last executing test programs: 5m43.421117265s ago: executing program 1 (id=167): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x802, 0x1) setsockopt$inet_int(r3, 0x0, 0xc, 0x0, 0x0) 5m40.061884929s ago: executing program 1 (id=178): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) connect$inet6(r0, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, '\x00', "07f217bd74511e465bbbd5de01000000f9044677d4d588363d63af84db44be59", "00f8ff00", "8ce63ecbc640735f"}, 0x38) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x2}, 0x18) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", '8\x00', "bc3a20b10f4ad11e"}, 0x38) close(r0) 5m39.961757101s ago: executing program 1 (id=179): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x34, 0x28, 0xd27, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0x1}, {0x0, 0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}}, 0x4000) 5m39.773923094s ago: executing program 1 (id=182): syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x808080, &(0x7f0000000000), 0x2c, 0x52c, &(0x7f0000000640)="$eJzs3d9rY1kdAPBvMv2Rdjrbru7DKuqO6+oowyRtZrcs+6DriyDLssK6TyKzpc2U0qQpTbpua8EO+Oar4IBP+if4IPggzJPvvumbLyMojDo4TAWRyE1uOm2adMq0aWaazwcuOefc2/s9J3DP6T1J7glgaF2NiN2IGIuIjyNiOi3PpFu829qS4x4/3Fnce7izmIlG48N/jqRH7iy2j2+7nJ4zF/FBkh/vEre2tb26UC6XNtJ8oV5ZL9S2tm+sVBaWS8ultWJxfm5+9u2bbxXPrK2vVX7z4Dsr7330+9998f4fd7/x46TO32rtGkvadmaBDmi9L6MxdaAseefe60ewAbiUtmds0BXhmWQj4jMR8Xqa3pcbXJ0AgP5qNKajMX0w31vmBMcAAM+/5J5/KjLZfHr/PxXZbD7fnMPLvRKT2XK1Vr9+u7q5thTNOayZGM3eXimXZtO5wpkYzST5uWb6Sb7Ykb8ZES9HxM/HJ5r5/GK1vDSof3oAYMhd7hj/H423xv8T8AkBALzIjOQAMHyOjv+jA6kHAHB+3P8DwPA5MP53+60uAHAB5Tp++w8AXHwH7v9Huh7wavzkh+dXHQDgHPj8HwCGyvfefz/ZGnvp86+XPtnaXK1+cmOpVFvNVzYX84vVjfX8crW63HxmT+Vp5ytXq+tzb8bmp4V6qVYv1La2b1Wqm2v1W83net8q+WEBAAzey6/d+3MmInbfmWhu0V7LwRcC4MJzmcPwujToCgAD0/37PsAwMB8PZJ6yv+dXhO72/puJU9QH6L9rn+sx/9/tf4M7+6n/Nc6vikCfmP+H4XW6+X+zB/AiM/8Pw6vRyFjPHwCGzAnu4H1FEC64Z/78HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIbYVHPLZPPpWuBTkc3m8xFXImJmYjRze6Vcmo2IlyLiT+Oj40l+btCVBgBOKfv3TLr+17XpN6Y6945l/jPefI2IH/3yw198ulCvb8wl5f/aL6/fTcuLXQOM978NAMABI50F7XG6PY631/d9/HBnsb2dZwUffLu1uGgSdy/d2lVvVT4XoxEx+e/MocZkzmhh4t07EfFqZ/uz+/tn0pVPO+Mnsa/0LX40Wzh1KH72UPxsc1/rNXkvPnsGdYFhcy/pf97tdv1l42rzNb3+Moc701z87Gjn+gza/d9eo7P/a13vH1zJNfuabv3f1ZPGePMP3+25786lxudHIvaO9L/tFaFzzdSR+CMRb3Q74U+/+Wizo+gvX/jS673iN34VcS2Oi99KFeqV9UJta/vGSmVhubRcWisW5+fmZ9+++Vax0JyjLrRnqo/6xzvXX+rd/ojJHvFzx7U/Ir7a66Qdfv3fj3/w5WPif/0r3eJn45Vj4idj4tdOGH9h8rc9l+9O4i/1aP/Iofhjh/4uKbt+wvj3/7q9dMJDAYBzUNvaXl0ol0sbEqdN5Pp15svPSQMleiT+9tGha2rg9TmTxMC6JOCcPLnoB10TAAAAAAAAAAAAAACgl9r300f+9fHHcINuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX/wMAAP//OkHLZw==") r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) socket$unix(0x1, 0x1, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f00000001c0), 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) pread64(r0, &(0x7f0000002240)=""/4096, 0x1000, 0xff) 5m39.466861259s ago: executing program 1 (id=186): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000001080)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x1010814, &(0x7f0000002200)=ANY=[@ANYBLOB='umask=00000000000000000000000,flush,nodots,dots,gid=', @ANYRESHEX, @ANYBLOB="00006b746769643d0092e296000000000000000067e4942528b1d923781dda74217106d34cb24d96acd0778a4ea9a31ac0656344757d849518b9aeff7f6834504dc15c8314473119ac3de5778303daa3b586031024b5c6fee785451f3dd404e90eaff406adfcb12d208c608e9920c959081783f62453cd2b5be4081b68410b4ba06546cb1899393a7fffb6c40abfa13448b900"/157, @ANYRES16, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1"], 0x1, 0x219, &(0x7f0000000740)="$eJzs289qE20UB+Azbdpv2vJhF66kwoAbV0VduzBIBTEgVLLQVQOtm7YI6SYKYq/HtRfhzbjpQrKLTGZsTJpiNX8mxOeB4T30NwPnhSZnFm8Odk6PD9+dvV37eBFpksVKxJPoRmznVSkp17Rfr8eQJCbxfaKnAYC/sr/fqlfdA7PVbtdbtyNi60rS/FxJQwAAAAAAAAAAAEzsYOf09Gf9u/P/KxGfRs//n8+vVQBgSpz/X14b5dpu11t3i/e3Ec7/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANXp9nq3evmVlmt5/RcRaURsRMRmRNQiIv971f0CAJPr9obn/nXzPyKSiDD/AWAJvHr95kW90djbz7I04tt5p9lpFmuRP3ve2HuQ9W0PnrrodJqrl/nDIs+G87X+e0OePxqbr8f9e0WeZ09fNkbyrTic/fYB4J+0m136Zb6vllfE7u64PJ/PEbGZRgzeD0bmdy3u1Oa5EwDgps7efzhunZwctadeJH/21EbZ0PX3fKnNqtVFKB7/X+x/UfoZU3xNFqKNmRe1k6Ok/G9ciH6mXqQ3ubmqbyRgXgYf+tEkraYhAAAAAAAAAAAAAADginn85KjqPQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsHx+BAAA//+RSUbq") chdir(&(0x7f0000000700)='./file0\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, r0) setpgid(0x0, r0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 5m39.143219264s ago: executing program 1 (id=189): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0xb, 0x6}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x655c, 0xffffffff, 0x20000000, 0x9, 0x800}}]}, {0x67}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x4}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 5m24.101729645s ago: executing program 32 (id=189): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0xb, 0x6}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x655c, 0xffffffff, 0x20000000, 0x9, 0x800}}]}, {0x67}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x4}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 8.438995015s ago: executing program 5 (id=1726): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, 0x0, 0x0) 6.636174634s ago: executing program 5 (id=1730): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0) 5.572803911s ago: executing program 5 (id=1735): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) syz_usb_connect(0x5, 0x2d, 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x3, 0x800) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r3, 0x0, 0x0) 4.646377735s ago: executing program 5 (id=1740): syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r1) sendmsg$inet6(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="5a6871908ddfe3ee43aa1160a73753ce6cab32d184de576a9f314969c1d7546399a47258ea86bbd3febfc84e58f64d32bb361e0af645bad480a103ab7d7fa2404622f26e7f7e668a4d7e5aee1276dc1d52b170003659e627d012cdf5dcb438b8ae0bf19e6c992c68011b7297da8b53655071195f55e0d68ff3a297520e6cd6b2b46822b62f0fa2c9bd78d970b17a23e4096c1aeb98ba30c29a9003ba384101a9bb1ac802a76ec09284effc42886e77fe283439bc49a035bc4699ea3f5f049025dcb27f3bef88634d63ce70dd8756f4bf3100e3fd83131acc6bf88380dd4b1a277f8381d96c02860d605007f25c76d3893b32f43bca88d104b67b", 0xfa}, {&(0x7f0000000400)="00d7dcfa632a50c7e2ca9e926aeeec4fd3a058afd83637984e4fc7799bb4d0a6d9952b4862fc0945febba09dd36d7d003a3f2bee15f73ecad8dcced49ebac0ee82b73e666fca9ee06e8fc276d930ca363e81ded9ab4bcfcfc746dde920ce0abd805d7a1139f2a0c3f865aecd944ba7dcc411355fe0fe30c6cc64fd3cc4bbefee8c1796025bb0a941efb1f7992b1f24f68f515efddd644231ab042280db0adc93716380eaf6595835be9246bd9db97a73a284f3bc2dcfeb22599809286d6a441d01abf014aba8eefcf9340f040a0bd5b63b3786b599938d86334cb1aec10768baebac305c82b7be492d10bc022fce5c4c0cff2dd7abe171558eb482156e5472f8eb8c3c4bb1750f00c0ffb2abe4bb3468f3e07bfc15f5ebbd7affadadc5047d2c82b1d075abb7c70d7a305dff7966a8f115699f773442b9b7d57173872ad693d7090b7d946c03ef5f2664400ec4f99b646a21af47f083d9b22fbfaaca86ec515a3298e94f69392bb3bd0af1ef49c7065e8ced08ade3bed0f72e9796f8365623fb405eb5a7b7ca84eb9acb24c58a1cb13c21474eb50c51f664156f53fb44a99ec636d673516c5de2a8bcf8827d6fee81b9b0c414f0eb2db33f5c8ea413b27a6db22b5090e55b9969178a5bb37bc047f59882521d0a730189c48cedd7a6571878ab68ef9fa96bc8a32f50f0c58b1e73828b9ff4194b481b72ef0cc8a0c0bc680f5ef6c81af6da535032e813a47f57f7c3eaf713c07507fa1645bc06989ceb43c0c48dcf92fb37057d4e0adece1e8b4d5b71ebb4b2b3732ecae1dae529e18056b2c21995ec2051a1453fc435c17a7a864c6761453d71d0368cc163dde0dd2423079c3b461b1271404bbb7cce5214b9733c24fb8b48c185a1d2790284848da41a6ddff3b7356ba9ed03ceb3cf346a65b4565e3a6b4dca9ff6955cc8689fc2804b0b34f45fadbd7fab3265f4d8e52c2b0fe0dc4714af1f9d3b2c", 0x2b7}], 0x2}, 0x40001080) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100)=@ccm_128={{0x303}, "27c6ffe2057b6525", "e1315727ee1c2c5d189aa83c29a48200", "9c24c403", "1f7400000000000e"}, 0x28) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) 4.645841095s ago: executing program 4 (id=1741): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x0) recvmmsg(r3, 0x0, 0x0, 0xfc0, 0x0) 4.570147016s ago: executing program 0 (id=1742): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x0, 0x0, &(0x7f00000005c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendmsg$unix(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000006c0)='~', 0x1}], 0x1, 0x0, 0x0, 0x20000000}, 0x80) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/229, 0xe5}], 0x1}, 0x2) 4.457864679s ago: executing program 3 (id=1744): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newchain={0x24, 0x64, 0x100, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x4}, {0xf, 0xc}, {0x3, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x24004000}, 0x0) r0 = socket(0x2a, 0x2, 0x0) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000007c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff3}, {}, {0x1c, 0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x44050) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x24, 0x29, 0xa19702d202eff97b, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) 4.457275569s ago: executing program 0 (id=1745): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000005000008000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r4) getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@delchain={0x3c, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 4.38666285s ago: executing program 3 (id=1746): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000480)=0x400000001, 0x4) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x22, &(0x7f0000356000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000340)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d00051400000000000000000000000800120000000200c06b6e000000000006000000000000000000000000000000e00000020000000000000000000000000000000000000000000000000000000105000500008000000a0000000000000000000000000000000000000000000001000000000000000005000600ff47"], 0xa0}}, 0x0) sendto$inet6(r0, 0x0, 0x4, 0x0, 0x0, 0x0) 4.34843197s ago: executing program 0 (id=1747): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000040)=[{0x40, 0x0, 0x0, 0x401}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6, 0xfc, 0x0, 0x6}]}, 0x10) 3.477575944s ago: executing program 4 (id=1748): openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x802) close(0x4) r3 = socket$netlink(0x10, 0x3, 0x4) write(r3, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff02159f02c26ed638eeb738256e06a40e07fff0797e", 0x140) 3.399226936s ago: executing program 3 (id=1759): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x0) recvmmsg(r3, 0x0, 0x0, 0xfc0, 0x0) 3.381706356s ago: executing program 4 (id=1750): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2], 0x34}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r4, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, r7, 0x1, 0x300, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0xc0c4) 2.210375035s ago: executing program 0 (id=1751): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r1, &(0x7f0000005840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000140)=0x2f, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x2000, 0x0, 0x0) capset(0x0, 0x0) syz_open_procfs(0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00000002030104000000f02dc9582cef1fd44b8b4056800000001c00000000000800010001000000"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x2c, 0x2, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x2e}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0xf}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x7}]}, 0x2c}}, 0x814) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.174760245s ago: executing program 3 (id=1752): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) syz_usb_connect(0x5, 0x2d, 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x3, 0x800) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r3, 0x0, 0x0) 2.104945356s ago: executing program 5 (id=1753): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x24, &(0x7f0000000180)=0x5, 0x4) 1.26517448s ago: executing program 5 (id=1754): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_usb_connect(0x6, 0x36, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 1.26453967s ago: executing program 2 (id=1755): sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'hsr0\x00', 0x0}) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x11, 0x8100, r3, 0x1, 0x1, 0x6, @multicast}, 0x14) sendmsg$nl_route_sched(r0, 0x0, 0x4000040) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_emit_ethernet(0x8a, &(0x7f0000000040)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@lsrr={0x83, 0x7, 0x0, [@multicast2]}, @cipso={0x86, 0x30, 0x0, [{0x0, 0x7, "4b6cefc500"}, {0x0, 0xa, "df61168c24ac88ad"}, {0x0, 0x2}, {0x0, 0x9, "02a20948fd7406"}, {0x0, 0xe, "ccf0294e2a3bdb4aa40b249e"}]}, @timestamp={0x44, 0x14, 0x56, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0) 1.26426101s ago: executing program 4 (id=1756): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x18, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000040000000000000000000100000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021800000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000005400038050000080080003400000000244000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c000240000000000000001014000180090001006c617374"], 0x104}}, 0x40000) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f00000001c0)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0xfffffbff, 0x20, 0x0, 0x0, 0x8, 0x1, 0x0, 0x5, 0x3, 0x0}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, '.\x00'}}) 1.26401828s ago: executing program 0 (id=1766): syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r1) sendmsg$inet6(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="5a6871908ddfe3ee43aa1160a73753ce6cab32d184de576a9f314969c1d7546399a47258ea86bbd3febfc84e58f64d32bb361e0af645bad480a103ab7d7fa2404622f26e7f7e668a4d7e5aee1276dc1d52b170003659e627d012cdf5dcb438b8ae0bf19e6c992c68011b7297da8b53655071195f55e0d68ff3a297520e6cd6b2b46822b62f0fa2c9bd78d970b17a23e4096c1aeb98ba30c29a9003ba384101a9bb1ac802a76ec09284effc42886e77fe283439bc49a035bc4699ea3f5f049025dcb27f3bef88634d63ce70dd8756f4bf3100e3fd83131acc6bf88380dd4b1a277f8381d96c02860d605007f25c76d3893b32f43bca88d104b67b", 0xfa}, {&(0x7f0000000400)="00d7dcfa632a50c7e2ca9e926aeeec4fd3a058afd83637984e4fc7799bb4d0a6d9952b4862fc0945febba09dd36d7d003a3f2bee15f73ecad8dcced49ebac0ee82b73e666fca9ee06e8fc276d930ca363e81ded9ab4bcfcfc746dde920ce0abd805d7a1139f2a0c3f865aecd944ba7dcc411355fe0fe30c6cc64fd3cc4bbefee8c1796025bb0a941efb1f7992b1f24f68f515efddd644231ab042280db0adc93716380eaf6595835be9246bd9db97a73a284f3bc2dcfeb22599809286d6a441d01abf014aba8eefcf9340f040a0bd5b63b3786b599938d86334cb1aec10768baebac305c82b7be492d10bc022fce5c4c0cff2dd7abe171558eb482156e5472f8eb8c3c4bb1750f00c0ffb2abe4bb3468f3e07bfc15f5ebbd7affadadc5047d2c82b1d075abb7c70d7a305dff7966a8f115699f773442b9b7d57173872ad693d7090b7d946c03ef5f2664400ec4f99b646a21af47f083d9b22fbfaaca86ec515a3298e94f69392bb3bd0af1ef49c7065e8ced08ade3bed0f72e9796f8365623fb405eb5a7b7ca84eb9acb24c58a1cb13c21474eb50c51f664156f53fb44a99ec636d673516c5de2a8bcf8827d6fee81b9b0c414f0eb2db33f5c8ea413b27a6db22b5090e55b9969178a5bb37bc047f59882521d0a730189c48cedd7a6571878ab68ef9fa96bc8a32f50f0c58b1e73828b9ff4194b481b72ef0cc8a0c0bc680f5ef6c81af6da535032e813a47f57f7c3eaf713c07507fa1645bc06989ceb43c0c48dcf92fb37057d4e0adece1e8b4d5b71ebb4b2b3732ecae1dae529e18056b2c21995ec2051a1453fc435c17a7a864c6761453d71d0368cc163dde0dd2423079c3b461b1271404bbb7cce5214b9733c24fb8b48c185a1d2790284848da41a6ddff3b7356ba9ed03ceb3cf346a65b4565e3a6b4dca9ff6955cc8689fc2804b0b34f45fadbd7fab3265f4d8e52c2b0fe0dc4714af1f9d3b2c", 0x2b7}], 0x2}, 0x40001080) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100)=@ccm_128={{0x303}, "27c6ffe2057b6525", "e1315727ee1c2c5d189aa83c29a48200", "9c24c403", "1f7400000000000e"}, 0x28) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) 390.827384ms ago: executing program 2 (id=1757): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newchain={0x24, 0x64, 0x100, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x4}, {0xf, 0xc}, {0x3, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x24004000}, 0x0) r0 = socket(0x2a, 0x2, 0x0) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000007c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff3}, {}, {0x1c, 0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x44050) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x24, 0x29, 0xa19702d202eff97b, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) 376.632044ms ago: executing program 4 (id=1758): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) setsockopt$sock_timeval(r1, 0x1, 0x43, &(0x7f0000000040)={0x0, 0x2710}, 0x10) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 375.150464ms ago: executing program 3 (id=1771): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x402, 0x0) write$binfmt_aout(r1, 0x0, 0xff2e) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f00000005c0)="a3", 0x1, 0x10, &(0x7f0000000000)={0xa, 0x4e23, 0x7, @local, 0x4}, 0x1c) shutdown(r2, 0x1) setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000140), 0x4) ioctl$TIOCSETD(r1, 0x5423, 0x0) 318.340265ms ago: executing program 4 (id=1760): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, @void, @value}, 0x94) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) r0 = gettid() unshare(0x28020480) r1 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000003c0)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000140) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 317.510445ms ago: executing program 2 (id=1773): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xffffffffffffff6e, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r2, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r0], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r3, 0x0, 0x0, 0x44010, &(0x7f0000000040)={0x11, 0x8100, r2, 0x1, 0x7}, 0x14) 232.800836ms ago: executing program 2 (id=1761): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000010000000000000000000000711212000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) inotify_init1(0x80800) socket$vsock_stream(0x28, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) pselect6(0x40, &(0x7f00000005c0)={0x0, 0x0, 0x3, 0x0, 0x0, 0x10000000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) 195.038717ms ago: executing program 2 (id=1762): openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x802) close(0x4) r3 = socket$netlink(0x10, 0x3, 0x4) write(r3, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff02159f02c26ed638eeb738256e06a40e07fff0797e", 0x140) 4.41727ms ago: executing program 0 (id=1764): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x0) recvmmsg(r3, 0x0, 0x0, 0xfc0, 0x0) 4.20298ms ago: executing program 2 (id=1765): bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmmsg$sock(r3, &(0x7f00000044c0), 0x4000000000001c0, 0x0) 0s ago: executing program 3 (id=1777): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000003"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), r1) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f00000003c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)={0x68, r2, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r3}, @WGDEVICE_A_PEERS={0x4c, 0x8, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x0, @loopback, 0x100}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}]}]}, 0x68}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x96a, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00'}, 0x10) getgid() kernel console output (not intermixed with test programs): wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.487819][ T4101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.494379][ T4101] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.497191][ T4101] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 49.552809][ T4142] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 49.557162][ T4142] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 49.587514][ T4142] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 49.721423][ T4069] Bluetooth: hci4: command 0x0419 tx timeout [ 49.723832][ T4069] Bluetooth: hci1: command 0x0419 tx timeout [ 50.394734][ T4069] Bluetooth: hci2: command 0x0419 tx timeout [ 50.403125][ T4069] Bluetooth: hci0: command 0x0419 tx timeout [ 50.409250][ T4069] Bluetooth: hci3: command 0x0419 tx timeout [ 50.818777][ T4170] loop1: detected capacity change from 0 to 1764 [ 52.026433][ T4182] Zero length message leads to an empty skb [ 53.239165][ T4201] loop1: detected capacity change from 0 to 1024 [ 53.390832][ T4201] EXT4-fs (loop1): inline encryption not supported [ 53.392759][ T4201] EXT4-fs (loop1): Ignoring removed bh option [ 54.734528][ T4201] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,dioread_lock,data_err=ignore,discard,data_err=ignore,grpquota,noblock_validity,user_xattr,bh,errors=remount-ro,. Quota mode: writeback. [ 56.419463][ T4242] binder: 4241:4242 tried to acquire reference to desc 0, got 1 instead [ 56.423347][ T4227] loop3: detected capacity change from 0 to 32768 [ 56.426650][ T4242] binder: 4241:4242 got transaction with invalid handle, 2 [ 56.429007][ T4242] binder: 4241:4242 transaction failed 29201/-22, size 72-24 line 3242 [ 56.441071][ T4070] binder: undelivered TRANSACTION_ERROR: 29201 [ 56.534952][ T4227] XFS (loop3): Mounting V5 Filesystem [ 56.602798][ T4227] XFS (loop3): Ending clean mount [ 56.644960][ T4227] XFS (loop3): Quotacheck needed: Please wait. [ 56.739921][ T4227] XFS (loop3): Quotacheck: Done. [ 56.892436][ T4267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.51'. [ 56.974284][ T4037] XFS (loop3): Unmounting Filesystem [ 57.361478][ T4282] ptrace attach of "./syz-executor exec"[4025] was attempted by "    "[4282] [ 58.503026][ T4276] sctp: failed to load transform for md5: -2 [ 59.047858][ T4301] loop1: detected capacity change from 0 to 32768 [ 59.090433][ T4301] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.61 (4301) [ 59.125131][ T4301] BTRFS info (device loop1): using sha256 (sha256-ce) checksum algorithm [ 59.127588][ T4301] BTRFS info (device loop1): force clearing of disk cache [ 59.129698][ T4301] BTRFS info (device loop1): turning on async discard [ 59.131693][ T4301] BTRFS info (device loop1): enabling auto defrag [ 59.133495][ T4301] BTRFS info (device loop1): max_inline at 0 [ 59.135103][ T4301] BTRFS info (device loop1): enabling disk space caching [ 59.137773][ T4301] BTRFS info (device loop1): disk space caching is enabled [ 59.139696][ T4301] BTRFS info (device loop1): has skinny extents [ 59.163290][ T4306] netlink: 12 bytes leftover after parsing attributes in process `syz.4.62'. [ 59.341371][ T4070] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 59.352184][ T4070] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 59.414009][ T4303] loop0: detected capacity change from 0 to 32768 [ 59.415965][ T4323] loop4: detected capacity change from 0 to 256 [ 59.446179][ T4323] FAT-fs (loop4): Directory bread(block 1285) failed [ 59.506353][ T4301] BTRFS info (device loop1): enabling ssd optimizations [ 59.531920][ T4301] BTRFS info (device loop1): clearing free space tree [ 59.534123][ T4301] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 59.537003][ T4301] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 59.638772][ T4303] XFS (loop0): Mounting V5 Filesystem [ 59.729688][ T4332] fido_id[4332]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 59.867475][ T4303] XFS (loop0): Ending clean mount [ 59.879632][ T4303] XFS (loop0): Quotacheck needed: Please wait. [ 59.884831][ T4347] bridge0: port 3(syz_tun) entered blocking state [ 59.888612][ T4347] bridge0: port 3(syz_tun) entered disabled state [ 59.927047][ T4347] device syz_tun entered promiscuous mode [ 59.936373][ T4303] XFS (loop0): Quotacheck: Done. [ 59.943198][ T4347] bridge0: port 3(syz_tun) entered blocking state [ 59.945236][ T4347] bridge0: port 3(syz_tun) entered forwarding state [ 61.493049][ C1] vxcan0: j1939_tp_rxtimer: 0x000000008878435b: rx timeout, send abort [ 61.498207][ C1] vxcan0: j1939_xtp_rx_abort_one: 0x000000008878435b: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 61.786218][ T4016] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop1 scanned by udevd (4016) [ 62.744345][ T4377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.73'. [ 62.815714][ T4377] netlink: 4 bytes leftover after parsing attributes in process `syz.2.73'. [ 62.954993][ T4026] XFS (loop0): Unmounting Filesystem [ 63.486798][ T4385] loop1: detected capacity change from 0 to 32768 [ 63.528039][ T4382] loop3: detected capacity change from 0 to 32768 [ 63.570174][ T4385] XFS (loop1): Mounting V5 Filesystem [ 63.616640][ T4382] XFS (loop3): Mounting V5 Filesystem [ 63.735288][ T4385] XFS (loop1): Ending clean mount [ 63.749104][ T4385] XFS (loop1): Quotacheck needed: Please wait. [ 63.773641][ T4385] XFS (loop1): Quotacheck: Done. [ 63.775713][ T4382] XFS (loop3): Ending clean mount [ 64.946996][ T4037] XFS (loop3): Unmounting Filesystem [ 65.071250][ T4025] XFS (loop1): Unmounting Filesystem [ 65.071673][ T4424] netlink: 12 bytes leftover after parsing attributes in process `syz.0.86'. [ 67.444065][ T4453] binder: 4452:4453 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 67.495450][ T4458] binder: 4452:4458 tried to acquire reference to desc 0, got 1 instead [ 67.499574][ T4453] binder: undelivered transaction 12, put_user failed [ 67.513474][ T4453] binder: 4452:4453 ioctl c0306201 20000280 returned -14 [ 67.517857][ T4078] binder: undelivered TRANSACTION_COMPLETE [ 67.538471][ T4456] Cannot find add_set index 0 as target [ 67.565218][ T4462] loop0: detected capacity change from 0 to 512 [ 67.592775][ T4463] netlink: 4 bytes leftover after parsing attributes in process `syz.1.99'. [ 67.595897][ T4462] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 67.613975][ T4462] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.617164][ T4465] loop2: detected capacity change from 0 to 2048 [ 67.628833][ T4462] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:510: comm syz.0.98: Block bitmap for bg 0 marked uninitialized [ 67.637503][ T4462] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 67.644109][ T4462] EXT4-fs (loop0): 1 orphan inode deleted [ 67.650350][ T4462] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.785220][ T4465] loop2: detected capacity change from 0 to 164 [ 68.264626][ T4479] xt_hashlimit: max too large, truncated to 1048576 [ 68.271730][ T4479] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 69.298953][ T4495] loop1: detected capacity change from 0 to 1024 [ 69.357079][ T4495] EXT4-fs (loop1): Ignoring removed nobh option [ 69.359086][ T4495] EXT4-fs (loop1): Ignoring removed bh option [ 69.363413][ T4495] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.410368][ T4495] EXT4-fs error (device loop1): ext4_orphan_get:1427: comm syz.1.108: bad orphan inode 32767 [ 69.440459][ T4495] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,noload,journal_dev=0x0000000000000009,data_err=ignore,resgid=0x0000000000000000,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 69.561438][ T4513] netlink: 'syz.2.110': attribute type 3 has an invalid length. [ 69.564311][ T4513] netlink: 'syz.2.110': attribute type 3 has an invalid length. [ 69.643536][ T2055] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.645509][ T2055] ieee802154 phy1 wpan1: encryption failed: -22 [ 69.836389][ T4534] loop2: detected capacity change from 0 to 24 [ 69.851978][ T4534] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 69.909739][ T4534] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 70.106656][ T4534] overlayfs: failed to resolve './file0': -2 [ 70.335215][ T4588] netlink: 'syz.0.117': attribute type 1 has an invalid length. [ 70.359670][ T4591] udc-core: couldn't find an available UDC or it's busy [ 70.368044][ T4591] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 70.623220][ T4601] capability: warning: `syz.3.122' uses deprecated v2 capabilities in a way that may be insecure [ 70.743165][ T4607] loop3: detected capacity change from 0 to 4096 [ 70.809888][ T4607] __ntfs_error: 26 callbacks suppressed [ 70.809902][ T4607] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 70.826600][ T4607] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 70.830485][ T4607] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 70.866160][ T4607] ntfs: volume version 3.1. [ 70.963484][ T4615] binder: 4614:4615 tried to acquire reference to desc 0, got 1 instead [ 70.969480][ T4615] binder: 4614:4615 transaction failed 29201/-22, size 96-24 line 3331 [ 71.014756][ T4157] binder: undelivered TRANSACTION_ERROR: 29201 [ 71.035900][ T4613] Bluetooth: (null): Invalid header checksum [ 71.053037][ T4618] loop0: detected capacity change from 0 to 512 [ 71.057720][ T4618] EXT4-fs (loop0): Ignoring removed orlov option [ 71.068117][ T4607] netlink: 'syz.3.125': attribute type 10 has an invalid length. [ 71.070237][ T4607] netlink: 40 bytes leftover after parsing attributes in process `syz.3.125'. [ 71.119429][ T4618] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.129: bg 0: block 411: padding at end of block bitmap is not set [ 71.127218][ T4607] device batadv0 entered promiscuous mode [ 71.133874][ T4607] bridge0: port 4(batadv0) entered blocking state [ 71.138859][ T4607] bridge0: port 4(batadv0) entered disabled state [ 71.162344][ T4618] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.129: inode #1: comm syz.0.129: iget: illegal inode # [ 71.196325][ T4607] bridge0: port 4(batadv0) entered blocking state [ 71.198521][ T4607] bridge0: port 4(batadv0) entered forwarding state [ 71.215136][ T4618] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.129: error while reading EA inode 1 err=-117 [ 71.236382][ T4618] EXT4-fs (loop0): 1 orphan inode deleted [ 71.268745][ T4618] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,nombcache,debug_want_extra_isize=0x000000000000005c,grpquota,barrier,usrjquota=,jqfmt=vfsold,minixdf,,errors=continue. Quota mode: writeback. [ 71.515302][ T4037] ntfs: (device loop3): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 71.592271][ T432] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 71.595138][ T432] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 71.659675][ T4636] binder: 4634:4636 tried to acquire reference to desc 0, got 1 instead [ 71.667774][ T4636] binder_alloc: 4634: binder_alloc_buf size 12520 failed, no address space [ 71.670478][ T4636] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 71.681008][ T4636] binder: 4634:4636 transaction failed 29201/-28, size 240-0 line 3085 [ 71.691484][ T4360] binder: undelivered TRANSACTION_ERROR: 29201 [ 72.845687][ T4646] loop3: detected capacity change from 0 to 256 [ 72.852471][ T4644] loop4: detected capacity change from 0 to 64 [ 72.909329][ T4646] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d) [ 74.004017][ T4644] hfs: node 4:3 still has 1 user(s)! [ 74.034389][ T4656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.144'. [ 74.038481][ T4656] netlink: 12 bytes leftover after parsing attributes in process `syz.1.144'. [ 74.963152][ T3323] cfg80211: failed to load regulatory.db [ 75.471506][ T4688] netlink: 28 bytes leftover after parsing attributes in process `syz.4.157'. [ 75.473994][ T4688] netlink: 8 bytes leftover after parsing attributes in process `syz.4.157'. [ 75.643505][ T4697] 9pnet: p9_errstr2errno: server reported unknown error 184467440737 [ 75.769128][ T26] audit: type=1326 audit(75.710:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4702 comm="syz.0.165" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffff9bc568a8 code=0x0 [ 78.123469][ T4726] overlayfs: failed to clone upperpath [ 78.859442][ T4722] dccp_close: ABORT with 32 bytes unread [ 78.952724][ T4735] loop0: detected capacity change from 0 to 256 [ 79.060288][ T4740] netlink: 'syz.2.174': attribute type 39 has an invalid length. [ 79.254601][ T4746] netlink: 156 bytes leftover after parsing attributes in process `syz.0.177'. [ 79.333583][ T4749] netlink: 8 bytes leftover after parsing attributes in process `syz.1.179'. [ 79.370526][ T4749] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 79.537758][ T4761] loop1: detected capacity change from 0 to 512 [ 79.584380][ T4761] EXT2-fs (loop1): warning: feature flags set on rev 0 fs, running e2fsck is recommended [ 79.597361][ T4761] EXT2-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 79.608115][ T4761] EXT2-fs (loop1): 0.5b, 95/08/09, bs=2048, gc=1, bpg=16384, ipg=32, mo=8021c] [ 79.697570][ T4765] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.705558][ T4765] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.777742][ T4769] netlink: 'syz.4.183': attribute type 16 has an invalid length. [ 79.780040][ T4769] netlink: 'syz.4.183': attribute type 17 has an invalid length. [ 79.837222][ T4773] loop1: detected capacity change from 0 to 256 [ 80.198111][ T4783] SET target dimension over the limit! [ 82.153663][ T4847] loop0: detected capacity change from 0 to 256 [ 82.532112][ T4847] FAT-fs (loop0): Directory bread(block 64) failed [ 82.534168][ T4847] FAT-fs (loop0): Directory bread(block 65) failed [ 82.536775][ T4847] FAT-fs (loop0): Directory bread(block 66) failed [ 82.538851][ T4847] FAT-fs (loop0): Directory bread(block 67) failed [ 82.541456][ T4847] FAT-fs (loop0): Directory bread(block 68) failed [ 82.543550][ T4847] FAT-fs (loop0): Directory bread(block 69) failed [ 82.546035][ T4847] FAT-fs (loop0): Directory bread(block 70) failed [ 82.548135][ T4847] FAT-fs (loop0): Directory bread(block 71) failed [ 82.550576][ T4847] FAT-fs (loop0): Directory bread(block 72) failed [ 82.552833][ T4847] FAT-fs (loop0): Directory bread(block 73) failed [ 83.034729][ T4854] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 83.036892][ T4854] IPv6: NLM_F_CREATE should be set when creating new route [ 83.138612][ T4856] loop0: detected capacity change from 0 to 512 [ 83.209658][ T4856] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 83.235984][ T4856] EXT4-fs (loop0): invalid journal inode [ 83.237910][ T4856] EXT4-fs (loop0): can't get journal size [ 83.275316][ T4856] EXT4-fs (loop0): 1 truncate cleaned up [ 83.277151][ T4856] EXT4-fs (loop0): mounted filesystem without journal. Opts: norecovery,max_batch_time=0x0000000000000003,,errors=continue. Quota mode: none. [ 83.497395][ T4854] bridge0: port 3(syz_tun) entered disabled state [ 83.549885][ T4854] bridge0: port 4(batadv0) entered disabled state [ 83.552000][ T4854] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.554401][ T4854] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.788143][ T4873] input: syz0 as /devices/virtual/input/input2 [ 84.218409][ T4884] netlink: 88 bytes leftover after parsing attributes in process `syz.0.225'. [ 84.261323][ T4854] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.299599][ T4854] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.791329][ T4854] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.793746][ T4854] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.796140][ T4854] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.798591][ T4854] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.020652][ T4895] loop3: detected capacity change from 0 to 128 [ 85.054271][ T4895] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 85.077297][ T4898] loop0: detected capacity change from 0 to 512 [ 85.127879][ T4898] EXT2-fs (loop0): warning: mounting ext3 filesystem as ext2 [ 85.224579][ T4898] attempt to access beyond end of device [ 85.224579][ T4898] loop0: rw=2049, want=3606377192, limit=512 [ 85.228656][ T4898] Buffer I/O error on dev loop0, logical block 1803188595, lost async page write [ 85.232362][ T4898] attempt to access beyond end of device [ 85.232362][ T4898] loop0: rw=2049, want=3403208900, limit=512 [ 85.235425][ T4898] Buffer I/O error on dev loop0, logical block 1701604449, lost async page write [ 85.237973][ T4898] attempt to access beyond end of device [ 85.237973][ T4898] loop0: rw=2049, want=59110, limit=512 [ 85.241551][ T4898] Buffer I/O error on dev loop0, logical block 29554, lost async page write [ 85.245951][ T4898] EXT2-fs (loop0): error: ext2_fsync: detected IO error when writing metadata buffers [ 85.264833][ T4898] attempt to access beyond end of device [ 85.264833][ T4898] loop0: rw=2049, want=8589934082, limit=512 [ 85.268304][ T4898] Buffer I/O error on dev loop0, logical block 4294967040, lost async page write [ 85.275102][ T4898] EXT2-fs (loop0): error: ext2_fsync: detected IO error when writing metadata buffers [ 85.703856][ T4909] loop3: detected capacity change from 0 to 40427 [ 85.719957][ T4909] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1ffff [ 85.734693][ T4909] F2FS-fs (loop3): invalid crc value [ 85.740037][ T4909] F2FS-fs (loop3): Found nat_bits in checkpoint [ 85.767322][ T4909] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 85.828159][ T4909] attempt to access beyond end of device [ 85.828159][ T4909] loop3: rw=2049, want=45104, limit=40427 [ 85.850090][ T4909] attempt to access beyond end of device [ 85.850090][ T4909] loop3: rw=0, want=45104, limit=40427 [ 85.895822][ T4037] attempt to access beyond end of device [ 85.895822][ T4037] loop3: rw=2049, want=45112, limit=40427 [ 85.925764][ T4915] syz.4.233 uses obsolete (PF_INET,SOCK_PACKET) [ 86.270110][ T4922] netlink: 'syz.4.236': attribute type 10 has an invalid length. [ 86.300410][ T4922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.316686][ T4922] team0: Port device bond0 added [ 86.318604][ T4924] netlink: 12 bytes leftover after parsing attributes in process `syz.3.234'. [ 86.338550][ T4922] netlink: 4 bytes leftover after parsing attributes in process `syz.4.236'. [ 86.402141][ T4922] team0 (unregistering): Port device team_slave_0 removed [ 86.422443][ T4922] team0 (unregistering): Port device team_slave_1 removed [ 86.435414][ T4922] team0 (unregistering): Port device bond0 removed [ 86.650151][ C1] vcan0: j1939_tp_rxtimer: 0x0000000098f63df3: rx timeout, send abort [ 86.977718][ C1] vcan0: j1939_xtp_rx_abort_one: 0x0000000098f63df3: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 87.469975][ T4933] loop0: detected capacity change from 0 to 1024 [ 87.516696][ T4933] EXT4-fs (loop0): Ignoring removed nobh option [ 87.528796][ T4933] EXT4-fs (loop0): Ignoring removed bh option [ 87.530621][ T4933] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 87.587485][ T4933] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,noquota,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,resuid=0x0000000000000000,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 87.899432][ T4948] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.980403][ T4948] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.061097][ T4948] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.172461][ T4948] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.348095][ T4948] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.368703][ T4948] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.396375][ T4948] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.412531][ T4948] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.160302][ T4993] binder: 4991:4993 tried to acquire reference to desc 0, got 1 instead [ 90.165878][ T4993] binder: 4991:4993 not enough space to store 5 fds in buffer [ 90.168188][ T4993] binder: 4991:4993 transaction failed 29201/-22, size 96-24 line 3331 [ 90.179427][ T1534] binder: undelivered TRANSACTION_ERROR: 29201 [ 90.239354][ T4996] netlink: 'syz.3.265': attribute type 1 has an invalid length. [ 90.271189][ T4996] 8021q: adding VLAN 0 to HW filter on device bond1 [ 90.312942][ T4999] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 90.331684][ T4999] netlink: 'syz.0.264': attribute type 10 has an invalid length. [ 90.337110][ T4999] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.339682][ T4999] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.398185][ T4999] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.400227][ T4999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.402386][ T4999] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.404331][ T4999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.445554][ T4999] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 90.456658][ T4996] bond1: (slave gretap1): making interface the new active one [ 90.467094][ T4996] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 90.472029][ T5001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.264'. [ 90.477904][ T5001] device bridge_slave_1 left promiscuous mode [ 90.487758][ T5001] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.546104][ T5001] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.626719][ T5001] bond0: (slave bridge0): Releasing backup interface [ 90.745503][ T4563] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 90.753504][ T5002] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 91.112081][ T5013] device syzkaller0 entered promiscuous mode [ 91.116017][ T4068] syzkaller0: tun_net_xmit 76 [ 91.117627][ T4068] syzkaller0: tun_net_xmit 48 [ 91.137665][ T5013] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 91.139324][ T5013] syzkaller0: Linktype set failed because interface is up [ 91.141838][ T4068] syzkaller0: tun_net_xmit 76 [ 91.579917][ T5027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.274'. [ 92.357715][ C0] vcan0: j1939_tp_rxtimer: 0x0000000060946714: rx timeout, send abort [ 92.361075][ C0] vcan0: j1939_xtp_rx_abort_one: 0x0000000060946714: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 92.437831][ T5054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.284'. [ 92.558456][ T5059] netlink: 'syz.4.286': attribute type 10 has an invalid length. [ 93.641583][ T5070] loop3: detected capacity change from 0 to 8 [ 93.674597][ T5070] unable to read id index table [ 93.917461][ T5082] loop3: detected capacity change from 0 to 2048 [ 94.014528][ T5082] hpfs: bad mount options. [ 94.933939][ T5095] tipc: Failed to remove unknown binding: 66,1,1/0:1022413771/1022413773 [ 94.938206][ T5095] tipc: Failed to remove unknown binding: 66,1,1/0:1022413771/1022413773 [ 94.939721][ T5070] binder: 5069:5070 ioctl c028660f 20000000 returned -22 [ 94.941747][ T5095] tipc: Failed to remove unknown binding: 66,1,1/0:1022413771/1022413773 [ 95.230732][ T5105] nbd3: detected capacity change from 0 to 4294967296 [ 96.053808][ T5107] block nbd3: shutting down sockets [ 96.081477][ C0] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.084602][ C0] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.087369][ T149] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.090490][ T149] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.094486][ T149] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.097377][ T149] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.099720][ T149] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.102702][ T149] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.105496][ T149] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.108471][ T149] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.110761][ T149] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.113633][ T149] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.115919][ T149] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.118836][ T149] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.121158][ T149] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.124058][ T149] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.127179][ T4016] ldm_validate_partition_table(): Disk read failed. [ 96.129251][ T149] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.132244][ T149] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.135653][ T149] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 96.138761][ T149] Buffer I/O error on dev nbd3, logical block 0, async page read [ 96.141662][ T4016] Dev nbd3: unable to read RDB block 0 [ 96.144936][ T4016] nbd3: unable to read partition table [ 96.285143][ T4016] ldm_validate_partition_table(): Disk read failed. [ 96.287507][ T4016] Dev nbd3: unable to read RDB block 0 [ 96.289511][ T4016] nbd3: unable to read partition table [ 96.302948][ T5102] ldm_validate_partition_table(): Disk read failed. [ 96.305390][ T5102] Dev nbd3: unable to read RDB block 0 [ 96.312578][ T5102] nbd3: unable to read partition table [ 97.098446][ T3642] ldm_validate_partition_table(): Disk read failed. [ 97.108446][ T3642] Dev nbd3: unable to read RDB block 0 [ 97.123798][ T3642] nbd3: unable to read partition table [ 97.151778][ T3642] ldm_validate_partition_table(): Disk read failed. [ 97.172783][ T3642] Dev nbd3: unable to read RDB block 0 [ 97.193483][ T3642] nbd3: unable to read partition table [ 99.564217][ T4358] Bluetooth: hci5: command 0x0409 tx timeout [ 100.593720][ T5149] netlink: 'syz.3.310': attribute type 10 has an invalid length. [ 100.730560][ T5156] netlink: 'syz.2.312': attribute type 10 has an invalid length. [ 100.741566][ T5156] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 100.886705][ T5162] tipc: Started in network mode [ 100.888343][ T5162] tipc: Node identity 369b78c24a3e, cluster identity 4711 [ 100.890613][ T5162] tipc: Enabled bearer , priority 0 [ 100.913066][ T5162] device syzkaller0 entered promiscuous mode [ 100.953913][ T26] audit: type=1326 audit(100.900:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5166 comm="syz.4.317" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff90be48a8 code=0x0 [ 100.975838][ T5159] tipc: Resetting bearer [ 100.993413][ T5169] binder: 5168:5169 tried to acquire reference to desc 0, got 1 instead [ 100.996270][ T5169] binder_alloc: 5168: pid 5168 spamming oneway? 1 buffers allocated for a total size of 6144 [ 101.000480][ T5169] binder: 5168:5169 got transaction with invalid data ptr [ 101.003681][ T5169] binder: 5168:5169 transaction failed 29201/-14, size 0-6144 line 3186 [ 101.006530][ T4015] binder: undelivered TRANSACTION_ERROR: 29201 [ 101.046965][ T5159] tipc: Disabling bearer [ 101.164042][ T5179] loop3: detected capacity change from 0 to 512 [ 101.187974][ T5179] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5 [ 101.187974][ T5179] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 101.187974][ T5179] [ 101.189331][ T5118] chnl_net:caif_netlink_parms(): no params data found [ 101.208930][ T5179] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 101.211691][ T5179] EXT4-fs (loop3): journaled quota format not specified [ 101.265034][ T5118] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.267247][ T5118] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.270028][ T5118] device bridge_slave_0 entered promiscuous mode [ 101.284469][ T5118] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.286753][ T5118] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.305424][ T5118] device bridge_slave_1 entered promiscuous mode [ 101.343554][ T5118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.353207][ T5118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.385132][ T5118] team0: Port device team_slave_0 added [ 101.389601][ T5118] team0: Port device team_slave_1 added [ 101.404504][ T5118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.406587][ T5118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.414031][ T5118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.419593][ T5118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.421644][ T5118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.429921][ T5118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.502849][ T5118] device hsr_slave_0 entered promiscuous mode [ 101.531097][ T5118] device hsr_slave_1 entered promiscuous mode [ 101.560847][ T5118] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 101.563164][ T5118] Cannot create hsr debugfs directory [ 101.632161][ T5192] tipc: Enabling of bearer rejected, failed to enable media [ 101.641573][ T1534] Bluetooth: hci5: command 0x041b tx timeout [ 101.845008][ T5118] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 101.923333][ T5118] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 102.809651][ T5118] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 102.863471][ T5118] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 103.030904][ T5118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.066430][ T4573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.071346][ T5211] binder: 5210:5211 tried to acquire reference to desc 0, got 1 instead [ 103.075168][ T5211] binder: 5210:5211 got new transaction with bad transaction stack, transaction 39 has target 5210:0 [ 103.078604][ T5211] binder: 5210:5211 transaction failed 29201/-71, size 0-48 line 2973 [ 103.083593][ T4573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.087623][ T4078] binder: release 5210:5211 transaction 39 out, still active [ 103.092158][ T4078] binder: undelivered TRANSACTION_COMPLETE [ 103.093704][ T4078] binder: undelivered TRANSACTION_ERROR: 29201 [ 103.115792][ T5118] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.123620][ T4068] binder: send failed reply for transaction 39, target dead [ 103.721353][ T4358] Bluetooth: hci5: command 0x040f tx timeout [ 103.826260][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.829734][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.863785][ T4566] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.866171][ T4566] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.921913][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 104.047469][ T5230] loop0: detected capacity change from 0 to 1024 [ 104.065831][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 104.068885][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 104.079805][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.081824][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.088856][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 105.057989][ T5230] hfsplus: inconsistency in B*Tree (1,0,1,0,1) [ 105.070937][ T5230] hfsplus: inconsistency in B*Tree (1,0,1,0,1) [ 105.115061][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 105.118219][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 105.132474][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 105.136006][ T5240] loop3: detected capacity change from 0 to 8192 [ 105.145775][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 105.154199][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 105.166592][ T153] hfsplus: b-tree write err: -5, ino 4 [ 105.169307][ T26] audit: type=1326 audit(105.110:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz.4.345" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff90be48a8 code=0x0 [ 105.177004][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 105.188311][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 105.210332][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 105.239180][ T5118] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 105.242800][ T5248] loop0: detected capacity change from 0 to 128 [ 105.256536][ T5248] EXT4-fs (loop0): Test dummy encryption mode enabled [ 105.260508][ T5118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 105.264743][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 105.270409][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 105.289058][ T5248] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,test_dummy_encryption=v1,,errors=continue. Quota mode: none. [ 105.451637][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 105.453822][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 105.467999][ T5118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.801127][ T4358] Bluetooth: hci5: command 0x0419 tx timeout [ 105.829290][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 105.832642][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 105.848798][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 105.862578][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 105.865784][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 105.872350][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 105.879917][ T5118] device veth0_vlan entered promiscuous mode [ 105.906714][ T5263] loop0: detected capacity change from 0 to 32768 [ 105.909013][ T5118] device veth1_vlan entered promiscuous mode [ 105.957630][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 105.960549][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 105.964209][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 105.970284][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 105.978463][ T5118] device veth0_macvtap entered promiscuous mode [ 105.986244][ T5118] device veth1_macvtap entered promiscuous mode [ 105.998362][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.009363][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.013849][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.293255][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.329019][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.521055][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.523840][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.526690][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.528867][ T5263] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.349 (5263) [ 106.530764][ T5118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.536253][ T4573] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 106.539070][ T4573] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 106.543150][ T4573] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 106.544799][ T5263] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 106.548498][ T5263] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 106.554659][ T4573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 106.576219][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.579246][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.582703][ T5263] BTRFS info (device loop0): use zstd compression, level 3 [ 106.584735][ T5263] BTRFS info (device loop0): using free space tree [ 106.586510][ T5263] BTRFS info (device loop0): has skinny extents [ 106.600775][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.607383][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.610491][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.629831][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.632937][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.734620][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.755509][ T5118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.757618][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 106.760645][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 106.805843][ T5118] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.808489][ T5118] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.830085][ T5118] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.849933][ T5118] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.868986][ T5298] netlink: 4 bytes leftover after parsing attributes in process `syz.2.355'. [ 107.095697][ T5263] BTRFS info (device loop0): enabling ssd optimizations [ 107.777099][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.779683][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.793765][ T4573] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 107.909380][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.928755][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.997535][ T4566] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 108.538658][ T4100] af_packet: tpacket_rcv: packet too big, clamped from 80 to 4294967272. macoff=96 [ 108.785815][ T5320] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 108.785815][ T5320] The task syz.2.358 (5320) triggered the difference, watch for misbehavior. [ 109.938792][ T5337] loop5: detected capacity change from 0 to 2048 [ 110.059753][ T5337] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 110.095954][ T5337] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 111.186607][ T5343] loop0: detected capacity change from 0 to 32768 [ 111.197603][ T5352] netlink: 24 bytes leftover after parsing attributes in process `syz.4.370'. [ 111.262615][ T5343] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 111.265110][ T5343] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 111.555595][ T5343] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 111.555595][ T5343] bh = 35 (type: exp=4, found=31) [ 111.555595][ T5343] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493 [ 111.561349][ T5343] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 111.766298][ T5343] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 111.768886][ T5343] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 111.778529][ T5343] gfs2: fsid=syz:syz.0: File system withdrawn [ 111.780313][ T5343] CPU: 1 PID: 5343 Comm: syz.0.359 Not tainted 5.15.185-syzkaller #0 [ 111.782601][ T5343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.785388][ T5343] Call trace: [ 111.786261][ T5343] dump_backtrace+0x0/0x43c [ 111.787467][ T5343] show_stack+0x2c/0x3c [ 111.788582][ T5343] __dump_stack+0x30/0x40 [ 111.789858][ T5343] dump_stack_lvl+0xf8/0x160 [ 111.791122][ T5343] dump_stack+0x1c/0x5c [ 111.792273][ T5343] gfs2_withdraw+0xc60/0x129c [ 111.793532][ T5343] gfs2_metatype_check_ii+0x8c/0xac [ 111.794937][ T5343] gfs2_meta_buffer+0x258/0x2ec [ 111.796210][ T5343] gfs2_inode_refresh+0xac/0xda8 [ 111.797562][ T5343] inode_go_lock+0xfc/0x38c [ 111.798802][ T5343] do_promote+0x678/0xa70 [ 111.799995][ T5343] finish_xmote+0x450/0xb2c [ 111.801196][ T5343] do_xmote+0x674/0xf90 [ 111.802334][ T5343] run_queue+0x3fc/0x6c0 [ 111.803459][ T5343] gfs2_glock_nq+0x828/0x141c [ 111.804785][ T5343] init_journal+0xa30/0x1d7c [ 111.806020][ T5343] init_inodes+0xe0/0x2d4 [ 111.807172][ T5343] gfs2_fill_super+0x121c/0x19e0 [ 111.808523][ T5343] get_tree_bdev+0x358/0x544 [ 111.809861][ T5343] gfs2_get_tree+0x54/0x1b4 [ 111.811196][ T5343] vfs_get_tree+0x90/0x274 [ 111.812424][ T5343] do_new_mount+0x228/0x810 [ 111.813659][ T5343] path_mount+0x5b4/0x1000 [ 111.814854][ T5343] __arm64_sys_mount+0x514/0x5e4 [ 111.816159][ T5343] invoke_syscall+0x98/0x2b8 [ 111.817411][ T5343] el0_svc_common+0x138/0x258 [ 111.818692][ T5343] do_el0_svc+0x58/0x14c [ 111.819968][ T5343] el0_svc+0x78/0x1e0 [ 111.821027][ T5343] el0t_64_sync_handler+0xcc/0xe4 [ 111.822387][ T5343] el0t_64_sync+0x1a0/0x1a4 [ 111.823821][ T5343] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 112.029705][ T5348] UDF-fs: warning (device loop5): udf_truncate_tail_extent: Too long extent after EOF in inode 1368: i_size: 159744 lbcount: 163840 extent 129+128512 [ 112.172848][ T5364] netlink: 'syz.2.375': attribute type 1 has an invalid length. [ 112.190298][ T5364] 8021q: adding VLAN 0 to HW filter on device bond1 [ 112.285912][ T5364] 8021q: adding VLAN 0 to HW filter on device bond1 [ 112.288316][ T5364] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 112.292125][ T5364] bond1: (slave vxcan3): Error -22 calling dev_set_mtu [ 112.326548][ T5374] device gretap1 entered promiscuous mode [ 112.333444][ T5374] bond1: (slave gretap1): making interface the new active one [ 112.336632][ T5374] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 113.330020][ T5385] netlink: 12 bytes leftover after parsing attributes in process `syz.5.379'. [ 113.386495][ T5389] netlink: 112 bytes leftover after parsing attributes in process `syz.4.384'. [ 113.412433][ T5391] netlink: 27 bytes leftover after parsing attributes in process `syz.0.383'. [ 113.426311][ T5391] netlink: 'syz.0.383': attribute type 10 has an invalid length. [ 113.444825][ T5391] team0: Port device wlan1 added [ 113.802750][ T5402] netlink: 4 bytes leftover after parsing attributes in process `syz.3.388'. [ 115.328078][ T5409] fuse: Bad value for 'fd' [ 115.366099][ T5415] fuse: Bad value for 'fd' [ 118.101170][ T5459] netlink: 'syz.4.404': attribute type 39 has an invalid length. [ 118.228009][ T5462] Bluetooth: hci1: Frame reassembly failed (-90) [ 118.652007][ T4181] libceph: connect (1)[c::]:6789 error -101 [ 118.654281][ T4181] libceph: mon0 (1)[c::]:6789 connect error [ 118.666859][ T4181] libceph: connect (1)[c::]:6789 error -101 [ 118.668581][ T4181] libceph: mon0 (1)[c::]:6789 connect error [ 118.819978][ T5484] ceph: No mds server is up or the cluster is laggy [ 119.033509][ T4181] libceph: connect (1)[c::]:6789 error -101 [ 119.035402][ T4181] libceph: mon0 (1)[c::]:6789 connect error [ 120.161010][ T5510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.421'. [ 120.281059][ T4360] Bluetooth: hci1: command 0x1003 tx timeout [ 120.282999][ T4035] Bluetooth: hci1: sending frame failed (-49) [ 120.417534][ T5522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.425'. [ 120.428574][ T5522] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.431808][ T5522] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.434298][ T5522] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.436799][ T5522] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.501066][ T5522] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 120.503664][ T5522] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 120.506224][ T5522] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 120.508732][ T5522] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 120.560051][ T5528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.426'. [ 120.604844][ T5528] device team1 entered promiscuous mode [ 120.659744][ T5535] loop5: detected capacity change from 0 to 2048 [ 120.714350][ T5535] GPT:first_usable_lbas don't match. [ 120.715844][ T5535] GPT:34 != 290 [ 120.716826][ T5535] GPT: Use GNU Parted to correct GPT errors. [ 120.718670][ T5535] loop5: p1 p2 p3 [ 122.545142][ T4181] Bluetooth: hci1: command 0x1001 tx timeout [ 122.546922][ T4035] Bluetooth: hci1: sending frame failed (-49) [ 122.556819][ T4156] udevd[4156]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory [ 122.859253][ T5586] overlayfs: failed to clone upperpath [ 123.016860][ T5591] netlink: 116 bytes leftover after parsing attributes in process `syz.5.451'. [ 123.116957][ T5595] cifs: Unknown parameter 'no'aN[Gzob,er;%j [ 123.116957][ T5595] z,@qJ#"h/.W1ȱnNC"C<+`#k' [ 124.579275][ T5618] loop5: detected capacity change from 0 to 64 [ 124.601151][ T4181] Bluetooth: hci1: command 0x1009 tx timeout [ 125.840335][ T5641] loop5: detected capacity change from 0 to 1024 [ 126.046831][ T5118] hfsplus: bad catalog entry type [ 127.113108][ T5655] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 128.829515][ T5686] binder: 5685:5686 tried to acquire reference to desc 0, got 1 instead [ 129.128854][ T5690] tipc: Enabled bearer , priority 10 [ 129.139227][ T5690] tipc: Enabled bearer , priority 0 [ 130.498281][ T1534] binder: send failed reply for transaction 45 to 5685:5686 [ 130.501060][ T1534] binder: undelivered TRANSACTION_COMPLETE [ 130.502810][ T1534] binder: undelivered TRANSACTION_ERROR: 29189 [ 130.786942][ T4072] tipc: Node number set to 2091219138 [ 131.823900][ T2055] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.825809][ T2055] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.072758][ T5726] loop5: detected capacity change from 0 to 8 [ 133.191941][ T5726] udc-core: couldn't find an available UDC or it's busy [ 133.193982][ T5726] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 133.223253][ T5726] SQUASHFS error: Unable to read directory block [629:2b] [ 137.291334][ T5776] netlink: 24 bytes leftover after parsing attributes in process `syz.4.519'. [ 137.501170][ T5780] netlink: 'syz.5.518': attribute type 13 has an invalid length. [ 138.301347][ T4360] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.314000][ T5791] binder: 5790:5791 tried to acquire reference to desc 0, got 1 instead [ 138.317319][ T5791] binder: 5790:5791 got reply transaction with bad transaction stack, transaction 50 has target 5790:0 [ 138.330771][ T5791] binder: 5790:5791 transaction failed 29201/-71, size 0-0 line 2837 [ 138.343684][ T4181] binder: release 5790:5791 transaction 50 out, still active [ 138.384449][ T4181] binder: send failed reply for transaction 50, target dead [ 138.418863][ T5780] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 138.432125][ T5795] overlayfs: failed to clone upperpath [ 138.491183][ T5780] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 138.502526][ T5800] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 138.593932][ T5803] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.600632][ T5803] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.620490][ T5803] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.629015][ T5803] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.637533][ T5803] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.652745][ T5801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 140.022532][ T5825] netlink: 12 bytes leftover after parsing attributes in process `syz.3.536'. [ 140.046256][ T5825] device xfrm0 entered promiscuous mode [ 140.052907][ T4068] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 140.055408][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 140.474150][ T4181] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 143.647114][ T4563] bond0: (slave bond_slave_0): interface is now down [ 143.650481][ T4563] bond0: (slave bond_slave_1): interface is now down [ 143.714706][ T4563] bond0: (slave bond_slave_0): interface is now down [ 143.745418][ T4563] bond0: (slave bond_slave_1): interface is now down [ 143.802773][ T4563] bond0: (slave bond_slave_0): interface is now down [ 143.856112][ T4563] bond0: (slave bond_slave_1): interface is now down [ 143.964873][ T136] bond0: (slave bond_slave_0): interface is now down [ 143.967124][ T136] bond0: (slave bond_slave_1): interface is now down [ 143.991796][ T4563] bond0: (slave bond_slave_0): interface is now down [ 144.046611][ T4563] bond0: (slave bond_slave_1): interface is now down [ 144.184474][ T4563] bond0: (slave bond_slave_0): interface is now down [ 144.402432][ T5866] netlink: 'syz.5.550': attribute type 10 has an invalid length. [ 144.420792][ T4563] bond0: (slave bond_slave_1): interface is now down [ 144.440922][ T4571] bond0: (slave bond_slave_0): interface is now down [ 144.450726][ T4571] bond0: (slave bond_slave_1): interface is now down [ 144.474097][ T5866] device syz_tun entered promiscuous mode [ 144.483289][ T432] bond0: (slave bond_slave_0): interface is now down [ 144.485226][ T432] bond0: (slave bond_slave_1): interface is now down [ 144.501615][ T4563] bond0: (slave bond_slave_0): interface is now down [ 144.503438][ T4563] bond0: (slave bond_slave_1): interface is now down [ 144.504187][ T5866] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 144.524106][ T432] bond0: (slave bond_slave_0): interface is now down [ 144.526001][ T432] bond0: (slave bond_slave_1): interface is now down [ 144.527884][ T432] bond0: (slave syz_tun): interface is now down [ 144.531673][ T4181] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 144.534181][ T4181] usb 1-1: can't read configurations, error -71 [ 144.555991][ T432] bond0: now running without any active interface! [ 145.886281][ T5890] netlink: 'syz.5.558': attribute type 10 has an invalid length. [ 145.970573][ T5890] team0: Port device dummy0 added [ 145.973181][ T5891] netlink: 'syz.5.558': attribute type 10 has an invalid length. [ 145.992272][ T5891] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 146.832306][ T5891] team0: Port device dummy0 removed [ 146.836396][ T5891] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 146.850344][ T148] bond0: (slave dummy0): interface is now down [ 146.861605][ T148] bond0: now running without any active interface! [ 147.082297][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 147.085197][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 148.251867][ T4181] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.476478][ T5330] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.479459][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.666293][ T5947] Unknown status report in ack skb [ 150.898820][ T5975] binder: 5974:5975 tried to acquire reference to desc 0, got 1 instead [ 150.901973][ T5975] binder: 5974:5975 got transaction with invalid handle, 2 [ 150.904073][ T5975] binder: 5974:5975 transaction failed 29201/-22, size 72-24 line 3242 [ 150.907850][ T4358] binder: undelivered TRANSACTION_ERROR: 29201 [ 150.981026][ T5977] xt_hashlimit: max too large, truncated to 1048576 [ 150.987527][ T5977] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 151.704989][ T5979] netlink: 24 bytes leftover after parsing attributes in process `syz.2.588'. [ 151.789251][ T5943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.574'. [ 151.798299][ T26] audit: type=1326 audit(151.740:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96ec68a8 code=0x7ffc0000 [ 151.810818][ T26] audit: type=1326 audit(151.740:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96ec68a8 code=0x7ffc0000 [ 151.816697][ T26] audit: type=1326 audit(151.740:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=208 compat=0 ip=0xffff96ec68a8 code=0x7ffc0000 [ 151.825616][ T5983] loop5: detected capacity change from 0 to 1024 [ 151.851719][ T26] audit: type=1326 audit(151.740:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96ec68a8 code=0x7ffc0000 [ 151.859961][ T26] audit: type=1326 audit(151.740:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96ec68a8 code=0x7ffc0000 [ 151.871529][ T26] audit: type=1326 audit(151.740:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffff96ec68a8 code=0x7ffc0000 [ 151.877313][ T26] audit: type=1326 audit(151.740:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff96ec68dc code=0x7ffc0000 [ 151.891745][ T26] audit: type=1326 audit(151.750:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff96ec4f70 code=0x7ffc0000 [ 151.897649][ T26] audit: type=1326 audit(151.770:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=215 compat=0 ip=0xffff96ec694c code=0x7ffc0000 [ 151.912681][ T26] audit: type=1326 audit(151.770:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5982 comm="syz.5.587" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff96ec4dd4 code=0x7ffc0000 [ 151.945630][ T5983] EXT4-fs (loop5): Unrecognized mount option "uid<00000000000000000000" or missing value [ 152.038146][ C1] Unknown status report in ack skb [ 152.900821][ T5997] binder: BINDER_SET_CONTEXT_MGR already set [ 152.902798][ T5997] binder: 5996:5997 ioctl 4018620d 20000040 returned -16 [ 152.905633][ T5997] binder: tried to use weak ref as strong ref [ 152.907749][ T5997] binder: 5996:5997 Acquire 1 refcount change on invalid ref 0 ret -22 [ 152.910649][ T5997] binder: 5996:5997 got transaction to invalid handle, 1 [ 152.914375][ T5997] binder: 5996:5997 transaction failed 29201/-22, size 0-0 line 2917 [ 152.917162][ T4360] binder: undelivered TRANSACTION_ERROR: 29201 [ 154.121206][ T4069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.123790][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.135621][ T6018] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.026884][ T6022] netlink: 24 bytes leftover after parsing attributes in process `syz.5.600'. [ 155.038328][ T6026] loop0: detected capacity change from 0 to 2048 [ 156.096026][ T6037] loop5: detected capacity change from 0 to 2048 [ 156.175374][ T6037] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.193707][ T6042] Cannot find del_set index 2 as target [ 156.197189][ T6044] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 156.307030][ T6046] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 156.327765][ T6046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.621'. [ 156.682246][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.240903][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.244225][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.330565][ T4181] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.529537][ T6098] netlink: 28 bytes leftover after parsing attributes in process `syz.4.629'. [ 157.538983][ T6098] netlink: 28 bytes leftover after parsing attributes in process `syz.4.629'. [ 157.671751][ T6095] netlink: 'syz.2.627': attribute type 1 has an invalid length. [ 157.709671][ T6095] device bond2 entered promiscuous mode [ 158.458571][ T6095] 8021q: adding VLAN 0 to HW filter on device bond2 [ 158.532776][ T6109] 8021q: adding VLAN 0 to HW filter on device bond2 [ 158.535042][ T6109] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 158.690144][ T6109] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 158.725885][ T6109] bond2: (slave ip6gre1): making interface the new active one [ 158.782127][ T6109] device ip6gre1 entered promiscuous mode [ 158.825088][ T6109] bond2: (slave ip6gre1): Enslaving as an active interface with an up link [ 158.827587][ T6069] netlink: 8 bytes leftover after parsing attributes in process `syz.0.615'. [ 158.831331][ T6138] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 158.847932][ T6149] netlink: 24 bytes leftover after parsing attributes in process `syz.4.633'. [ 159.098774][ T6159] device bridge_slave_0 left promiscuous mode [ 159.129521][ T6159] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.329520][ T6159] device bridge_slave_1 left promiscuous mode [ 159.331555][ T6159] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.371999][ T6159] bond0: (slave bond_slave_0): Releasing backup interface [ 160.375624][ T6181] loop5: detected capacity change from 0 to 64 [ 161.552701][ T4072] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 161.556605][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.009129][ T6159] bond0: (slave bond_slave_1): Releasing backup interface [ 162.087761][ T6159] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 162.089896][ T6159] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.117416][ T6159] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.119439][ T6159] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.298841][ T6208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.651'. [ 162.314156][ T6208] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.316594][ T6208] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.318788][ T6208] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.321223][ T6208] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.445615][ T6208] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.448083][ T6208] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.450427][ T6208] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.453021][ T6208] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 164.239697][ T4181] Bluetooth: hci0: command 0x0406 tx timeout [ 164.241714][ T4181] Bluetooth: hci3: command 0x0406 tx timeout [ 164.243529][ T4181] Bluetooth: hci2: command 0x0406 tx timeout [ 164.248485][ T4068] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.250948][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.431716][ T6231] binder: 6230:6231 tried to acquire reference to desc 0, got 1 instead [ 164.436055][ T6232] netlink: 'syz.2.661': attribute type 10 has an invalid length. [ 164.445278][ T6232] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 164.482551][ T6231] binder: undelivered TRANSACTION_COMPLETE [ 165.430498][ T6237] binder: 6235:6237 tried to acquire reference to desc 0, got 1 instead [ 165.453134][ T6237] binder: 6235:6237 got transaction with invalid data ptr [ 165.455253][ T6237] binder: 6235:6237 transaction failed 29201/-14, size 0-24 line 3186 [ 165.470903][ T6237] binder: 6235:6237 got transaction with invalid offset (48, min 48 max 72) or object. [ 165.473678][ T6237] binder: 6235:6237 transaction failed 29201/-22, size 72-72 line 3199 [ 165.475905][ T6237] binder: 6235:6237 ioctl c0306201 200001c0 returned -14 [ 165.485469][ T4068] binder: undelivered TRANSACTION_ERROR: 29201 [ 165.633051][ T6138] Bluetooth: hci1: Frame reassembly failed (-84) [ 166.452459][ T6257] netlink: 24 bytes leftover after parsing attributes in process `syz.4.670'. [ 169.572474][ T144] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 169.585377][ T4072] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.588444][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.604698][ T4358] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.608223][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.616338][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.778016][ T6280] netlink: 28 bytes leftover after parsing attributes in process `syz.0.678'. [ 169.782277][ T6280] netlink: 28 bytes leftover after parsing attributes in process `syz.0.678'. [ 169.861105][ T6296] cgroup: Unknown subsys name '@﬽4*oңhoU' [ 169.990808][ T6296] netlink: 'syz.0.683': attribute type 3 has an invalid length. [ 170.331286][ T6304] xt_CT: You must specify a L4 protocol and not use inversions on it [ 171.328971][ T6321] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 171.336065][ T6321] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 171.358619][ T6310] loop5: detected capacity change from 0 to 32768 [ 171.419261][ T6310] XFS (loop5): Mounting V5 Filesystem [ 171.505216][ T6310] XFS (loop5): Ending clean mount [ 171.520005][ T6310] XFS (loop5): Quotacheck needed: Please wait. [ 171.627382][ T6310] XFS (loop5): Quotacheck: Done. [ 171.895781][ T5118] XFS (loop5): Unmounting Filesystem [ 171.988669][ T6342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 171.997987][ T6342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.013926][ T6342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.054732][ T4358] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.057043][ T4358] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 172.094222][ T6345] netlink: 12 bytes leftover after parsing attributes in process `syz.2.700'. [ 172.624133][ T6338] loop0: detected capacity change from 0 to 32768 [ 172.707999][ T6338] XFS (loop0): Mounting V5 Filesystem [ 172.803351][ T6338] XFS (loop0): Ending clean mount [ 173.035172][ T4026] XFS (loop0): Unmounting Filesystem [ 173.819654][ T6414] loop5: detected capacity change from 0 to 24 [ 173.871579][ T6414] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 173.883213][ T6414] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 174.677953][ T6414] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 174.939575][ T6428] netlink: 88 bytes leftover after parsing attributes in process `syz.2.725'. [ 175.101959][ T6432] input: syz0 as /devices/virtual/input/input3 [ 175.259489][ T6440] batman_adv: batadv0: Adding interface: dummy0 [ 175.263759][ T4435] net_ratelimit: 17 callbacks suppressed [ 175.263772][ T4435] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.267987][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.274774][ T6440] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.301991][ T6440] batman_adv: batadv0: Interface activated: dummy0 [ 175.332139][ T6440] batadv0: mtu less than device minimum [ 175.343967][ T6440] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 175.351782][ T6440] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 175.359025][ T6440] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 175.366460][ T6440] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 175.373756][ T6440] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 175.381396][ T6440] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 175.389536][ T6440] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 175.461338][ T6442] netlink: 'syz.5.730': attribute type 10 has an invalid length. [ 175.492870][ T6442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.507079][ T6442] team0: Port device bond0 added [ 175.512637][ T6443] netlink: 4 bytes leftover after parsing attributes in process `syz.5.730'. [ 175.616391][ T6443] team0 (unregistering): Port device team_slave_0 removed [ 175.644070][ T6443] team0 (unregistering): Port device team_slave_1 removed [ 175.671839][ T6443] team0 (unregistering): Port device bond0 removed [ 176.129476][ T6469] netlink: 'syz.0.736': attribute type 10 has an invalid length. [ 176.140869][ T6469] netlink: 40 bytes leftover after parsing attributes in process `syz.0.736'. [ 176.143463][ T6469] device batadv0 entered promiscuous mode [ 177.685877][ T6504] netlink: 12 bytes leftover after parsing attributes in process `syz.3.752'. [ 178.661676][ T6504] bond2: (slave erspan0): Enslaving as an active interface with an up link [ 179.040887][ T6524] xt_hashlimit: max too large, truncated to 1048576 [ 179.048037][ T6524] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 179.886520][ T6534] netlink: 'syz.4.760': attribute type 1 has an invalid length. [ 180.376481][ T432] net_ratelimit: 21 callbacks suppressed [ 180.376496][ T432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.380902][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.725080][ T6534] 8021q: adding VLAN 0 to HW filter on device bond1 [ 180.783560][ T6545] bond1: (slave gretap1): making interface the new active one [ 180.802754][ T6545] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.805808][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.808596][ T6545] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.811527][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.821434][ T6545] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 180.852145][ T4565] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 180.891490][ T4072] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.894492][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.963436][ T6534] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 181.101393][ T4072] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.103986][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.070152][ T6565] SET target dimension over the limit! [ 182.279744][ T6579] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 182.290110][ T6579] netlink: 'syz.3.775': attribute type 10 has an invalid length. [ 182.317965][ T6579] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 183.099627][ T6579] netlink: 4 bytes leftover after parsing attributes in process `syz.3.775'. [ 183.131043][ T6579] device batadv0 left promiscuous mode [ 183.133537][ T6579] bridge0: port 4(batadv0) entered disabled state [ 183.193351][ T6579] device syz_tun left promiscuous mode [ 183.195179][ T6579] bridge0: port 3(syz_tun) entered disabled state [ 183.225468][ T6579] device bridge_slave_1 left promiscuous mode [ 183.227506][ T6579] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.284524][ T6579] device bridge_slave_0 left promiscuous mode [ 183.286380][ T6579] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.319258][ T6579] bond0: (slave bridge0): Releasing backup interface [ 183.445669][ T6596] netlink: 'syz.5.780': attribute type 10 has an invalid length. [ 183.498263][ T6606] tipc: Failed to remove unknown binding: 66,1,1/0:669519637/669519639 [ 183.515594][ T6606] tipc: Failed to remove unknown binding: 66,1,1/0:669519637/669519639 [ 183.520004][ T6606] tipc: Failed to remove unknown binding: 66,1,1/0:669519637/669519639 [ 183.735652][ T6617] binder: BINDER_SET_CONTEXT_MGR already set [ 183.739005][ T6617] binder: 6616:6617 ioctl 4018620d 200000c0 returned -16 [ 183.746074][ T6617] binder: BINDER_SET_CONTEXT_MGR already set [ 183.748040][ T6617] binder: 6616:6617 ioctl 4018620d 200001c0 returned -16 [ 183.759392][ T6617] binder: 6616:6617 got transaction to invalid handle, 1 [ 183.762811][ T6617] binder: 6616:6617 transaction failed 29201/-22, size 0-0 line 2917 [ 183.767691][ T4072] binder: undelivered TRANSACTION_ERROR: 29201 [ 183.893084][ T6619] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.903342][ T6619] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.929896][ T6622] netlink: 'syz.5.791': attribute type 16 has an invalid length. [ 183.932324][ T6622] netlink: 'syz.5.791': attribute type 17 has an invalid length. [ 185.691088][ T153] net_ratelimit: 20 callbacks suppressed [ 185.691103][ T153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.695521][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.881709][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 185.884890][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 186.263044][ T6650] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.145871][ T6650] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.264057][ T6650] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.281360][ T136] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 187.284264][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 187.416607][ T6650] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.565361][ T6669] netlink: 'syz.0.805': attribute type 16 has an invalid length. [ 187.578958][ T6669] netlink: 'syz.0.805': attribute type 17 has an invalid length. [ 187.758531][ T6650] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.768147][ T6650] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.820283][ T6650] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.852726][ T6650] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.961691][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.097406][ T26] kauditd_printk_skb: 27 callbacks suppressed [ 188.097418][ T26] audit: type=1326 audit(188.040:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.2.809" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0ada8a8 code=0x0 [ 188.681008][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.015875][ T6687] netlink: 'syz.3.813': attribute type 10 has an invalid length. [ 189.035986][ T153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.038509][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.044995][ T6687] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 189.184571][ T6693] loop5: detected capacity change from 0 to 256 [ 189.507960][ T6693] FAT-fs (loop5): Directory bread(block 64) failed [ 189.510404][ T6693] FAT-fs (loop5): Directory bread(block 65) failed [ 189.513138][ T6693] FAT-fs (loop5): Directory bread(block 66) failed [ 189.515163][ T6693] FAT-fs (loop5): Directory bread(block 67) failed [ 189.517776][ T6693] FAT-fs (loop5): Directory bread(block 68) failed [ 189.519725][ T6693] FAT-fs (loop5): Directory bread(block 69) failed [ 189.522343][ T6693] FAT-fs (loop5): Directory bread(block 70) failed [ 189.524425][ T6693] FAT-fs (loop5): Directory bread(block 71) failed [ 189.526773][ T6693] FAT-fs (loop5): Directory bread(block 72) failed [ 189.528912][ T6693] FAT-fs (loop5): Directory bread(block 73) failed [ 189.893425][ T4072] Bluetooth: hci4: command 0x0406 tx timeout [ 191.532760][ T6711] nbd5: detected capacity change from 0 to 4294967296 [ 191.543414][ T6713] tipc: Enabling of bearer rejected, failed to enable media [ 191.605506][ T6716] block nbd5: shutting down sockets [ 191.612198][ C0] print_req_error: 72 callbacks suppressed [ 191.612210][ C0] blk_update_request: I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.616689][ C0] buffer_io_error: 71 callbacks suppressed [ 191.616700][ C0] Buffer I/O error on dev nbd5, logical block 0, async page read [ 191.627341][ T149] blk_update_request: I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.630328][ T149] Buffer I/O error on dev nbd5, logical block 0, async page read [ 191.638132][ T149] blk_update_request: I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.641092][ T149] Buffer I/O error on dev nbd5, logical block 0, async page read [ 191.643571][ T149] blk_update_request: I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.646499][ T149] Buffer I/O error on dev nbd5, logical block 0, async page read [ 191.649135][ T149] blk_update_request: I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.652104][ T149] Buffer I/O error on dev nbd5, logical block 0, async page read [ 191.654460][ T149] blk_update_request: I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.657494][ T149] Buffer I/O error on dev nbd5, logical block 0, async page read [ 191.659815][ T149] blk_update_request: I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.662779][ T149] Buffer I/O error on dev nbd5, logical block 0, async page read [ 191.666321][ T227] blk_update_request: I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.669246][ T227] Buffer I/O error on dev nbd5, logical block 0, async page read [ 191.672012][ T6286] ldm_validate_partition_table(): Disk read failed. [ 191.673902][ T227] blk_update_request: I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.676788][ T227] Buffer I/O error on dev nbd5, logical block 0, async page read [ 191.679818][ T6286] Dev nbd5: unable to read RDB block 0 [ 191.681379][ T6286] nbd5: unable to read partition table [ 191.682999][ T6286] nbd5: partition table beyond EOD, truncated [ 191.721329][ T4435] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 191.723645][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 191.779649][ T6725] netlink: 12 bytes leftover after parsing attributes in process `syz.0.837'. [ 191.871469][ T6721] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.878969][ T6721] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.903728][ T4078] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 191.948065][ T6729] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.961045][ T6732] netlink: 'syz.2.825': attribute type 16 has an invalid length. [ 191.964145][ T6732] netlink: 'syz.2.825': attribute type 17 has an invalid length. [ 192.055358][ T6729] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.146590][ T6729] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.575427][ T2055] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.584815][ T2055] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.602440][ T4181] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.071800][ T432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.074317][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.196623][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.199344][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.299108][ T6729] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.312156][ T6753] netlink: 24 bytes leftover after parsing attributes in process `syz.2.833'. [ 194.407203][ T6763] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 194.413923][ T6763] netlink: 'syz.2.836': attribute type 10 has an invalid length. [ 194.467014][ T6763] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 194.997548][ T6764] netlink: 4 bytes leftover after parsing attributes in process `syz.2.836'. [ 195.298771][ T6764] device bridge_slave_1 left promiscuous mode [ 195.301168][ T6764] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.321632][ T432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.324161][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.355058][ T6764] device bridge_slave_0 left promiscuous mode [ 195.361362][ T6764] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.408798][ T6764] bond0: (slave bridge0): Releasing backup interface [ 195.621536][ T6729] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.638749][ T6729] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.661213][ T6729] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.667219][ T6729] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.140178][ T6775] netlink: 27 bytes leftover after parsing attributes in process `syz.5.839'. [ 197.161995][ T6775] netlink: 'syz.5.839': attribute type 10 has an invalid length. [ 197.508821][ T6790] netlink: 'syz.3.841': attribute type 16 has an invalid length. [ 197.511194][ T6790] netlink: 'syz.3.841': attribute type 17 has an invalid length. [ 197.661023][ T4196] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 197.663615][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 197.837524][ T6800] netlink: 'syz.3.858': attribute type 16 has an invalid length. [ 197.839721][ T6800] netlink: 'syz.3.858': attribute type 17 has an invalid length. [ 199.744115][ T6796] loop5: detected capacity change from 0 to 40427 [ 199.821589][ T4565] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 199.824175][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 199.858991][ T6796] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x1ffff [ 199.871803][ T6796] F2FS-fs (loop5): invalid crc value [ 199.886827][ T6796] F2FS-fs (loop5): Found nat_bits in checkpoint [ 199.928519][ T6796] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 199.999554][ T6796] attempt to access beyond end of device [ 199.999554][ T6796] loop5: rw=2049, want=45104, limit=40427 [ 200.009474][ T6796] attempt to access beyond end of device [ 200.009474][ T6796] loop5: rw=0, want=45104, limit=40427 [ 200.078345][ T5118] attempt to access beyond end of device [ 200.078345][ T5118] loop5: rw=2049, want=45112, limit=40427 [ 200.112058][ T6820] netlink: 'syz.4.854': attribute type 10 has an invalid length. [ 200.143150][ T6820] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 201.110356][ T6828] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 201.190961][ T4565] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.193501][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.231620][ T6828] netlink: 'syz.4.856': attribute type 10 has an invalid length. [ 201.314968][ T6828] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 201.350210][ T6836] netlink: 4 bytes leftover after parsing attributes in process `syz.4.856'. [ 201.469199][ T6836] bond0: (slave bridge0): Releasing backup interface [ 201.649079][ T6835] tipc: Enabling of bearer rejected, failed to enable media [ 203.510992][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.513549][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.538894][ T1534] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.543962][ T4565] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.551321][ T4360] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.556089][ T4360] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.828451][ T6866] netlink: 'syz.3.870': attribute type 39 has an invalid length. [ 203.929766][ T6872] overlayfs: failed to clone upperpath [ 204.078445][ T6879] netlink: 'syz.4.875': attribute type 1 has an invalid length. [ 204.196787][ T6879] 8021q: adding VLAN 0 to HW filter on device bond2 [ 205.050767][ T6882] 8021q: adding VLAN 0 to HW filter on device bond2 [ 205.053029][ T6882] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 205.056924][ T6882] bond2: (slave vxcan3): Error -22 calling dev_set_mtu [ 205.151592][ T6878] device gretap2 entered promiscuous mode [ 205.167320][ T6878] bond2: (slave gretap2): making interface the new active one [ 205.196662][ T6878] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 205.212513][ T4565] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.215001][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.320919][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.198777][ T6899] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 206.202781][ T6899] netlink: 'syz.5.880': attribute type 10 has an invalid length. [ 206.264401][ T6899] bond0: (slave bridge0): Enslaving as an active interface with a down link [ 206.278427][ T6901] netlink: 4 bytes leftover after parsing attributes in process `syz.5.880'. [ 206.281384][ T6901] device bridge_slave_1 left promiscuous mode [ 206.283724][ T6901] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.330169][ T6907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.347396][ T6901] device bridge_slave_0 left promiscuous mode [ 206.349678][ T6901] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.450278][ T6901] bond0: (slave bridge0): Releasing backup interface [ 207.440670][ T6915] cifs: Unknown parameter 'no'aN[Gzob,er;%j [ 207.440670][ T6915] z,@qJ#"h/.W1ȱnNC"C<+`#k' [ 209.852258][ T6937] netlink: 'syz.3.893': attribute type 1 has an invalid length. [ 210.108768][ T6937] 8021q: adding VLAN 0 to HW filter on device bond3 [ 210.931827][ T6940] 8021q: adding VLAN 0 to HW filter on device bond3 [ 210.933986][ T6940] bond3: (slave vxcan1): The slave device specified does not support setting the MAC address [ 210.984992][ T6940] bond3: (slave vxcan1): Error -22 calling dev_set_mtu [ 211.022896][ T6937] device gretap3 entered promiscuous mode [ 211.028588][ T6937] bond3: (slave gretap3): making interface the new active one [ 211.040564][ T6937] bond3: (slave gretap3): Enslaving as an active interface with an up link [ 211.724915][ T6951] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 211.731676][ T6951] netlink: 'syz.4.908': attribute type 10 has an invalid length. [ 211.739820][ T6951] netlink: 4 bytes leftover after parsing attributes in process `syz.4.908'. [ 212.839090][ T6965] netlink: 24 bytes leftover after parsing attributes in process `syz.0.897'. [ 212.984821][ T6972] loop5: detected capacity change from 0 to 1024 [ 213.112171][ T6972] hfsplus: inconsistency in B*Tree (1,0,1,0,1) [ 213.118249][ T6972] hfsplus: inconsistency in B*Tree (1,0,1,0,1) [ 213.198643][ T136] hfsplus: b-tree write err: -5, ino 4 [ 215.044989][ T6988] loop5: detected capacity change from 0 to 4096 [ 216.769622][ T6988] ntfs: (device loop5): ntfs_read_locked_inode(): $DATA attribute is missing. [ 216.775504][ T6988] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 216.779362][ T6988] ntfs: (device loop5): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 216.808016][ T7009] netlink: 'syz.0.911': attribute type 1 has an invalid length. [ 216.812132][ T6988] ntfs: volume version 3.1. [ 216.856219][ T7009] 8021q: adding VLAN 0 to HW filter on device bond1 [ 216.993430][ T7014] 8021q: adding VLAN 0 to HW filter on device bond1 [ 216.995592][ T7014] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 216.999483][ T7014] bond1: (slave vxcan3): Error -22 calling dev_set_mtu [ 217.105016][ T6988] netlink: 'syz.5.905': attribute type 10 has an invalid length. [ 217.107155][ T6988] netlink: 40 bytes leftover after parsing attributes in process `syz.5.905'. [ 217.109629][ T6988] device batadv0 entered promiscuous mode [ 217.155428][ T6988] net_ratelimit: 2 callbacks suppressed [ 217.155442][ T6988] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 217.950085][ T7009] device gretap1 entered promiscuous mode [ 218.029383][ T7009] bond1: (slave gretap1): making interface the new active one [ 218.032566][ T7009] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 218.150528][ T7030] netlink: 24 bytes leftover after parsing attributes in process `syz.3.917'. [ 218.942870][ T5118] ntfs: (device loop5): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 219.153333][ T7041] loop5: detected capacity change from 0 to 8192 [ 219.246346][ T7037] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 219.250066][ T7037] FAT-fs (loop9): unable to read boot sector [ 219.252719][ T7041] tipc: Started in network mode [ 219.255262][ T7041] tipc: Node identity 7f000001, cluster identity 4711 [ 219.261828][ T7041] tipc: Enabled bearer , priority 10 [ 219.280399][ T7041] tipc: Enabling of bearer rejected, failed to enable media [ 220.541953][ T4360] tipc: Node number set to 2130706433 [ 220.788649][ T7063] overlayfs: failed to clone upperpath [ 220.915578][ T4072] Bluetooth: hci5: command 0x0406 tx timeout [ 220.966642][ T7066] netlink: 'syz.2.932': attribute type 10 has an invalid length. [ 220.968855][ T7066] netlink: 40 bytes leftover after parsing attributes in process `syz.2.932'. [ 220.971574][ T7066] device batadv0 entered promiscuous mode [ 220.973877][ T7066] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 221.092333][ T7069] tipc: Started in network mode [ 221.094989][ T7069] tipc: Node identity ac1414aa, cluster identity 4711 [ 221.099672][ T7069] tipc: Enabled bearer , priority 10 [ 221.106224][ T7069] tipc: Enabling of bearer rejected, failed to enable media [ 222.945115][ T4360] tipc: Node number set to 2886997162 [ 223.777542][ T7086] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 223.857959][ T7097] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 224.589131][ T7101] netlink: 'syz.3.941': attribute type 10 has an invalid length. [ 224.593581][ T7097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.941'. [ 224.862501][ T7112] tipc: Enabling of bearer rejected, already enabled [ 224.886089][ T7100] tipc: Enabling of bearer rejected, failed to enable media [ 225.327639][ T7136] device syz_tun entered promiscuous mode [ 225.330545][ T7136] device vlan2 entered promiscuous mode [ 225.375602][ T7139] overlayfs: failed to clone upperpath [ 226.709727][ T7163] netlink: 'syz.2.966': attribute type 4 has an invalid length. [ 226.721417][ T7161] TCP: TCP_TX_DELAY enabled [ 227.842864][ T7182] 9pnet: p9_errstr2errno: server reported unknown error 184467440 [ 228.962215][ T7194] xt_hashlimit: max too large, truncated to 1048576 [ 228.968755][ T7194] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 229.778876][ T7189] tipc: Started in network mode [ 229.780283][ T7189] tipc: Node identity 7f000001, cluster identity 4711 [ 229.792081][ T7189] tipc: Enabling of bearer rejected, failed to enable media [ 229.838897][ T7189] tipc: Enabled bearer , priority 0 [ 229.880943][ T7202] netlink: 'syz.4.980': attribute type 10 has an invalid length. [ 229.886729][ T7202] netlink: 40 bytes leftover after parsing attributes in process `syz.4.980'. [ 229.889289][ T7202] device batadv0 entered promiscuous mode [ 229.892451][ T7202] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 230.005644][ T7208] xt_CT: You must specify a L4 protocol and not use inversions on it [ 230.846323][ T4072] tipc: Node number set to 2130706433 [ 232.755383][ T7223] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.758000][ T7223] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.801242][ T7225] binder: BINDER_SET_CONTEXT_MGR already set [ 232.802959][ T7225] binder: 7224:7225 ioctl 4018620d 200000c0 returned -16 [ 232.817080][ T7223] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.830498][ T7225] binder: BINDER_SET_CONTEXT_MGR already set [ 232.838429][ T7223] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.842687][ T7225] binder: 7224:7225 ioctl 4018620d 20000040 returned -16 [ 232.854854][ T7225] binder: 7224:7225 got transaction to invalid handle, 1 [ 232.858983][ T7225] binder: 7224:7225 transaction failed 29201/-22, size 72-24 line 2917 [ 233.066030][ T7226] netlink: set zone limit has 8 unknown bytes [ 233.650376][ T7238] xt_hashlimit: max too large, truncated to 1048576 [ 233.669018][ T7238] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 234.224429][ T7230] netlink: 4 bytes leftover after parsing attributes in process `syz.4.990'. [ 236.725106][ T7252] 9pnet: Insufficient options for proto=fd [ 238.810129][ T7272] tipc: Enabling of bearer rejected, already enabled [ 238.813779][ T7272] tipc: Enabling of bearer rejected, failed to enable media [ 238.916357][ T7261] tipc: Started in network mode [ 238.923712][ T7261] tipc: Node identity 7f000001, cluster identity 4711 [ 238.928782][ T7261] tipc: Enabling of bearer rejected, failed to enable media [ 238.937302][ T7261] tipc: Enabled bearer , priority 0 [ 239.067744][ T7279] xt_CT: You must specify a L4 protocol and not use inversions on it [ 240.146826][ T4360] tipc: Node number set to 2130706433 [ 241.819418][ T7301] netlink: 'syz.0.1013': attribute type 4 has an invalid length. [ 241.983693][ T7306] loop5: detected capacity change from 0 to 2048 [ 242.082592][ T7318] netlink: 'syz.4.1028': attribute type 4 has an invalid length. [ 242.088826][ T7306] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 242.110936][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 244.022434][ T7339] overlayfs: failed to clone upperpath [ 244.314578][ T7346] xt_CT: You must specify a L4 protocol and not use inversions on it [ 247.165359][ T7355] loop5: detected capacity change from 0 to 512 [ 247.186836][ T7363] netlink: 'syz.3.1033': attribute type 4 has an invalid length. [ 247.222345][ T7355] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 247.647269][ T7355] [EXT4 FS bs=4096, gc=1, bpg=64, ipg=32, mo=804ec018, mo2=0000] [ 247.650289][ T7355] EXT4-fs (loop5): orphan cleanup on readonly fs [ 247.672700][ T7373] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1035'. [ 248.327272][ T7371] device syz_tun entered promiscuous mode [ 248.328914][ T7371] device vlan2 entered promiscuous mode [ 248.333840][ T7355] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3876: comm syz.5.1030: Allocating blocks 41-42 which overlap fs metadata [ 248.363248][ T7355] Quota error (device loop5): write_blk: dquota write failed [ 248.365712][ T7355] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 248.393812][ T7355] EXT4-fs error (device loop5): ext4_acquire_dquot:6204: comm syz.5.1030: Failed to acquire dquot type 0 [ 248.406162][ T7355] EXT4-fs error (device loop5): mb_free_blocks:1865: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 248.410376][ T7373] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1035'. [ 248.419537][ T7355] EXT4-fs (loop5): 1 truncate cleaned up [ 248.441935][ T7355] EXT4-fs (loop5): pa 00000000ed276ba2: logic 1, phys. 41, len 23 [ 248.444135][ T7355] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:4893: group 0, free 22, pa_free 23 [ 248.447853][ T7355] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodelalloc,noblock_validity,usrquota,nolazytime,nogrpid,errors=continue,debug,i_version,resuid=0x00000000000000002,errors=continue. Quota mode: writeback. [ 250.842057][ T7400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1044'. [ 253.106797][ T7437] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1056'. [ 253.114041][ T7437] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1056'. [ 254.304765][ T2055] ieee802154 phy0 wpan0: encryption failed: -22 [ 254.306679][ T2055] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.086334][ T7461] fuse: Bad value for 'fd' [ 256.174342][ T7468] loop5: detected capacity change from 0 to 64 [ 258.125077][ T4072] libceph: connect (1)[c::]:6789 error -101 [ 258.126986][ T4072] libceph: mon0 (1)[c::]:6789 connect error [ 258.131315][ T4072] libceph: connect (1)[c::]:6789 error -101 [ 258.133061][ T4072] libceph: mon0 (1)[c::]:6789 connect error [ 258.224620][ T5118] Trying to free block not in datazone [ 258.377827][ T7495] loop5: detected capacity change from 0 to 512 [ 258.392436][ T4072] libceph: connect (1)[c::]:6789 error -101 [ 258.394195][ T4072] libceph: mon0 (1)[c::]:6789 connect error [ 258.446425][ T7495] EXT4-fs error (device loop5): ext4_orphan_get:1401: inode #15: comm syz.5.1074: casefold flag without casefold feature [ 258.450912][ T7495] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.1074: couldn't read orphan inode 15 (err -117) [ 258.454560][ T7495] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 258.535206][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 258.857731][ T7484] ceph: No mds server is up or the cluster is laggy [ 258.900996][ T4072] libceph: connect (1)[c::]:6789 error -101 [ 258.902849][ T4072] libceph: mon0 (1)[c::]:6789 connect error [ 260.105534][ T26] audit: type=1326 audit(260.010:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7524 comm="syz.4.1087" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff90be48a8 code=0x0 [ 261.409926][ T7548] netlink: set zone limit has 8 unknown bytes [ 263.378063][ T26] audit: type=1326 audit(263.320:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz.0.1102" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9bc568a8 code=0x0 [ 263.443959][ T7574] loop5: detected capacity change from 0 to 1024 [ 264.633393][ T4565] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.837504][ T4565] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.940105][ T4565] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.143859][ T4565] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.768758][ T7645] loop5: detected capacity change from 0 to 764 [ 267.925663][ T7645] Symlink component flag not implemented [ 267.927507][ T7645] Symlink component flag not implemented [ 267.941705][ T7645] Symlink component flag not implemented (129) [ 267.953870][ T7645] Symlink component flag not implemented (6) [ 267.981476][ T7645] usb usb8: usbfs: interface 0 claimed by hub while 'syz.5.1120' sets config #0 [ 269.477378][ T7690] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 269.481108][ T7690] F2FS-fs (loop9): Unable to read 1th superblock [ 269.483068][ T7690] blk_update_request: I/O error, dev loop9, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 269.486152][ T7690] F2FS-fs (loop9): Unable to read 2th superblock [ 271.026994][ C1] vcan0: j1939_tp_rxtimer: 0x00000000d7605507: rx timeout, send abort [ 271.225993][ T7720] sctp: [Deprecated]: syz.4.1135 (pid 7720) Use of int in maxseg socket option. [ 271.225993][ T7720] Use struct sctp_assoc_value instead [ 271.527082][ C1] vcan0: j1939_tp_rxtimer: 0x000000003f1d6d6d: rx timeout, send abort [ 271.529690][ C1] vcan0: j1939_tp_rxtimer: 0x00000000d7605507: abort rx timeout. Force session deactivation [ 272.029576][ C1] vcan0: j1939_tp_rxtimer: 0x000000003f1d6d6d: abort rx timeout. Force session deactivation [ 272.681334][ T7745] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 272.683972][ T7745] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 272.686496][ T7745] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 272.688874][ T7745] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 273.441102][ T7745] device vxlan0 entered promiscuous mode [ 273.443043][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): vxlan0: link becomes ready [ 276.342487][ T4565] device hsr_slave_0 left promiscuous mode [ 276.391243][ T4565] device hsr_slave_1 left promiscuous mode [ 276.473777][ T4565] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 276.476169][ T4565] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 276.483552][ T4565] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 276.488067][ T4565] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 276.494449][ T4565] device bridge_slave_1 left promiscuous mode [ 276.500589][ T4565] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.553114][ T4565] device bridge_slave_0 left promiscuous mode [ 276.555067][ T4565] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.768359][ T4565] device veth1_macvtap left promiscuous mode [ 276.770474][ T4565] device veth0_macvtap left promiscuous mode [ 276.783867][ T4565] device veth1_vlan left promiscuous mode [ 276.791130][ T4565] device veth0_vlan left promiscuous mode [ 276.932514][ T7821] sctp: [Deprecated]: syz.4.1163 (pid 7821) Use of struct sctp_assoc_value in delayed_ack socket option. [ 276.932514][ T7821] Use struct sctp_sack_info instead [ 279.806114][ T7841] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 279.809863][ T7841] F2FS-fs (loop5): Unable to read 1th superblock [ 279.813182][ T7841] blk_update_request: I/O error, dev loop5, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 279.816448][ T7841] F2FS-fs (loop5): Unable to read 2th superblock [ 281.606474][ T4565] team0 (unregistering): Port device team_slave_1 removed [ 281.664438][ T4565] team0 (unregistering): Port device team_slave_0 removed [ 281.711077][ T4565] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 281.795205][ T4565] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.034113][ T4565] bond0 (unregistering): Released all slaves [ 282.223527][ T7808] device bond0 entered promiscuous mode [ 282.225210][ T7808] device bond_slave_0 entered promiscuous mode [ 282.227036][ T7808] device bond_slave_1 entered promiscuous mode [ 282.271357][ T7808] device batadv_slave_0 entered promiscuous mode [ 282.311413][ T7808] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 282.314100][ T7808] hsr1: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network [ 282.317278][ T7808] device hsr1 entered promiscuous mode [ 282.334048][ T7846] device vlan2 entered promiscuous mode [ 282.694560][ T7875] sctp: [Deprecated]: syz.3.1178 (pid 7875) Use of struct sctp_assoc_value in delayed_ack socket option. [ 282.694560][ T7875] Use struct sctp_sack_info instead [ 283.933474][ T7814] ODEBUG: Out of memory. ODEBUG disabled [ 287.387419][ T7938] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1196'. [ 287.702166][ T7958] sctp: [Deprecated]: syz.2.1195 (pid 7958) Use of struct sctp_assoc_value in delayed_ack socket option. [ 287.702166][ T7958] Use struct sctp_sack_info instead [ 288.923610][ T7814] Set syz1 is full, maxelem 65536 reached [ 291.907244][ T8040] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1216'. [ 291.965926][ T8042] sctp: [Deprecated]: syz.0.1212 (pid 8042) Use of struct sctp_assoc_value in delayed_ack socket option. [ 291.965926][ T8042] Use struct sctp_sack_info instead [ 292.658850][ T8047] 9pnet_virtio: no channels available for device syz [ 292.881362][ T8053] netlink: 'syz.4.1219': attribute type 1 has an invalid length. [ 293.465422][ T8063] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 293.580674][ T8053] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1219'. [ 293.610079][ T8053] bond3 (unregistering): (slave ip6gretap1): Releasing backup interface [ 293.701812][ T8053] bond3 (unregistering): Released all slaves [ 294.996187][ T8097] netlink: 'syz.0.1229': attribute type 12 has an invalid length. [ 298.301120][ T8130] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1241'. [ 298.452411][ T8143] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1243'. [ 298.588594][ T8145] netlink: 'syz.4.1244': attribute type 21 has an invalid length. [ 298.595520][ T8145] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1244'. [ 298.751166][ T8145] netlink: 'syz.4.1244': attribute type 1 has an invalid length. [ 298.753513][ T8145] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1244'. [ 299.123505][ T8145] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 303.378034][ T8218] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 303.381771][ T8218] F2FS-fs (loop7): Unable to read 1th superblock [ 303.386570][ T8218] blk_update_request: I/O error, dev loop7, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 303.389978][ T8218] F2FS-fs (loop7): Unable to read 2th superblock [ 304.657123][ T8233] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1268'. [ 304.874776][ T8229] tipc: Enabling of bearer rejected, failed to enable media [ 304.886219][ T8229] tipc: Enabling of bearer rejected, already enabled [ 307.362344][ T8269] blk_update_request: I/O error, dev loop11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 307.365848][ T8269] F2FS-fs (loop11): Unable to read 1th superblock [ 307.369418][ T8269] blk_update_request: I/O error, dev loop11, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 307.372916][ T8269] F2FS-fs (loop11): Unable to read 2th superblock [ 309.727866][ T8305] tmpfs: Bad value for 'size' [ 314.970327][ T8372] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 315.210054][ T8385] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1304'. [ 316.386889][ T2055] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.388776][ T2055] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.935333][ T8397] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1312'. [ 318.695601][ T8426] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1320'. [ 318.717150][ T8420] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1319'. [ 318.753358][ T8430] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1321'. [ 318.944442][ T8434] bond0: (slave wlan1): Releasing backup interface [ 319.088950][ T8441] sctp: [Deprecated]: syz.5.1327 (pid 8441) Use of int in maxseg socket option. [ 319.088950][ T8441] Use struct sctp_assoc_value instead [ 319.980225][ T8457] fuse: Bad value for 'fd' [ 320.164591][ T8474] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1339'. [ 320.245042][ T8474] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 320.247655][ T8474] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 320.251559][ T8474] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 321.136723][ T8487] netlink: 'syz.3.1342': attribute type 1 has an invalid length. [ 321.167740][ T8487] bond4: (slave veth7): Enslaving as an active interface with a down link [ 321.184374][ T8487] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1342'. [ 321.187471][ T8487] 8021q: adding VLAN 0 to HW filter on device bond4 [ 323.012069][ T8497] ceph: No mds server is up or the cluster is laggy [ 323.025414][ T8516] IPv6: ADDRCONF(NETDEV_CHANGE): vxlan0: link becomes ready [ 323.035590][ T8516] netlink: 'syz.3.1351': attribute type 16 has an invalid length. [ 323.037881][ T8516] netlink: 'syz.3.1351': attribute type 17 has an invalid length. [ 323.092519][ T8516] IPv6: ADDRCONF(NETDEV_CHANGE): vxlan0: link becomes ready [ 323.094672][ T8516] IPv6: ADDRCONF(NETDEV_CHANGE): vxlan0: link becomes ready [ 323.106298][ T8522] netlink: 'syz.4.1354': attribute type 1 has an invalid length. [ 323.108406][ T8522] netlink: 'syz.4.1354': attribute type 4 has an invalid length. [ 323.123416][ T5330] kernel write not supported for file bpf-prog (pid: 5330 comm: kworker/1:9) [ 323.126912][ T8522] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1354'. [ 323.148161][ T8522] netlink: 'syz.4.1354': attribute type 1 has an invalid length. [ 323.150396][ T8522] netlink: 'syz.4.1354': attribute type 4 has an invalid length. [ 323.156504][ T8522] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1354'. [ 323.183261][ T8527] Cannot find add_set index 0 as target [ 325.185811][ T8563] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1362'. [ 326.378157][ T8594] netlink: 1343 bytes leftover after parsing attributes in process `syz.0.1372'. [ 329.825269][ C1] vcan0: j1939_tp_rxtimer: 0x000000000869560c: rx timeout, send abort [ 330.325348][ C1] vcan0: j1939_tp_rxtimer: 0x0000000053db22b1: rx timeout, send abort [ 330.328056][ C1] vcan0: j1939_tp_rxtimer: 0x000000000869560c: abort rx timeout. Force session deactivation [ 330.804527][ C1] vcan0: j1939_tp_rxtimer: 0x00000000ddee1b6d: rx timeout, send abort [ 330.827694][ C1] vcan0: j1939_tp_rxtimer: 0x0000000053db22b1: abort rx timeout. Force session deactivation [ 331.306993][ C1] vcan0: j1939_tp_rxtimer: 0x00000000ddee1b6d: abort rx timeout. Force session deactivation [ 333.401489][ T8691] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1394'. [ 339.041277][ T8750] overlayfs: failed to clone lowerpath [ 339.407027][ T8737] tipc: Resetting bearer [ 339.421483][ T8737] batman_adv: batadv0: Interface deactivated: dummy0 [ 339.423606][ T8737] batman_adv: batadv0: Removing interface: dummy0 [ 339.495550][ T8737] bond0: (slave bond_slave_0): Releasing backup interface [ 339.595151][ T8737] device bond_slave_0 left promiscuous mode [ 339.610033][ T8737] bond0: (slave bond_slave_1): Releasing backup interface [ 339.722778][ T8737] device bond_slave_1 left promiscuous mode [ 339.793554][ T8737] team0: Port device team_slave_0 removed [ 339.828346][ T8737] team0: Port device team_slave_1 removed [ 339.836704][ T8737] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 339.845745][ T8737] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 339.855207][ T8737] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 339.863686][ T8737] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 339.903065][ T8737] team0: Port device wlan1 removed [ 339.913166][ T8737] bond1: (slave gretap1): Releasing active interface [ 340.850904][ T8770] netlink: 'syz.3.1413': attribute type 10 has an invalid length. [ 340.854869][ T8770] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 340.862044][ T8783] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1417'. [ 341.566415][ T8793] netlink: 'syz.2.1419': attribute type 1 has an invalid length. [ 342.461156][ T8793] netlink: 'syz.2.1419': attribute type 1 has an invalid length. [ 342.512746][ T8811] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1421'. [ 346.471802][ T8899] x_tables: unsorted underflow at hook 2 [ 346.742279][ T8915] xt_nat: multiple ranges no longer supported [ 347.768808][ T8921] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1453'. [ 348.942076][ T8952] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1463'. [ 348.949882][ T8952] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1463'. [ 348.973428][ T8952] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1463'. [ 349.884336][ T26] audit: type=1326 audit(349.830:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 349.887907][ T8966] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 349.890425][ T26] audit: type=1326 audit(349.830:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 349.890460][ T26] audit: type=1326 audit(349.830:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 349.904025][ T8966] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 349.956338][ T26] audit: type=1326 audit(349.830:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 349.990091][ T26] audit: type=1326 audit(349.830:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 350.010348][ T26] audit: type=1326 audit(349.830:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 350.033177][ T26] audit: type=1326 audit(349.830:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 350.043949][ T26] audit: type=1326 audit(349.830:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 350.060181][ T26] audit: type=1326 audit(349.830:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 350.096593][ T26] audit: type=1326 audit(349.830:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8965 comm="syz.4.1465" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=5 compat=0 ip=0xffff90be48a8 code=0x7ffc0000 [ 350.716894][ T8980] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1470'. [ 352.631606][ T5330] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 352.663423][ T8996] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1476'. [ 354.503587][ T9039] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1487'. [ 354.738011][ T9052] netlink: 'syz.4.1485': attribute type 1 has an invalid length. [ 354.930817][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 356.921904][ T9072] bpf_jit: unknown atomic op code f1 [ 360.616394][ T9119] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1511'. [ 362.782010][ T9154] tipc: Enabling of bearer rejected, failed to enable media [ 363.400873][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 365.057443][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 365.057455][ T26] audit: type=1326 audit(365.000:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 365.076915][ T26] audit: type=1326 audit(365.020:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 365.116356][ T26] audit: type=1326 audit(365.020:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 365.156891][ T26] audit: type=1326 audit(365.020:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 365.163314][ T26] audit: type=1326 audit(365.020:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 365.172135][ T26] audit: type=1326 audit(365.030:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=178 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 365.178112][ T26] audit: type=1326 audit(365.030:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 365.186453][ T26] audit: type=1326 audit(365.030:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=107 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 365.193327][ T26] audit: type=1326 audit(365.030:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 365.199541][ T26] audit: type=1326 audit(365.030:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.3.1529" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=110 compat=0 ip=0xffff863358a8 code=0x7ffc0000 [ 367.362899][ T9264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1545'. [ 367.598059][ T9281] device hsr0 entered promiscuous mode [ 368.228903][ T9281] device macvtap1 entered promiscuous mode [ 368.951058][ T9281] device hsr0 left promiscuous mode [ 370.046921][ T9307] tipc: Enabling of bearer rejected, already enabled [ 370.070513][ T9307] tipc: Enabling of bearer rejected, failed to enable media [ 376.842862][ T2055] ieee802154 phy0 wpan0: encryption failed: -22 [ 376.844783][ T2055] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.497477][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 386.952250][ T9561] mmap: syz.3.1632 (9561) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 387.001405][ T9563] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1635'. [ 387.022753][ T9563] device bond1 entered promiscuous mode [ 387.024550][ T9563] 8021q: adding VLAN 0 to HW filter on device bond1 [ 388.221032][ T9587] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1641'. [ 389.179110][ T9605] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1649'. [ 389.326725][ T9608] sch_tbf: burst 88 is lower than device veth9 mtu (1514) ! [ 391.004709][ T26] kauditd_printk_skb: 144 callbacks suppressed [ 391.004722][ T26] audit: type=1326 audit(390.950:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9bc568a8 code=0x7ffc0000 [ 391.020948][ T26] audit: type=1326 audit(390.970:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9bc568a8 code=0x7ffc0000 [ 391.371457][ T26] audit: type=1326 audit(391.320:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9bc568a8 code=0x7ffc0000 [ 391.380206][ T26] audit: type=1326 audit(391.320:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9bc568a8 code=0x7ffc0000 [ 391.582338][ T26] audit: type=1326 audit(391.320:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9bc568a8 code=0x7ffc0000 [ 391.613846][ T26] audit: type=1326 audit(391.320:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9bc568a8 code=0x7ffc0000 [ 392.355662][ T26] audit: type=1326 audit(391.320:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9bc568a8 code=0x7ffc0000 [ 392.397546][ T26] audit: type=1326 audit(391.510:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffff9bc568a8 code=0x7ffc0000 [ 392.461438][ T26] audit: type=1326 audit(391.520:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff9bc568dc code=0x7ffc0000 [ 392.469533][ T26] audit: type=1326 audit(392.330:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9627 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff9bc54f70 code=0x7ffc0000 [ 393.401939][ T9653] netlink: 'syz.5.1663': attribute type 12 has an invalid length. [ 395.750320][ T9683] netlink: 'syz.3.1671': attribute type 5 has an invalid length. [ 397.872537][ T9718] netlink: 'syz.0.1683': attribute type 1 has an invalid length. [ 397.887177][ T9718] 8021q: adding VLAN 0 to HW filter on device bond2 [ 397.970345][ T9728] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1685'. [ 400.503848][ T9753] overlayfs: failed to clone lowerpath [ 400.723843][ T9759] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1694'. [ 400.745270][ T9759] netlink: 'syz.0.1694': attribute type 4 has an invalid length. [ 400.747511][ T9759] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1694'. [ 401.596350][ T9768] netlink: 550 bytes leftover after parsing attributes in process `syz.2.1698'. [ 401.668460][ T26] kauditd_printk_skb: 16 callbacks suppressed [ 401.668471][ T26] audit: type=1326 audit(401.610:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9774 comm="syz.2.1700" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0ada8a8 code=0x0 [ 401.798196][ T9772] tipc: New replicast peer: 0.0.0.0 [ 401.800477][ T9772] tipc: Enabled bearer , priority 10 [ 412.683158][ T9885] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1729'. [ 413.868167][ T9907] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1737'. [ 414.581499][ T9910] netlink: 'syz.3.1738': attribute type 4 has an invalid length. [ 414.598879][ T9910] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1738'. [ 414.601704][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 414.618016][ T9910] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 414.823462][ T9925] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1745'. [ 414.976125][ T9932] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1741'. [ 416.346040][ T9945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1759'. [ 417.088229][ T9953] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1750'. [ 417.159093][ T9948] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1751'. [ 417.999837][ T9973] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1756'. [ 419.157123][ T9983] sctp: [Deprecated]: syz.3.1771 (pid 9983) Use of int in maxseg socket option. [ 419.157123][ T9983] Use struct sctp_assoc_value instead [ 419.789308][ C0] ------------[ cut here ]------------ [ 419.790872][ C0] WARNING: CPU: 0 PID: 9998 at net/mac80211/tx.c:4851 __ieee80211_beacon_get+0x12ec/0x19dc [ 419.793816][ C0] Modules linked in: [ 419.794868][ C0] CPU: 0 PID: 9998 Comm: syz.2.1765 Not tainted 5.15.185-syzkaller #0 [ 419.797131][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 419.799877][ C0] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 419.802045][ C0] pc : __ieee80211_beacon_get+0x12ec/0x19dc [ 419.803639][ C0] lr : __ieee80211_beacon_get+0x12ec/0x19dc [ 419.805275][ C0] sp : ffff800008007800 [ 419.806421][ C0] x29: ffff800008007a10 x28: dfff800000000000 x27: ffff800008007880 [ 419.808646][ C0] x26: ffff0000ee140dc0 x25: ffff700001000f10 x24: ffff0000e1508c80 [ 419.810879][ C0] x23: ffff800008007970 x22: ffff800008007a70 x21: 0000000000000000 [ 419.813168][ C0] x20: ffff0000cdb1ac00 x19: ffff0000e150a298 x18: 0000000000000101 [ 419.815455][ C0] x17: 0000000000000000 x16: ffff8000082bdf08 x15: 0000000000000007 [ 419.817725][ C0] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100 [ 419.819947][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : ffff800010b6cfb0 [ 419.822193][ C0] x8 : ffff0000f0749b40 x7 : ffff800010b75f2c x6 : 0000000000000000 [ 419.824538][ C0] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 [ 419.826759][ C0] x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 [ 419.828964][ C0] Call trace: [ 419.829864][ C0] __ieee80211_beacon_get+0x12ec/0x19dc [ 419.831417][ C0] ieee80211_beacon_get_tim+0x5c/0x790 [ 419.832914][ C0] mac80211_hwsim_beacon_tx+0x10c/0x7ac [ 419.834447][ C0] __iterate_interfaces+0x204/0x484 [ 419.835866][ C0] ieee80211_iterate_active_interfaces_atomic+0xd4/0x180 [ 419.837914][ C0] mac80211_hwsim_beacon+0x90/0x174 [ 419.839432][ C0] __hrtimer_run_queues+0x428/0xb6c [ 419.840881][ C0] hrtimer_run_softirq+0x160/0x400 [ 419.842327][ C0] handle_softirqs+0x344/0xbf0 [ 419.843711][ C0] __irq_exit_rcu+0x240/0x440 [ 419.845005][ C0] irq_exit+0x14/0x88 [ 419.846110][ C0] handle_domain_irq+0x14c/0x1fc [ 419.847478][ C0] gic_handle_irq+0x78/0x1c8 [ 419.848751][ C0] call_on_irq_stack+0x24/0x4c [ 419.850094][ C0] do_interrupt_handler+0x6c/0x88 [ 419.851484][ C0] el1_interrupt+0x30/0x58 [ 419.852729][ C0] el1h_64_irq_handler+0x18/0x24 [ 419.854133][ C0] el1h_64_irq+0x78/0x7c [ 419.855309][ C0] finish_lock_switch+0xb8/0x1c4 [ 419.856740][ C0] finish_task_switch+0x120/0x6b0 [ 419.858154][ C0] __schedule+0xe04/0x1c0c [ 419.859415][ C0] schedule+0x11c/0x1c8 [ 419.860630][ C0] schedule_timeout+0xb4/0x2c8 [ 419.861998][ C0] unix_wait_for_peer+0x184/0x250 [ 419.863439][ C0] unix_dgram_sendmsg+0xb7c/0x1188 [ 419.864837][ C0] ____sys_sendmsg+0x61c/0x920 [ 419.866136][ C0] ___sys_sendmsg+0x1d0/0x240 [ 419.867421][ C0] __sys_sendmmsg+0x218/0x5f0 [ 419.868766][ C0] __arm64_sys_sendmmsg+0xa0/0xbc [ 419.870170][ C0] invoke_syscall+0x98/0x2b8 [ 419.871419][ C0] el0_svc_common+0x138/0x258 [ 419.872741][ C0] do_el0_svc+0x58/0x14c [ 419.873938][ C0] el0_svc+0x78/0x1e0 [ 419.875077][ C0] el0t_64_sync_handler+0xcc/0xe4 [ 419.876450][ C0] el0t_64_sync+0x1a0/0x1a4 [ 419.877687][ C0] irq event stamp: 86915 [ 419.878889][ C0] hardirqs last enabled at (86914): [] _raw_spin_unlock_irqrestore+0xa8/0x14c [ 419.881879][ C0] hardirqs last disabled at (86915): [] el1_dbg+0x24/0x80 [ 419.884263][ C0] softirqs last enabled at (86876): [] handle_softirqs+0xa4c/0xbf0 [ 419.886917][ C0] softirqs last disabled at (86911): [] __irq_exit_rcu+0x240/0x440 [ 419.889530][ C0] ---[ end trace aa02fe7392487931 ]--- [ 420.420332][T10006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1764'.