has an invalid length. [ 532.533490][T10528] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 532.825475][ T51] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 533.855845][T10536] loop3: detected capacity change from 0 to 512 [ 533.903194][T10536] EXT4-fs: Ignoring removed i_version option [ 534.031099][T10536] EXT4-fs: Ignoring removed mblk_io_submit option [ 534.066106][T10536] EXT4-fs (loop3): Test dummy encryption mode enabled [ 534.136817][T10536] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.1329: inode #13: comm syz.3.1329: iget: illegal inode # [ 534.199441][T10536] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.1329: couldn't read orphan inode 13 (err -117) [ 534.410620][T10536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 534.869840][ T51] Bluetooth: hci1: Opcode 0x206c failed: -110 [ 535.737339][ T9998] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 535.982584][ T9998] usb 4-1: Using ep0 maxpacket: 32 [ 536.042489][ T9998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 536.341903][ T9998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 536.352824][ T9998] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 536.363475][ T9998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.375613][ T9998] usb 4-1: config 0 descriptor?? [ 536.397951][ T9998] hub 4-1:0.0: USB hub found [ 536.600500][T10565] xt_CT: You must specify a L4 protocol and not use inversions on it [ 536.949969][ T51] Bluetooth: hci1: Opcode 0x2046 failed: -110 [ 537.166469][ T9998] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 537.197525][ T9998] usbhid 4-1:0.0: can't add hid device: -71 [ 537.208257][ T9998] usbhid: probe of 4-1:0.0 failed with error -71 [ 537.239858][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 537.271428][ T9998] usb 4-1: USB disconnect, device number 15 [ 537.468136][T10575] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 537.477497][T10575] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 537.486334][T10575] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 537.495650][T10575] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 537.507405][ T5835] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 537.528581][T10575] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 537.665208][ T51] Bluetooth: hci2: unexpected event for opcode 0x080d [ 537.665743][T10578] loop3: detected capacity change from 0 to 128 [ 537.699542][ T5835] usb 5-1: Using ep0 maxpacket: 16 [ 537.709324][ T5835] usb 5-1: config 0 has an invalid descriptor of length 100, skipping remainder of the config [ 537.720028][ T5835] usb 5-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00 [ 537.729096][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 537.741203][ T5835] usb 5-1: config 0 descriptor?? [ 537.749854][ T5835] gspca_main: spca501-2.14.0 probing 0000:0000 [ 537.848708][T10578] loop3: detected capacity change from 0 to 2048 [ 537.880502][T10578] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 537.886054][T10578] loop3: partition table partially beyond EOD, truncated [ 537.894899][T10578] loop3: p1 start 4278190080 is beyond EOD, truncated [ 537.902481][T10578] loop3: p2 start 16908800 is beyond EOD, truncated [ 537.912846][T10578] loop3: p4 start 11326 is beyond EOD, truncated [ 537.920147][T10578] loop3: p5 start 16908800 is beyond EOD, truncated [ 537.926793][T10578] loop3: p6 start 11326 is beyond EOD, truncated [ 538.172061][ T5835] gspca_spca501: reg write: error -71 [ 538.184288][ T5835] spca501 5-1:0.0: Reg write failed for 0x02,0xa048,0x00 [ 538.195847][ T5835] spca501: probe of 5-1:0.0 failed with error -22 [ 538.205987][ T5835] usb 5-1: USB disconnect, device number 3 [ 539.902368][T10603] netlink: 'syz.1.1349': attribute type 1 has an invalid length. [ 539.967613][T10606] syz_tun: entered allmulticast mode [ 540.069993][ T42] ------------[ cut here ]------------ [ 540.076085][ T42] WARNING: CPU: 0 PID: 42 at io_uring/io_uring.c:3214 io_ring_exit_work+0x39e/0x7e0 [ 540.085661][ T42] Modules linked in: [ 540.089626][ T42] CPU: 0 PID: 42 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 540.097041][ T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 540.107162][ T42] Workqueue: iou_exit io_ring_exit_work [ 540.112871][ T42] RIP: 0010:io_ring_exit_work+0x39e/0x7e0 [ 540.118589][ T42] Code: e8 f7 37 1f f7 48 89 df 48 c7 c6 a0 4a 66 8a 4c 8b 24 24 4c 89 e2 b9 01 00 00 00 e8 0c be b4 f9 e9 64 ff ff ff e8 d2 37 1f f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb a6 89 d9 80 e1 07 80 c1 03 [ 540.138609][ T42] RSP: 0018:ffffc90000b37a40 EFLAGS: 00010293 [ 540.144877][ T42] RAX: ffffffff8a6657ae RBX: 0000000100005cf8 RCX: ffff8880186e1e00 [ 540.152987][ T42] RDX: 0000000000000000 RSI: fffffffffffffffc RDI: 0000000000000000 [ 540.161235][ T42] RBP: ffffc90000b37bb0 R08: ffffc90000b379c7 R09: 1ffff92000166f38 [ 540.169497][ T42] R10: dffffc0000000000 R11: fffff52000166f39 R12: 0000000100005cf4 [ 540.177486][ T42] R13: ffff88807c630288 R14: ffff88807c630510 R15: dffffc0000000000 [ 540.185560][ T42] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 540.194686][ T42] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 540.201485][ T42] CR2: 0000001b2e91bff8 CR3: 00000000622b8000 CR4: 00000000003506f0 [ 540.209504][ T42] Call Trace: [ 540.212802][ T42] [ 540.215741][ T42] ? io_ring_ctx_wait_and_kill+0x2a0/0x2a0 [ 540.221666][ T42] ? _raw_spin_unlock_irq+0x23/0x50 [ 540.226896][ T42] ? process_scheduled_works+0x957/0x15b0 [ 540.233006][ T42] ? process_scheduled_works+0x957/0x15b0 [ 540.238831][ T42] process_scheduled_works+0xa45/0x15b0 [ 540.244523][ T42] ? assign_work+0x400/0x400 [ 540.249225][ T42] ? assign_work+0x39e/0x400 [ 540.253842][ T42] worker_thread+0xa55/0xfc0 [ 540.258571][ T42] kthread+0x2fa/0x390 [ 540.262749][ T42] ? pr_cont_work+0x560/0x560 [ 540.267443][ T42] ? kthread_blkcg+0xd0/0xd0 [ 540.272082][ T42] ret_from_fork+0x48/0x80 [ 540.276497][ T42] ? kthread_blkcg+0xd0/0xd0 [ 540.281179][ T42] ret_from_fork_asm+0x11/0x20 [ 540.285953][ T42] [ 540.288974][ T42] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 540.296273][ T42] CPU: 0 PID: 42 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 540.303645][ T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 540.313734][ T42] Workqueue: iou_exit io_ring_exit_work [ 540.319285][ T42] Call Trace: [ 540.322569][ T42] [ 540.325494][ T42] dump_stack_lvl+0x16c/0x230 [ 540.330171][ T42] ? show_regs_print_info+0x20/0x20 [ 540.335367][ T42] ? load_image+0x3b0/0x3b0 [ 540.339887][ T42] panic+0x2c0/0x710 [ 540.343791][ T42] ? bpf_jit_dump+0xd0/0xd0 [ 540.348293][ T42] ? ret_from_fork_asm+0x11/0x20 [ 540.353229][ T42] __warn+0x2e0/0x470 [ 540.357202][ T42] ? io_ring_exit_work+0x39e/0x7e0 [ 540.362316][ T42] ? io_ring_exit_work+0x39e/0x7e0 [ 540.367423][ T42] report_bug+0x2be/0x4f0 [ 540.371785][ T42] ? io_ring_exit_work+0x39e/0x7e0 [ 540.376899][ T42] ? io_ring_exit_work+0x39e/0x7e0 [ 540.382005][ T42] ? io_ring_exit_work+0x3a0/0x7e0 [ 540.387100][ T42] handle_bug+0xcf/0x120 [ 540.391338][ T42] exc_invalid_op+0x1a/0x50 [ 540.395838][ T42] asm_exc_invalid_op+0x1a/0x20 [ 540.400669][ T42] RIP: 0010:io_ring_exit_work+0x39e/0x7e0 [ 540.406385][ T42] Code: e8 f7 37 1f f7 48 89 df 48 c7 c6 a0 4a 66 8a 4c 8b 24 24 4c 89 e2 b9 01 00 00 00 e8 0c be b4 f9 e9 64 ff ff ff e8 d2 37 1f f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb a6 89 d9 80 e1 07 80 c1 03 [ 540.425994][ T42] RSP: 0018:ffffc90000b37a40 EFLAGS: 00010293 [ 540.432053][ T42] RAX: ffffffff8a6657ae RBX: 0000000100005cf8 RCX: ffff8880186e1e00 [ 540.440015][ T42] RDX: 0000000000000000 RSI: fffffffffffffffc RDI: 0000000000000000 [ 540.447979][ T42] RBP: ffffc90000b37bb0 R08: ffffc90000b379c7 R09: 1ffff92000166f38 [ 540.455942][ T42] R10: dffffc0000000000 R11: fffff52000166f39 R12: 0000000100005cf4 [ 540.463901][ T42] R13: ffff88807c630288 R14: ffff88807c630510 R15: dffffc0000000000 [ 540.471864][ T42] ? io_ring_exit_work+0x39e/0x7e0 [ 540.476983][ T42] ? io_ring_ctx_wait_and_kill+0x2a0/0x2a0 [ 540.482801][ T42] ? _raw_spin_unlock_irq+0x23/0x50 [ 540.487982][ T42] ? process_scheduled_works+0x957/0x15b0 [ 540.493698][ T42] ? process_scheduled_works+0x957/0x15b0 [ 540.499408][ T42] process_scheduled_works+0xa45/0x15b0 [ 540.504958][ T42] ? assign_work+0x400/0x400 [ 540.509541][ T42] ? assign_work+0x39e/0x400 [ 540.514119][ T42] worker_thread+0xa55/0xfc0 [ 540.518708][ T42] kthread+0x2fa/0x390 [ 540.522816][ T42] ? pr_cont_work+0x560/0x560 [ 540.527477][ T42] ? kthread_blkcg+0xd0/0xd0 [ 540.532049][ T42] ret_from_fork+0x48/0x80 [ 540.536452][ T42] ? kthread_blkcg+0xd0/0xd0 [ 540.541033][ T42] ret_from_fork_asm+0x11/0x20 [ 540.545839][ T42] [ 540.549085][ T42] Kernel Offset: disabled [ 540.553488][ T42] Rebooting in 86400 seconds..