last executing test programs: 5m49.999836002s ago: executing program 0 (id=917): syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0xfffffffffffffffe, &(0x7f0000000200), 0x1, 0x168, &(0x7f0000000240)="$eJzs281KAlEYxvFn1Mrs+ztaBUW0yamU0l1eiugk0liRLVKC6lK6sroAXXQDTXCUSlFnKnIo/z+Q88Ljy3tmcZyzUQBG1okkS5bikjzPu7vZtrQZ9qYADIXXXl89AKMnytEHRlQzFzXv/2dJTy+3hUb7Ew94f2jmIma9l9T41D8ZtP/BMutGrLM/IWkqyP3lsdW/0zV/+ovzE139M4H7W8+/u9XZPytpTtK8pAVJi5KWJC1LWukxv9g1fz3gfAAAAAAAgrCU9MsHfiGi07Lr7PfNx0x+0DcfN/mhT57qm0+YPFm4cIuDtgmgh8gPz3/U5/zHfM4/gPBUa/WzvOs6VxQUFBTvRdi/TAB+m31dubSrtfpeuZIvOSXn/DiTTmczqaOsbS729uDrPYA/7OOlH/ZOAAAAAAAAAAAAAADAd61KWgt7EwAAAACGYhh/Jwr7GQEAAAAAAAAAAAAA+O/eAgAA//+G9kuq") 5m48.962497071s ago: executing program 0 (id=921): unshare(0x62000000) syz_mount_image$ext4(&(0x7f0000000b80)='ext3\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f00000007c0)={[{@errors_remount}, {@journal_checksum}, {@acl}, {@usrquota}, {@discard}, {@mb_optimize_scan}]}, 0x1, 0xb8c, &(0x7f00000017c0)="$eJzs3E9rVFcbAPDn3skkUeM78UVeXkupgRYsFEejWKkrddm6KLQfwBAnEjL+IUnBBBexXUhXtdBNF4V2UfoBCl1no4WuSjettNC9VIroPuVObpLBzCSpTjwafz84c8+f65zn4TLec8jcCeClNVK85BEHIuJ8FlEr+/OI6G/VBiMWls97+OD6+KMH18ezWFr64O8ssrJv5b2y8rinbAxGxC9ns/jvJ+vnnZmbnxprNhvTZfvI7KWrR2bm5g9PXhq72LjYuDx6cvT4iZPHT7x9tGe5vrvv1rmvRk/v/f7s7Wuv3fz9yyxOx1A51p5Hr4zESCyV2vv7ImKs15MlUinzydr6sr6EAQEAsKG8bQ33v6hFJdYWb7W4/WvS4AAAAICeWKrE6t+oAAAAgJ0qs/8HAACAHW7lewAPH1wfXylpv5HwbN0/ExHDnfLvi4XWcTCqEbH7YRbtj7Vmy//sqY1ExP6fhn8sSmzTc8gbWbgREf/vlH/Wyn+49RT3+vzziOjFk9kjj7VfpPxP92D+1PkD8HJaPLN8I1t//8tX1z/R4f7X1+He9SRS3/+6r//W8q90Wf+9v8U5Ggc//bzb2ELb+q/57at3ivmL41Ml9S/cvxHxSt/6/Gvl+qfIP+uS//ktzlH94+cfuo0V17/Id6U86/yXvok41HH/s/aLNtnGv090ZGKy2ShfO85x8853+7vN377+L0ox/8pe4Fkorv/uLvlvdv2vbnGOxb8O/dltbPP883v92YetWn/Zc21sdnZ6NKI/O7e+/9jGsaycs/IeRf5vvr7x579T/pXys5uVe4Eb5bFof/zYnIffe+eNJ89/exX5X3jC639ri3N8/dn0vW5jqfMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MWQR8RQZHl9tZ7n9XrEnojYH7vz5pWZ2bcmrnx0+UIxFjEc1Xxistk4GhG15XZWtEdb9bX2scfaxyNiX0R8UdvVatfHrzQvpE4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAVZWIGIosr0dEHhGPanler6eOCgAAAOi54dQBAAAAANvO/h8AAAB2vnX7/4E0cQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBj7Tu4eDeLiIVTu1ql0F+OVZNGBmy3PHUAQDKV1AEAyfSlDgBIxh4fyDYZH+w6MtDzWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4fh06sHg3i4iFU7tapdBfjlWTRgZstzx1AEAyldQBAMn0pQ4ASMYeH8g2GR/sOjLQ81gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeH4NtUqW1yMib9XzvF6P2BsRw1HNJiabjaMR8Z+I+K1WHSjao6mDBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOdm5uanxprNxrSKiorKaiX1/0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKQwMzc/NdZsNqZnUkcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApDYzNz811mw2pjetVGPzczpXUucIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA6/wQAAP//weIJOw==") r0 = socket$inet(0x2, 0x80001, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000100)={'security\x00', 0x2, [{}, {}]}, 0x48) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000001c00)={0x1, &(0x7f0000000180)=[{0x6}]}, 0x10) close(0x3) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000007b00000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r2}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000400)={0x10800, 0x8, 0x11}, 0x18) syz_clone(0x0, &(0x7f00000004c0)="6157aab58d4df6ce6a76a716a87da79bd74f7b3c911cb132886c664231a752d3eaf43691c54f5400cabdf906409a16562cfad9f1e818872c430ba73918170381a5ca65d31522369ccd1c375144b6a7dc749b69e18ce08b7fa367cca35bc1db1884bd5de0463369a01530fe822d8cc14490f0d6fe930b124fdfa136a388ac4e0669e3bdf961a7066e3ea949c4cf2ae3", 0x8f, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="29e44594af8140cdf55dbfa55a00b53facd867c58ca747c17ac7144c89e4b8e9cecdc247680a3bc2edd933eafc0bd93be3bca7a24fd46b56ceeee73069e46f7ad7b819a3abb6bdfc885b0601f346f98fd60df445d99eb4f6a3e00a360bc34f0f717d6dc6099b1f5d8e226837393558707546f22b0b8495965248a5b96e9336c5b29c6ea9cb7f8ed45caaa0e8ba678582c88ff902965d2f253dfb29f9e4f23bdba4fa1b4509dc102e1421052dc16822e398ade68a") getdents64(r4, &(0x7f0000000440)=""/37, 0x25) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@private2, @in6=@local}}, {{@in=@local}, 0x0, @in6}}, &(0x7f00000000c0)=0xe8) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @val={0x3a, [0x30]}}}}], [{@obj_role={'obj_role', 0x3d, 'tmpfs\x00'}}, {@seclabel}, {@context={'context', 0x3d, 'user_u'}}, {@obj_user={'obj_user', 0x3d, '\x00'}}]}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x37}, 0x1, r6}) 5m45.439249121s ago: executing program 0 (id=930): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000056000000008eb5a86c000000000000"], &(0x7f00000000c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='rss_stat\x00', r0}, 0x10) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080)=0xffffffffffffffff, 0x12) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) 5m43.048299586s ago: executing program 0 (id=933): writev(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0xc0006020, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20040051}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}, 0x1, 0x0, 0x0, 0x20048051}, 0x0) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0xc0e4) syz_emit_ethernet(0xfdef, &(0x7f00000002c0)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty=0x11, @broadcast}, @address_request={0x11, 0x0, 0x0, 0x1}}}}}, 0x0) 5m41.03244762s ago: executing program 0 (id=938): read$FUSE(0xffffffffffffffff, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x60, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x1, 0x1], 0x0, [0x8, 0x6, 0x3c, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x401]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x90}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004500)=ANY=[@ANYBLOB="340000003f000701fefffffffeffffff017c0000040042800c00018006000600800a0000100002800c00198005"], 0x34}, 0x1, 0x0, 0x0, 0x6}, 0xc000) 5m38.529893514s ago: executing program 0 (id=942): ftruncate(0xffffffffffffffff, 0x2f) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001f7001080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000010000b7080000000000007b8af8ff00000000b7080000000000107b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f00000001c0)='GPL\x00', 0xf, 0xff6, &(0x7f0000001e00)=""/4086, 0x0, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) 5m23.685154039s ago: executing program 32 (id=942): ftruncate(0xffffffffffffffff, 0x2f) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001f7001080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000010000b7080000000000007b8af8ff00000000b7080000000000107b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f00000001c0)='GPL\x00', 0xf, 0xff6, &(0x7f0000001e00)=""/4086, 0x0, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) 5.451807042s ago: executing program 3 (id=2236): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000300)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c840}, 0x24000080) 4.382168337s ago: executing program 2 (id=2239): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0xe6, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmmsg$alg(r0, &(0x7f0000006600)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}], 0x1, 0x20040058) 4.304800616s ago: executing program 3 (id=2240): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x0) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, 0x0, 0x5, 0x70bd28, 0x0, {{}, {@val={0x8}, @void}}, [@beacon, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xffffffff}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x28}}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000000)={0x60, r3, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0x38, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x34, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x400, 0x5, 0x4, 0x3, 0x0, 0x40, 0x8, 0x5]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1000, 0x6, 0xfffb, 0x2, 0x1ff, 0x6, 0xea7, 0xa]}}]}]}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x60}, 0x1, 0x0, 0x0, 0x8008}, 0x10) 4.304614715s ago: executing program 4 (id=2241): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x2000000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x9, 0xffff}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_EMATCHES={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1404c885}, 0x2000d8d0) 3.855070887s ago: executing program 2 (id=2243): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb01001800000000000000280000"], 0x0, 0x47}, 0x28) r0 = socket$inet6(0xa, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond_slave_1\x00'}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'veth0_to_bond\x00', &(0x7f0000000140)=@ethtool_gfeatures}) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="09000000ffffffff0700000040"], 0x48) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'wlan0\x00', 0x0}) r3 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r3, &(0x7f0000000040), 0x10) listen(r3, 0x0) r4 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2710, @host}, 0x10) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r5, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x543e00f02550359, 0x4000010, r3, 0x127b7000) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r4, &(0x7f0000000100), 0x0, 0x24008095) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) 3.339548147s ago: executing program 5 (id=2245): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000bc0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, 0x4, [@null, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast]}, 0x40) 3.28736079s ago: executing program 4 (id=2246): sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, 0x0, 0x4) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000000)="243355634cba06f1e02cc94e2dfa7e27", 0x10}], 0x1) syz_init_net_socket$ax25(0x3, 0x5, 0xce) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="030300000000000000000600000008000300", @ANYRES32=r2], 0x1c}}, 0x0) 3.175554703s ago: executing program 1 (id=2247): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x0) recvmsg$qrtr(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000004680)=[{&(0x7f0000000200)=""/231, 0xe7}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f00000033c0)=""/233, 0xe9}, {&(0x7f00000034c0)=""/202, 0xca}, {&(0x7f00000035c0)=""/176, 0xb0}, {&(0x7f0000000140)=""/51, 0x33}, {&(0x7f0000003680)=""/4096, 0x1000}], 0x8, 0x0, 0x0, 0x1002}, 0x38, 0x40) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) 3.17528937s ago: executing program 2 (id=2248): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40) r1 = socket$inet6(0xa, 0x80802, 0x0) ppoll(&(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0) write(r1, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x40, 0x0, 0x1, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x1}}}}}}, 0x0) syz_emit_ethernet(0x38, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x4}, {"c516"}}}}}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4040c00) 3.064546329s ago: executing program 3 (id=2249): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000300)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x68, 0x0, 0x0, 0x88, 0x0, @remote, @local}, {0xfffe, 0x4e24, 0x4d, 0x0, @wg=@initiation={0x1, 0x4, "497a1d08fd3d0ee007022798bb6374ed840b4f36f41fc4d035e9ebe414aa958d", "4bbef5e4007898221aa606d083cd59745493938f1e2de8fdadd3823fedd2c01b2aff03050a4ca5d10fd1b6b06f47ea42", "ef7c9d47c0e5eef34204f04b000096440000000000000000008000", {"a851525b16af17fe87acbae2ab0b233d", "01422d01cd53c3abe94331d0b7918724"}}}}}}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 2.99342632s ago: executing program 5 (id=2250): r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000060601"], 0x14}}, 0x810) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 2.843733184s ago: executing program 4 (id=2251): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2.683410884s ago: executing program 1 (id=2252): socket$inet(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000200)) socket$inet6_tcp(0xa, 0x1, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x10) 2.286363433s ago: executing program 5 (id=2253): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x48010}, 0xc044) 2.219883221s ago: executing program 3 (id=2254): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000300), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r1, &(0x7f0000000000)={&(0x7f0000000040)={0x1d, r2, 0x2000000}, 0x10, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="0400"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=r2, @ANYBLOB="000000000100000000000000840004"], 0x48}}, 0x0) 2.177956943s ago: executing program 1 (id=2255): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) socket$kcm(0x2, 0x922000000001, 0x106) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) sendmmsg$inet(r4, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0) 2.049403072s ago: executing program 2 (id=2256): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0xffff, @none}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000100)={0x1f, 0x0, @any, 0x4}, 0xe) 1.779554766s ago: executing program 5 (id=2257): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000480)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="000101000040000000", 0x9}], 0x1}, 0x4004) readv(r0, &(0x7f0000000200), 0x10000000000000ba) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0) listen(0xffffffffffffffff, 0x0) 1.55919333s ago: executing program 2 (id=2258): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x220c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x3) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x7) socket(0x2, 0x4, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x4}, [@migrate={0x50, 0x11, [{@in=@local, @in=@broadcast, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0x2, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r7, 0x0) r8 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 1.495098086s ago: executing program 4 (id=2259): syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "001b01", 0x18, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x2, 0x3, 0x1, 0xfffffff6, [{0x5, 0x1, "c89600000500"}]}}}}}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000003feffff720af0fff8ffffff71a4f0ff000000"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44801}, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4040880) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x7e) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010029bd70e1fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="211000000300000008001b0000000000080004000180"], 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) 1.470567047s ago: executing program 3 (id=2260): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f000000c300)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x8, 0x9}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4080}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 971.909122ms ago: executing program 1 (id=2261): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="01000000000d00000000008000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x80}}, 0x40000) sendmsg$can_bcm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB="020000"], 0x48}}, 0x10) 731.982743ms ago: executing program 4 (id=2262): sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x2, 0x18, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x38}}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400070200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0) 577.292641ms ago: executing program 5 (id=2263): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000780)="d80000001a0081044e81f782db4cb9040a1d0800fe007c05e8fe55a115001c000200142603600e12080005007a010401a8001600200003400d000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3", 0xaa}], 0x1}, 0x0) connect$inet6(r0, 0x0, 0x0) sendmsg(r0, 0x0, 0x44004) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="500000000206050000000000000000000000000005000400000000000900020073797a31000000000500010007000000050005000a00000015000300686173683a69702c706f72742c6e6574"], 0x50}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10008803}, 0x0) 479.853314ms ago: executing program 1 (id=2264): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfff8}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x4}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x7c}}, 0x4000010) 450.146718ms ago: executing program 3 (id=2265): setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}], 0x1) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00', 0x8, 0x3a, 0x0, @local, @loopback, {[], @echo_request={0x80, 0x0, 0x0, 0xfffa, 0x2}}}}}}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50) 293.028027ms ago: executing program 2 (id=2266): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2, 0x0, 0xa}, 0x10) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x20044004) write$tun(r0, &(0x7f00000003c0)={@val={0x0, 0x88f7}, @void, @eth={@broadcast, @remote, @val={@val={0x88a8, 0x7, 0x0, 0x4}, {0x86dd, 0x2, 0x0, 0x4}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x8, 0x20, 0x66, 0x0, 0xfc, 0x2f, 0x0, @private=0x1fe1, @multicast1}, {0x8000, 0x8100, 0xc, 0x0, @gue={{0x1, 0x0, 0x1, 0x9, 0x5865, @void}}}}}}}}, 0x3a) 135.57129ms ago: executing program 4 (id=2267): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffff0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000300)=ANY=[], 0x0) 19.200612ms ago: executing program 1 (id=2268): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 0s ago: executing program 5 (id=2269): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') pread64(r0, &(0x7f0000000180)=""/253, 0xfd, 0xfffffffffffffffd) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @empty}, {0x3200, 0x88be, 0x8}}}}}, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x41, &(0x7f0000000000)={'filter\x00', 0x4, [{}, {}, {}, {}]}, 0x68) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200e19}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x7, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) kernel console output (not intermixed with test programs): e: 1 [ 447.086563][ T6483] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 447.096449][ T6483] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 447.105910][ T6483] usb 3-1: Product: syz [ 447.110772][ T6483] usb 3-1: Manufacturer: syz [ 447.115593][ T6483] usb 3-1: SerialNumber: syz [ 447.203341][ T6483] cdc_ncm 3-1:1.0: skipping garbage [ 447.210390][ T6483] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 447.217506][ T6483] cdc_ncm 3-1:1.0: bind() failure [ 447.568639][ T8098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 447.578374][ T8098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 447.672014][ T6483] usb 3-1: USB disconnect, device number 20 [ 447.782731][ T8107] loop3: detected capacity change from 0 to 4096 [ 448.113997][ T8107] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 448.191663][ T8107] ntfs3(loop3): Failed to initialize $Extend/$ObjId. [ 448.822227][ T8127] loop4: detected capacity change from 0 to 256 [ 449.175668][ T8127] FAT-fs (loop4): IO charset cp9úÿÿÿodir not found [ 449.218161][ T8127] ptrace attach of "./syz-executor exec"[6255] was attempted by ""[8127] [ 449.371348][ T8130] loop2: detected capacity change from 0 to 4096 [ 449.406382][ T8130] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 449.434199][ T8125] netlink: 16 bytes leftover after parsing attributes in process `syz.1.653'. [ 449.810771][ T8130] ntfs3(loop2): ino=19, mi_enum_attr [ 449.816451][ T8130] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 449.937340][ T8140] loop4: detected capacity change from 0 to 8 [ 450.000452][ T30] audit: type=1804 audit(1764393329.582:57): pid=8130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.654" name="/newroot/123/file0/file0" dev="loop2" ino=0 res=1 errno=0 [ 450.078960][ T8140] netlink: 'syz.4.658': attribute type 10 has an invalid length. [ 450.122463][ T8140] team0: Port device netdevsim3 added [ 451.090655][ T8149] netlink: 'syz.4.662': attribute type 1 has an invalid length. [ 451.103079][ T8149] netlink: 152 bytes leftover after parsing attributes in process `syz.4.662'. [ 451.351679][ T8149] netlink: 12 bytes leftover after parsing attributes in process `syz.4.662'. [ 452.652453][ T8169] loop2: detected capacity change from 0 to 4096 [ 452.681232][ T6483] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 452.875054][ T8169] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 452.880494][ T6483] usb 4-1: Using ep0 maxpacket: 16 [ 452.911024][ T8169] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 452.917468][ T6483] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 452.926731][ T6483] usb 4-1: config 0 has no interface number 0 [ 452.933423][ T6483] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 452.944679][ T6483] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 452.957932][ T8169] netlink: 16 bytes leftover after parsing attributes in process `syz.2.669'. [ 452.986326][ T8175] loop4: detected capacity change from 0 to 512 [ 453.016115][ T8175] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 453.025676][ T8175] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 453.075710][ T6483] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 453.085315][ T6483] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.093959][ T6483] usb 4-1: Product: syz [ 453.098347][ T6483] usb 4-1: Manufacturer: syz [ 453.103327][ T6483] usb 4-1: SerialNumber: syz [ 453.162071][ T6483] usb 4-1: config 0 descriptor?? [ 453.170406][ T8171] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 453.195317][ T8175] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.672: Allocating blocks 41-42 which overlap fs metadata [ 453.199511][ T8171] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 453.273767][ T8175] Quota error (device loop4): write_blk: dquota write failed [ 453.281012][ T8182] netlink: 24 bytes leftover after parsing attributes in process `syz.1.674'. [ 453.281782][ T8175] Quota error (device loop4): find_free_dqentry: Can't write quota data block 5 [ 453.300807][ T8175] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.672: Allocating blocks 41-42 which overlap fs metadata [ 453.420799][ T8175] Quota error (device loop4): write_blk: dquota write failed [ 453.429130][ T8175] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 453.440201][ T8175] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.672: Failed to acquire dquot type 1 [ 453.552128][ T8171] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.596505][ T8175] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 453.613750][ T8175] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #12: comm syz.4.672: corrupted inode contents [ 453.683705][ T8185] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 453.721911][ T8175] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #12: comm syz.4.672: mark_inode_dirty error [ 453.763850][ T8185] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 453.811749][ T8175] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #12: comm syz.4.672: corrupted inode contents [ 453.913657][ T8175] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #12: comm syz.4.672: mark_inode_dirty error [ 453.947057][ T8175] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #12: comm syz.4.672: corrupted inode contents [ 453.999328][ T8171] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.011128][ T8175] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem [ 454.013538][ T8175] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #12: comm syz.4.672: corrupted inode contents [ 454.106386][ T8175] EXT4-fs error (device loop4): ext4_truncate:4637: inode #12: comm syz.4.672: mark_inode_dirty error [ 454.161486][ T8175] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem [ 454.251954][ T8175] EXT4-fs (loop4): 1 truncate cleaned up [ 454.260394][ T8175] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 454.276701][ T6483] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 454.276885][ T6483] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -61 [ 454.278063][ T6483] asix 4-1:0.251: probe with driver asix failed with error -61 [ 454.343174][ T8171] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.601905][ T8171] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.776588][ T6255] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 455.134557][ T3763] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.175866][ T3763] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.268770][ T3443] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.333792][ T3443] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.046062][ T8221] batadv_slave_1: entered promiscuous mode [ 456.125091][ T8215] loop4: detected capacity change from 0 to 4096 [ 456.221062][ T8221] batadv_slave_1: left promiscuous mode [ 456.295778][ T8215] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 456.312230][ T8223] netlink: 'syz.1.687': attribute type 142 has an invalid length. [ 456.326408][ T8215] ntfs3(loop4): Failed to initialize $Extend/$ObjId. [ 456.382173][ T8215] netlink: 16 bytes leftover after parsing attributes in process `syz.4.685'. [ 456.965836][ T6478] usb 4-1: USB disconnect, device number 12 [ 457.315467][ T8240] loop3: detected capacity change from 0 to 512 [ 457.348686][ T8240] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 457.456280][ T8240] EXT4-fs (loop3): 1 truncate cleaned up [ 457.465104][ T8240] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 457.632363][ T8240] EXT4-fs error (device loop3): __ext4_iget:5443: inode #12: block 2: comm syz.3.694: invalid block [ 457.670552][ T8240] EXT4-fs (loop3): Remounting filesystem read-only [ 458.063932][ T8258] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 458.472820][ T8259] loop2: detected capacity change from 0 to 4096 [ 458.506307][ T5815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 458.751172][ T8259] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 458.790578][ T8259] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 458.826756][ T8259] netlink: 16 bytes leftover after parsing attributes in process `syz.2.701'. [ 459.252646][ T8272] random: crng reseeded on system resumption [ 460.439617][ T8304] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 461.965325][ T8316] netlink: 16 bytes leftover after parsing attributes in process `syz.0.717'. [ 462.599675][ T8323] loop2: detected capacity change from 0 to 32768 [ 462.778970][ T8323] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 463.117310][ T8323] XFS (loop2): Ending clean mount [ 463.138729][ T8323] XFS (loop2): Quotacheck needed: Please wait. [ 463.243837][ T8342] fuse: Unknown parameter 'fd0x0000000000000003' [ 463.292572][ T8323] XFS (loop2): Quotacheck: Done. [ 463.601229][ T5809] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 463.902106][ T8348] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 16777216, id = 0 [ 463.926797][ T8346] loop3: detected capacity change from 0 to 1024 [ 464.183164][ T6469] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 464.218847][ T8352] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 464.445111][ T6469] usb 5-1: config 0 has an invalid interface number: 151 but max is 0 [ 464.455586][ T6469] usb 5-1: config 0 has no interface number 0 [ 464.462561][ T6469] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 464.474282][ T6469] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 464.770405][ T6469] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 464.779764][ T6469] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.788309][ T6469] usb 5-1: Product: syz [ 464.792873][ T6469] usb 5-1: Manufacturer: syz [ 464.797693][ T6469] usb 5-1: SerialNumber: syz [ 464.852658][ T6469] usb 5-1: config 0 descriptor?? [ 464.868452][ T8357] loop3: detected capacity change from 0 to 64 [ 465.231872][ T6469] usb 5-1: USB disconnect, device number 12 [ 465.719062][ T8368] loop2: detected capacity change from 0 to 128 [ 465.853508][ T8368] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 465.910660][ T8368] ext4 filesystem being mounted at /141/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 466.017924][ T8368] netlink: 'syz.2.727': attribute type 29 has an invalid length. [ 466.091349][ T30] audit: type=1800 audit(1764393345.682:58): pid=8377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.727" name="file1" dev="loop2" ino=12 res=0 errno=0 [ 466.448780][ T8366] netlink: 16 bytes leftover after parsing attributes in process `syz.1.734'. [ 466.482701][ T8379] fuse: Unknown parameter 'fd0x0000000000000003' [ 466.683575][ T5809] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 466.977905][ T8386] 9p: Unknown access argument 18446744073709551615: -34 [ 467.361659][ T8381] loop4: detected capacity change from 0 to 32768 [ 467.395115][ T8381] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 467.779537][ T8407] netlink: 20 bytes leftover after parsing attributes in process `syz.1.745'. [ 467.899284][ T8381] XFS (loop4): Ending clean mount [ 467.934540][ T8381] XFS (loop4): Quotacheck needed: Please wait. [ 468.056211][ T8381] XFS (loop4): Quotacheck: Done. [ 468.092556][ T8381] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 468.543293][ T8407] Can't find ip_set type hash:ip,port, [ 469.402256][ T8425] xt_TCPMSS: Only works on TCP SYN packets [ 469.487653][ T8425] bond1: entered promiscuous mode [ 469.493172][ T8425] bond1: entered allmulticast mode [ 469.500264][ T8425] 8021q: adding VLAN 0 to HW filter on device bond1 [ 469.758705][ T8432] fuse: Unknown parameter 'fd0x0000000000000003' [ 470.243618][ T8434] loop2: detected capacity change from 0 to 4096 [ 470.409054][ T8434] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 470.434680][ T8434] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 470.494164][ T8434] netlink: 16 bytes leftover after parsing attributes in process `syz.2.753'. [ 471.240246][ T8448] loop2: detected capacity change from 0 to 512 [ 471.327468][ T8448] EXT4-fs (loop2): orphan cleanup on readonly fs [ 471.374985][ T8448] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.758: bg 0: block 248: padding at end of block bitmap is not set [ 471.403364][ T8448] Quota error (device loop2): write_blk: dquota write failed [ 471.411805][ T8448] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 471.422306][ T8448] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.758: Failed to acquire dquot type 1 [ 471.508069][ T8448] EXT4-fs (loop2): 1 truncate cleaned up [ 471.550416][ T8448] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 471.634040][ T8448] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 471.691943][ T8448] EXT4-fs warning (device loop2): read_mmp_block:115: Error -117 while reading MMP block 0 [ 471.732852][ T8448] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 471.992650][ T5809] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.439461][ T8465] fuse: Unknown parameter 'fd0x0000000000000003' [ 472.555129][ T8471] netlink: 8 bytes leftover after parsing attributes in process `syz.3.767'. [ 472.564604][ T8471] netlink: 8 bytes leftover after parsing attributes in process `syz.3.767'. [ 473.271861][ T8473] netlink: 16 bytes leftover after parsing attributes in process `syz.2.768'. [ 473.536909][ T30] audit: type=1326 audit(1764393353.122:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8476 comm="syz.0.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f371b38f749 code=0x7ffc0000 [ 473.600179][ T30] audit: type=1326 audit(1764393353.152:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8476 comm="syz.0.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f371b38f749 code=0x7ffc0000 [ 473.623313][ T30] audit: type=1326 audit(1764393353.152:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8476 comm="syz.0.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f371b38f749 code=0x7ffc0000 [ 473.647085][ T30] audit: type=1326 audit(1764393353.152:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8476 comm="syz.0.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f371b38f749 code=0x7ffc0000 [ 473.670172][ T30] audit: type=1326 audit(1764393353.152:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8476 comm="syz.0.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f371b38f749 code=0x7ffc0000 [ 473.692980][ T30] audit: type=1326 audit(1764393353.152:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8476 comm="syz.0.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f371b38f749 code=0x7ffc0000 [ 474.099797][ T8483] No such timeout policy "syz0" [ 474.191390][ T8486] bond1: option lacp_active: invalid value (8) [ 474.267416][ T8483] netlink: 132 bytes leftover after parsing attributes in process `syz.2.772'. [ 474.292443][ T8486] bond1 (unregistering): Released all slaves [ 474.894721][ T8502] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 476.349713][ T8523] loop3: detected capacity change from 0 to 256 [ 476.397308][ T8513] netlink: 16 bytes leftover after parsing attributes in process `syz.1.782'. [ 476.559423][ T8523] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 476.665061][ T8525] netlink: 48 bytes leftover after parsing attributes in process `syz.2.786'. [ 477.609565][ T8537] fuse: Unknown parameter 'fd0x0000000000000003' [ 478.211011][ T8528] netlink: 'syz.1.787': attribute type 6 has an invalid length. [ 479.025977][ T8553] overlay: ./file0 is not a directory [ 479.741946][ T8565] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 479.809786][ T8566] loop3: detected capacity change from 0 to 128 [ 479.832859][ T8566] ext4: Unknown parameter 'appraise' [ 480.214519][ T8572] fuse: Unknown parameter 'fd0x0000000000000003' [ 480.280945][ T8560] netlink: 16 bytes leftover after parsing attributes in process `syz.1.797'. [ 480.565065][ T8573] No such timeout policy "syz0" [ 480.645293][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 480.658510][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 480.697651][ T8573] netlink: 132 bytes leftover after parsing attributes in process `syz.2.802'. [ 481.942546][ T8589] netlink: 4 bytes leftover after parsing attributes in process `syz.4.811'. [ 482.361297][ T8595] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 483.043082][ T8599] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 483.404848][ T30] audit: type=1326 audit(1781172115.081:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8597 comm="syz.3.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7fc00000 [ 483.782911][ T30] audit: type=1326 audit(1781172115.459:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8597 comm="syz.3.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3e1f98f749 code=0x7fc00000 [ 483.871897][ T8611] No such timeout policy "syz0" [ 483.902314][ T8611] netlink: 132 bytes leftover after parsing attributes in process `syz.2.818'. [ 483.960904][ T8604] netlink: 16 bytes leftover after parsing attributes in process `syz.1.817'. [ 484.629909][ T8621] 9pnet_fd: Insufficient options for proto=fd [ 484.647683][ T8624] netlink: 'syz.0.824': attribute type 142 has an invalid length. [ 485.119376][ T8629] netlink: 20 bytes leftover after parsing attributes in process `syz.4.826'. [ 485.276532][ T8630] bond1: option lacp_rate: invalid value (253) [ 485.305171][ T8640] fuse: Unknown parameter 'fd0x0000000000000003' [ 485.325102][ T8630] bond1 (unregistering): Released all slaves [ 486.581230][ T8651] overlayfs: failed to clone upperpath [ 486.719797][ T8647] overlay: ./file0 is not a directory [ 486.913556][ T8656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.833'. [ 488.380986][ T8666] bond0: Error: Cannot enslave bond to itself. [ 489.149401][ T8669] netlink: 'syz.3.838': attribute type 142 has an invalid length. [ 489.313316][ T8661] netlink: 16 bytes leftover after parsing attributes in process `syz.1.835'. [ 489.403978][ T8673] fuse: Unknown parameter 'fd0x0000000000000003' [ 489.589829][ T8678] netlink: 4 bytes leftover after parsing attributes in process `syz.3.843'. [ 490.236111][ T8688] 9pnet_fd: Insufficient options for proto=fd [ 490.290977][ T8688] netlink: 4 bytes leftover after parsing attributes in process `syz.1.848'. [ 490.418155][ T8686] overlayfs: failed to clone upperpath [ 491.491071][ T8700] netlink: 'syz.4.853': attribute type 142 has an invalid length. [ 492.071881][ T8705] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 492.329082][ T8702] netlink: 16 bytes leftover after parsing attributes in process `syz.2.854'. [ 493.395521][ T8727] netlink: 'syz.2.865': attribute type 142 has an invalid length. [ 493.664952][ T8731] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 493.682983][ T8729] IPVS: stopping backup sync thread 8731 ... [ 495.995071][ T8741] netlink: 16 bytes leftover after parsing attributes in process `syz.2.871'. [ 496.212136][ C1] hrtimer: interrupt took 272147 ns [ 497.836751][ T8754] tipc: Can't bind to reserved service type 1 [ 498.007999][ T8757] netlink: 'syz.2.876': attribute type 83 has an invalid length. [ 498.451825][ T8760] netlink: 108 bytes leftover after parsing attributes in process `syz.4.879'. [ 498.578247][ T8765] 9pnet_fd: Insufficient options for proto=fd [ 498.901946][ T8767] netlink: 'syz.3.878': attribute type 142 has an invalid length. [ 498.961068][ T8768] netlink: 'syz.2.880': attribute type 3 has an invalid length. [ 498.969588][ T8768] netlink: 20 bytes leftover after parsing attributes in process `syz.2.880'. [ 498.982917][ T8768] netlink: 'syz.2.880': attribute type 1 has an invalid length. [ 500.061596][ T8771] netlink: 24 bytes leftover after parsing attributes in process `syz.4.881'. [ 501.386687][ T8803] netlink: 'syz.2.892': attribute type 142 has an invalid length. [ 501.530683][ T8804] netlink: 108 bytes leftover after parsing attributes in process `syz.0.891'. [ 501.700792][ T8806] netlink: 8 bytes leftover after parsing attributes in process `syz.2.893'. [ 502.118614][ T8796] netlink: 16 bytes leftover after parsing attributes in process `syz.3.886'. [ 502.261909][ T8813] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 504.399145][ T8830] netlink: 12 bytes leftover after parsing attributes in process `syz.0.901'. [ 504.476471][ T8830] 8021q: adding VLAN 0 to HW filter on device bond1 [ 505.278310][ T8841] netlink: 108 bytes leftover after parsing attributes in process `syz.0.904'. [ 505.797967][ T8847] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 507.063113][ T8851] netlink: 16 bytes leftover after parsing attributes in process `syz.0.908'. [ 507.665076][ T8855] netlink: 104 bytes leftover after parsing attributes in process `syz.2.910'. [ 508.610929][ T8872] bond2 (unregistering): Released all slaves [ 509.674038][ T8887] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 510.131013][ T8892] fuse: Bad value for 'fd' [ 510.163605][ T8892] fuse: Bad value for 'fd' [ 512.667262][ T8894] tmpfs: Unknown parameter 'obj_role' [ 518.002772][ T8938] No such timeout policy "syz0" [ 518.167979][ T8941] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 519.018377][ T8944] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 519.128351][ T8947] netlink: 8 bytes leftover after parsing attributes in process `syz.4.940'. [ 521.723822][ T8975] netlink: 8 bytes leftover after parsing attributes in process `syz.2.946'. [ 523.073677][ T8984] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 523.579077][ T8991] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 523.960072][ T8993] No such timeout policy "syz0" [ 524.882519][ T8999] overlay: ./file0 is not a directory [ 526.142459][ T9008] netlink: 4 bytes leftover after parsing attributes in process `syz.1.958'. [ 526.352327][ T9013] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 526.731729][ T9015] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 527.430836][ T9026] No such timeout policy "syz0" [ 528.255027][ T9028] netlink: 16 bytes leftover after parsing attributes in process `syz.1.967'. [ 530.998184][ T9047] netlink: 4 bytes leftover after parsing attributes in process `syz.3.973'. [ 531.372946][ T9052] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 531.504090][ T9051] netlink: 12 bytes leftover after parsing attributes in process `syz.1.975'. [ 531.577280][ T9051] netlink: 12 bytes leftover after parsing attributes in process `syz.1.975'. [ 531.588982][ T3889] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 531.625063][ T3889] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 531.654232][ T3889] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 531.730995][ T1846] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 531.954173][ T9058] netlink: 20 bytes leftover after parsing attributes in process `syz.3.977'. [ 532.040917][ T9057] No such timeout policy "syz0" [ 532.740805][ T9070] netlink: 44 bytes leftover after parsing attributes in process `syz.2.982'. [ 533.483194][ T9064] netlink: 16 bytes leftover after parsing attributes in process `syz.4.980'. [ 534.416011][ T9085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.987'. [ 534.871659][ T9087] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 535.810915][ T9095] netlink: 12 bytes leftover after parsing attributes in process `syz.3.991'. [ 535.820714][ T9095] netlink: 76 bytes leftover after parsing attributes in process `syz.3.991'. [ 536.502442][ T5807] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 536.513760][ T5807] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 536.530388][ T5807] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 536.577043][ T5807] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 536.607460][ T5807] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 538.571615][ T50] Bluetooth: hci5: command tx timeout [ 538.779560][ T9114] netlink: 24 bytes leftover after parsing attributes in process `syz.3.995'. [ 539.003124][ T9114] netlink: 28 bytes leftover after parsing attributes in process `syz.3.995'. [ 539.012782][ T9114] netlink: 20 bytes leftover after parsing attributes in process `syz.3.995'. [ 539.202471][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 539.209530][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 539.630386][ T9099] chnl_net:caif_netlink_parms(): no params data found [ 540.552779][ T50] Bluetooth: hci5: command tx timeout [ 540.743653][ T9132] netlink: 4 bytes leftover after parsing attributes in process `syz.1.999'. [ 541.248728][ T9137] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 541.676965][ T9144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1003'. [ 541.695514][ T9099] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.703449][ T9099] bridge0: port 1(bridge_slave_0) entered disabled state [ 541.711640][ T9099] bridge_slave_0: entered allmulticast mode [ 541.722030][ T9099] bridge_slave_0: entered promiscuous mode [ 541.794212][ T9099] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.802514][ T9099] bridge0: port 2(bridge_slave_1) entered disabled state [ 541.810678][ T9099] bridge_slave_1: entered allmulticast mode [ 541.820543][ T9099] bridge_slave_1: entered promiscuous mode [ 542.531434][ T50] Bluetooth: hci5: command tx timeout [ 542.567316][ T9099] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 542.731195][ T9099] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 543.306933][ T9099] team0: Port device team_slave_0 added [ 543.338631][ T9099] team0: Port device team_slave_1 added [ 543.693450][ T9099] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 543.702374][ T9099] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 543.728856][ T9099] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 543.873522][ T9099] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 543.880861][ T9099] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 543.907560][ T9099] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 544.398180][ T9099] hsr_slave_0: entered promiscuous mode [ 544.409105][ T9099] hsr_slave_1: entered promiscuous mode [ 544.418542][ T9099] debugfs: 'hsr0' already exists in 'hsr' [ 544.428679][ T9099] Cannot create hsr debugfs directory [ 544.554043][ T50] Bluetooth: hci5: command tx timeout [ 545.058846][ T9163] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1011'. [ 545.682410][ T9165] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 545.836478][ T9160] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1010'. [ 546.506712][ T9099] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 546.588568][ T9099] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 546.629460][ T9175] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1016'. [ 546.693533][ T9099] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 546.785222][ T9099] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 548.274200][ T9183] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1019'. [ 548.957980][ T9189] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1021'. [ 549.329384][ T9099] 8021q: adding VLAN 0 to HW filter on device bond0 [ 549.860532][ T9099] 8021q: adding VLAN 0 to HW filter on device team0 [ 550.033679][ T3763] bridge0: port 1(bridge_slave_0) entered blocking state [ 550.041454][ T3763] bridge0: port 1(bridge_slave_0) entered forwarding state [ 550.188952][ T3763] bridge0: port 2(bridge_slave_1) entered blocking state [ 550.196550][ T3763] bridge0: port 2(bridge_slave_1) entered forwarding state [ 550.408689][ T9196] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 550.650852][ T9099] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 550.957393][ T9198] netlink: 'syz.1.1025': attribute type 10 has an invalid length. [ 551.052638][ T9198] team0: Port device netdevsim3 added [ 551.718999][ T9214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1030'. [ 552.274537][ T9203] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1026'. [ 553.257360][ T9099] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 553.270030][ T9224] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1033'. [ 555.066816][ T9247] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1041'. [ 555.802832][ T9255] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1044'. [ 555.813256][ T9099] veth0_vlan: entered promiscuous mode [ 555.923549][ T9099] veth1_vlan: entered promiscuous mode [ 556.151830][ T9251] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1042'. [ 556.522397][ T9099] veth0_macvtap: entered promiscuous mode [ 556.714105][ T9099] veth1_macvtap: entered promiscuous mode [ 557.171182][ T9258] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1045'. [ 557.215647][ T9099] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 557.413018][ T9099] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 557.542590][ T3930] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.587235][ T3930] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.672359][ T3930] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.719482][ T3930] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.871819][ T9276] bond3: peer notification delay (2) is not a multiple of miimon (100), value rounded to 0 ms [ 558.882762][ T9276] bond3: option arp_validate: mode dependency failed, not supported in mode balance-tlb(5) [ 558.936239][ T9276] bond3 (unregistering): Released all slaves [ 559.497911][ T9285] overlayfs: failed to clone upperpath [ 559.942879][ T9291] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1056'. [ 560.501569][ T9295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1057'. [ 560.790451][ T9300] overlayfs: missing 'lowerdir' [ 561.005077][ T1846] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.184606][ T9287] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1055'. [ 561.289740][ T1846] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.537157][ T1846] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.833654][ T1846] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.043008][ T9313] fuse: Bad value for 'fd' [ 562.267772][ T1846] bridge_slave_1: left allmulticast mode [ 562.275430][ T1846] bridge_slave_1: left promiscuous mode [ 562.282197][ T1846] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.424592][ T1846] bridge_slave_0: left allmulticast mode [ 562.431966][ T1846] bridge_slave_0: left promiscuous mode [ 562.438943][ T1846] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.362825][ T1846] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 563.414154][ T1846] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 563.452578][ T1846] bond0 (unregistering): Released all slaves [ 563.478600][ T1846] bond1 (unregistering): Released all slaves [ 567.522712][ T1846] hsr_slave_0: left promiscuous mode [ 567.556026][ T1846] hsr_slave_1: left promiscuous mode [ 567.566546][ T1846] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 567.574519][ T1846] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 567.736602][ T1846] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 567.744631][ T1846] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 567.958709][ T1846] team0: left promiscuous mode [ 567.967282][ T1846] team_slave_0: left promiscuous mode [ 567.973117][ T1846] team_slave_1: left promiscuous mode [ 567.979303][ T1846] veth1_macvtap: left promiscuous mode [ 567.985410][ T1846] veth0_macvtap: left promiscuous mode [ 567.991601][ T1846] veth1_vlan: left promiscuous mode [ 567.997144][ T1846] veth0_vlan: left promiscuous mode [ 568.081982][ T9348] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1070'. [ 570.159581][ T1846] team0 (unregistering): Port device team_slave_1 removed [ 570.242488][ T1846] team0 (unregistering): Port device team_slave_0 removed [ 570.897663][ T3016] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.906143][ T3016] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.951582][ T3016] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.959645][ T3016] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 571.113876][ T1846] IPVS: stop unused estimator thread 0... [ 571.549767][ T9351] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1071'. [ 572.684454][ T9376] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1081'. [ 573.882889][ T9384] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1083'. [ 573.892970][ T9384] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1083'. [ 574.602651][ T9389] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1085'. [ 574.626354][ T9387] loop5: detected capacity change from 0 to 1024 [ 574.841106][ T9387] hfsplus: invalid attributes max_key_len 49162 [ 574.854283][ T9387] hfsplus: failed to load attributes file [ 575.203800][ T9396] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 575.986044][ T9394] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1087'. [ 576.670750][ T9414] netlink: 'syz.4.1093': attribute type 7 has an invalid length. [ 577.145030][ T9419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1096'. [ 579.366481][ T9427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1099'. [ 579.953212][ T9433] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1101'. [ 579.988827][ T9433] 9pnet_fd: Insufficient options for proto=fd [ 580.931159][ T9454] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 580.936915][ T9453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1109'. [ 580.985090][ T9442] loop5: detected capacity change from 0 to 4096 [ 582.380823][ T9442] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 582.476386][ T9442] ntfs3(loop5): Failed to initialize $Extend/$ObjId. [ 582.578921][ T9442] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1103'. [ 583.074732][ T9469] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1115'. [ 583.968181][ T9478] loop5: detected capacity change from 0 to 8 [ 584.100825][ T9478] SQUASHFS error: xz decompression failed, data probably corrupt [ 584.109470][ T9478] SQUASHFS error: Failed to read block 0x108: -5 [ 584.119337][ T9478] SQUASHFS error: Unable to read metadata cache entry [106] [ 584.128023][ T9478] SQUASHFS error: Unable to read inode 0x11f [ 585.056572][ T6476] usb 6-1: new low-speed USB device number 2 using dummy_hcd [ 585.275956][ T6476] usb 6-1: device descriptor read/64, error -71 [ 585.426071][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1124'. [ 585.535028][ T6476] usb 6-1: new low-speed USB device number 3 using dummy_hcd [ 586.972491][ T6476] usb 6-1: device descriptor read/64, error -71 [ 587.110694][ T6476] usb usb6-port1: attempt power cycle [ 588.666309][ T9500] loop5: detected capacity change from 0 to 4096 [ 588.931422][ T9500] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 588.960217][ T9500] ntfs3(loop5): Failed to initialize $Extend/$ObjId. [ 588.978437][ T9500] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1127'. [ 589.040190][ T9518] overlayfs: overlapping lowerdir path [ 589.114716][ T9514] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1134'. [ 589.763624][ T9529] lo speed is unknown, defaulting to 1000 [ 589.769833][ T9529] lo speed is unknown, defaulting to 1000 [ 589.781785][ T9529] lo speed is unknown, defaulting to 1000 [ 589.800928][ T9529] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 589.842459][ T9529] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 589.905738][ T9529] lo speed is unknown, defaulting to 1000 [ 589.914709][ T9529] lo speed is unknown, defaulting to 1000 [ 589.923639][ T9529] lo speed is unknown, defaulting to 1000 [ 589.932435][ T9529] lo speed is unknown, defaulting to 1000 [ 589.941330][ T9529] lo speed is unknown, defaulting to 1000 [ 590.029125][ T9530] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1139'. [ 592.098002][ T9553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1142'. [ 592.541142][ T9552] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1149'. [ 593.148444][ T9567] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1154'. [ 593.158903][ T9567] 8021q: VLANs not supported on ip_vti0 [ 594.700198][ T9579] loop5: detected capacity change from 0 to 512 [ 594.889995][ T9579] EXT4-fs (loop5): corrupt root inode, run e2fsck [ 594.896989][ T9579] EXT4-fs (loop5): mount failed [ 595.772631][ T9593] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 595.890300][ T6462] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 596.136938][ T6462] usb 6-1: config 0 interface 0 has no altsetting 0 [ 596.144129][ T6462] usb 6-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 596.153988][ T6462] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.262566][ T6462] usb 6-1: config 0 descriptor?? [ 596.757572][ T6462] lenovo 0003:17EF:6067.0003: report_id 405671497 is invalid [ 596.765612][ T6462] lenovo 0003:17EF:6067.0003: item 0 4 1 8 parsing failed [ 596.841298][ T6462] lenovo 0003:17EF:6067.0003: hid_parse failed [ 596.848807][ T6462] lenovo 0003:17EF:6067.0003: probe with driver lenovo failed with error -22 [ 596.936968][ T9605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1169'. [ 597.718910][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 597.726391][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 598.067303][ T9621] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1167'. [ 598.455259][ T6462] usb 6-1: USB disconnect, device number 5 [ 599.469456][ T6476] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 599.634076][ T6476] usb 6-1: device descriptor read/64, error -71 [ 599.879040][ T6476] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 599.889053][ T9639] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1180'. [ 600.050110][ T6476] usb 6-1: device descriptor read/64, error -71 [ 600.173615][ T6476] usb usb6-port1: attempt power cycle [ 600.229976][ T9641] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 600.553020][ T6476] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 600.609966][ T6476] usb 6-1: device descriptor read/8, error -71 [ 600.655004][ T9645] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 600.874960][ T6476] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 600.908265][ T6476] usb 6-1: device descriptor read/8, error -71 [ 601.039393][ T6476] usb usb6-port1: unable to enumerate USB device [ 601.717304][ T9649] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1185'. [ 601.746817][ T9649] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 603.648029][ T30] audit: type=1326 audit(1781172241.220:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9664 comm="syz.5.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c53d8f749 code=0x7ffc0000 [ 603.671248][ T30] audit: type=1326 audit(1781172241.220:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9664 comm="syz.5.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c53d8f749 code=0x7ffc0000 [ 605.484392][ T9675] bond1: entered promiscuous mode [ 607.156705][ T9690] 9pnet_fd: Insufficient options for proto=fd [ 608.371372][ T6476] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 608.728111][ T6476] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 608.739556][ T6476] usb 6-1: config 0 interface 0 has no altsetting 0 [ 608.746926][ T6476] usb 6-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 608.756389][ T6476] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.014638][ T6476] usb 6-1: config 0 descriptor?? [ 609.611664][ T6476] kye 0003:0458:5015.0004: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 609.679606][ T6476] kye 0003:0458:5015.0004: hidraw0: USB HID v0.04 Device [HID 0458:5015] on usb-dummy_hcd.5-1/input0 [ 609.691211][ T6476] kye 0003:0458:5015.0004: tablet-enabling feature report not found [ 609.699837][ T6476] kye 0003:0458:5015.0004: tablet enabling failed [ 609.839399][ T30] audit: type=1800 audit(1781172247.803:69): pid=9703 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1205" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 610.604539][ T9723] pimreg: entered allmulticast mode [ 610.637953][ T6468] usb 6-1: USB disconnect, device number 10 [ 610.689706][ T9723] pimreg: left allmulticast mode [ 612.576849][ T9745] overlayfs: failed to clone upperpath [ 612.741896][ T9747] overlayfs: failed to clone upperpath [ 613.042370][ T9752] fuse: Bad value for 'fd' [ 614.288472][ T9755] openvswitch: netlink: Geneve opt len 62 is not a multiple of 4. [ 614.443295][ T30] audit: type=1800 audit(1781172252.643:70): pid=9755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1223" name="nullb0" dev="tmpfs" ino=1044 res=0 errno=0 [ 617.199146][ T9774] overlay: ./file0 is not a directory [ 618.459485][ T6476] IPVS: starting estimator thread 0... [ 618.585946][ T9793] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1238'. [ 618.611402][ T9795] IPVS: using max 192 ests per chain, 9600 per kthread [ 623.304438][ T9842] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1256'. [ 624.390061][ T9857] 9pnet_fd: Insufficient options for proto=fd [ 624.401542][ T9858] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1263'. [ 626.159320][ T30] audit: type=1326 audit(1781172264.959:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 626.182478][ T30] audit: type=1326 audit(1781172264.980:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 626.205570][ T30] audit: type=1326 audit(1781172264.980:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 626.228256][ T30] audit: type=1326 audit(1781172265.032:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 626.253258][ T30] audit: type=1326 audit(1781172265.032:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 626.265179][ T9873] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1269'. [ 626.276755][ T30] audit: type=1326 audit(1781172265.032:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 626.308563][ T30] audit: type=1326 audit(1781172265.032:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 626.331374][ T30] audit: type=1326 audit(1781172265.032:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 626.356209][ T30] audit: type=1326 audit(1781172265.032:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 626.379553][ T30] audit: type=1326 audit(1781172265.032:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.4.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 627.723477][ T9885] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1274'. [ 627.733411][ T9885] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1274'. [ 629.391169][ T9888] loop5: detected capacity change from 0 to 65536 [ 629.513247][ T9888] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 629.949942][ T9888] XFS (loop5): Ending clean mount [ 630.032833][ T3443] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.060157][ T3443] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.071468][ T3443] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.126613][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 631.225780][ T3443] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.605389][ T9099] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 632.098820][ T9906] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1279'. [ 632.979311][ T9916] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1282'. [ 632.989252][ T9916] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1282'. [ 633.029200][ T9918] overlay: ./file0 is not a directory [ 633.447240][ T9925] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1286'. [ 634.138071][ T9936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1290'. [ 634.253427][ T9939] syz_tun: entered allmulticast mode [ 634.395911][ T5807] Bluetooth: hci5: unexpected subevent 0x1a length: 9 > 6 [ 636.255762][ T5807] Bluetooth: hci5: command 0x0405 tx timeout [ 636.312621][ T9962] IPv6: NLM_F_REPLACE set, but no existing node found! [ 636.685660][ T9967] overlay: ./file0 is not a directory [ 638.091539][ T9978] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1305'. [ 638.224139][ T9978] comedi comedi0: Minor -1 is invalid! [ 638.939612][ T9980] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1306'. [ 639.405438][ T6476] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 639.428998][ T9994] veth0: entered promiscuous mode [ 639.465484][ T9994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1311'. [ 639.614331][ T6476] usb 6-1: Using ep0 maxpacket: 8 [ 639.651279][ T6476] usb 6-1: unable to get BOS descriptor or descriptor too short [ 639.668017][ T6476] usb 6-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid maxpacket 2560, setting to 1024 [ 639.680318][ T6476] usb 6-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 1024 [ 639.690709][ T6476] usb 6-1: config 8 interface 0 has no altsetting 0 [ 639.737564][ T6476] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 639.747192][ T6476] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.755837][ T6476] usb 6-1: Product: syz [ 639.760225][ T6476] usb 6-1: Manufacturer: syz [ 639.765297][ T6476] usb 6-1: SerialNumber: syz [ 640.079772][ T6476] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 640.087001][ T6476] usb 6-1: selecting invalid altsetting 0 [ 640.216383][ T6476] usb 6-1: USB disconnect, device number 11 [ 640.591152][T10015] overlay: ./file0 is not a directory [ 641.189053][T10028] netlink: zone id is out of range [ 641.194551][T10028] netlink: zone id is out of range [ 641.200027][T10028] netlink: zone id is out of range [ 641.205835][T10028] netlink: zone id is out of range [ 641.211172][T10028] netlink: zone id is out of range [ 641.216617][T10028] netlink: zone id is out of range [ 641.222234][T10028] netlink: zone id is out of range [ 641.227512][T10028] netlink: zone id is out of range [ 641.233285][T10028] netlink: zone id is out of range [ 641.238568][T10028] netlink: set zone limit has 4 unknown bytes [ 643.458630][T10026] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1321'. [ 643.480631][T10053] syz1: Port: 1 Link DOWN [ 643.495534][ T3443] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 643.505542][ T3443] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.548717][ T3443] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 643.558171][ T3443] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.603201][ T3443] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 643.614675][ T3443] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.669826][ T3443] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 643.679358][ T3443] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.306579][T10074] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1331'. [ 645.596493][T10092] overlay: ./file0 is not a directory [ 646.194925][T10091] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1337'. [ 646.204396][T10091] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1337'. [ 646.457478][T10097] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1339'. [ 647.506052][T10130] netlink: 134788 bytes leftover after parsing attributes in process `syz.4.1352'. [ 647.677830][T10134] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1352'. [ 648.074962][T10136] overlay: ./file0 is not a directory [ 649.427559][T10151] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.436222][T10151] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.767038][T10151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 649.799490][T10151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 650.151808][T10046] lo speed is unknown, defaulting to 1000 [ 650.158337][T10046] syz2: Port: 1 Link DOWN [ 650.166960][ T1846] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.205142][ T1846] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.251544][ T1846] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.289736][ T1846] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.807312][T10163] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1359'. [ 651.060393][T10158] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1357'. [ 651.100552][T10165] raw_sendmsg: syz.4.1360 forgot to set AF_INET. Fix it! [ 651.920606][T10170] loop5: detected capacity change from 0 to 256 [ 651.951147][T10170] exfat: Unknown parameter ' [ 651.951147][T10170] ' [ 652.002977][T10170] loop5: detected capacity change from 0 to 8 [ 652.046169][T10170] SQUASHFS error: xz decompression failed, data probably corrupt [ 652.055836][T10170] SQUASHFS error: Failed to read block 0x108: -5 [ 652.064001][T10170] SQUASHFS error: Unable to read metadata cache entry [106] [ 652.071646][T10170] SQUASHFS error: Unable to read inode 0x11f [ 652.311678][T10179] overlay: ./file0 is not a directory [ 653.945827][T10199] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1373'. [ 656.239630][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 656.247449][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 656.837325][T10231] overlay: ./file0 is not a directory [ 660.254137][T10252] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1390'. [ 660.914037][T10277] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1399'. [ 660.924310][T10277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1399'. [ 661.421127][T10285] overlay: ./file0 is not a directory [ 663.230328][T10309] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 663.242464][T10309] x_tables: ip_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 664.215855][T10317] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1409'. [ 665.393529][T10330] overlay: ./file0 is not a directory [ 665.721237][T10335] openvswitch: netlink: IP tunnel attribute has 1624 unknown bytes. [ 666.995480][T10354] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1421'. [ 667.844187][T10353] lo speed is unknown, defaulting to 1000 [ 668.803876][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 668.803963][ T30] audit: type=1326 audit(1781172309.728:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.2.1427" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2acaf8f749 code=0x0 [ 668.832403][ C1] vkms_vblank_simulate: vblank timer overrun [ 668.960047][T10365] overlay: ./file0 is not a directory [ 670.117777][T10377] bridge0: port 2(bridge_slave_1) entered disabled state [ 670.128002][T10377] bridge0: port 1(bridge_slave_0) entered disabled state [ 670.344839][T10377] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 670.372104][T10377] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 672.619067][T10376] lo speed is unknown, defaulting to 1000 [ 672.766950][T10387] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 672.775473][T10387] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 672.806463][ T4001] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.948059][ T4001] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.968142][ T4001] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.014277][ T4001] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.979523][T10398] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1438'. [ 675.494385][ T9995] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 676.679836][ T9995] usb 6-1: config 16 has an invalid interface number: 246 but max is 0 [ 676.688572][ T9995] usb 6-1: config 16 has no interface number 0 [ 676.695269][ T9995] usb 6-1: config 16 interface 246 altsetting 75 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 676.707308][ T9995] usb 6-1: config 16 interface 246 has no altsetting 0 [ 676.714829][ T9995] usb 6-1: New USB device found, idVendor=0586, idProduct=3409, bcdDevice=67.ac [ 676.724407][ T9995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.379284][ T9995] usb 6-1: string descriptor 0 read error: -71 [ 677.607435][ T9995] usb 6-1: USB disconnect, device number 12 [ 677.705011][T10439] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1451'. [ 680.072678][T10453] loop5: detected capacity change from 0 to 40427 [ 680.104146][T10453] F2FS-fs (loop5): build fault injection rate: 25 [ 680.115455][T10453] F2FS-fs (loop5): invalid crc value [ 680.482480][T10453] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 680.493562][T10453] F2FS-fs (loop5): Start checkpoint disabled! [ 680.506305][T10453] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0 [ 680.522414][T10453] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 681.746993][ T3016] kworker/u8:11: attempt to access beyond end of device [ 681.746993][ T3016] loop5: rw=1, sector=77824, nr_sectors = 2048 limit=40427 [ 681.952688][ T3016] kworker/u8:11: attempt to access beyond end of device [ 681.952688][ T3016] loop5: rw=1, sector=79872, nr_sectors = 2048 limit=40427 [ 682.100902][ T3016] kworker/u8:11: attempt to access beyond end of device [ 682.100902][ T3016] loop5: rw=1, sector=49152, nr_sectors = 2048 limit=40427 [ 682.285052][ T3016] kworker/u8:11: attempt to access beyond end of device [ 682.285052][ T3016] loop5: rw=1, sector=51200, nr_sectors = 2048 limit=40427 [ 682.437126][ T3016] kworker/u8:11: attempt to access beyond end of device [ 682.437126][ T3016] loop5: rw=1, sector=57344, nr_sectors = 2048 limit=40427 [ 682.596369][ T3016] kworker/u8:11: attempt to access beyond end of device [ 682.596369][ T3016] loop5: rw=1, sector=59392, nr_sectors = 2048 limit=40427 [ 682.705358][ T3016] kworker/u8:11: attempt to access beyond end of device [ 682.705358][ T3016] loop5: rw=1, sector=61440, nr_sectors = 2048 limit=40427 [ 682.837763][ T3016] kworker/u8:11: attempt to access beyond end of device [ 682.837763][ T3016] loop5: rw=1, sector=63488, nr_sectors = 1024 limit=40427 [ 682.878348][ T3016] kworker/u8:11: attempt to access beyond end of device [ 682.878348][ T3016] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 682.893626][ T3016] CPU: 1 UID: 0 PID: 3016 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(none) [ 682.893784][ T3016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 682.893925][ T3016] Workqueue: writeback wb_workfn (flush-7:5) [ 682.894143][ T3016] Call Trace: [ 682.894197][ T3016] [ 682.894255][ T3016] __dump_stack+0x26/0x30 [ 682.894431][ T3016] dump_stack_lvl+0x1df/0x270 [ 682.894643][ T3016] dump_stack+0x1e/0x25 [ 682.894803][ T3016] f2fs_handle_critical_error+0xa6f/0xc20 [ 682.895006][ T3016] f2fs_stop_checkpoint+0x65/0x80 [ 682.895180][ T3016] f2fs_write_end_io+0x101c/0x1bc0 [ 682.895408][ T3016] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 682.895568][ T3016] bio_endio+0xeb4/0x1010 [ 682.895746][ T3016] submit_bio_noacct+0x2009/0x2930 [ 682.895978][ T3016] submit_bio+0x57c/0x630 [ 682.896174][ T3016] f2fs_submit_write_bio+0x92/0x250 [ 682.896397][ T3016] __submit_merged_bio+0x16f/0x6a0 [ 682.896612][ T3016] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 682.896795][ T3016] __submit_merged_write_cond+0x458/0x9a0 [ 682.897076][ T3016] f2fs_write_data_pages+0x4bb2/0x5480 [ 682.897398][ T3016] ? f2fs_balance_fs_bg+0x11e7/0x1240 [ 682.897610][ T3016] ? stack_depot_save_flags+0x35/0x7b0 [ 682.897774][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 682.897941][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 682.898112][ T3016] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 682.898347][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 682.898512][ T3016] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 682.898687][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 682.898852][ T3016] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 682.899025][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 682.899193][ T3016] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 682.899364][ T3016] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 682.899528][ T3016] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 682.899688][ T3016] do_writepages+0x3f2/0x860 [ 682.899880][ T3016] ? stack_depot_save_flags+0x35/0x7b0 [ 682.900049][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 682.900213][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 682.900404][ T3016] __writeback_single_inode+0x101/0x1190 [ 682.900604][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 682.900780][ T3016] writeback_sb_inodes+0xac1/0x1cb0 [ 682.901110][ T3016] wb_writeback+0x4ce/0xc00 [ 682.901301][ T3016] ? queue_io+0x471/0x790 [ 682.901483][ T3016] wb_workfn+0x397/0x1910 [ 682.901644][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 682.901825][ T3016] ? __pfx_wb_workfn+0x10/0x10 [ 682.901976][ T3016] process_scheduled_works+0xb91/0x1d80 [ 682.902230][ T3016] worker_thread+0xedf/0x1590 [ 682.902457][ T3016] kthread+0xd5c/0xf00 [ 682.902584][ T3016] ? __pfx_worker_thread+0x10/0x10 [ 682.902789][ T3016] ? __pfx_kthread+0x10/0x10 [ 682.902924][ T3016] ret_from_fork+0x1f5/0x4c0 [ 682.903110][ T3016] ? __pfx_kthread+0x10/0x10 [ 682.903241][ T3016] ret_from_fork_asm+0x1a/0x30 [ 682.903458][ T3016] [ 683.192589][ T3016] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 683.202401][ T3016] CPU: 1 UID: 0 PID: 3016 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(none) [ 683.202559][ T3016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 683.202672][ T3016] Workqueue: writeback wb_workfn (flush-7:5) [ 683.202879][ T3016] Call Trace: [ 683.202927][ T3016] [ 683.202977][ T3016] __dump_stack+0x26/0x30 [ 683.203149][ T3016] dump_stack_lvl+0x1df/0x270 [ 683.203325][ T3016] dump_stack+0x1e/0x25 [ 683.203474][ T3016] f2fs_handle_critical_error+0xa6f/0xc20 [ 683.203669][ T3016] f2fs_stop_checkpoint+0x65/0x80 [ 683.203831][ T3016] f2fs_write_end_io+0x101c/0x1bc0 [ 683.204029][ T3016] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 683.204188][ T3016] bio_endio+0xeb4/0x1010 [ 683.204358][ T3016] submit_bio_noacct+0x2009/0x2930 [ 683.204576][ T3016] submit_bio+0x57c/0x630 [ 683.204751][ T3016] f2fs_submit_write_bio+0x92/0x250 [ 683.204971][ T3016] __submit_merged_bio+0x16f/0x6a0 [ 683.205175][ T3016] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 683.205352][ T3016] __submit_merged_write_cond+0x458/0x9a0 [ 683.205601][ T3016] f2fs_write_data_pages+0x4bb2/0x5480 [ 683.205925][ T3016] ? f2fs_balance_fs_bg+0x11e7/0x1240 [ 683.206137][ T3016] ? stack_depot_save_flags+0x35/0x7b0 [ 683.206299][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 683.206462][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 683.206626][ T3016] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 683.206867][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 683.207027][ T3016] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 683.207197][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 683.207367][ T3016] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 683.207534][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 683.207698][ T3016] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 683.207874][ T3016] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 683.208032][ T3016] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 683.208195][ T3016] do_writepages+0x3f2/0x860 [ 683.208381][ T3016] ? stack_depot_save_flags+0x35/0x7b0 [ 683.208546][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 683.208709][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 683.208902][ T3016] __writeback_single_inode+0x101/0x1190 [ 683.209108][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 683.209290][ T3016] writeback_sb_inodes+0xac1/0x1cb0 [ 683.209639][ T3016] wb_writeback+0x4ce/0xc00 [ 683.209848][ T3016] ? queue_io+0x471/0x790 [ 683.210043][ T3016] wb_workfn+0x397/0x1910 [ 683.210206][ T3016] ? kmsan_get_metadata+0xfb/0x160 [ 683.210399][ T3016] ? __pfx_wb_workfn+0x10/0x10 [ 683.210560][ T3016] process_scheduled_works+0xb91/0x1d80 [ 683.210829][ T3016] worker_thread+0xedf/0x1590 [ 683.211065][ T3016] kthread+0xd5c/0xf00 [ 683.211194][ T3016] ? __pfx_worker_thread+0x10/0x10 [ 683.211425][ T3016] ? __pfx_kthread+0x10/0x10 [ 683.211559][ T3016] ret_from_fork+0x1f5/0x4c0 [ 683.211760][ T3016] ? __pfx_kthread+0x10/0x10 [ 683.211902][ T3016] ret_from_fork_asm+0x1a/0x30 [ 683.212126][ T3016] [ 683.494927][ T3016] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 683.661470][T10483] xt_l2tp: wrong L2TP version: 1 [ 687.158250][T10517] xt_hashlimit: size too large, truncated to 1048576 [ 688.086220][T10526] netlink: 'syz.5.1462': attribute type 10 has an invalid length. [ 688.094692][T10526] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1462'. [ 688.113189][T10526] team0: Port device netdevsim1 added [ 688.174748][T10526] loop5: detected capacity change from 0 to 1024 [ 688.184550][T10526] EXT4-fs: Ignoring removed nobh option [ 688.190667][T10526] EXT4-fs: inline encryption not supported [ 688.196963][T10526] ext3: Unknown parameter 'uid>00000000000000060928' [ 688.772249][T10526] loop5: detected capacity change from 0 to 32768 [ 688.785878][T10526] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1462 (10526) [ 688.815361][T10526] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 688.829199][T10526] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 688.940000][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 688.965026][T10526] BTRFS info (device loop5): enabling ssd optimizations [ 688.972349][T10526] BTRFS info (device loop5): turning on async discard [ 688.979423][T10526] BTRFS info (device loop5): enabling free space tree [ 688.986319][T10526] BTRFS info (device loop5): use zstd compression, level 3 [ 689.597307][ T9099] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 690.277039][T10553] sock: sock_timestamping_bind_phc: sock not bind to device [ 690.598721][T10559] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1490'. [ 691.265561][T10566] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1493'. [ 691.275362][T10566] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1493'. [ 691.284950][T10566] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1493'. [ 691.960792][ T5807] Bluetooth: hci1: unexpected event for opcode 0x2029 [ 693.062544][T10598] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 693.114935][T10595] overlayfs: failed to resolve './file0': -2 [ 693.868501][T10604] loop5: detected capacity change from 0 to 128 [ 693.897946][T10604] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 693.934823][T10604] hpfs: filesystem error: improperly stopped [ 693.942227][T10604] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 693.950417][T10604] hpfs: You really don't want any checks? You are crazy... [ 693.978658][T10604] hpfs: hpfs_map_sector(): read error [ 693.984258][T10604] hpfs: code page support is disabled [ 694.083187][T10604] hpfs: hpfs_map_4sectors(): unaligned read [ 694.105636][T10604] hpfs: hpfs_map_4sectors(): unaligned read [ 694.112252][T10604] hpfs: filesystem error: unable to find root dir [ 694.907650][T10612] lo speed is unknown, defaulting to 1000 [ 695.408983][T10625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1513'. [ 695.418813][T10625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1513'. [ 695.711815][ T5807] Bluetooth: hci1: unexpected subevent 0x1a length: 9 > 6 [ 697.423137][T10661] netlink: 1632 bytes leftover after parsing attributes in process `syz.1.1525'. [ 697.432825][T10661] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 697.763867][T10668] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1527'. [ 697.778156][T10668] tipc: Started in network mode [ 697.783574][T10668] tipc: Node identity fff50000000000000000000000000001, cluster identity 4711 [ 697.792979][T10668] tipc: Enabling of bearer rejected, failed to enable media [ 698.075367][T10674] pimreg: entered allmulticast mode [ 698.087637][T10674] pimreg: left allmulticast mode [ 698.188026][T10674] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1531'. [ 699.085744][T10695] netlink: 1632 bytes leftover after parsing attributes in process `syz.4.1538'. [ 699.096433][T10695] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 700.244698][ T30] audit: type=1326 audit(1781172342.727:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe945d8f749 code=0x7ffc0000 [ 700.397690][ T30] audit: type=1326 audit(1781172342.780:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fe945d8f749 code=0x7ffc0000 [ 700.421864][ T30] audit: type=1326 audit(1781172342.780:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe945d8f749 code=0x7ffc0000 [ 700.445038][ T30] audit: type=1326 audit(1781172342.780:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe945d8f749 code=0x7ffc0000 [ 700.467958][ T30] audit: type=1326 audit(1781172342.780:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe945d8f749 code=0x7ffc0000 [ 700.491063][ T30] audit: type=1326 audit(1781172342.822:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fe945d8de97 code=0x7ffc0000 [ 700.513972][ T30] audit: type=1326 audit(1781172342.822:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fe945d90eea code=0x7ffc0000 [ 700.536911][ T30] audit: type=1326 audit(1781172342.832:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe945d8f749 code=0x7ffc0000 [ 700.559870][ T30] audit: type=1326 audit(1781172342.832:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fe945d8f749 code=0x7ffc0000 [ 700.582945][ T30] audit: type=1326 audit(1781172342.832:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10715 comm="syz.1.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe945d8f783 code=0x7ffc0000 [ 701.447896][T10730] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1551'. [ 701.525619][T10731] netlink: 1632 bytes leftover after parsing attributes in process `syz.4.1552'. [ 701.535206][T10731] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 702.175838][T10743] netlink: 'syz.4.1557': attribute type 12 has an invalid length. [ 705.765101][T10770] openvswitch: netlink: Message has 1628 unknown bytes. [ 707.352558][T10807] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 707.543400][T10814] openvswitch: netlink: Message has 1628 unknown bytes. [ 707.802218][T10807] lo: entered allmulticast mode [ 707.861962][T10810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1577'. [ 708.164734][ T30] kauditd_printk_skb: 45 callbacks suppressed [ 708.164822][ T30] audit: type=1326 audit(1781172351.053:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10818 comm="syz.4.1580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 708.275469][ T30] audit: type=1326 audit(1781172351.116:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10818 comm="syz.4.1580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 708.298964][ T30] audit: type=1326 audit(1781172351.127:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10818 comm="syz.4.1580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1838f749 code=0x7ffc0000 [ 708.404158][T10804] lo: left allmulticast mode [ 708.881585][T10839] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 709.263165][T10846] openvswitch: netlink: Message has 1628 unknown bytes. [ 709.529707][T10852] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1593'. [ 709.619889][T10847] bridge1: entered promiscuous mode [ 709.882613][T10855] trusted_key: syz.1.1595 sent an empty control message without MSG_MORE. [ 710.739582][T10874] loop5: detected capacity change from 0 to 64 [ 710.758742][T10874] minix: Unknown parameter '' [ 710.805243][T10874] netlink: 5 bytes leftover after parsing attributes in process `syz.5.1603'. [ 710.814697][T10874] netlink: 5 bytes leftover after parsing attributes in process `syz.5.1603'. [ 710.952652][T10878] openvswitch: netlink: IP tunnel attribute has 1624 unknown bytes. [ 712.775402][T10891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1610'. [ 713.880154][T10904] openvswitch: netlink: IP tunnel attribute has 1624 unknown bytes. [ 714.012679][ T6478] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 714.155884][T10906] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1618'. [ 714.212741][ T6478] usb 6-1: Using ep0 maxpacket: 16 [ 714.257942][ T6478] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 714.269659][ T6478] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 714.281224][ T6478] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 714.291280][ T6478] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 714.301678][ T6478] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 714.440763][ T6478] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 714.450400][ T6478] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 714.459462][ T6478] usb 6-1: Manufacturer: syz [ 714.495972][ T6478] usb 6-1: config 0 descriptor?? [ 714.602478][T10912] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1620'. [ 714.612282][T10912] team0: No ports can be present during mode change [ 714.738899][T10920] tipc: Enabling of bearer rejected, failed to enable media [ 714.777497][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 714.784559][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 714.991989][ T6478] rc_core: IR keymap rc-hauppauge not found [ 714.998302][ T6478] Registered IR keymap rc-empty [ 715.003920][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.039446][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.066439][ T6478] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 715.081138][ T6478] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input8 [ 715.162201][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.202802][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.231319][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.252672][T10926] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1615'. [ 715.308596][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.331470][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.360056][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.398278][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.430502][T10926] pim6reg1: entered promiscuous mode [ 715.436268][T10926] pim6reg1: entered allmulticast mode [ 715.446484][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 715.474908][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 716.446291][ T6478] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 716.467558][ T6478] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 716.477129][ T6478] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 716.491587][ T6478] usb 6-1: USB disconnect, device number 13 [ 716.603526][T10937] netlink: 'syz.4.1628': attribute type 21 has an invalid length. [ 716.612450][T10937] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1628'. [ 716.955666][T10945] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1629'. [ 717.891336][T10945] loop5: detected capacity change from 0 to 32768 [ 717.912126][T10945] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1629 (10945) [ 718.338060][T10945] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 718.348855][T10945] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 718.488918][T10945] BTRFS info (device loop5): enabling ssd optimizations [ 718.496432][T10945] BTRFS info (device loop5): turning on async discard [ 718.503605][T10945] BTRFS info (device loop5): enabling free space tree [ 718.510598][T10945] BTRFS info (device loop5): use zstd compression, level 3 [ 719.023598][ T9099] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 720.280142][T10993] veth2: entered allmulticast mode [ 721.389670][T11014] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1647'. [ 722.190393][T11013] loop5: detected capacity change from 0 to 32768 [ 722.967522][T11013] loop5: detected capacity change from 0 to 512 [ 723.000937][T11013] EXT4-fs error (device loop5): ext4_init_orphan_info:581: comm syz.5.1637: inode #0: comm syz.5.1637: iget: illegal inode # [ 723.017688][T11013] EXT4-fs (loop5): get orphan inode failed [ 723.024664][T11013] EXT4-fs (loop5): mount failed [ 723.533599][T11030] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 723.554146][T11028] netlink: 'syz.4.1652': attribute type 10 has an invalid length. [ 723.576179][T11028] team0: Port device dummy0 added [ 723.612885][T11028] netlink: 'syz.4.1652': attribute type 10 has an invalid length. [ 723.623629][T11028] bond0: (slave sit0): The slave device specified does not support setting the MAC address [ 723.637333][T11028] bond0: (slave sit0): Error -95 calling set_mac_address [ 723.999179][ T30] audit: type=1326 audit(1781172367.642:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.3.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 724.022920][ T30] audit: type=1326 audit(1781172367.642:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.3.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 724.051652][ T30] audit: type=1326 audit(1781172367.642:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.3.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 724.074707][ T30] audit: type=1326 audit(1781172367.642:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.3.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 724.097850][ T30] audit: type=1326 audit(1781172367.653:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.3.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 724.120955][ T30] audit: type=1326 audit(1781172367.653:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.3.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 724.143865][ T30] audit: type=1326 audit(1781172367.653:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.3.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 724.167332][ T30] audit: type=1326 audit(1781172367.653:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.3.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 724.190533][ T30] audit: type=1326 audit(1781172367.653:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.3.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 724.530572][T11051] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1659'. [ 725.365208][T11064] bridge0: port 3(syz_tun) entered blocking state [ 725.373401][T11064] bridge0: port 3(syz_tun) entered disabled state [ 725.384316][T11064] syz_tun: entered promiscuous mode [ 725.904418][T11066] No such timeout policy "syz0" [ 726.465825][ T50] Bluetooth: hci5: command 0x0405 tx timeout [ 727.110422][T11084] loop5: detected capacity change from 0 to 128 [ 727.203366][T11082] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 727.211348][T11082] overlayfs: failed to set xattr on upper [ 727.217247][T11082] overlayfs: ...falling back to redirect_dir=nofollow. [ 727.224447][T11082] overlayfs: ...falling back to metacopy=off. [ 727.231129][T11082] overlayfs: ...falling back to index=off. [ 727.237188][T11082] overlayfs: ...falling back to uuid=null. [ 727.398642][ T9995] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 727.623592][ T9995] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 727.634605][ T9995] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 727.733305][ T9995] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 727.743483][ T9995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 727.752020][ T9995] usb 6-1: SerialNumber: syz [ 728.073807][ T9995] usb 6-1: 0:2 : does not exist [ 728.229739][ T9995] usb 6-1: USB disconnect, device number 14 [ 729.091866][T11102] ip6gre2: entered promiscuous mode [ 729.097503][T11102] ip6gre2: entered allmulticast mode [ 729.146419][ T59] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 729.155514][ T59] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 729.176383][T10050] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 729.316237][T11105] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 729.970669][T10050] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 730.201624][T10050] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 731.170949][T11127] overlayfs: failed to clone upperpath [ 731.198189][T11130] 9pnet_fd: Insufficient options for proto=fd [ 731.645166][T11139] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1690'. [ 731.659569][T11131] No such timeout policy "syz0" [ 731.940543][T11139] team0: Mode "" not found [ 732.619117][T11146] trusted_key: encrypted_key: master key parameter 'trusted:' is invalid [ 733.171116][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 735.034671][T11175] sctp: [Deprecated]: syz.3.1704 (pid 11175) Use of struct sctp_assoc_value in delayed_ack socket option. [ 735.034671][T11175] Use struct sctp_sack_info instead [ 735.455719][T11184] loop5: detected capacity change from 0 to 1024 [ 735.835607][T11193] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1706'. [ 736.315560][ T3443] hfsplus: b-tree write err: -5, ino 4 [ 736.776968][T11202] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1712'. [ 737.871840][T11211] bond3: option lacp_active: invalid value (8) [ 738.313150][T11198] loop5: detected capacity change from 0 to 65536 [ 738.338206][T11211] bond3 (unregistering): Released all slaves [ 738.468734][T11198] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 738.601237][T11198] XFS (loop5): Ending clean mount [ 738.752004][ T9099] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 741.552491][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 741.674500][T11257] loop5: detected capacity change from 0 to 1024 [ 742.040649][T11260] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1730'. [ 742.965431][T11282] fuse: Invalid rootmode [ 743.549826][T11287] Option ' âgÙÆo+xuqRx«ÉoµFºí:Ä4þJ1Î^“Q~³_u_<ß' to dns_resolver key: bad/missing value [ 744.871598][T11296] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1747'. [ 745.454223][T11302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 745.469958][T11302] 8021q: adding VLAN 0 to HW filter on device team0 [ 745.626063][T11302] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 745.645217][ T5857] lo speed is unknown, defaulting to 1000 [ 745.651946][ T5857] syz2: Port: 1 Link ACTIVE [ 746.542719][T11319] Driver unsupported XDP return value 0 on prog (id 346) dev N/A, expect packet loss! [ 746.565213][T11296] syz.2.1747 (11296) used greatest stack depth: 2440 bytes left [ 748.380272][T11330] loop5: detected capacity change from 0 to 32768 [ 748.392168][T11330] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1759 (11330) [ 748.413459][T11330] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 748.424203][T11330] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 748.579215][T11330] BTRFS info (device loop5): enabling ssd optimizations [ 748.586881][T11330] BTRFS info (device loop5): turning on async discard [ 748.594158][T11330] BTRFS info (device loop5): enabling free space tree [ 748.601482][T11330] BTRFS info (device loop5): use zstd compression, level 3 [ 748.755086][T11330] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1759'. [ 749.036920][ T9099] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 749.669469][T11372] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1769'. [ 750.314662][T11385] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1773'. [ 750.324485][T11385] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1773'. [ 751.356165][T11397] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1778'. [ 751.483703][T11396] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1778'. [ 751.601900][T11401] netlink: 'syz.5.1780': attribute type 10 has an invalid length. [ 751.612610][T11401] bridge0: port 3(syz_tun) entered disabled state [ 751.715343][T11404] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1780'. [ 751.802593][T11401] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 752.180406][T11412] fuse: Unknown parameter 'pagemap' [ 752.578761][T11426] loop5: detected capacity change from 0 to 64 [ 753.540791][T11426] BFS-fs: bfs_fill_super(): Inode 0x00000032 corrupted on loop5 [ 754.174267][ T30] audit: type=1326 audit(1781172655.345:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11425 comm="syz.5.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c53d8f749 code=0x7ffc0000 [ 754.197323][ T30] audit: type=1326 audit(1781172655.345:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11425 comm="syz.5.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c53d8f749 code=0x7ffc0000 [ 754.221597][ T30] audit: type=1326 audit(1781172655.355:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11425 comm="syz.5.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f3c53d8f749 code=0x7ffc0000 [ 754.244628][ T30] audit: type=1326 audit(1781172655.355:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11425 comm="syz.5.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c53d8f749 code=0x7ffc0000 [ 754.267532][ T30] audit: type=1326 audit(1781172655.418:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11425 comm="syz.5.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f3c53d8f749 code=0x7ffc0000 [ 754.290788][ T30] audit: type=1326 audit(1781172655.418:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11425 comm="syz.5.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c53d8f749 code=0x7ffc0000 [ 754.313784][ T30] audit: type=1326 audit(1781172655.418:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11425 comm="syz.5.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c53d8f749 code=0x7ffc0000 [ 754.820712][ T6462] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 754.836732][T11441] loop5: detected capacity change from 0 to 512 [ 754.879651][T11441] EXT4-fs (loop5): Test dummy encryption mode enabled [ 754.887297][T11441] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 754.979546][T11441] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.1794: bad orphan inode 131083 [ 754.997050][T11441] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 755.261865][T11453] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1799'. [ 755.331230][T11441] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))" [ 755.477509][ T6462] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 755.614073][ T9099] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 756.097830][ T6462] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 756.535839][T10050] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 756.551308][T11477] tipc: Enabling of bearer rejected, failed to enable media [ 756.749414][T10050] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 756.759492][T10050] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.828039][T10050] usb 6-1: config 0 descriptor?? [ 757.293477][T11474] lo speed is unknown, defaulting to 1000 [ 757.402062][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 757.467209][T10050] udl 6-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 757.662177][T10050] [drm:udl_init] *ERROR* Selecting channel failed [ 757.705035][T10050] [drm] Initialized udl 0.0.1 for 6-1:0.0 on minor 2 [ 757.712522][T10050] [drm] Initialized udl on minor 2 [ 757.725414][T10050] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 757.735445][T10050] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 757.750829][ T6478] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 757.772033][ T6478] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 757.781451][ T6478] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 757.794617][T10050] usb 6-1: USB disconnect, device number 15 [ 760.292006][T11523] tipc: Enabled bearer , priority 0 [ 761.361302][T10050] tipc: Node number set to 4294246401 [ 761.613051][T11538] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1826'. [ 763.640995][T11566] netlink: 'syz.3.1833': attribute type 3 has an invalid length. [ 765.488468][T11592] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1839'. [ 765.944674][T11596] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1840'. [ 766.009447][T11596] 8021q: adding VLAN 0 to HW filter on device bond1 [ 766.089419][T11596] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1840'. [ 766.116411][T11596] macvlan2: entered promiscuous mode [ 766.122338][T11596] macvlan2: entered allmulticast mode [ 766.133759][T11596] bond1: (slave macvlan2): Opening slave failed [ 766.178005][T11601] netlink: 'syz.1.1841': attribute type 10 has an invalid length. [ 766.224340][T11601] syz_tun: entered promiscuous mode [ 766.244644][T11601] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 766.276559][T11600] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1841'. [ 766.499544][T11605] openvswitch: netlink: Actions may not be safe on all matching packets [ 770.360324][T11630] batadv_slave_0: entered promiscuous mode [ 770.434502][T11630] netlink: 27 bytes leftover after parsing attributes in process `syz.3.1853'. [ 770.502905][T11629] batadv_slave_0: left promiscuous mode [ 770.635983][ T6462] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 770.805305][ T6462] usb 6-1: device descriptor read/64, error -71 [ 771.073050][ T6462] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 771.242899][ T6462] usb 6-1: device descriptor read/64, error -71 [ 771.358114][ T6462] usb usb6-port1: attempt power cycle [ 771.592058][T11642] fuse: Unknown parameter 'fd0x0000000000000003' [ 771.754361][ T6462] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 771.816092][ T6462] usb 6-1: device descriptor read/8, error -71 [ 772.071934][ T6462] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 772.123569][ T6462] usb 6-1: device descriptor read/8, error -71 [ 772.238125][ T6462] usb usb6-port1: unable to enumerate USB device [ 772.663702][T11658] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1866'. [ 772.827749][T11662] netlink: 'syz.4.1867': attribute type 10 has an invalid length. [ 772.838342][T11662] syz_tun: entered promiscuous mode [ 772.857210][T11662] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 772.878572][T11662] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1867'. [ 773.291940][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 773.298861][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 774.140375][T11677] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1874'. [ 775.840525][T11682] loop5: detected capacity change from 0 to 2048 [ 776.081505][T11682] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 776.089409][T11682] UDF-fs: Scanning with blocksize 512 failed [ 776.293917][T11682] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 777.112641][T11708] loop5: detected capacity change from 0 to 2048 [ 777.196486][T11708] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 777.236228][T11708] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 777.244523][T11708] UDF-fs: Scanning with blocksize 512 failed [ 777.274658][T11713] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1886'. [ 777.374378][T11708] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 777.437294][ T30] audit: type=1800 audit(1781172679.773:203): pid=11708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1884" name="file1" dev="loop5" ino=838 res=0 errno=0 [ 778.785810][T11740] Cannot find map_set index 0 as target [ 779.545561][T11746] netlink: 'syz.3.1898': attribute type 10 has an invalid length. [ 779.593217][T11729] loop5: detected capacity change from 0 to 65536 [ 779.607315][T11746] syz_tun: entered promiscuous mode [ 779.635403][T11746] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 779.705083][T11729] XFS (loop5): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 780.097173][T11729] XFS (loop5): Ending clean mount [ 780.115704][T11729] XFS (loop5): Quotacheck needed: Please wait. [ 780.128111][ T3889] XFS (loop5): Metadata CRC error detected at xfs_agfl_read_verify+0x1b0/0x2f0, xfs_agfl block 0x3 [ 780.140268][ T3889] XFS (loop5): Unmount and run xfs_repair [ 780.146323][ T3889] XFS (loop5): First 128 bytes of corrupted metadata buffer: [ 780.154113][ T3889] 00000000: 58 41 46 4c 00 00 00 00 d6 f6 9d bd 8c 5d 46 be XAFL.........]F. [ 780.163319][ T3889] 00000010: b8 8e 92 c0 ae 88 ce b2 00 00 00 00 00 00 00 00 ................ [ 780.172619][ T3889] 00000020: 35 fc 5c 25 ff 00 ff ff 00 00 00 05 00 00 00 06 5.\%............ [ 780.182326][ T3889] 00000030: 00 00 00 07 00 00 00 08 ff ff ff ff ff ff ff ff ................ [ 780.191612][ T3889] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 780.201406][ T3889] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 780.210717][ T3889] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 780.220084][ T3889] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 780.229550][ T3889] XFS (loop5): metadata I/O error in "xfs_alloc_read_agfl+0x242/0x460" at daddr 0x3 len 1 error 74 [ 780.257311][T11729] XFS (loop5): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 780.612962][ T30] audit: type=1804 audit(1781172683.122:204): pid=11760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1900" name="file1" dev="tmpfs" ino=2102 res=1 errno=0 [ 781.112859][ T9099] XFS (loop5): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 781.152087][ T9099] XFS (loop5): Uncorrected metadata errors detected; please run xfs_repair. [ 781.423933][T11775] netlink: 'syz.1.1904': attribute type 10 has an invalid length. [ 781.472547][T11778] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1904'. [ 782.715651][T11796] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1909'. [ 782.724960][T11796] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1909'. [ 782.912523][T11798] netlink: 'syz.2.1910': attribute type 10 has an invalid length. [ 783.771864][T11802] usb usb8: usbfs: process 11802 (syz.5.1903) did not claim interface 5 before use [ 784.595076][T11820] 9pnet_fd: Insufficient options for proto=fd [ 785.170458][T11837] netlink: 'syz.3.1922': attribute type 10 has an invalid length. [ 785.747732][T11846] loop5: detected capacity change from 0 to 64 [ 786.058022][T11849] overlayfs: failed to resolve './file0': -2 [ 786.430432][T11861] loop5: detected capacity change from 0 to 2048 [ 786.451172][T11864] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1934'. [ 786.488797][T11865] netlink: zone id is out of range [ 786.498463][T11865] netlink: zone id is out of range [ 786.504196][T11865] netlink: zone id is out of range [ 786.509467][T11865] netlink: zone id is out of range [ 786.514987][T11865] netlink: zone id is out of range [ 786.520369][T11865] netlink: zone id is out of range [ 786.533984][T11865] netlink: zone id is out of range [ 786.539449][T11865] netlink: zone id is out of range [ 786.547927][T11865] netlink: zone id is out of range [ 786.553453][T11865] netlink: zone id is out of range [ 786.783232][T11861] loop5: p2 p3 p7 [ 786.920991][ T9995] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 786.975767][T11869] netlink: 'syz.3.1936': attribute type 10 has an invalid length. [ 787.118747][ T9995] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 787.127482][ T9995] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 787.136970][ T9995] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 787.148668][ T9995] usb 6-1: config 220 has no interface number 2 [ 787.156256][ T9995] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 787.170144][ T9995] usb 6-1: config 220 interface 0 has no altsetting 0 [ 787.177186][ T9995] usb 6-1: config 220 interface 76 has no altsetting 0 [ 787.184503][ T9995] usb 6-1: config 220 interface 1 has no altsetting 0 [ 787.274514][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 787.285848][ T9995] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 787.296043][ T9995] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 787.304645][ T9995] usb 6-1: Product: syz [ 787.309030][ T9995] usb 6-1: Manufacturer: syz [ 787.314124][ T9995] usb 6-1: SerialNumber: syz [ 787.335772][T11875] sctp: [Deprecated]: syz.2.1939 (pid 11875) Use of int in max_burst socket option deprecated. [ 787.335772][T11875] Use struct sctp_assoc_value instead [ 787.608723][ T9995] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 787.619913][ T9995] uvcvideo 6-1:220.0: No valid video chain found. [ 787.627289][ T9995] usb 6-1: selecting invalid altsetting 0 [ 787.710024][ T9995] usb 6-1: selecting invalid altsetting 0 [ 787.716375][ T9995] usbtest 6-1:220.1: probe with driver usbtest failed with error -22 [ 787.772093][ T9995] usb 6-1: USB disconnect, device number 20 [ 787.984373][T11889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1943'. [ 787.993995][T11889] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1943'. [ 788.038451][ T3763] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 788.048305][ T3763] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 788.060642][T11889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1943'. [ 788.070350][T11889] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1943'. [ 788.084409][ T3763] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 788.095607][ T3763] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 788.184382][T11893] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1942'. [ 788.512273][T11897] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1945'. [ 788.527539][T11897] netlink: 'syz.5.1945': attribute type 3 has an invalid length. [ 788.619922][T11901] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1947'. [ 789.360245][T11913] netlink: 'syz.5.1951': attribute type 10 has an invalid length. [ 789.431699][ T5807] Bluetooth: hci2: unexpected event for opcode 0x2042 [ 790.860779][T11923] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1955'. [ 790.929080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 791.104530][T11928] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1955'. [ 791.631551][T11939] overlay: ./file0 is not a directory [ 791.666356][T11942] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1962'. [ 792.176240][T11948] netlink: 'syz.5.1965': attribute type 10 has an invalid length. [ 793.339948][ T5807] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 793.348929][ T5807] Bluetooth: hci2: Injecting HCI hardware error event [ 793.526751][ T50] Bluetooth: hci2: hardware error 0x00 [ 793.868910][T11961] loop5: detected capacity change from 0 to 256 [ 793.933055][T11961] exfat: Deprecated parameter 'utf8' [ 794.040842][T11961] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d) [ 794.130441][T11965] __nla_validate_parse: 3 callbacks suppressed [ 794.130541][T11965] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1972'. [ 795.659902][ T50] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 795.829893][T11977] loop5: detected capacity change from 0 to 512 [ 795.901091][T11977] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 795.988281][T11977] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 214 vs 220 free clusters [ 796.009694][T11977] EXT4-fs (loop5): 1 truncate cleaned up [ 796.018662][T11977] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 796.628938][T11988] netlink: 'syz.3.1979': attribute type 10 has an invalid length. [ 796.693793][ T9099] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 797.443180][T12003] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1986'. [ 797.452716][T12003] team0: No ports can be present during mode change [ 797.517538][T12009] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1988'. [ 798.334880][T12009] loop5: detected capacity change from 0 to 32768 [ 798.346778][T12009] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1988 (12009) [ 798.384760][T12009] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 798.395582][T12009] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 798.472282][T12018] netlink: 'syz.3.1992': attribute type 10 has an invalid length. [ 798.540601][T12009] BTRFS info (device loop5): enabling ssd optimizations [ 798.548172][T12009] BTRFS info (device loop5): turning on async discard [ 798.558633][T12009] BTRFS info (device loop5): enabling free space tree [ 798.565949][T12009] BTRFS info (device loop5): use zstd compression, level 3 [ 798.915176][ T9099] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 799.095044][ T30] audit: type=1326 audit(1781172702.502:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 799.118248][ T30] audit: type=1326 audit(1781172702.512:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 799.141942][ T30] audit: type=1326 audit(1781172702.512:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 799.164962][ T30] audit: type=1326 audit(1781172702.512:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 799.187739][ T30] audit: type=1326 audit(1781172702.523:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 799.210791][ T30] audit: type=1326 audit(1781172702.523:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 799.233653][ T30] audit: type=1326 audit(1781172702.523:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 799.273339][ T30] audit: type=1326 audit(1781172702.701:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3e1f98f34b code=0x7ffc0000 [ 799.297201][ T30] audit: type=1326 audit(1781172702.701:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1f98f749 code=0x7ffc0000 [ 799.320384][ T30] audit: type=1326 audit(1781172702.701:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3e1f98df90 code=0x7ffc0000 [ 799.906404][T12046] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1999'. [ 800.311711][T12054] loop5: detected capacity change from 0 to 2048 [ 800.349818][T12054] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 800.381424][T12057] netlink: 'syz.4.2002': attribute type 1 has an invalid length. [ 800.391631][T12054] UDF-fs: warning (device loop5): udf_fill_super: No partition found (2) [ 802.476934][T12064] loop5: detected capacity change from 0 to 65536 [ 802.526847][T12064] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 802.615726][T12064] XFS (loop5): Ending clean mount [ 802.752034][ T9099] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 803.904707][T12112] tipc: Enabling of bearer rejected, failed to enable media [ 805.615670][T12135] 9pnet_fd: Insufficient options for proto=fd [ 806.212220][T12143] netlink: 'syz.1.2026': attribute type 13 has an invalid length. [ 807.183940][T12143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 807.199161][T12143] 8021q: adding VLAN 0 to HW filter on device team0 [ 807.365294][T12143] net_ratelimit: 31 callbacks suppressed [ 807.365376][T12143] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 810.930178][T12186] overlayfs: failed to resolve './file0': -2 [ 811.151282][T12188] loop5: detected capacity change from 0 to 1024 [ 812.267299][T12200] xt_l2tp: v2 sid > 0xffff: 262144 [ 812.839672][T12215] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 812.958345][T12211] x_tables: duplicate underflow at hook 2 [ 812.996303][T12215] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 813.126670][T12215] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 813.259809][T12224] loop5: detected capacity change from 0 to 512 [ 813.283088][T12215] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 813.309360][T12224] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 813.367092][T12224] EXT4-fs (loop5): 1 truncate cleaned up [ 813.375566][T12224] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 813.798419][T10766] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 813.823124][ T9099] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 813.848373][T10766] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 813.903821][T10766] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 813.914991][T10766] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 814.206038][T12244] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2060'. [ 814.495635][T12251] loop5: detected capacity change from 0 to 2048 [ 814.536297][T12251] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 816.198803][T12270] loop5: detected capacity change from 0 to 128 [ 816.254174][T12270] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 816.281214][T12270] ext4 filesystem being mounted at /143/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 816.567928][ T9099] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 816.968742][T12291] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 817.233743][ T5857] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 817.366329][ T5857] usb 6-1: device descriptor read/64, error -71 [ 817.594044][ T5857] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 817.727138][ T5857] usb 6-1: device descriptor read/64, error -71 [ 817.860927][ T5857] usb usb6-port1: attempt power cycle [ 818.213242][ T5857] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 818.282594][ T5857] usb 6-1: device descriptor read/8, error -71 [ 818.521889][ T5857] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 818.606585][ T5857] usb 6-1: device descriptor read/8, error -71 [ 818.719930][T12308] bridge0: port 3(bond0) entered blocking state [ 818.727855][T12308] bridge0: port 3(bond0) entered disabled state [ 818.734651][T12308] bond0: entered allmulticast mode [ 818.740168][T12308] bond_slave_0: entered allmulticast mode [ 818.746317][T12308] bond_slave_1: entered allmulticast mode [ 818.752254][T12308] syz_tun: entered allmulticast mode [ 818.765918][T12308] bond0: entered promiscuous mode [ 818.771284][T12308] bond_slave_0: entered promiscuous mode [ 818.778944][T12308] bond_slave_1: entered promiscuous mode [ 818.789675][T12308] bridge0: port 3(bond0) entered blocking state [ 818.796775][T12308] bridge0: port 3(bond0) entered forwarding state [ 818.814421][ T5857] usb usb6-port1: unable to enumerate USB device [ 820.688787][T12351] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2093'. [ 820.757982][T12351] 8021q: adding VLAN 0 to HW filter on device bond2 [ 820.773631][T12348] xt_CT: No such helper "syz0" [ 820.796076][T12351] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2093'. [ 820.945857][T12355] netlink: 'syz.3.2094': attribute type 10 has an invalid length. [ 821.198488][T12359] loop5: detected capacity change from 0 to 2048 [ 821.227447][T12359] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 821.480429][ T5857] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 821.632881][ T5857] usb 6-1: Using ep0 maxpacket: 32 [ 821.677457][ T5857] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 821.687993][ T5857] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 821.798675][ T5857] usb 6-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=4d.a7 [ 821.809002][ T5857] usb 6-1: New USB device strings: Mfr=152, Product=158, SerialNumber=3 [ 821.817873][ T5857] usb 6-1: Product: syz [ 821.822234][ T5857] usb 6-1: Manufacturer: syz [ 821.827437][ T5857] usb 6-1: SerialNumber: syz [ 821.891248][ T5857] usb 6-1: config 0 descriptor?? [ 821.929620][ T5857] usb 6-1: no audio or video endpoints found [ 822.108212][T12359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 822.118703][T12359] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 822.430409][T12373] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 822.457679][T12373] CIFS mount error: No usable UNC path provided in device string! [ 822.457679][T12373] [ 822.468377][T12373] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 823.327684][T12386] xt_l2tp: v2 sid > 0xffff: 262144 [ 824.517701][ T6478] usb 6-1: USB disconnect, device number 25 [ 824.914975][T12397] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 826.213950][ T50] Bluetooth: hci5: SCO packet for unknown connection handle 1024 [ 826.832130][T12411] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2112'. [ 827.259779][T12415] bond3: (slave bridge1): Enslaving as an active interface with an up link [ 827.368068][T12411] macvlan2: entered promiscuous mode [ 827.373629][T12411] macvlan2: entered allmulticast mode [ 827.382646][T12411] bond3: entered promiscuous mode [ 827.388320][T12411] bridge1: entered promiscuous mode [ 827.397832][T12411] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 827.464142][T12411] bond3: left promiscuous mode [ 827.469290][T12411] bridge1: left promiscuous mode [ 828.260977][T12433] netlink: 'syz.5.2119': attribute type 3 has an invalid length. [ 828.355583][T12435] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 828.524344][T12438] netlink: 240 bytes leftover after parsing attributes in process `syz.5.2119'. [ 828.777758][ T6478] usb 6-1: new low-speed USB device number 26 using dummy_hcd [ 828.964309][ T6478] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 828.974007][ T6478] usb 6-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 828.985607][ T6478] usb 6-1: config 179 has no interface number 0 [ 828.992446][ T6478] usb 6-1: config 179 interface 65 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 829.006175][ T6478] usb 6-1: config 179 interface 65 has no altsetting 0 [ 829.013353][ T6478] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 829.022876][ T6478] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.137739][T12453] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 829.171500][T12453] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2126'. [ 829.317292][ T6478] usb 6-1: USB disconnect, device number 26 [ 829.551676][T12459] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2129'. [ 829.766346][T12463] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 829.987761][T12465] CIFS mount error: No usable UNC path provided in device string! [ 829.987761][T12465] [ 829.998524][T12465] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 830.663317][ T6478] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 830.796319][ T6478] usb 6-1: device descriptor read/64, error -71 [ 831.803982][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 831.811387][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 831.890832][T12498] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 831.922724][ T6478] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 832.047035][T12499] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2145'. [ 832.065841][ T6478] usb 6-1: device descriptor read/64, error -71 [ 832.431453][ T6478] usb usb6-port1: attempt power cycle [ 832.768283][ T6478] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 832.808513][ T6478] usb 6-1: device descriptor read/8, error -71 [ 833.083075][ T6478] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 833.283543][T12518] openvswitch: netlink: ERSPAN option length err (len 1620, max 255). [ 833.434203][ T6478] usb 6-1: device descriptor read/8, error -71 [ 833.549927][ T6478] usb usb6-port1: unable to enumerate USB device [ 833.702068][T12522] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 836.166318][T12561] overlayfs: failed to clone upperpath [ 836.291146][T12563] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2165'. [ 836.321440][T12563] ipvlan0: entered promiscuous mode [ 836.332362][T12563] ipvlan0: left promiscuous mode [ 836.447634][T12565] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 836.649691][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 836.649779][ T30] audit: type=1800 audit(1781172741.943:228): pid=12569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2168" name="nullb0" dev="tmpfs" ino=1840 res=0 errno=0 [ 837.933132][T12572] lo speed is unknown, defaulting to 1000 [ 838.062881][ T50] Bluetooth: hci1: ISO packet for unknown connection handle 2622 [ 838.099101][T12575] loop5: detected capacity change from 0 to 4096 [ 838.117143][T12583] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2173'. [ 838.122518][T12575] EXT4-fs: Mount option(s) incompatible with ext3 [ 839.994633][T12599] loop5: detected capacity change from 0 to 32768 [ 840.020435][T12599] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2177 (12599) [ 840.040780][T12599] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 840.052021][T12599] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 840.291405][T12599] BTRFS info (device loop5): enabling ssd optimizations [ 840.299392][T12599] BTRFS info (device loop5): turning on async discard [ 840.306796][T12599] BTRFS info (device loop5): enabling free space tree [ 840.314012][T12599] BTRFS info (device loop5): use zstd compression, level 3 [ 840.407649][ T30] audit: type=1800 audit(1781172745.890:229): pid=12599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2177" name="bus" dev="loop5" ino=263 res=0 errno=0 [ 840.651497][ T9099] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 842.093832][T12643] netlink: 'syz.1.2187': attribute type 10 has an invalid length. [ 842.364239][T12648] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 843.914874][T12670] netlink: 91 bytes leftover after parsing attributes in process `syz.1.2193'. [ 843.940943][T12677] loop5: detected capacity change from 0 to 16 [ 844.587880][T12684] xt_hashlimit: size too large, truncated to 1048576 [ 844.874495][T12689] netlink: 'syz.3.2199': attribute type 10 has an invalid length. [ 844.908226][T12691] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 846.409248][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 848.185714][T12716] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 848.342921][ T5857] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 848.567795][T12718] netlink: 'syz.1.2212': attribute type 10 has an invalid length. [ 848.869897][ T5857] usb 6-1: device descriptor read/64, error -71 [ 849.089445][T12724] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.100947][T12724] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.111723][T12724] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.272722][T12723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.282579][T12723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.955470][ T5857] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 851.725547][T12755] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 851.831174][T12757] netlink: 544 bytes leftover after parsing attributes in process `syz.5.2226'. [ 852.150766][T12760] tipc: Enabling of bearer rejected, failed to enable media [ 852.580097][T12781] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 852.589874][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.570752][T12795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2232'. [ 853.605370][T12796] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.614954][T12796] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.624795][T12796] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.650363][T12798] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2234'. [ 853.710418][T12796] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.719830][T12796] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.839788][T12794] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 856.951916][T12862] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2255'. [ 857.058874][T12864] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 857.068965][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 857.945148][ T5857] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 858.024337][ T5857] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 858.678501][ T59] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 858.959223][T12895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2266'. [ 859.078771][T12897] ===================================================== [ 859.086022][T12897] BUG: KMSAN: uninit-value in bpf_prog_run_generic_xdp+0x1a5a/0x2000 [ 859.094552][T12897] bpf_prog_run_generic_xdp+0x1a5a/0x2000 [ 859.100668][T12897] do_xdp_generic+0xd52/0x1690 [ 859.105681][T12897] tun_get_user+0x45c0/0x6d70 [ 859.110830][T12897] tun_chr_write_iter+0x3e9/0x5c0 [ 859.116208][T12897] vfs_write+0xbe2/0x15d0 [ 859.120709][T12897] __x64_sys_write+0x1fb/0x4d0 [ 859.125818][T12897] x64_sys_call+0x3014/0x3e30 [ 859.130763][T12897] do_syscall_64+0xd9/0xfa0 [ 859.135680][T12897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.141779][T12897] [ 859.144198][T12897] Uninit was stored to memory at: [ 859.149765][T12897] pskb_expand_head+0x310/0x1610 [ 859.155225][T12897] do_xdp_generic+0xa79/0x1690 [ 859.160312][T12897] tun_get_user+0x45c0/0x6d70 [ 859.165441][T12897] tun_chr_write_iter+0x3e9/0x5c0 [ 859.170693][T12897] vfs_write+0xbe2/0x15d0 [ 859.175440][T12897] __x64_sys_write+0x1fb/0x4d0 [ 859.180476][T12897] x64_sys_call+0x3014/0x3e30 [ 859.185576][T12897] do_syscall_64+0xd9/0xfa0 [ 859.190316][T12897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.196549][T12897] [ 859.198975][T12897] Uninit was created at: [ 859.203611][T12897] __kmalloc_node_track_caller_noprof+0xb4b/0x1ba0 [ 859.210337][T12897] kmalloc_reserve+0x22f/0x4b0 [ 859.215591][T12897] __alloc_skb+0x347/0x7d0 [ 859.220210][T12897] alloc_skb_with_frags+0xc5/0xa60 [ 859.225686][T12897] sock_alloc_send_pskb+0xacc/0xc60 [ 859.231397][T12897] tun_get_user+0x1142/0x6d70 [ 859.236297][T12897] tun_chr_write_iter+0x3e9/0x5c0 [ 859.241859][T12897] vfs_write+0xbe2/0x15d0 [ 859.246370][T12897] __x64_sys_write+0x1fb/0x4d0 [ 859.251508][T12897] x64_sys_call+0x3014/0x3e30 [ 859.256422][T12897] do_syscall_64+0xd9/0xfa0 [ 859.261337][T12897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.267438][T12897] [ 859.270071][T12897] CPU: 1 UID: 0 PID: 12897 Comm: syz.4.2267 Not tainted syzkaller #0 PREEMPT(none) [ 859.279769][T12897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 859.290177][T12897] ===================================================== [ 859.297355][T12897] Disabling lock debugging due to kernel taint [ 859.303651][T12897] Kernel panic - not syncing: kmsan.panic set ... [ 859.310236][T12897] CPU: 1 UID: 0 PID: 12897 Comm: syz.4.2267 Tainted: G B syzkaller #0 PREEMPT(none) [ 859.321411][T12897] Tainted: [B]=BAD_PAGE [ 859.325690][T12897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 859.335901][T12897] Call Trace: [ 859.339304][T12897] [ 859.342430][T12897] __dump_stack+0x26/0x30 [ 859.346991][T12897] dump_stack_lvl+0x53/0x270 [ 859.351809][T12897] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 859.357869][T12897] dump_stack+0x1e/0x25 [ 859.362288][T12897] vpanic+0x435/0xd30 [ 859.366515][T12897] panic+0x15d/0x160 [ 859.370687][T12897] kmsan_report+0x31c/0x320 [ 859.375402][T12897] ? __msan_warning+0x1b/0x30 [ 859.380275][T12897] ? bpf_prog_run_generic_xdp+0x1a5a/0x2000 [ 859.386430][T12897] ? do_xdp_generic+0xd52/0x1690 [ 859.391616][T12897] ? tun_get_user+0x45c0/0x6d70 [ 859.396692][T12897] ? tun_chr_write_iter+0x3e9/0x5c0 [ 859.402115][T12897] ? vfs_write+0xbe2/0x15d0 [ 859.406790][T12897] ? __x64_sys_write+0x1fb/0x4d0 [ 859.411903][T12897] ? x64_sys_call+0x3014/0x3e30 [ 859.417010][T12897] ? do_syscall_64+0xd9/0xfa0 [ 859.421934][T12897] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.428225][T12897] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 859.434284][T12897] ? ___bpf_prog_run+0xea65/0xeba0 [ 859.439647][T12897] ? __bpf_prog_run32+0xc2/0xf0 [ 859.444714][T12897] ? kmsan_get_metadata+0xfb/0x160 [ 859.450074][T12897] __msan_warning+0x1b/0x30 [ 859.454775][T12897] bpf_prog_run_generic_xdp+0x1a5a/0x2000 [ 859.460842][T12897] do_xdp_generic+0xd52/0x1690 [ 859.465854][T12897] ? tun_get_user+0x40f1/0x6d70 [ 859.470979][T12897] ? filter_irq_stacks+0x49/0x190 [ 859.476307][T12897] ? kmsan_get_metadata+0xfb/0x160 [ 859.481657][T12897] ? tun_get_user+0x453f/0x6d70 [ 859.486770][T12897] tun_get_user+0x45c0/0x6d70 [ 859.491696][T12897] ? stack_depot_save_flags+0x35/0x7b0 [ 859.497409][T12897] ? kmsan_get_metadata+0xfb/0x160 [ 859.502751][T12897] ? kmsan_get_metadata+0xfb/0x160 [ 859.508084][T12897] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 859.514711][T12897] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 859.521151][T12897] tun_chr_write_iter+0x3e9/0x5c0 [ 859.526449][T12897] vfs_write+0xbe2/0x15d0 [ 859.531014][T12897] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 859.536821][T12897] __x64_sys_write+0x1fb/0x4d0 [ 859.541818][T12897] x64_sys_call+0x3014/0x3e30 [ 859.546754][T12897] do_syscall_64+0xd9/0xfa0 [ 859.551517][T12897] ? irqentry_exit+0x16/0x60 [ 859.556338][T12897] ? clear_bhb_loop+0x40/0x90 [ 859.561234][T12897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.567348][T12897] RIP: 0033:0x7ffb1838e1ff [ 859.571918][T12897] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 859.591848][T12897] RSP: 002b:00007ffb191bc000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 859.600483][T12897] RAX: ffffffffffffffda RBX: 00007ffb185e5fa0 RCX: 00007ffb1838e1ff [ 859.608641][T12897] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 00000000000000c8 [ 859.616823][T12897] RBP: 00007ffb18413f91 R08: 0000000000000000 R09: 0000000000000000 [ 859.624967][T12897] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 859.633117][T12897] R13: 00007ffb185e6038 R14: 00007ffb185e5fa0 R15: 00007ffd73212558 [ 859.641315][T12897] [ 859.644861][T12897] Kernel Offset: disabled [ 859.649272][T12897] Rebooting in 86400 seconds..