last executing test programs: 5m28.140433944s ago: executing program 0 (id=130): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000dc0)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x0, 0x3, 0x5, 0x5, @f_listen={0xff, 0x3, 0x0, 0x82, 0xb, 0x0, 0x7f, {}, 0xf8, 0x3, 0x6, 0xc}}, 0x10) unshare(0x20400) 5m27.066164477s ago: executing program 0 (id=134): r0 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, 0x0, 0x40800) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="020800"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000000300)=""/102400, 0x19000) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c}}, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000019300)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x2, 0x1, 0x4, 0x5, {0xa, 0x4e20, 0xa6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6}}}, 0x3a) syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r6, 0x0, 0x0) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) pwrite64(r0, &(0x7f0000000a00), 0x0, 0xef8d) 5m26.203102099s ago: executing program 0 (id=138): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x14, 0x17, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x100}}, 0x14}}, 0x0) 5m25.203160539s ago: executing program 0 (id=139): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000106a053103000000000001090224000100008000090400101c0300010009210000000122f80409058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_mount_image$squashfs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x4, &(0x7f0000000280)=ANY=[], 0x2, 0x1b5, &(0x7f00000002c0)="$eJzsVc0K00AQ/ibZJo0H8aoIHhRtD23T+HPVk/QBfABLG2sxRW0K2uIhnvoeIvQ1PIiv4EHxUg8ieLBXkcjuzqZJWxARbIX9oPm++XY2O7tbJg/Tp6kP4KeDAe5AwcVZfCCCAHCJtHfX1/zV09zm+IvQ3GT/FfNH5nS+eNRPknh6UOQNoOq42HV+L4xq4Y+m/edis3NSdCAnwz8t7J2PvSvIAJzIiR1bgFEdgnPUwoKjH0tJkKg4/t++cBvefungm+pl77+/GEhxH0Ce57n0hvpH5RzZid7qnEB6F4T6kYu8yJHNTwbXAPx4PXnSSeeL1njSH8WjmKLo+q3wRhjejDoPxkkc6ieVlnD4DyG5CUD21KA0XgPwiRvsGezDlM/jFOyUb9C4LJ81pYnXM3NzFoQ3xVzu7ZDvuIerqAN4ltHWNYVDbakHgguhgi6XCyr2VlcD7cHjZLgEgTgzXEHAMdPWqBVBVASist0lcF6WdoXjHvOKec1svlnmWyRkD8JnjrwM8PC8P5tNu9LSSnmmZu1F5zKULkiuuvGqm7voH7gVCwsLCwsLC4uTxq8AAAD//6x/T6A=") execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 5m20.940704789s ago: executing program 0 (id=152): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x2a}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xe5}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x25, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6ff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 5m20.199464535s ago: executing program 0 (id=156): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000002bc0)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) syz_emit_ethernet(0x52, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000ed6a001c2c00fe8000000000000000000000000000bbfc01000000000000000000000000000006"], 0x0) 5m14.844280659s ago: executing program 3 (id=172): openat$panthor(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfb440c942bbb5e5b}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$nl_audit(0x10, 0x3, 0x9) bind$netlink(r7, &(0x7f0000000480)={0x10, 0x0, 0x0, 0xf0ffffff}, 0xc) semtimedop(0x0, &(0x7f0000000100)=[{0x4, 0x7ff}], 0x1f4, 0x0) 5m13.284398756s ago: executing program 3 (id=174): socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$vcsu(&(0x7f0000000100), 0xd, 0x412002) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x3, &(0x7f00000000c0)=ANY=[], 0x21, 0x1b2, &(0x7f0000000a40)="$eJzsVT2PEkEYfgaWQS3U2phYSBQLYXdRY6eV4QfYGiWwInHxg6UQQiJW/A8b/oaFvY3JFZdcwxV3l1zB5dq7vbwz7y7D3TVc4AjJPMnyvB/zfswweedT9D0CgJPpoI7XUJC4jW0h4AB4ILTtTV7zgdRcYn3P0fyE7b+ZY0bU63+uhWHQWaFwuS+jG8EiGWn9edf/6bs7i+bZKEFc4aCWKkisroS8vu28z+pzXE7C47XfDWftN3MxQVx0zdRXvzI4VDd9azqok/CBpxTZGvoT5hr6N/8aa+456hNZxOkaGn6kPAZQ7ra/laNe/2mrXWsGzeCL71deuM9c97lf/tgKA1f/CqNEMqKIafbSTL1p+HMAdnjA3oKBfV02aY39woylORzzkC4+xBwyRmzCAn/SWA4DHcFbPIp/0ro0mqwFlcWB2lIVAllWPG4XIq11QzlK9a9hYwQBkYSN4aQ5vAlySpGzHrWn8nKYmEbMBeYq85h5wpy8Wclb5KgMu6wVh9Tij1q32/HkPw7x6NVTNl8Cp7GS7g7NA6OqR3J+c/fzsLCwsLCwsLDYMJwFAAD//1loWrc=") mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$FE_GET_PROPERTY(0xffffffffffffffff, 0x80106f53, 0x0) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) getsockopt$inet6_mreq(r0, 0x29, 0x15, 0x0, &(0x7f0000000080)) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x6c0}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffb000/0x1000)=nil, 0x1000}, 0x3}) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f00000002c0)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}) 5m12.046539757s ago: executing program 3 (id=176): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000bc0)={0xe4, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_NAT={0x4}, @CTA_EXPECT_NAT={0x90, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x74, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x17}}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2d}}]}]}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'sip-20000\x00'}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_MASTER={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000007c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) 5m11.363959591s ago: executing program 3 (id=177): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$MRT6_ASSERT(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 5m10.284466514s ago: executing program 3 (id=180): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x1248, &(0x7f0000000200)={0x0, 0xd5a1, 0x1, 0x40000002, 0xb8}, &(0x7f0000000400)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, 0x0) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe8090000", 0x41}], 0x1) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_buf(r4, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x40bc5311, &(0x7f0000000000)={0x80, 0x1}) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000300)=0x18000, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10) setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000100)=0x8, 0x4) r6 = socket(0x40000000015, 0x5, 0x0) bind$inet(r6, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c00000000000701feffffff0000"], 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) 5m8.995997597s ago: executing program 3 (id=184): r0 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 5m4.86920645s ago: executing program 32 (id=156): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000002bc0)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) syz_emit_ethernet(0x52, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000ed6a001c2c00fe8000000000000000000000000000bbfc01000000000000000000000000000006"], 0x0) 4m53.529947109s ago: executing program 33 (id=184): r0 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 11.239130216s ago: executing program 1 (id=1091): r0 = socket(0x10, 0x80003, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0x0, 0x4e27, 0x6, 0xa, 0x20, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x6, 0x8, 0x800000000001}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x210000, 0x33}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x3500, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffe}}, 0xe8) close_range(r0, 0xffffffffffffffff, 0x0) 11.173739109s ago: executing program 1 (id=1093): openat$panthor(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfb440c942bbb5e5b}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$nl_audit(0x10, 0x3, 0x9) bind$netlink(r7, &(0x7f0000000480)={0x10, 0x0, 0x0, 0xf0ffffff}, 0xc) socket(0x400000000010, 0x3, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{0x4, 0x7ff}], 0x1f4, 0x0) 10.022976785s ago: executing program 1 (id=1095): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x14, 0x17, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x100}}, 0x14}}, 0x0) 8.361565787s ago: executing program 1 (id=1099): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat(0xffffffffffffff9c, 0x0, 0x8042, 0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_wait(r4, &(0x7f0000000340)=[{}], 0x1, 0x80000000) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r5 = userfaultfd(0x80801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000001340)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000009200000004000000ee0f6ef62e3c93068b54cb9dd5bdd93c3ae7bb0e5c18a52054092935327ecfce14f2deea204672cb8797526269a0f2600975e98212a2c193d5752d508ad28db7e839cf8e7ba6150994fac73814ce"], &(0x7f0000000080)=0x2c) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) recvmsg(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000033c0)=""/4074, 0xfea}, {&(0x7f0000000740)=""/183, 0xb7}], 0x2}, 0x40002120) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x20, &(0x7f00000001c0)={&(0x7f0000000000)=""/148, 0x94, 0x0, &(0x7f0000000180)=""/1, 0x1}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYRESOCT], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r6}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18490000feffffff000000000000000018270000", @ANYRES32=r0, @ANYBLOB="0000000002000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x52, '\x00', 0x0, @fallback=0x2, r0, 0x8, &(0x7f0000000200)={0xfffffffd, 0x5}, 0x8, 0x10, 0x0, 0x0, r6, r0, 0x3, &(0x7f00000012c0)=[r0, r0, r0, r0], &(0x7f0000001300)=[{0x2, 0x4, 0x4, 0x5}, {0x5, 0x6, 0x5, 0x5}, {0xfffffffd, 0x2, 0x4, 0x8}], 0x10, 0xf}, 0x94) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000240)={&(0x7f000046a000/0x2000)=nil, &(0x7f000012a000/0x3000)=nil, 0x2000, 0x3}) getpid() 6.983110955s ago: executing program 6 (id=1103): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffa, 0x281) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, 0x0) close(r0) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) 6.857680882s ago: executing program 6 (id=1104): socket$packet(0x11, 0x2, 0x300) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) write$tun(r0, &(0x7f00000002c0)={@val={0x8, 0x800}, @val={0x0, 0x0, 0x1, 0x0, 0x16}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x30, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x12}}, {0x4e20, 0x4e20, 0x1c, 0x0, @gue={{0x2, 0x1, 0x3, 0x7, 0x100}, "01ff8e82d6f8ae5c1f2d98b2"}}}}, 0x3e) 6.67908034s ago: executing program 1 (id=1106): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r1) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x224}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020}, 0x2020) creat(&(0x7f0000000240)='./file0\x00', 0x122) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000400)=@v3={0x3000000, [{0xb, 0x1}, {0x0, 0x3d9b}]}, 0x18, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r4, &(0x7f0000000180)=ANY=[@ANYBLOB='permprofile && \r'], 0xff) r5 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x3) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16, @ANYBLOB="07000000000000000000050000002c0003801c00038018000180080001000700000004000300080001000300000008000200246b000004000100180001801400020073797a5f74756e00000000000000000005000200040000"], 0x60}}, 0x0) r6 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x5) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffdd5}, 0x94) syz_emit_ethernet(0x8e, &(0x7f0000000380)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x58, 0x2c, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[@hopopts={0x3a}], @pkt_toobig={0x2, 0x0, 0x0, 0x4, {0x8, 0x6, "cd85b5", 0x7, 0x84, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, [], "aad25a7f302d4579b298392ccf95e1e48f10658b1a1c7edc1ffd13d9ccbf356d"}}}}}}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000004c0)="d80000001400810c4e81f782db44b9040a1d080211000000040000a118000200ff05140100000e1208000f010081a7390e0401a80016ea1f000840042e5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb0900073905a2b4f76c70cbc981e700001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d1601000000eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e006000000000000e87fbb9ad809d5e1cace81b341139f", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x2040) 5.597932004s ago: executing program 2 (id=1108): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfb440c942bbb5e5b}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000480)={0x10, 0x0, 0x0, 0xf0ffffff}, 0xc) socket(0x400000000010, 0x3, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{0x4, 0x7ff}], 0x1f4, 0x0) 5.535119687s ago: executing program 6 (id=1109): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x14, 0x17, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x100}}, 0x14}}, 0x0) 5.006721343s ago: executing program 5 (id=1110): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0x3}, 0x10) bind$tipc(r0, 0x0, 0x0) close(r0) r3 = socket(0x15, 0x5, 0x0) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r3) sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r4, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8, 0x13, 0x8}, @ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}]}, @ETHTOOL_A_COALESCE_TX_USECS={0x8, 0x6, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004040}, 0x20008000) getsockopt(r3, 0x200000000114, 0x2714, 0x0, &(0x7f0000000040)=0x4f) 4.378335634s ago: executing program 2 (id=1111): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x8}, 0xe) shutdown(r0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x82, &(0x7f0000000180)={0x0, 0x2}, 0x8) 4.313918667s ago: executing program 6 (id=1112): socketpair$unix(0x1, 0x3, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xfffffffffffff001, 0xff, 0xffff, 0xffffffff}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000000c0)=0x3) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) stat(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'veth0_vlan\x00'}) syz_open_procfs(0x0, &(0x7f0000000100)='net/igmp\x00') 4.151060115s ago: executing program 2 (id=1113): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, 0x0, 0x0) sendmmsg(r1, &(0x7f00000030c0), 0x0, 0x9200000000000004) io_submit(0x0, 0x0, 0x0) stat(0x0, 0x0) getresgid(0x0, 0x0, 0x0) getgroups(0x2, &(0x7f0000000e80)=[0xffffffffffffffff, 0xee00]) r3 = getuid() syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000340)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x2d, 0xd, 0x40000800, 0x1, 0x2, 0xe091, 0x6, 0x0, 0x0, 0x4, 0x11d7}}, &(0x7f0000000140)={0x18, 0x0, 0x7fffffffffffffff, {0x8000000000000000}}, &(0x7f00000001c0)={0x18, 0x0, 0x5, {0xffffffff}}, 0x0, &(0x7f0000000400)={0x18, 0x0, 0x3, {0xfffff50d}}, 0x0, 0x0, &(0x7f0000000500)={0x18, 0xffffffffffffffda, 0x9, {0x40}}, 0x0, &(0x7f0000000580)={0x20, 0x0, 0x4, {0x0, 0x4}}, 0x0, &(0x7f0000000840)={0x90, 0x0, 0x7, {0x5, 0x0, 0x80000001, 0x3f8000000000, 0x8000, 0x8001, {0x6, 0xc, 0x4, 0x7, 0x5, 0x2, 0x9, 0xf, 0x10001, 0x2000, 0xfffffff3, 0x0, 0x0, 0x20000, 0x80000001}}}, &(0x7f0000000900)=ANY=[@ANYBLOB="b8000000daffffffffffffffffffffff05000000000000006e0000070000000003000000970200007de05c0000000000050000000000000076000000000000000400000040000000283a2c7d0000000000000000000000004305000000000000020000008adc00002a21000000000000010000000000000000000100000000000a0000000e0000002c7d243a403a2e2a275c00000000000003000000000000000701000000000000020000000100000026"], &(0x7f0000001200)=ANY=[], &(0x7f0000000ec0)={0xa0, 0xffffffffffffffda, 0x868, {{0x3, 0x0, 0x4, 0x9, 0xb1ee, 0x1, {0x2, 0x0, 0x3fe00000, 0x7e6, 0x401, 0x0, 0x0, 0xea7, 0x4, 0xc000, 0x82, 0x0, r2, 0xfffffffb, 0x1}}, {0x0, 0x6}}}, 0x0, &(0x7f0000001040)={0x130, 0x0, 0x7, {0x8, 0x9, 0x0, '\x00', {0x100, 0x9, 0x2, 0x7, r3, 0x0, 0xc000, '\x00', 0xffffffffffffff81, 0x1000, 0x9, 0x6, {0x6}, {0x6, 0xfffffff8}, {0x800, 0x8d}, {0x7, 0x4cf}, 0x8001, 0x44, 0x200, 0x9}}}}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) 3.827174201s ago: executing program 2 (id=1114): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffa, 0x281) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, 0x0) close(r0) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) 3.769077074s ago: executing program 6 (id=1116): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat(0xffffffffffffff9c, 0x0, 0x8042, 0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_wait(r4, &(0x7f0000000340)=[{}], 0x1, 0x80000000) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r5 = userfaultfd(0x80801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000001340)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000009200000004000000ee0f6ef62e3c93068b54cb9dd5bdd93c3ae7bb0e5c18a52054092935327ecfce14f2deea204672cb8797526269a0f2600975e98212a2c193d5752d508ad28db7e839cf8e7ba6150994fac73814ce"], &(0x7f0000000080)=0x2c) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) recvmsg(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000033c0)=""/4074, 0xfea}, {&(0x7f0000000740)=""/183, 0xb7}], 0x2}, 0x40002120) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x20, &(0x7f00000001c0)={&(0x7f0000000000)=""/148, 0x94, 0x0, &(0x7f0000000180)=""/1, 0x1}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYRESOCT], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r6}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18490000feffffff000000000000000018270000", @ANYRES32=r0, @ANYBLOB="0000000002000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x52, '\x00', 0x0, @fallback=0x2, r0, 0x8, &(0x7f0000000200)={0xfffffffd, 0x5}, 0x8, 0x10, 0x0, 0x0, r6, r0, 0x3, &(0x7f00000012c0)=[r0, r0, r0, r0], &(0x7f0000001300)=[{0x2, 0x4, 0x4, 0x5}, {0x5, 0x6, 0x5, 0x5}, {0xfffffffd, 0x2, 0x4, 0x8}], 0x10, 0xf}, 0x94) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000240)={&(0x7f000046a000/0x2000)=nil, &(0x7f000012a000/0x3000)=nil, 0x2000, 0x3}) getpid() 3.662150479s ago: executing program 2 (id=1117): r0 = socket$inet(0x2, 0x3, 0x2) r1 = socket(0x1e, 0x4, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b7, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) dup2(r1, r0) 3.595014473s ago: executing program 4 (id=1118): openat$panthor(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfb440c942bbb5e5b}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$nl_audit(0x10, 0x3, 0x9) bind$netlink(r7, &(0x7f0000000480)={0x10, 0x0, 0x0, 0xf0ffffff}, 0xc) socket(0x400000000010, 0x3, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{0x4, 0x7ff}], 0x1f4, 0x0) 3.450839309s ago: executing program 5 (id=1119): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) accept4(r0, &(0x7f0000000480)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @local}}}}, 0x0, 0x0) 2.566296083s ago: executing program 4 (id=1120): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) socket$packet(0x11, 0xa, 0x300) r2 = socket$kcm(0x10, 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x33fe0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) r3 = syz_open_dev$video(0x0, 0x43, 0x16b142) ioctl$VIDIOC_S_FMT(r3, 0xc0d05640, 0x0) write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x1, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x5}, 0x1, {0x88a8}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xd, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a) 2.482445157s ago: executing program 5 (id=1121): openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000340)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) r2 = eventfd2(0x50, 0x80001) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000080)={0x1, r2}) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000000000000010001"], 0x50) 2.320482386s ago: executing program 5 (id=1122): r0 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x5452, &(0x7f0000000640)) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x20a0, 0x20000000, 0x0, 0x0, 0x0) 2.23611984s ago: executing program 4 (id=1123): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x14, 0x17, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x100}}, 0x14}}, 0x0) 2.001817071s ago: executing program 1 (id=1124): openat$kvm(0xffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r2, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) syz_open_procfs$userns(r3, &(0x7f0000000580)) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x40000021, 0x0, 0x0) r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0) move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) write(r4, &(0x7f0000000fc0)="c62521e5ba9a21ad2f3cab7629bd5b4a7764e5850f0ec7e1a9b0f8eec5bf5991cae41893fffb8d05f78f380ac193e91680bc9c0ee2a5abd4e099710af57d8bdba38e0fa58f185a989b5f217944be9fc4c594612665e474b0c262e6309b48cf3c1327c765e85869b29157274185b4556e093269451ac35b2aec73847d0d84771aadcb4238a52110f6a906fc0f81a80e458c7de13d3ebcee882cba06d76c36e779338c23f8ff7c8f6db3b388819b4eb7f1e753962124242d51193dc4f0415f87f3f2dc1d391be02b2aea87096679a31bf899d17ada4a1dcfff30bed9f44de1adc3417e1e3811", 0xe5) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000140)={0x0, 0x5, 0x1, {0xa, @pix_mp={0x9, 0x81, 0x0, 0x8, 0xa, [{0xd, 0x2}, {0x3, 0x8000}, {0xa64a80ed, 0x7fffffff}, {0x200, 0x3ff}, {0x5, 0x1}, {0x4ce, 0x8}, {0x7ff, 0x9}, {0x6, 0x1}], 0x7, 0xff, 0x6, 0x1, 0x5}}}) 1.395129401s ago: executing program 5 (id=1125): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010000304000000000400000000007400", @ANYRES32=0x0, @ANYBLOB="0000000003120100280012800b"], 0x48}}, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c0400070080000900", 0x33a) 1.308573315s ago: executing program 2 (id=1126): socket$inet6(0xa, 0x3, 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x48, &(0x7f0000000000)=ANY=[@ANYBLOB="6c617374626c6f636b3d30303030303030303030303030343030303232362c6164696e6963622c6769643d666f726765742c6e6f7374726963742c756e686964652c6e6f7374726963742c646d6f64653d30303030303030303030303031373737373737373737372c7569643d69676e6f72652c73686f727461642c766f6c756d653d30303030303030303030303030303030303030362c006ccfc2609774313e02c2d8491759bd076d2396dd461f428efd5264becd21addd0616c4f9f9ca450e594eb5a96e323ef167abe79ce4893c5efad6f0d8a069759c60b312a926d668efafdc0cce6325c6c20a1cb1e27f163af918ec6ee857c7ce7f7fbaa1014e5a39e1efcb973dfbc3da0c89621bce397c9b6d9ad6492c3efdb53eb3303884c5f720e3fea4363cd709ed949ea615bfde9c9bd5d66ea0ebac03738fce899afb6e310af29a5033ad193b0e8dcee7e85d1fef91c5e5120f484b2a5111a879e57821f0602bcf09daec6d08cca7051b20d9849873f852a294a8d7dc1f508be76636f8cd"], 0x4, 0xc24, &(0x7f0000000d00)="$eJzs3V9oXOl5B+D3myOtJW/TzG42zh/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6w0kiW5eEMJLiSUkLa45CKXNWwCvauvWggNuFfbEgKiV6UXxW03Zns3CaQtvViVM/ONNNLalrK2JXn9PMb+nTnznpnvzOrVnDN7zpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Gih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7WvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//cnez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fWOgfXs1Ir4YER+ulX8i/ndtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+sOVu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9vfBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN///n2+fApDt713Piy7s8ixej/Hct11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfx4pjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/u+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zV59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/IVI8+weba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/dNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/b5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT4i+tfynWd3jua73+m/e9G/38/UvzepzbXvpJrn92oHd7pasFeKvv/nyLF6u1/Wf+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfIb/lawJNm+Z1vv12fm5tdMmHChIn1ib3+zQQ8auX2/39Hiq9dLlJ3PzZv//9O59bG/v//fGdj+//Elly3R9v/z/bMO5H3Wvr7IgZW5hf7PxcxsPzOt19qzNcvzV6abY6MjB7//WPDR48P9z/V3bnfmNrxawePu7L/344UP/mbf17/HHvz/v/dP/87uCXX7VH/f6Z3nTbt1+z4pYAnTtn/fx0p/vXGB+v/v+l+n/91P+d74fnNOdgt2qP+f65nXi3/M9oz74Ui4uROnwsAAAAAAAAAAB4TB1MRP4sUf9v6x/Vr3m8+/ie+3K3tPf7vXvbD9f8BgPsr3/8nI8XPD341db9DZifH/89syXV7dPzvoZ55M7t0XvOOX2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYUhRxIFK8+4NWul2UtzsGTjeaV65OjU/cfbHBFCkqUbTry78Dw0dHjr3y6vHRbt5/+YftC/HG5LmTtVML84tLs8vLszO1qWbjwsLM7I4f4UGX3+pI+wWozb99ZebixeXa0ZdHNt19tXrnwNOHqidGD4+81a2dGp+YmOyp6ev/2M/+EenhPRSfIE9FET+PFO+99EH69yKiEg/eC9v87njUBqOv7L/2SkyNT7RXZK5Rb66Ud6ZKruqLqPYsNNbtkV3oxQcyFnEtIirlgI+Uqze5WF+qn5+brZ2tL600VhoLzVTpjLZcn2pUYjRFLEZEq9jrwbPf9EcRfxcp7vy6lf6jiCi6ffDimck3h0a2f4C+XRjkPZ62WkSsxmPQs7BPHYginosUP5weiv8sOn3Vbpv3I75S5msRl8u8leJ6vp3KXxCjEb/yfgKPtb4o4mykWEit9H6Re7+9XXn6W7XXmxcXemq725WP/f7BbrJtwj42EEX8sr3F30q/9H4OAAAAAAAAAAAAAPtcEV+LFDfnX0jt80PXzyltNC/VztXPz3UO6+8e+1/LS62tra1VUydrOYdyjuU8m3M652LOazmv57yR82bOWzlXc97O2coZlfz8OWs5h3KO5TybczrnYs5rOa/nvJHzZs5bOVdz3s7ZyhmOkwYAAAAAAAAAAAAAAAAA4BGpRBHfixQ/+k0rrRWd68tORydvO88VPtH+PwAA//9mFkcG") sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, 0x0) ioctl$I2C_PEC(0xffffffffffffffff, 0x703, 0xfffffffffffffff3) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd_index=0x4, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}}) socket$inet6_udp(0xa, 0x2, 0x0) lchown(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) listen(0xffffffffffffffff, 0x40) 1.236950689s ago: executing program 4 (id=1127): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffa, 0x281) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, 0x0) close(r0) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) 1.138980263s ago: executing program 5 (id=1128): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000d88000/0x1000)=nil, &(0x7f00007f2000/0x2000)=nil, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24058041) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e1f}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB='\\\x00\x00\x00\n'], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 1.138550533s ago: executing program 6 (id=1129): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r0, &(0x7f000001f000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000000)="b842068ec80f79c666b9800000c00f326635008000000f30658b9299ebf000bfaa80260fc731baf80c66b848f7288366efbafc0c66b8f5ee91dd66efbaf80c66b8c076cd8066efbafc0c66b80000000066ef0f22666466f30f09", 0x5a}], 0xaaaaaaaaaaaad59, 0x30, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = open(&(0x7f0000000180)='./file0\x00', 0x6440, 0x81) mmap$snddsp(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x13, r3, 0xd000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.055061448s ago: executing program 4 (id=1130): openat$panthor(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfb440c942bbb5e5b}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$nl_audit(0x10, 0x3, 0x9) bind$netlink(r7, &(0x7f0000000480)={0x10, 0x0, 0x0, 0xf0ffffff}, 0xc) socket(0x400000000010, 0x3, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{0x4, 0x7ff}], 0x1f4, 0x0) 0s ago: executing program 4 (id=1131): timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x1, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020) openat(0xffffffffffffff9c, 0x0, 0x20c01, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4) recvmsg(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4e21, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0) kernel console output (not intermixed with test programs): device loop1): has skinny extents [ 76.979395][ T4452] XFS (loop3): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 76.988119][ T4452] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 77.028310][ T4452] XFS (loop3): DAX and reflink cannot be used together! [ 78.111191][ T4453] BTRFS error (device loop1): open_ctree failed: -12 [ 80.618547][ T4421] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 80.762241][ T4532] loop2: detected capacity change from 0 to 32768 [ 80.985198][ T4532] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.66 (4532) [ 81.008505][ T4421] usb 2-1: Using ep0 maxpacket: 16 [ 81.810083][ T1110] cfg80211: failed to load regulatory.db [ 81.884776][ T4532] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 81.893684][ T4532] BTRFS info (device loop2): using free space tree [ 81.900221][ T4532] BTRFS info (device loop2): has skinny extents [ 82.038495][ T4421] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 82.047594][ T4421] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.067936][ T4421] usb 2-1: Product: syz [ 82.118236][ T4421] usb 2-1: Manufacturer: syz [ 82.134824][ T4421] usb 2-1: SerialNumber: syz [ 82.169968][ T4421] r8152-cfgselector 2-1: config 0 descriptor?? [ 82.573074][ T4532] BTRFS info (device loop2): enabling ssd optimizations [ 82.934982][ T4421] r8152-cfgselector 2-1: Unknown version 0x0000 [ 83.136395][ T4421] r8152-cfgselector 2-1: bad CDC descriptors [ 83.141659][ T4558] loop3: detected capacity change from 0 to 4096 [ 83.209874][ T4558] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 83.330478][ T4421] r8152-cfgselector 2-1: Unknown version 0x0000 [ 83.377016][ T4421] r8152-cfgselector 2-1: USB disconnect, device number 2 [ 83.920217][ T4583] netlink: 'syz.1.72': attribute type 3 has an invalid length. [ 87.434523][ T4613] capability: warning: `syz.2.81' uses 32-bit capabilities (legacy support in use) [ 90.150627][ T4305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.216770][ T4305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.217716][ T4642] loop4: detected capacity change from 0 to 256 [ 93.433914][ T4663] loop2: detected capacity change from 0 to 256 [ 93.858733][ T4673] loop3: detected capacity change from 0 to 40427 [ 94.008111][ T4673] F2FS-fs (loop3): Unrecognized mount option "age_extent_cache" or missing value [ 94.322999][ T4663] FAT-fs (loop2): Directory bread(block 64) failed [ 94.381003][ T4679] ip6t_REJECT: ECHOREPLY is not supported [ 94.826704][ T4663] FAT-fs (loop2): Directory bread(block 65) failed [ 94.979796][ T4663] FAT-fs (loop2): Directory bread(block 66) failed [ 95.099065][ T4663] FAT-fs (loop2): Directory bread(block 67) failed [ 95.222704][ T4663] FAT-fs (loop2): Directory bread(block 68) failed [ 95.361073][ T4681] overlayfs: failed to set xattr on upper [ 95.366973][ T4681] overlayfs: ...falling back to index=off,metacopy=off. [ 95.386910][ T4681] overlayfs: failed to resolve './file0': -2 [ 95.498404][ T4663] FAT-fs (loop2): Directory bread(block 69) failed [ 95.498553][ T4663] FAT-fs (loop2): Directory bread(block 70) failed [ 95.498589][ T4663] FAT-fs (loop2): Directory bread(block 71) failed [ 95.498662][ T4663] FAT-fs (loop2): Directory bread(block 72) failed [ 95.498695][ T4663] FAT-fs (loop2): Directory bread(block 73) failed [ 96.285436][ T4692] ubi31: attaching mtd0 [ 96.304662][ T4692] ubi31: scanning is finished [ 96.326295][ T4692] ubi31: empty MTD device detected [ 96.333264][ T4693] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 96.338201][ T4228] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 96.474233][ T4692] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 96.506392][ T4692] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 96.526801][ T4692] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 96.543432][ T4692] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 96.561662][ T4692] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 96.588443][ T4692] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 96.609406][ T4692] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2826405997 [ 96.620200][ T4228] usb 2-1: device descriptor read/64, error -71 [ 96.674186][ T4692] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 96.734013][ T4694] ubi31: background thread "ubi_bgt31d" started, PID 4694 [ 96.918388][ T4228] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 97.118363][ T4228] usb 2-1: device descriptor read/64, error -71 [ 97.238555][ T4228] usb usb2-port1: attempt power cycle [ 97.313479][ T4712] netlink: 'syz.1.108': attribute type 3 has an invalid length. [ 97.809580][ T4700] loop2: detected capacity change from 0 to 32768 [ 97.916259][ T4700] (syz.2.105,4700,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 97.985972][ T4700] (syz.2.105,4700,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 98.213236][ T4700] JBD2: Ignoring recovery information on journal [ 98.648370][ T4720] loop4: detected capacity change from 0 to 32768 [ 98.738895][ T4720] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 98.747366][ T4720] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 98.999833][ T4720] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 99.011216][ T4422] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 99.074909][ T4422] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 99.161962][ T4700] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 99.496524][ T4422] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 421ms [ 99.539005][ T4725] loop3: detected capacity change from 0 to 40427 [ 99.568802][ T4422] gfs2: fsid=syz:syz.0: jid=0: Done [ 99.575108][ T4720] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 99.616781][ T4725] F2FS-fs (loop3): Unrecognized mount option "age_extent_cache" or missing value [ 99.915962][ T4730] ip6t_REJECT: ECHOREPLY is not supported [ 100.634121][ T4732] overlayfs: failed to set xattr on upper [ 100.704481][ T4188] ocfs2: Unmounting device (7,2) on (node local) [ 100.719505][ T4732] overlayfs: ...falling back to index=off,metacopy=off. [ 100.740826][ T4732] overlayfs: failed to resolve './file0': -2 [ 102.672406][ T4740] loop2: detected capacity change from 0 to 40427 [ 102.839678][ T4740] F2FS-fs (loop2): Unrecognized mount option "errors=continue" or missing value [ 104.167181][ T4750] loop1: detected capacity change from 0 to 4096 [ 104.183482][ T4756] loop4: detected capacity change from 0 to 4096 [ 104.224667][ T4750] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 104.433951][ T4753] loop0: detected capacity change from 0 to 8192 [ 105.189550][ T4185] ntfs3: loop1: ntfs_evict_inode r=3 failed, -22. [ 105.202588][ T4185] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 105.210516][ T4185] ntfs3: loop1: ntfs_set_state r=3 failed, -22. [ 105.645453][ T4773] loop1: detected capacity change from 0 to 40427 [ 105.658255][ T4775] overlayfs: failed to resolve './bus': -2 [ 106.014639][ T4773] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value [ 106.247995][ T4778] ip6t_REJECT: ECHOREPLY is not supported [ 107.311552][ T4782] netlink: 60 bytes leftover after parsing attributes in process `syz.4.125'. [ 107.329079][ T4782] unsupported nlmsg_type 40 [ 107.604344][ T4759] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.613199][ T4759] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.726996][ T4790] netlink: 'syz.1.128': attribute type 3 has an invalid length. [ 107.775516][ T26] audit: type=1326 audit(1774107241.239:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4783 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe086bcf799 code=0x7ffc0000 [ 107.848415][ T26] audit: type=1326 audit(1774107241.269:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4783 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe086bcf799 code=0x7ffc0000 [ 107.870571][ C1] vkms_vblank_simulate: vblank timer overrun [ 108.744287][ T4759] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.623279][ T4759] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.657700][ T4801] overlayfs: failed to set xattr on upper [ 109.664446][ T4801] overlayfs: ...falling back to index=off,metacopy=off. [ 110.457467][ T4797] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 111.191323][ T4816] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 111.240162][ T4816] IPVS: nq: FWM 3 0x00000003 - no destination available [ 111.314091][ T4759] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.428328][ T4759] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.437548][ T4759] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.447685][ T4759] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.666861][ T4822] overlayfs: failed to resolve './bus': -2 [ 112.644254][ T4763] netlink: 52 bytes leftover after parsing attributes in process `syz.2.122'. [ 112.717459][ T4763] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.725109][ T4763] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.747069][ T4226] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 112.881814][ T4779] netlink: 17279 bytes leftover after parsing attributes in process `syz.4.125'. [ 113.912939][ T4834] loop3: detected capacity change from 0 to 262144 [ 113.960783][ T4834] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 scanned by syz.3.141 (4834) [ 113.994582][ T4834] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 114.003930][ T4834] BTRFS info (device loop3): using free space tree [ 114.010735][ T4834] BTRFS info (device loop3): has skinny extents [ 114.017006][ T4834] BTRFS info (device loop3): flagging fs with big metadata feature [ 114.128531][ T4226] usb 1-1: Using ep0 maxpacket: 16 [ 114.269602][ T4226] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.346007][ T4226] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.358376][ T4226] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 114.371709][ T4226] usb 1-1: config 0 interface 0 has no altsetting 0 [ 114.373264][ T4847] overlayfs: failed to set xattr on upper [ 114.378639][ T4226] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 114.394033][ T4226] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.398436][ T4847] overlayfs: ...falling back to index=off,metacopy=off. [ 114.427713][ T4226] usb 1-1: config 0 descriptor?? [ 114.609471][ T4847] overlayfs: failed to resolve './file0': -2 [ 115.029148][ T4834] BTRFS info (device loop3): enabling ssd optimizations [ 115.123670][ T4828] loop0: detected capacity change from 0 to 8 [ 115.418732][ T4868] loop7: detected capacity change from 0 to 16384 [ 115.498663][ T4868] loop7: detected capacity change from 16384 to 16383 [ 115.707129][ T4422] usb 1-1: USB disconnect, device number 2 [ 115.905370][ T4882] loop3: detected capacity change from 0 to 256 [ 115.964762][ T4882] exfat: Deprecated parameter 'namecase' [ 115.983612][ T4882] exfat: Deprecated parameter 'utf8' [ 116.625611][ T4882] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d) [ 116.864245][ T4890] tmpfs: Bad value for 'mpol' [ 117.013536][ T4894] overlayfs: failed to resolve './bus': -2 [ 117.801052][ T4902] xt_hashlimit: size too large, truncated to 1048576 [ 118.874390][ T4917] overlayfs: failed to set xattr on upper [ 118.925676][ T4919] loop2: detected capacity change from 0 to 512 [ 118.969041][ T4917] overlayfs: ...falling back to index=off,metacopy=off. [ 119.470508][ T4200] Bluetooth: Frame is too long (len 18, expected len 4) [ 119.671629][ T4919] FAT-fs (loop2): error, invalid access to FAT (entry 0x000000c8) [ 119.812792][ T4926] capability: warning: `syz.1.162' uses deprecated v2 capabilities in a way that may be insecure [ 120.914226][ T4939] netlink: 24 bytes leftover after parsing attributes in process `syz.4.166'. [ 120.916486][ T4938] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 124.188152][ C1] sched: RT throttling activated [ 124.765945][ T4969] loop3: detected capacity change from 0 to 8 [ 124.821507][ T4969] SQUASHFS error: zstd decompression error: 2 [ 124.827933][ T4969] SQUASHFS error: zstd decompression failed, data probably corrupt [ 124.836382][ T4969] SQUASHFS error: Failed to read block 0x62b: -5 [ 124.842851][ T4969] SQUASHFS error: Unable to read metadata cache entry [629] [ 124.850349][ T4969] SQUASHFS error: Unable to read directory block [629:ff26] [ 127.495258][ T4984] loop4: detected capacity change from 0 to 8192 [ 127.580092][ T4992] loop2: detected capacity change from 0 to 64 [ 127.642900][ T4994] netlink: 'syz.1.181': attribute type 3 has an invalid length. [ 129.220229][ T5007] ip6t_REJECT: ECHOREPLY is not supported [ 130.892155][ T26] audit: type=1800 audit(1774107264.359:9): pid=4996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.182" name="regulatory.db.p7s" dev="sda1" ino=449 res=0 errno=0 [ 130.929580][ T4996] platform regulatory.0: loading /lib/firmware/regulatory.db.p7s failed with error -4 [ 130.950296][ T4996] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -4 [ 131.115843][ T4996] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db.p7s [ 132.315541][ T4996] syz.2.182 (4996) used greatest stack depth: 18512 bytes left [ 132.655527][ T4304] attempt to access beyond end of device [ 132.655527][ T4304] loop2: rw=1, want=268435470, limit=64 [ 132.738437][ T4304] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 132.740457][ T5018] overlayfs: failed to set xattr on upper [ 132.758373][ T5018] overlayfs: ...falling back to index=off,metacopy=off. [ 132.917695][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.924240][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.427166][ T5030] loop2: detected capacity change from 0 to 8192 [ 135.830425][ T5042] netlink: 'syz.1.195': attribute type 3 has an invalid length. [ 136.551591][ T5034] chnl_net:caif_netlink_parms(): no params data found [ 137.121438][ T5034] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.128922][ T5034] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.146052][ T5034] device bridge_slave_0 entered promiscuous mode [ 137.642509][ T4232] Bluetooth: hci5: command 0x0409 tx timeout [ 137.654725][ T5034] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.664033][ T5034] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.692271][ T5034] device bridge_slave_1 entered promiscuous mode [ 137.762188][ T5063] loop4: detected capacity change from 0 to 64 [ 137.784475][ T5034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 138.027537][ T5059] loop1: detected capacity change from 0 to 40427 [ 138.037207][ T5034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.068283][ T5034] team0: Port device team_slave_0 added [ 138.980579][ T5059] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value [ 138.996518][ T5034] team0: Port device team_slave_1 added [ 139.213031][ T5069] ip6t_REJECT: ECHOREPLY is not supported [ 139.688267][ T4426] Bluetooth: hci5: command 0x041b tx timeout [ 140.672082][ T5034] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 140.804156][ T5034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.840015][ T5080] overlayfs: failed to set xattr on upper [ 140.845905][ T5080] overlayfs: ...falling back to index=off,metacopy=off. [ 140.853319][ T5034] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 140.955026][ T5034] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 141.169194][ T5034] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.205966][ T5034] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 141.770394][ T4232] Bluetooth: hci5: command 0x040f tx timeout [ 141.873596][ T4270] attempt to access beyond end of device [ 141.873596][ T4270] loop4: rw=1, want=268435470, limit=64 [ 141.907649][ T4270] Buffer I/O error on dev loop4, logical block 134217734, lost async page write [ 141.911494][ T5034] device hsr_slave_0 entered promiscuous mode [ 141.978748][ T5034] device hsr_slave_1 entered promiscuous mode [ 142.008860][ T5034] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 142.016462][ T5034] Cannot create hsr debugfs directory [ 142.061169][ T5088] 8021q: VLANs not supported on ip6gre0 [ 142.178956][ T5087] loop1: detected capacity change from 0 to 8192 [ 142.384024][ T5098] netlink: 'syz.4.208': attribute type 3 has an invalid length. [ 144.082110][ T4422] Bluetooth: hci5: command 0x0419 tx timeout [ 144.367957][ T1393] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.771418][ T1393] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.570208][ T5116] overlayfs: failed to set xattr on upper [ 145.594518][ T5116] overlayfs: ...falling back to index=off,metacopy=off. [ 146.127864][ T1393] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.289535][ T5122] loop2: detected capacity change from 0 to 64 [ 146.411317][ T1393] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.248348][ T154] attempt to access beyond end of device [ 147.248348][ T154] loop2: rw=1, want=268435470, limit=64 [ 147.318491][ T154] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 147.599081][ T5118] chnl_net:caif_netlink_parms(): no params data found [ 148.641669][ T5138] loop2: detected capacity change from 0 to 8192 [ 148.720457][ T5034] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 148.763374][ T1107] Bluetooth: hci0: command 0x0409 tx timeout [ 148.853642][ T5034] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 148.895233][ T5034] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 149.604220][ T5034] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 149.987407][ T5118] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.996440][ T5158] loop4: detected capacity change from 0 to 64 [ 150.011870][ T5118] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.021074][ T5118] device bridge_slave_0 entered promiscuous mode [ 150.787604][ T5160] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4 [ 150.810123][ T1107] Bluetooth: hci0: command 0x041b tx timeout [ 150.822959][ T5163] overlayfs: failed to set xattr on upper [ 150.838357][ T5163] overlayfs: ...falling back to index=off,metacopy=off. [ 151.010670][ T5118] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.019542][ T5160] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4 [ 151.538941][ T5160] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 151.542085][ T5118] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.587535][ T4235] attempt to access beyond end of device [ 151.587535][ T4235] loop4: rw=1, want=268435470, limit=64 [ 151.601638][ T4235] Buffer I/O error on dev loop4, logical block 134217734, lost async page write [ 151.615319][ T5118] device bridge_slave_1 entered promiscuous mode [ 151.737212][ T5118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.801505][ T5118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.821829][ T5034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.884068][ T5034] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.902821][ T4235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 151.904267][ T5175] loop1: detected capacity change from 0 to 1024 [ 151.915218][ T4235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.978551][ T5118] team0: Port device team_slave_0 added [ 152.005474][ T5118] team0: Port device team_slave_1 added [ 152.019639][ T5178] netlink: 'syz.2.230': attribute type 3 has an invalid length. [ 152.041109][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.065239][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.088104][ T4305] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.095361][ T4305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.142503][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 152.190432][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 152.238950][ T4305] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.246112][ T4305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.451012][ T5118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 152.459341][ T5118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.488087][ T5118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 152.514165][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 152.531427][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 152.556965][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 152.672873][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 152.734061][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.793175][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 152.880148][ T5118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 152.936003][ T5118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.235536][ T5118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.318643][ T1107] Bluetooth: hci0: command 0x040f tx timeout [ 153.350740][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 153.457458][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 153.529872][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 153.541536][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.586723][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 153.601004][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 153.627039][ T5034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 153.684744][ T5118] device hsr_slave_0 entered promiscuous mode [ 153.719092][ T5118] device hsr_slave_1 entered promiscuous mode [ 153.731648][ T5118] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 153.754173][ T5118] Cannot create hsr debugfs directory [ 154.277089][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 154.288672][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 154.458586][ T5118] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 154.507690][ T5118] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 154.536090][ T5034] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.552458][ T5118] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 154.566004][ T5118] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 154.631763][ T1393] device hsr_slave_0 left promiscuous mode [ 154.640242][ T1393] device hsr_slave_1 left promiscuous mode [ 154.666249][ T1393] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.694016][ T1393] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.707047][ T5223] loop2: detected capacity change from 0 to 64 [ 154.719195][ T1393] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.726983][ T1393] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.097064][ T1393] device bridge_slave_1 left promiscuous mode [ 155.384364][ T4260] Bluetooth: hci0: command 0x0419 tx timeout [ 155.405185][ T1393] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.441594][ T5228] overlayfs: failed to set xattr on upper [ 155.455549][ T5228] overlayfs: ...falling back to index=off,metacopy=off. [ 155.489290][ T1393] device bridge_slave_0 left promiscuous mode [ 155.704065][ T1393] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.808100][ T1393] device veth1_macvtap left promiscuous mode [ 155.820097][ T1393] device veth0_macvtap left promiscuous mode [ 155.826525][ T1393] device veth1_vlan left promiscuous mode [ 155.838556][ T1393] device veth0_vlan left promiscuous mode [ 156.183103][ T5232] loop1: detected capacity change from 0 to 8192 [ 157.075214][ T1393] team0 (unregistering): Port device team_slave_1 removed [ 157.107640][ T1393] team0 (unregistering): Port device team_slave_0 removed [ 157.198863][ T1393] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 157.287759][ T1393] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 159.022541][ T1393] bond0 (unregistering): Released all slaves [ 159.811263][ T9] attempt to access beyond end of device [ 159.811263][ T9] loop2: rw=1048577, want=268435470, limit=64 [ 159.869704][ T9] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 160.023442][ T5266] netlink: 'syz.4.245': attribute type 3 has an invalid length. [ 160.368238][ T5118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.576000][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 160.593500][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 160.618508][ T5118] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.628073][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.644968][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.695066][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.744788][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.774945][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.782153][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.811791][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.834691][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.852470][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.859652][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.994966][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.012965][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.120066][ T5283] overlayfs: failed to set xattr on upper [ 161.125928][ T5283] overlayfs: ...falling back to index=off,metacopy=off. [ 161.199633][ T5034] device veth0_vlan entered promiscuous mode [ 161.260366][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 161.276391][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 161.717369][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.814312][ T5034] device veth1_vlan entered promiscuous mode [ 161.853506][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.952548][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.984687][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.048434][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 162.077520][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 162.221814][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 162.270042][ T5294] loop2: detected capacity change from 0 to 8192 [ 162.311920][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 162.343540][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 162.369993][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 162.430551][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 162.455527][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 162.481193][ T5118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 162.540793][ T4570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 162.568899][ T4570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 162.587845][ T5034] device veth0_macvtap entered promiscuous mode [ 162.656022][ T5034] device veth1_macvtap entered promiscuous mode [ 162.675280][ T5034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.690251][ T5034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.701249][ T5034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.846048][ T5034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.932886][ T5034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.950073][ T5034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.987674][ T5034] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.078287][ T5034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.128360][ T5034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.164113][ T5034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.176683][ T5034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.186661][ T5034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.197344][ T5034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.211483][ T5034] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.227023][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 164.235929][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 164.279457][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 164.292842][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 164.331544][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 164.462912][ T5324] loop2: detected capacity change from 0 to 64 [ 164.476237][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 165.391252][ T5034] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.482953][ T5034] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.507638][ T5034] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.646881][ T5034] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.712369][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 165.721547][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 165.731205][ T144] attempt to access beyond end of device [ 165.731205][ T144] loop2: rw=1, want=268435470, limit=64 [ 165.770564][ T5118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.783303][ T144] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 166.010537][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.023931][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.038002][ T5342] overlayfs: failed to set xattr on upper [ 166.060243][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 166.069514][ T5342] overlayfs: ...falling back to index=off,metacopy=off. [ 166.099443][ T5342] overlayfs: failed to resolve './file0': -2 [ 166.820893][ T4297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.867783][ T4297] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.910814][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 166.937546][ T5357] netlink: 'syz.1.260': attribute type 3 has an invalid length. [ 167.083977][ T5352] loop4: detected capacity change from 0 to 8192 [ 167.133598][ T5366] syz.5.190 uses obsolete (PF_INET,SOCK_PACKET) [ 167.236134][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 167.273071][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 167.522509][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 167.596263][ T5375] FAT-fs (loop4): error, clusters badly computed (2 != 1) [ 167.603964][ T5375] FAT-fs (loop4): Filesystem has been set read-only [ 167.949271][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 167.967868][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 167.999270][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 168.054762][ T5118] device veth0_vlan entered promiscuous mode [ 168.220588][ T5118] device veth1_vlan entered promiscuous mode [ 169.364273][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 169.558947][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 169.841562][ T5118] device veth0_macvtap entered promiscuous mode [ 169.857098][ T5118] device veth1_macvtap entered promiscuous mode [ 169.872392][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.883287][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.893492][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.911740][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.986746][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 170.039044][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.104153][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 170.166608][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.283073][ T5396] loop1: detected capacity change from 0 to 512 [ 170.298031][ T5118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 170.303651][ T5398] loop4: detected capacity change from 0 to 64 [ 170.596003][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 170.972574][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 170.973161][ T5396] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 170.991528][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 171.018006][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.034476][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.048739][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.060735][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.071789][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.083864][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.094101][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.104807][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.116361][ T5118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.127707][ T5118] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.136630][ T5118] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.145592][ T5118] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.156682][ T5118] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.258640][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 171.300005][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 171.353382][ T5396] EXT4-fs warning (device loop1): ext4_enable_quotas:6486: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 171.381107][ T4300] attempt to access beyond end of device [ 171.381107][ T4300] loop4: rw=1, want=268435470, limit=64 [ 171.399073][ T4300] Buffer I/O error on dev loop4, logical block 134217734, lost async page write [ 171.597237][ T4300] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.663753][ T4300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.721483][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 171.750457][ T5415] overlayfs: failed to set xattr on upper [ 171.751518][ T4305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.757570][ T5415] overlayfs: ...falling back to index=off,metacopy=off. [ 171.780531][ T4305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.794541][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 172.752614][ T5422] loop6: detected capacity change from 0 to 40427 [ 172.797389][ T5426] loop4: detected capacity change from 0 to 64 [ 172.818432][ T5422] F2FS-fs (loop6): Unrecognized mount option "age_extent_cache" or missing value [ 173.114767][ T5433] ip6t_REJECT: ECHOREPLY is not supported [ 174.858531][ T5419] loop5: detected capacity change from 0 to 8192 [ 174.984724][ T5442] netlink: 'syz.6.277': attribute type 3 has an invalid length. [ 175.303371][ T5447] FAT-fs (loop5): error, clusters badly computed (2 != 1) [ 175.310764][ T5447] FAT-fs (loop5): Filesystem has been set read-only [ 176.410036][ T5460] loop4: detected capacity change from 0 to 64 [ 177.259024][ T4235] attempt to access beyond end of device [ 177.259024][ T4235] loop4: rw=1, want=268435470, limit=64 [ 177.287141][ T4235] Buffer I/O error on dev loop4, logical block 134217734, lost async page write [ 177.691872][ T5472] could not allocate digest TFM handle sha3-224-ce [ 178.005896][ T5488] overlayfs: failed to set xattr on upper [ 178.047403][ T5488] overlayfs: ...falling back to index=off,metacopy=off. [ 178.162474][ T5488] overlayfs: failed to resolve './file0': -2 [ 180.255363][ T5506] loop4: detected capacity change from 0 to 8192 [ 180.509735][ T5519] loop2: detected capacity change from 0 to 256 [ 180.815073][ T5522] FAT-fs (loop4): error, clusters badly computed (2 != 1) [ 180.822452][ T5522] FAT-fs (loop4): Filesystem has been set read-only [ 180.886160][ T5519] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 181.067158][ T4226] Bluetooth: hci2: command 0x0406 tx timeout [ 181.078261][ T4226] Bluetooth: hci1: command 0x0406 tx timeout [ 181.155431][ T4226] Bluetooth: hci4: command 0x0406 tx timeout [ 181.171308][ T5519] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 181.244389][ T5519] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 181.320788][ T5519] UDF-fs: Scanning with blocksize 512 failed [ 181.333425][ T5519] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 181.420614][ T5519] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 181.498501][ T5533] loop4: detected capacity change from 0 to 64 [ 182.396404][ T4270] attempt to access beyond end of device [ 182.396404][ T4270] loop4: rw=1, want=268435470, limit=64 [ 182.492852][ T4270] Buffer I/O error on dev loop4, logical block 134217734, lost async page write [ 183.764796][ T5549] loop1: detected capacity change from 0 to 262144 [ 183.819181][ T5549] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop1 scanned by syz.1.298 (5549) [ 184.040961][ T5549] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 184.050745][ T5549] BTRFS info (device loop1): using free space tree [ 184.057294][ T5549] BTRFS info (device loop1): has skinny extents [ 184.063697][ T5549] BTRFS info (device loop1): flagging fs with big metadata feature [ 184.256869][ T5576] netlink: 'syz.2.301': attribute type 3 has an invalid length. [ 184.263154][ T5551] loop6: detected capacity change from 0 to 32768 [ 184.271436][ T5549] BTRFS info (device loop1): enabling ssd optimizations [ 184.326684][ T5551] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.297 (5551) [ 184.479734][ T5551] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 184.526998][ T5551] BTRFS info (device loop6): setting nodatasum [ 184.598392][ T5551] BTRFS info (device loop6): force zlib compression, level 3 [ 184.625365][ T5551] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_LZO (0x8) [ 184.728533][ T5551] BTRFS info (device loop6): use lzo compression, level 0 [ 184.827097][ T5551] BTRFS info (device loop6): turning on flush-on-commit [ 184.879472][ T5551] BTRFS info (device loop6): enabling auto defrag [ 184.934563][ T5551] BTRFS info (device loop6): max_inline at 4096 [ 184.948243][ T5551] BTRFS info (device loop6): using free space tree [ 184.955286][ T5551] BTRFS info (device loop6): has skinny extents [ 185.367155][ T5591] loop4: detected capacity change from 0 to 8192 [ 185.378008][ T5610] overlayfs: failed to set xattr on upper [ 185.469690][ T5610] overlayfs: ...falling back to index=off,metacopy=off. [ 185.972128][ T5551] BTRFS info (device loop6): enabling ssd optimizations [ 186.097622][ T5624] FAT-fs (loop4): error, clusters badly computed (2 != 1) [ 186.104934][ T5624] FAT-fs (loop4): Filesystem has been set read-only [ 186.385538][ T5625] loop1: detected capacity change from 0 to 1024 [ 186.696033][ T5625] hfsplus: bad catalog entry type [ 187.721829][ T4286] hfsplus: b-tree write err: -5, ino 25 [ 187.736077][ T4286] hfsplus: b-tree write err: -5, ino 4 [ 187.878749][ T4286] hfsplus: b-tree write err: -5, ino 2 [ 187.884410][ T4286] hfsplus: b-tree write err: -5, ino 26 [ 188.369803][ T5659] loop4: detected capacity change from 0 to 131072 [ 188.438982][ T5659] F2FS-fs (loop4): invalid crc value [ 188.526204][ T5659] F2FS-fs (loop4): Found nat_bits in checkpoint [ 189.171743][ T5672] loop6: detected capacity change from 0 to 40427 [ 189.188586][ T5659] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 189.350327][ T5672] F2FS-fs (loop6): Unrecognized mount option "age_extent_cache" or missing value [ 189.653563][ T5676] ip6t_REJECT: ECHOREPLY is not supported [ 191.294324][ T5690] loop1: detected capacity change from 0 to 8192 [ 191.302991][ T5701] netlink: 'syz.2.321': attribute type 3 has an invalid length. [ 192.028788][ T5710] FAT-fs (loop1): error, clusters badly computed (2 != 1) [ 192.036104][ T5710] FAT-fs (loop1): Filesystem has been set read-only [ 192.758655][ T5653] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 192.806758][ T26] audit: type=1326 audit(1774107326.269:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5722 comm="syz.1.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd27f52799 code=0x7ffc0000 [ 192.875227][ T26] audit: type=1326 audit(1774107326.299:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5722 comm="syz.1.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd27f52799 code=0x7ffc0000 [ 192.975951][ T26] audit: type=1326 audit(1774107326.299:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5722 comm="syz.1.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fbd27f52799 code=0x7ffc0000 [ 192.990461][ T5726] loop1: detected capacity change from 0 to 1024 [ 193.065211][ T26] audit: type=1326 audit(1774107326.299:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5722 comm="syz.1.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd27f52799 code=0x7ffc0000 [ 193.087325][ C1] vkms_vblank_simulate: vblank timer overrun [ 193.109796][ T26] audit: type=1326 audit(1774107326.299:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5722 comm="syz.1.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd27f52799 code=0x7ffc0000 [ 193.132756][ T5726] Quota error (device loop1): v2_read_file_info: Number of blocks too big for quota file size (6144 > 256). [ 193.146450][ T5726] EXT4-fs warning (device loop1): ext4_enable_quotas:6486: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 193.169231][ T26] audit: type=1326 audit(1774107326.309:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5722 comm="syz.1.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fbd27f52799 code=0x7ffc0000 [ 193.170090][ T5726] EXT4-fs (loop1): mount failed [ 193.195463][ T26] audit: type=1326 audit(1774107326.309:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5722 comm="syz.1.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd27f52799 code=0x7ffc0000 [ 193.219620][ T5653] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 193.229845][ T5653] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 193.250870][ T26] audit: type=1326 audit(1774107326.309:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5722 comm="syz.1.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd27f52799 code=0x7ffc0000 [ 193.311731][ T26] audit: type=1326 audit(1774107326.309:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5722 comm="syz.1.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbd27f52799 code=0x7ffc0000 [ 193.364866][ T5706] loop5: detected capacity change from 0 to 32768 [ 193.380652][ T5733] overlayfs: failed to set xattr on upper [ 193.388571][ T5733] overlayfs: ...falling back to index=off,metacopy=off. [ 193.444725][ T5653] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 193.458752][ T5653] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.467763][ T5653] usb 3-1: Product: syz [ 193.497419][ T5653] usb 3-1: Manufacturer: syz [ 193.508519][ T5653] usb 3-1: SerialNumber: syz [ 193.617911][ T5735] loop6: detected capacity change from 0 to 40427 [ 193.663784][ T5735] F2FS-fs (loop6): Unrecognized mount option "age_extent_cache" or missing value [ 193.929067][ T5744] ip6t_REJECT: ECHOREPLY is not supported [ 194.483106][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.508359][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.848607][ T5653] usb 3-1: cannot find UAC_HEADER [ 194.967859][ T5754] xt_CT: You must specify a L4 protocol and not use inversions on it [ 195.291185][ T5706] XFS (loop5): Mounting V5 Filesystem [ 195.392681][ T5706] XFS (loop5): log mount failed [ 196.106278][ T5653] snd-usb-audio: probe of 3-1:1.0 failed with error -22 [ 196.176417][ T5653] usb 3-1: USB disconnect, device number 3 [ 196.326508][ T5772] syz.2.334 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 196.402103][ T5773] loop1: detected capacity change from 0 to 8192 [ 196.557870][ T5778] netlink: 'syz.6.336': attribute type 3 has an invalid length. [ 196.797417][ T4900] udevd[4900]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 197.151139][ T5787] FAT-fs (loop1): error, clusters badly computed (2 != 1) [ 197.158476][ T5787] FAT-fs (loop1): Filesystem has been set read-only [ 197.980673][ T5798] loop5: detected capacity change from 0 to 40427 [ 198.056936][ T5798] F2FS-fs (loop5): Unrecognized mount option "age_extent_cache" or missing value [ 198.280877][ T5802] ip6t_REJECT: ECHOREPLY is not supported [ 199.895982][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.903392][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.096395][ T5828] overlayfs: failed to set xattr on upper [ 200.107196][ T5828] overlayfs: ...falling back to index=off,metacopy=off. [ 200.237369][ T5831] loop2: detected capacity change from 0 to 64 [ 201.001163][ T5796] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.039658][ T5796] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.394318][ T5796] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.403342][ T5796] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.412516][ T5796] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.421466][ T5796] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.906504][ T5836] loop5: detected capacity change from 0 to 40427 [ 201.914229][ T5841] netlink: 'syz.4.350': attribute type 3 has an invalid length. [ 202.052813][ T5832] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4 [ 202.069279][ T5836] F2FS-fs (loop5): Unrecognized mount option "age_extent_cache" or missing value [ 202.208354][ T5832] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4 [ 202.297576][ T5846] ip6t_REJECT: ECHOREPLY is not supported [ 202.710132][ T5832] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 202.807071][ T4570] attempt to access beyond end of device [ 202.807071][ T4570] loop2: rw=1, want=268435470, limit=64 [ 202.836819][ T4570] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 203.358348][ T4574] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 203.482179][ T5867] overlayfs: failed to set xattr on upper [ 203.527492][ T5867] overlayfs: ...falling back to index=off,metacopy=off. [ 203.537543][ T5867] overlayfs: failed to resolve './file0': -2 [ 203.593889][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.650938][ T4574] usb 2-1: Using ep0 maxpacket: 32 [ 203.844733][ T5882] loop2: detected capacity change from 0 to 40427 [ 203.903665][ T5879] loop6: detected capacity change from 0 to 2048 [ 203.908048][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.928599][ T4574] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xC4, skipping [ 203.951044][ T5882] F2FS-fs (loop2): Unrecognized mount option "age_extent_cache" or missing value [ 204.070501][ T4228] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 204.102045][ T5879] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 204.118583][ T5879] UDF-fs: Scanning with blocksize 512 failed [ 204.199378][ T5890] ip6t_REJECT: ECHOREPLY is not supported [ 204.308763][ T4574] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=51.16 [ 204.347276][ T4574] usb 2-1: New USB device strings: Mfr=154, Product=2, SerialNumber=3 [ 204.368882][ T4228] usb 6-1: too many configurations: 129, using maximum allowed: 8 [ 204.440821][ T4574] usb 2-1: Product: syz [ 204.501227][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 204.751554][ T5879] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 204.758221][ T5876] netlink: 'syz.4.361': attribute type 16 has an invalid length. [ 204.778331][ T4574] usb 2-1: Manufacturer: syz [ 204.795332][ T4574] usb 2-1: SerialNumber: syz [ 204.798174][ T5876] netlink: 'syz.4.361': attribute type 17 has an invalid length. [ 204.800184][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 204.859131][ T4574] usb 2-1: config 0 descriptor?? [ 204.999103][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 205.012614][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 205.039362][ T4574] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 205.138695][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 205.158405][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 205.368794][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 205.398285][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 205.508373][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 205.542018][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 205.577134][ T5876] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 205.592464][ T5876] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 205.635219][ T5876] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 205.651466][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 205.680195][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 205.798663][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 205.848323][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 205.878074][ T5902] bond1: (slave vlan0): Opening slave failed [ 205.920649][ T4284] usb 2-1: USB disconnect, device number 6 [ 205.928500][ T1393] usb 2-1: Failed to submit usb control message: -71 [ 205.938695][ T1393] usb 2-1: unable to send the bmi data to the device: -71 [ 205.964653][ T1393] usb 2-1: unable to get target info from device [ 205.968754][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 205.984637][ T1393] usb 2-1: could not get target info (-71) [ 205.996392][ T5913] netlink: 'syz.4.368': attribute type 3 has an invalid length. [ 206.012753][ T1393] usb 2-1: could not probe fw (-71) [ 206.025251][ T4228] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 206.446437][ T4228] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 206.464609][ T4228] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 206.472926][ T4228] usb 6-1: Product: syz [ 206.477279][ T4228] usb 6-1: Manufacturer: syz [ 206.510080][ T4228] usb 6-1: SerialNumber: syz [ 206.543997][ T4228] usb 6-1: config 0 descriptor?? [ 206.679930][ T4228] usb 6-1: can't set config #0, error -71 [ 206.712230][ T5922] loop6: detected capacity change from 0 to 2048 [ 206.738493][ T4228] usb 6-1: USB disconnect, device number 2 [ 206.865499][ T5922] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 206.893656][ T5922] UDF-fs: Scanning with blocksize 512 failed [ 206.919465][ T5922] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 207.586591][ T5937] overlayfs: failed to set xattr on upper [ 207.608311][ T5937] overlayfs: ...falling back to index=off,metacopy=off. [ 207.880380][ T5946] loop5: detected capacity change from 0 to 64 [ 207.958217][ T4312] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 208.708195][ T4312] usb 2-1: Using ep0 maxpacket: 8 [ 208.838318][ T5951] loop6: detected capacity change from 0 to 40427 [ 208.849397][ T5951] F2FS-fs (loop6): Unrecognized mount option "age_extent_cache" or missing value [ 208.861344][ T9] attempt to access beyond end of device [ 208.861344][ T9] loop5: rw=1, want=268435470, limit=64 [ 209.008358][ T4312] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 209.016532][ T9] Buffer I/O error on dev loop5, logical block 134217734, lost async page write [ 209.048554][ T4312] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 209.072000][ T4312] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 209.085404][ T5953] ip6t_REJECT: ECHOREPLY is not supported [ 209.740273][ T4312] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 209.755230][ T4312] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 209.764466][ T4312] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.891218][ T4312] hub 2-1:1.0: bad descriptor, ignoring hub [ 209.897186][ T4312] hub: probe of 2-1:1.0 failed with error -5 [ 209.927154][ T4312] cdc_wdm 2-1:1.0: skipping garbage [ 209.948315][ T4312] cdc_wdm 2-1:1.0: skipping garbage [ 210.151342][ T4312] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 210.157375][ T4312] cdc_wdm 2-1:1.0: Unknown control protocol [ 210.969238][ T4312] usb 2-1: USB disconnect, device number 7 [ 212.674890][ T6000] overlayfs: failed to set xattr on upper [ 212.683164][ T5992] loop2: detected capacity change from 0 to 2048 [ 212.712419][ T6000] overlayfs: ...falling back to index=off,metacopy=off. [ 212.795642][ T5992] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 213.150187][ T6003] loop6: detected capacity change from 0 to 40427 [ 213.169910][ T5992] UDF-fs: Scanning with blocksize 512 failed [ 213.469489][ T5992] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 213.519069][ T6003] F2FS-fs (loop6): Unrecognized mount option "age_extent_cache" or missing value [ 213.785045][ T6014] ip6t_REJECT: ECHOREPLY is not supported [ 215.598382][ T4573] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 215.859021][ T4573] usb 5-1: Using ep0 maxpacket: 8 [ 216.378495][ T4573] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 216.393637][ T6033] netlink: 4 bytes leftover after parsing attributes in process `syz.6.395'. [ 216.417180][ T4573] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.469152][ T4573] usb 5-1: Product: syz [ 216.494440][ T4573] usb 5-1: Manufacturer: syz [ 216.511728][ T4573] usb 5-1: SerialNumber: syz [ 216.548877][ T4573] usb 5-1: config 0 descriptor?? [ 216.610382][ T4573] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 217.053776][ T6045] netlink: 'syz.6.398': attribute type 3 has an invalid length. [ 217.278320][ T4573] gspca_sonixj: reg_w1 err -71 [ 217.283269][ T4573] sonixj: probe of 5-1:0.0 failed with error -71 [ 217.324319][ T4573] usb 5-1: USB disconnect, device number 3 [ 217.671596][ T6061] overlayfs: failed to set xattr on upper [ 217.677496][ T6061] overlayfs: ...falling back to index=off,metacopy=off. [ 218.726512][ T6066] loop1: detected capacity change from 0 to 40427 [ 218.916620][ T6066] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value [ 219.140950][ T6085] ip6t_REJECT: ECHOREPLY is not supported [ 219.168355][ T4312] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 219.888418][ T4312] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 219.917020][ T4312] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 219.979279][ T4312] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.138315][ T4312] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 220.161969][ T4312] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 220.206014][ T4312] usb 5-1: Product: syz [ 220.213233][ T6111] overlayfs: failed to set xattr on upper [ 220.223244][ T4312] usb 5-1: Manufacturer: syz [ 220.246383][ T4312] usb 5-1: SerialNumber: syz [ 220.251605][ T6111] overlayfs: ...falling back to index=off,metacopy=off. [ 220.284754][ T4312] usb 5-1: config 0 descriptor?? [ 220.519526][ T4312] hub 5-1:0.0: bad descriptor, ignoring hub [ 220.525837][ T4312] hub: probe of 5-1:0.0 failed with error -5 [ 220.971635][ T4312] usb 5-1: selecting invalid altsetting 0 [ 221.179222][ T4312] usb 5-1: USB disconnect, device number 4 [ 222.229582][ T6148] input: syz0 as /devices/virtual/input/input5 [ 222.233994][ T6138] loop4: detected capacity change from 0 to 8192 [ 222.684738][ T6160] FAT-fs (loop4): error, clusters badly computed (2 != 1) [ 222.684792][ T6160] FAT-fs (loop4): Filesystem has been set read-only [ 222.779314][ T6163] loop6: detected capacity change from 0 to 7 [ 223.010465][ T4277] Dev loop6: unable to read RDB block 7 [ 223.010563][ T4277] loop6: unable to read partition table [ 223.010727][ T4277] loop6: partition table beyond EOD, truncated [ 223.282640][ T6163] Dev loop6: unable to read RDB block 7 [ 223.282931][ T6163] loop6: unable to read partition table [ 223.283897][ T6163] loop6: partition table beyond EOD, truncated [ 223.284038][ T6163] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 224.030584][ T6182] bond1: (slave vlan0): Opening slave failed [ 224.731989][ T6204] loop1: detected capacity change from 0 to 64 [ 225.426739][ T4270] attempt to access beyond end of device [ 225.426739][ T4270] loop1: rw=1, want=268435470, limit=64 [ 225.458950][ T4270] Buffer I/O error on dev loop1, logical block 134217734, lost async page write [ 225.792747][ T6212] loop1: detected capacity change from 0 to 8192 [ 226.310518][ T6221] FAT-fs (loop1): error, clusters badly computed (2 != 1) [ 226.317875][ T6221] FAT-fs (loop1): Filesystem has been set read-only [ 226.915808][ T6230] input: syz1 as /devices/virtual/input/input6 [ 227.341786][ T6235] loop4: detected capacity change from 0 to 2048 [ 227.598373][ T6235] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 227.792363][ T6235] UDF-fs: Scanning with blocksize 512 failed [ 227.822476][ T6235] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 227.978580][ T6245] xt_hashlimit: overflow, try lower: 18446744073709551614/9 [ 228.597816][ T1393] device hsr_slave_0 left promiscuous mode [ 228.636885][ T1393] device hsr_slave_1 left promiscuous mode [ 228.673222][ T1393] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 228.697631][ T1393] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 228.713187][ T1393] device bridge_slave_1 left promiscuous mode [ 228.726283][ T1393] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.745809][ T1393] device bridge_slave_0 left promiscuous mode [ 228.754826][ T1393] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.031819][ T1393] team0 (unregistering): Port device team_slave_1 removed [ 229.084961][ T1393] team0 (unregistering): Port device team_slave_0 removed [ 229.098826][ T4228] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 229.145495][ T1393] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 229.194570][ T1393] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 229.309429][ T1393] bond0 (unregistering): Released all slaves [ 229.508761][ T4228] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.526751][ T4228] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 229.618485][ T4228] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 229.626537][ T6275] loop2: detected capacity change from 0 to 8192 [ 229.630757][ T4228] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 229.642902][ T4228] usb 2-1: Manufacturer: syz [ 229.658614][ T4228] usb 2-1: config 0 descriptor?? [ 229.925146][ T6276] FAT-fs (loop2): error, clusters badly computed (2 != 1) [ 229.932824][ T6276] FAT-fs (loop2): Filesystem has been set read-only [ 230.278733][ T6260] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 230.302774][ T6260] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 230.410191][ T6260] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.420599][ T6260] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.434409][ T6260] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.498213][ T6260] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.670747][ T4228] uclogic 0003:256C:006D.0002: interface is invalid, ignoring [ 230.952662][ T5655] usb 2-1: USB disconnect, device number 8 [ 231.634103][ T6301] loop6: detected capacity change from 0 to 2048 [ 231.904025][ T6301] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 231.912015][ T6301] UDF-fs: Scanning with blocksize 512 failed [ 231.978881][ T6301] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 232.287619][ T6316] xt_hashlimit: overflow, try lower: 18446744073709551614/9 [ 234.389112][ T6338] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 234.473812][ T6332] loop4: detected capacity change from 0 to 8192 [ 234.780235][ T6340] FAT-fs (loop4): error, clusters badly computed (2 != 1) [ 234.787566][ T6340] FAT-fs (loop4): Filesystem has been set read-only [ 235.278681][ T6350] netlink: 24 bytes leftover after parsing attributes in process `syz.4.464'. [ 235.321919][ T6350] device ip6gre1 entered promiscuous mode [ 235.330340][ T6351] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 235.508412][ T4573] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 235.769907][ T6362] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.776725][ T6354] netlink: 10 bytes leftover after parsing attributes in process `syz.5.466'. [ 235.789229][ T4573] usb 3-1: Using ep0 maxpacket: 16 [ 235.928506][ T4573] usb 3-1: config 0 has an invalid interface number: 251 but max is 0 [ 235.936729][ T4573] usb 3-1: config 0 has no interface number 0 [ 235.962782][ T6354] netlink: 40 bytes leftover after parsing attributes in process `syz.5.466'. [ 235.992298][ T4573] usb 3-1: config 0 interface 251 altsetting 255 bulk endpoint 0x4 has invalid maxpacket 16 [ 236.042725][ T4573] usb 3-1: config 0 interface 251 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 64 [ 236.095020][ T4573] usb 3-1: config 0 interface 251 has no altsetting 0 [ 236.318565][ T4573] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 236.321405][ T4421] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 236.345617][ T4573] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.368250][ T4573] usb 3-1: Product: syz [ 236.379648][ T4573] usb 3-1: Manufacturer: syz [ 236.389943][ T4573] usb 3-1: SerialNumber: syz [ 236.411452][ T4573] usb 3-1: config 0 descriptor?? [ 236.518790][ T6348] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 236.529863][ T6348] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 236.589118][ T4421] usb 6-1: device descriptor read/64, error -71 [ 236.813571][ T6348] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 236.835522][ T6348] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 236.888314][ T4421] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 237.118184][ T4421] usb 6-1: device descriptor read/64, error -71 [ 237.299434][ T4421] usb usb6-port1: attempt power cycle [ 237.328323][ T4573] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 238.256089][ T4573] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -71 [ 238.329855][ T6399] loop4: detected capacity change from 0 to 40427 [ 238.372061][ T4573] asix: probe of 3-1:0.251 failed with error -71 [ 238.407067][ T4573] usb 3-1: USB disconnect, device number 4 [ 238.420604][ T6399] F2FS-fs (loop4): Unrecognized mount option "errors=continue" or missing value [ 238.482756][ T6405] netlink: 'syz.6.474': attribute type 3 has an invalid length. [ 238.826743][ T6407] netlink: 56 bytes leftover after parsing attributes in process `syz.4.475'. [ 238.888868][ T6407] netlink: 16 bytes leftover after parsing attributes in process `syz.4.475'. [ 239.098488][ T4421] usb usb6-port1: Cannot enable. Maybe the USB cable is bad? [ 239.278375][ T4421] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 239.318230][ T4573] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 239.388334][ T4421] usb 6-1: Using ep0 maxpacket: 32 [ 239.508349][ T4421] usb 6-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 239.537690][ T4421] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.578290][ T4573] usb 5-1: Using ep0 maxpacket: 8 [ 239.645627][ T4421] usb 6-1: selecting invalid altsetting 3 [ 239.680665][ T4421] comedi comedi5: could not set alternate setting 3 in high speed [ 239.698522][ T4573] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 239.732342][ T4421] usbduxsigma 6-1:128.0: driver 'usbduxsigma' failed to auto-configure device. [ 239.733490][ T4573] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 239.825468][ T4421] usbduxsigma: probe of 6-1:128.0 failed with error -22 [ 239.835121][ T4573] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 239.900604][ T4573] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 239.988200][ T4573] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 240.048584][ T4573] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.093434][ T4232] usb 6-1: USB disconnect, device number 6 [ 240.348364][ T4573] usb 5-1: GET_CAPABILITIES returned 0 [ 240.354106][ T4573] usbtmc 5-1:16.0: can't read capabilities [ 240.643473][ T4573] usb 5-1: USB disconnect, device number 5 [ 242.537444][ T6462] loop2: detected capacity change from 0 to 40427 [ 242.688286][ T6462] F2FS-fs (loop2): Unrecognized mount option "errors=continue" or missing value [ 242.966617][ T6468] ODEBUG: Out of memory. ODEBUG disabled [ 243.076707][ T6478] netlink: 'syz.1.489': attribute type 3 has an invalid length. [ 246.803856][ T6529] loop5: detected capacity change from 0 to 40427 [ 246.877775][ T6529] F2FS-fs (loop5): Unrecognized mount option "errors=continue" or missing value [ 247.243645][ T6518] mmap: syz.4.498 (6518) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 247.758210][ T4578] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 247.768486][ T6551] program syz.5.506 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 248.048277][ T4578] usb 7-1: Using ep0 maxpacket: 32 [ 248.194541][ T4578] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.216654][ T4578] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 248.247616][ T4578] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 248.266864][ T4578] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.398845][ T4578] usb 7-1: config 0 descriptor?? [ 248.445391][ T4578] hub 7-1:0.0: USB hub found [ 248.707239][ T6582] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 248.748397][ T4578] hub 7-1:0.0: config failed, can't read hub descriptor (err -90) [ 249.048310][ T4578] usbhid 7-1:0.0: can't add hid device: -71 [ 249.061858][ T4578] usbhid: probe of 7-1:0.0 failed with error -71 [ 249.199009][ T4578] usb 7-1: USB disconnect, device number 2 [ 249.958379][ T4421] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 250.248200][ T4421] usb 7-1: Using ep0 maxpacket: 16 [ 250.388455][ T4421] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.440232][ T4421] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.492411][ T4421] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 250.528185][ T4421] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 250.547780][ T4421] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.573078][ T4421] usb 7-1: config 0 descriptor?? [ 250.768259][ T4578] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 250.848374][ T4573] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 251.001345][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 251.001362][ T26] audit: type=1326 audit(1774107384.469:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6626 comm="syz.2.522" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f08f8e89799 code=0x0 [ 251.068438][ T4578] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 251.148496][ T4578] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 251.157847][ T4578] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 251.172552][ T4578] usb 2-1: config 0 interface 0 has no altsetting 0 [ 251.188379][ T4421] usbhid 7-1:0.0: can't add hid device: -71 [ 251.194846][ T4421] usbhid: probe of 7-1:0.0 failed with error -71 [ 251.208873][ T4573] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 251.214151][ T4421] usb 7-1: USB disconnect, device number 3 [ 251.226617][ T4573] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 251.235980][ T4573] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.247038][ T4573] usb 6-1: config 0 descriptor?? [ 251.258340][ T4578] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 251.268022][ T4578] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 251.279475][ T4578] usb 2-1: config 0 interface 0 has no altsetting 0 [ 251.358461][ T4578] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 251.367496][ T4578] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 251.379067][ T4578] usb 2-1: config 0 interface 0 has no altsetting 0 [ 251.458289][ T4578] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 251.470485][ T4578] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 251.482284][ T4578] usb 2-1: config 0 interface 0 has no altsetting 0 [ 251.568228][ T4578] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 251.577313][ T4578] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 251.588590][ T4578] usb 2-1: config 0 interface 0 has no altsetting 0 [ 251.668374][ T4578] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 251.677329][ T4578] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 251.688371][ T4578] usb 2-1: config 0 interface 0 has no altsetting 0 [ 251.729416][ T4573] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor [ 251.759067][ T4573] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0003/input/input7 [ 251.778428][ T4578] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 251.787417][ T4578] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 251.798672][ T4578] usb 2-1: config 0 interface 0 has no altsetting 0 [ 251.888263][ T4578] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 251.907887][ T4578] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 251.927100][ T4573] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 251.928288][ T4421] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 251.940273][ T4578] usb 2-1: config 0 interface 0 has no altsetting 0 [ 252.128466][ T4578] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 252.137727][ T4578] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 252.189019][ T4578] usb 2-1: Product: syz [ 252.200771][ T4578] usb 2-1: Manufacturer: syz [ 252.205464][ T4578] usb 2-1: SerialNumber: syz [ 252.237935][ T4578] usb 2-1: config 0 descriptor?? [ 252.264006][ T6646] netlink: 168 bytes leftover after parsing attributes in process `syz.4.527'. [ 252.302862][ T4578] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 252.368441][ T4421] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 252.411467][ T4421] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 252.588484][ T4421] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 252.598832][ T4421] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 252.607635][ T4421] usb 7-1: SerialNumber: syz [ 252.720808][ T4578] usb 2-1: USB disconnect, device number 9 [ 252.788754][ T4578] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 252.901430][ T4421] usb 7-1: 0:2 : does not exist [ 252.947441][ T4421] usb 7-1: USB disconnect, device number 4 [ 252.992163][ T4538] udevd[4538]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 253.491833][ T4427] usb 6-1: USB disconnect, device number 7 [ 254.791141][ T6686] device syzkaller0 entered promiscuous mode [ 254.840714][ T6686] 0: reclassify loop, rule prio 0, protocol 800 [ 255.158414][ T4578] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 255.377748][ T6711] loop4: detected capacity change from 0 to 8 [ 256.169575][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.176020][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.546793][ T4578] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 256.566512][ T4578] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.610991][ T4578] usb 7-1: Product: syz [ 256.615223][ T4578] usb 7-1: Manufacturer: syz [ 256.624335][ T4578] usb 7-1: SerialNumber: syz [ 256.938464][ T4427] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 257.308733][ T4427] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 257.356709][ T4427] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.607841][ T4427] usb 2-1: config 0 descriptor?? [ 257.784474][ T4578] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 257.968310][ T4427] [drm] vendor descriptor length:6 data:06 5f 01 00 00 00 00 00 00 00 00 [ 258.184594][ T4574] Bluetooth: hci5: command 0x0406 tx timeout [ 258.196717][ T4427] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 258.229142][ T4578] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -71 [ 258.251159][ T4578] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 258.283459][ T4578] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 258.305713][ T4427] [drm:udl_init] *ERROR* Selecting channel failed [ 258.321072][ T4578] lan78xx: probe of 7-1:1.0 failed with error -71 [ 258.391234][ T4578] usb 7-1: USB disconnect, device number 5 [ 258.409180][ T4427] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 258.456219][ T4427] [drm] Initialized udl on minor 2 [ 258.514763][ T4427] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 258.558843][ T4427] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 258.637813][ T4427] usb 2-1: USB disconnect, device number 10 [ 258.656275][ T4232] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed [ 258.739810][ T4232] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed [ 258.804639][ T4232] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 259.300203][ T6776] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 260.195365][ T6783] loop6: detected capacity change from 0 to 7 [ 260.212912][ T4538] Dev loop6: unable to read RDB block 7 [ 260.228260][ T4538] loop6: unable to read partition table [ 260.251119][ T4538] loop6: partition table beyond EOD, truncated [ 260.260543][ T6783] Dev loop6: unable to read RDB block 7 [ 260.288244][ T6783] loop6: unable to read partition table [ 260.298862][ T6783] loop6: partition table beyond EOD, truncated [ 260.351547][ T6783] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 260.464723][ T3561] Dev loop6: unable to read RDB block 7 [ 260.493133][ T3561] loop6: unable to read partition table [ 260.531036][ T3561] loop6: partition table beyond EOD, truncated [ 261.778032][ T6819] loop5: detected capacity change from 0 to 8192 [ 261.924838][ T6819] FAT-fs (loop5): error, clusters badly computed (2 != 1) [ 261.932304][ T6819] FAT-fs (loop5): Filesystem has been set read-only [ 262.564796][ T6839] tipc: Started in network mode [ 262.652820][ T6839] tipc: Node identity fed44e706bf3, cluster identity 4711 [ 262.692929][ T6839] tipc: Enabled bearer , priority 0 [ 262.743228][ T6842] device syzkaller0 entered promiscuous mode [ 262.895168][ T6839] tipc: Resetting bearer [ 263.043435][ T6838] tipc: Resetting bearer [ 263.077115][ T6838] tipc: Disabling bearer [ 264.443737][ T6884] tipc: Started in network mode [ 264.454967][ T6884] tipc: Node identity 461d86ab73ba, cluster identity 4711 [ 264.480059][ T6884] tipc: Enabled bearer , priority 0 [ 264.523226][ T6886] device syzkaller0 entered promiscuous mode [ 264.598050][ T6884] netlink: 44 bytes leftover after parsing attributes in process `syz.1.584'. [ 264.656390][ T6884] tipc: Resetting bearer [ 264.700711][ T6883] tipc: Resetting bearer [ 264.751327][ T6883] tipc: Disabling bearer [ 265.848346][ T5655] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 265.972306][ T6917] netlink: 4 bytes leftover after parsing attributes in process `syz.5.589'. [ 266.108332][ T5655] usb 2-1: Using ep0 maxpacket: 16 [ 266.388451][ T5655] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 266.397764][ T5655] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.434605][ T5655] usb 2-1: Product: syz [ 266.487069][ T5655] usb 2-1: Manufacturer: syz [ 266.538228][ T5655] usb 2-1: SerialNumber: syz [ 266.565954][ T5655] r8152-cfgselector 2-1: config 0 descriptor?? [ 267.088386][ T5655] r8152-cfgselector 2-1: Unknown version 0x0000 [ 267.108399][ T5655] r8152-cfgselector 2-1: bad CDC descriptors [ 267.148232][ T5655] r8152-cfgselector 2-1: Unknown version 0x0000 [ 267.186971][ T5655] r8152-cfgselector 2-1: USB disconnect, device number 11 [ 268.668277][ T6971] netlink: 'syz.1.600': attribute type 10 has an invalid length. [ 268.689921][ T6971] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 268.803687][ T6971] 8021q: adding VLAN 0 to HW filter on device bond2 [ 268.942016][ T6971] netlink: 48 bytes leftover after parsing attributes in process `syz.1.600'. [ 269.288800][ T4232] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 269.457264][ T6991] loop4: detected capacity change from 0 to 8192 [ 269.648429][ T4232] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 269.656741][ T4232] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 269.802608][ T4232] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 269.814536][ T4232] usb 2-1: config 220 has no interface number 2 [ 269.824679][ T4232] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 269.838458][ T4232] usb 2-1: config 220 interface 0 has no altsetting 0 [ 269.845228][ T4232] usb 2-1: config 220 interface 76 has no altsetting 0 [ 269.853075][ T4232] usb 2-1: config 220 interface 1 has no altsetting 0 [ 270.018323][ T4232] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 270.032678][ T4232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.093445][ T4232] usb 2-1: Product: syz [ 270.097726][ T4232] usb 2-1: Manufacturer: syz [ 270.108729][ T4232] usb 2-1: SerialNumber: syz [ 270.308343][ T7008] input: syz1 as /devices/virtual/input/input8 [ 270.538578][ T4232] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 270.552002][ T4232] usb 2-1: No valid video chain found. [ 270.552153][ T4232] usb 2-1: selecting invalid altsetting 0 [ 270.659391][ T4232] usb 2-1: selecting invalid altsetting 0 [ 270.665189][ T4232] usbtest: probe of 2-1:220.1 failed with error -22 [ 270.750835][ T4232] usb 2-1: USB disconnect, device number 12 [ 271.753456][ T7041] device syzkaller0 entered promiscuous mode [ 271.854444][ T7041] tipc: Enabled bearer , priority 0 [ 271.892178][ T7040] tipc: Resetting bearer [ 271.963312][ T7040] tipc: Disabling bearer [ 273.133055][ T4421] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 273.224242][ T5655] Bluetooth: hci0: command 0x0406 tx timeout [ 273.388396][ T4421] usb 5-1: Using ep0 maxpacket: 32 [ 273.523239][ T4421] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 273.618848][ T7082] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 273.748478][ T4421] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 273.761057][ T4421] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 273.947863][ T7085] loop1: detected capacity change from 0 to 40427 [ 273.961582][ T7085] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value [ 274.075649][ T7085] ip6t_REJECT: ECHOREPLY is not supported [ 274.138309][ T4421] usb 5-1: Product: syz [ 274.147624][ T4421] usb 5-1: Manufacturer: syz [ 274.157135][ T4421] usb 5-1: SerialNumber: syz [ 274.200075][ T4421] usb 5-1: config 0 descriptor?? [ 274.249771][ T7067] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 274.893757][ T4573] usb 5-1: USB disconnect, device number 6 [ 275.558390][ T4573] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 275.853155][ T4573] usb 6-1: Using ep0 maxpacket: 8 [ 276.143654][ T7104] loop2: detected capacity change from 0 to 8192 [ 276.198370][ T4573] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 276.223207][ T4573] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.291123][ T4573] usb 6-1: Product: syz [ 276.305947][ T4573] usb 6-1: Manufacturer: syz [ 276.487558][ T4573] usb 6-1: SerialNumber: syz [ 276.504371][ T4573] usb 6-1: config 0 descriptor?? [ 276.549863][ T4573] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 276.638517][ T7115] FAT-fs (loop2): error, clusters badly computed (2 != 1) [ 276.645937][ T7115] FAT-fs (loop2): Filesystem has been set read-only [ 277.004769][ T4578] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 277.258224][ T4228] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 277.278352][ T4578] usb 2-1: Using ep0 maxpacket: 8 [ 277.533039][ T4228] usb 7-1: Using ep0 maxpacket: 8 [ 277.598651][ T4578] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 277.616944][ T4578] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.631498][ T4578] usb 2-1: Product: syz [ 277.635699][ T4578] usb 2-1: Manufacturer: syz [ 277.646923][ T4578] usb 2-1: SerialNumber: syz [ 277.662683][ T4578] usb 2-1: config 0 descriptor?? [ 277.715211][ T4578] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 277.806549][ T7122] loop4: detected capacity change from 0 to 40427 [ 277.835201][ T7122] F2FS-fs (loop4): Unrecognized mount option "age_extent_cache" or missing value [ 277.894911][ T4228] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 277.910795][ T4228] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.919885][ T4574] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 277.948127][ T4228] usb 7-1: Product: syz [ 277.952640][ T4228] usb 7-1: Manufacturer: syz [ 277.957292][ T4228] usb 7-1: SerialNumber: syz [ 278.004435][ T4228] usb 7-1: config 0 descriptor?? [ 278.018546][ T7122] ip6t_REJECT: ECHOREPLY is not supported [ 278.198537][ T4574] usb 3-1: Using ep0 maxpacket: 8 [ 278.308564][ T4228] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 278.334166][ T4574] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 278.519758][ T4574] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 278.538144][ T4574] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.546269][ T4574] usb 3-1: Product: syz [ 278.550958][ T4574] usb 3-1: Manufacturer: syz [ 278.555608][ T4574] usb 3-1: SerialNumber: syz [ 278.579255][ T4574] usb 3-1: config 0 descriptor?? [ 278.630256][ T4574] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 279.278293][ T4574] gspca_zc3xx: reg_w_i err -71 [ 279.336209][ T26] audit: type=1400 audit(1774107412.799:28): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=7131 comm="syz.4.633" [ 279.408376][ T4228] dvb_usb_rtl28xxu: probe of 7-1:0.0 failed with error -71 [ 279.430371][ T4228] usb 7-1: USB disconnect, device number 6 [ 279.681224][ T4573] gspca_sonixj: i2c_w8 err -71 [ 279.741440][ T4573] sonixj: probe of 6-1:0.0 failed with error -71 [ 279.757108][ T4573] usb 6-1: USB disconnect, device number 8 [ 279.898312][ T4574] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 279.905229][ T4574] gspca_zc3xx: probe of 3-1:0.0 failed with error -71 [ 279.925955][ T4574] usb 3-1: USB disconnect, device number 5 [ 280.560792][ T4578] gspca_sonixj: reg_w1 err -71 [ 280.618283][ T4578] sonixj: probe of 2-1:0.0 failed with error -71 [ 280.665513][ T4578] usb 2-1: USB disconnect, device number 13 [ 280.708851][ T4574] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 280.719125][ T4228] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 280.863139][ T7150] loop4: detected capacity change from 0 to 8 [ 280.958199][ T4228] usb 6-1: Using ep0 maxpacket: 32 [ 280.968280][ T4574] usb 3-1: Using ep0 maxpacket: 32 [ 281.078474][ T4228] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 281.088789][ T4574] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 281.348362][ T4574] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 281.357715][ T4228] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 281.367219][ T4228] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 281.377738][ T4574] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 281.386526][ T4574] usb 3-1: Product: syz [ 281.390921][ T4228] usb 6-1: Product: syz [ 281.395292][ T4574] usb 3-1: Manufacturer: syz [ 281.411398][ T4228] usb 6-1: Manufacturer: syz [ 281.423312][ T4574] usb 3-1: SerialNumber: syz [ 281.440983][ T4228] usb 6-1: SerialNumber: syz [ 281.450638][ T4574] usb 3-1: config 0 descriptor?? [ 281.461994][ T4228] usb 6-1: config 0 descriptor?? [ 281.489751][ T7138] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 281.498519][ T7141] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 281.530978][ T4228] chaoskey 6-1:0.0: Unable to register with hwrng [ 283.352984][ T7162] loop1: detected capacity change from 0 to 40427 [ 283.392967][ T4574] usb 6-1: USB disconnect, device number 9 [ 283.410557][ T7162] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value [ 283.528646][ T7162] ip6t_REJECT: ECHOREPLY is not supported [ 283.630191][ T4228] usb 3-1: USB disconnect, device number 6 [ 283.670884][ T7167] device syzkaller0 entered promiscuous mode [ 283.766245][ T7173] overlayfs: failed to resolve './bus': -2 [ 284.614031][ T7201] netlink: 'syz.4.656': attribute type 3 has an invalid length. [ 285.683185][ T4574] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 285.690966][ T4578] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 285.978195][ T4574] usb 6-1: Using ep0 maxpacket: 16 [ 286.108385][ T4574] usb 6-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 286.154882][ T4574] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xA1, skipping [ 286.258333][ T4578] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 286.289492][ T4578] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.316761][ T4578] usb 5-1: Product: syz [ 286.332503][ T4578] usb 5-1: Manufacturer: syz [ 286.349753][ T4578] usb 5-1: SerialNumber: syz [ 286.358272][ T4574] usb 6-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 286.384916][ T4574] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.390312][ T7215] loop2: detected capacity change from 0 to 2048 [ 286.418164][ T4574] usb 6-1: Product: syz [ 286.422504][ T4574] usb 6-1: Manufacturer: syz [ 286.436160][ T4574] usb 6-1: SerialNumber: syz [ 286.476568][ T4574] usb 6-1: config 0 descriptor?? [ 286.508769][ T7215] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 286.519624][ T4574] appledisplay 6-1:0.0: Could not find int-in endpoint [ 286.545088][ T4574] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 286.552696][ T7215] UDF-fs: Scanning with blocksize 512 failed [ 286.557894][ T7215] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 287.735707][ T7230] device syzkaller0 entered promiscuous mode [ 287.762088][ T7230] 0: reclassify loop, rule prio 0, protocol 800 [ 288.336455][ T7244] overlayfs: failed to set xattr on upper [ 288.375113][ T7244] overlayfs: ...falling back to index=off,metacopy=off. [ 288.433632][ T4574] usb 6-1: USB disconnect, device number 10 [ 288.443150][ T7244] overlayfs: failed to resolve './file0': -2 [ 288.637847][ T7254] netlink: 'syz.1.671': attribute type 3 has an invalid length. [ 289.488345][ T4578] rtl8150 5-1:1.0: couldn't reset the device [ 289.507607][ T4578] rtl8150: probe of 5-1:1.0 failed with error -5 [ 289.570587][ T4578] usb 5-1: USB disconnect, device number 7 [ 289.711165][ T7261] loop5: detected capacity change from 0 to 40427 [ 289.777680][ T7261] F2FS-fs (loop5): Unrecognized mount option "age_extent_cache" or missing value [ 290.874829][ T7261] ip6t_REJECT: ECHOREPLY is not supported [ 291.082730][ T7269] loop1: detected capacity change from 0 to 2048 [ 291.277758][ T7269] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 291.309107][ T7269] UDF-fs: Scanning with blocksize 512 failed [ 291.323503][ T7269] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 291.726761][ T7281] loop4: detected capacity change from 0 to 8 [ 292.130443][ T7283] device syzkaller0 entered promiscuous mode [ 292.450208][ T7287] device syzkaller0 entered promiscuous mode [ 294.486991][ T7310] loop5: detected capacity change from 0 to 64 [ 294.668903][ T4286] attempt to access beyond end of device [ 294.668903][ T4286] loop5: rw=1, want=268435470, limit=64 [ 294.718122][ T4286] Buffer I/O error on dev loop5, logical block 134217734, lost async page write [ 294.944410][ T7312] loop4: detected capacity change from 0 to 8192 [ 297.444582][ T7348] loop4: detected capacity change from 0 to 40427 [ 297.495866][ T7348] F2FS-fs (loop4): Unrecognized mount option "age_extent_cache" or missing value [ 297.508766][ T7348] ip6t_REJECT: ECHOREPLY is not supported [ 297.771496][ T7352] loop2: detected capacity change from 0 to 64 [ 298.644921][ T7359] overlayfs: failed to set xattr on upper [ 298.651045][ T7359] overlayfs: ...falling back to index=off,metacopy=off. [ 298.739348][ T9] attempt to access beyond end of device [ 298.739348][ T9] loop2: rw=1, want=268435470, limit=64 [ 298.828178][ T9] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 299.097104][ T7364] loop6: detected capacity change from 0 to 2048 [ 299.554408][ T7364] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 300.008199][ T7364] UDF-fs: Scanning with blocksize 512 failed [ 300.182872][ T7364] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 301.261524][ T7379] loop6: detected capacity change from 0 to 8192 [ 301.618287][ T7388] FAT-fs (loop6): error, clusters badly computed (2 != 1) [ 301.625615][ T7388] FAT-fs (loop6): Filesystem has been set read-only [ 302.528527][ T7394] loop5: detected capacity change from 0 to 40427 [ 302.599803][ T7394] F2FS-fs (loop5): Unrecognized mount option "age_extent_cache" or missing value [ 302.616490][ T7394] ip6t_REJECT: ECHOREPLY is not supported [ 304.186788][ T7409] loop2: detected capacity change from 0 to 2048 [ 304.476779][ T7409] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 304.580672][ T7409] UDF-fs: Scanning with blocksize 512 failed [ 304.696264][ T7409] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 306.274773][ T7426] overlayfs: failed to set xattr on upper [ 306.304349][ T7426] overlayfs: ...falling back to index=off,metacopy=off. [ 307.073788][ T7438] loop1: detected capacity change from 0 to 40427 [ 307.143926][ T7438] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value [ 307.364308][ T7440] ip6t_REJECT: ECHOREPLY is not supported [ 309.120833][ T7456] loop4: detected capacity change from 0 to 64 [ 310.144819][ T7464] loop2: detected capacity change from 0 to 2048 [ 310.234806][ T7464] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 310.324474][ T7464] UDF-fs: Scanning with blocksize 512 failed [ 310.352913][ T4297] attempt to access beyond end of device [ 310.352913][ T4297] loop4: rw=1, want=268435470, limit=64 [ 310.368560][ T4297] Buffer I/O error on dev loop4, logical block 134217734, lost async page write [ 310.401835][ T7464] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 311.406903][ T7473] loop5: detected capacity change from 0 to 8192 [ 311.549815][ T7480] loop6: detected capacity change from 0 to 40427 [ 311.627159][ T7480] F2FS-fs (loop6): Unrecognized mount option "age_extent_cache" or missing value [ 312.023741][ T7488] ip6t_REJECT: ECHOREPLY is not supported [ 312.284545][ T7487] overlayfs: failed to set xattr on upper [ 312.484800][ T7487] overlayfs: ...falling back to index=off,metacopy=off. [ 312.492414][ T7487] overlayfs: failed to resolve './file0': -2 [ 312.608177][ T7494] FAT-fs (loop5): error, clusters badly computed (2 != 1) [ 312.615574][ T7494] FAT-fs (loop5): Filesystem has been set read-only [ 315.523062][ T7516] loop6: detected capacity change from 0 to 64 [ 316.325107][ T4286] attempt to access beyond end of device [ 316.325107][ T4286] loop6: rw=1, want=268435470, limit=64 [ 316.336840][ T4286] Buffer I/O error on dev loop6, logical block 134217734, lost async page write [ 317.304929][ T7531] loop1: detected capacity change from 0 to 40427 [ 317.326870][ T7534] loop5: detected capacity change from 0 to 2048 [ 317.328522][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.342151][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.394763][ T7534] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 317.423424][ T7534] UDF-fs: Scanning with blocksize 512 failed [ 317.453023][ T7531] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value [ 317.520734][ T7534] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 317.645143][ T7541] overlayfs: failed to set xattr on upper [ 317.711688][ T7543] ip6t_REJECT: ECHOREPLY is not supported [ 318.113148][ T7541] overlayfs: ...falling back to index=off,metacopy=off. [ 320.441146][ T7565] overlayfs: missing 'lowerdir' [ 320.492678][ T7563] bond1: (slave vlan0): Releasing backup interface [ 320.680352][ T7570] loop5: detected capacity change from 0 to 64 [ 321.420971][ T7572] loop6: detected capacity change from 0 to 8192 [ 321.494151][ T154] attempt to access beyond end of device [ 321.494151][ T154] loop5: rw=1, want=268435470, limit=64 [ 321.518344][ T154] Buffer I/O error on dev loop5, logical block 134217734, lost async page write [ 321.774551][ T7579] FAT-fs (loop6): error, clusters badly computed (2 != 1) [ 321.781974][ T7579] FAT-fs (loop6): Filesystem has been set read-only [ 323.576717][ T7596] loop5: detected capacity change from 0 to 40427 [ 323.778443][ T7596] F2FS-fs (loop5): Unrecognized mount option "age_extent_cache" or missing value [ 325.058217][ T7604] ip6t_REJECT: ECHOREPLY is not supported [ 325.498569][ T7607] overlayfs: missing 'lowerdir' [ 325.509728][ T7609] overlayfs: failed to set xattr on upper [ 325.519367][ T7609] overlayfs: ...falling back to index=off,metacopy=off. [ 326.281335][ T7612] loop5: detected capacity change from 0 to 2048 [ 326.330557][ T7616] loop2: detected capacity change from 0 to 64 [ 326.353922][ T7612] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 326.367978][ T7612] UDF-fs: Scanning with blocksize 512 failed [ 326.985609][ T7612] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 327.798591][ T154] attempt to access beyond end of device [ 327.798591][ T154] loop2: rw=1, want=268435470, limit=64 [ 327.828115][ T154] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 328.890631][ T7627] loop6: detected capacity change from 0 to 8192 [ 329.343347][ T7638] FAT-fs (loop6): error, clusters badly computed (2 != 1) [ 329.350744][ T7638] FAT-fs (loop6): Filesystem has been set read-only [ 330.060454][ T7647] overlayfs: missing 'lowerdir' [ 330.979323][ T7654] overlayfs: failed to set xattr on upper [ 331.015660][ T7654] overlayfs: ...falling back to index=off,metacopy=off. [ 331.166623][ T7660] loop1: detected capacity change from 0 to 40427 [ 331.287076][ T7660] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value [ 331.635526][ T7667] ip6t_REJECT: ECHOREPLY is not supported [ 333.381254][ T7664] loop6: detected capacity change from 0 to 2048 [ 333.496316][ T7664] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 333.835859][ T7664] UDF-fs: Scanning with blocksize 512 failed [ 333.884110][ T7664] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 334.740905][ T7693] overlayfs: missing 'lowerdir' [ 334.931022][ T7689] loop1: detected capacity change from 0 to 8192 [ 336.496558][ T7716] overlayfs: failed to set xattr on upper [ 336.502722][ T7716] overlayfs: ...falling back to index=off,metacopy=off. [ 336.662632][ T7715] loop2: detected capacity change from 0 to 40427 [ 336.704661][ T7715] F2FS-fs (loop2): Unrecognized mount option "age_extent_cache" or missing value [ 337.055837][ T7720] ip6t_REJECT: ECHOREPLY is not supported [ 337.784739][ T7727] netlink: 'syz.2.801': attribute type 3 has an invalid length. [ 338.543855][ T7729] loop6: detected capacity change from 0 to 64 [ 339.322660][ T9] attempt to access beyond end of device [ 339.322660][ T9] loop6: rw=1, want=268435470, limit=64 [ 339.387504][ T7739] overlayfs: missing 'lowerdir' [ 339.394207][ T9] Buffer I/O error on dev loop6, logical block 134217734, lost async page write [ 340.236800][ T7741] loop5: detected capacity change from 0 to 8192 [ 340.764416][ T7753] loop6: detected capacity change from 0 to 2048 [ 340.886224][ T7753] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 340.976253][ T7753] UDF-fs: Scanning with blocksize 512 failed [ 341.021642][ T7753] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 342.398249][ T7765] ip6t_REJECT: ECHOREPLY is not supported [ 343.328760][ T7767] overlayfs: failed to set xattr on upper [ 343.356741][ T7767] overlayfs: ...falling back to index=off,metacopy=off. [ 343.413500][ T7778] netlink: 'syz.1.814': attribute type 3 has an invalid length. [ 344.228402][ T7767] overlayfs: failed to resolve './file0': -2 [ 344.279007][ T7779] loop2: detected capacity change from 0 to 64 [ 344.736473][ T7786] overlayfs: missing 'lowerdir' [ 346.613242][ T9] attempt to access beyond end of device [ 346.613242][ T9] loop2: rw=1, want=268435470, limit=64 [ 346.631147][ T9] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 347.732602][ T7825] ip6t_REJECT: ECHOREPLY is not supported [ 348.630453][ T7827] netlink: 'syz.5.829': attribute type 3 has an invalid length. [ 348.944598][ T7820] loop6: detected capacity change from 0 to 8192 [ 348.960107][ T7829] overlayfs: failed to set xattr on upper [ 348.965948][ T7829] overlayfs: ...falling back to index=off,metacopy=off. [ 349.705488][ T7835] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 349.716111][ T7835] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 349.846297][ T7837] loop2: detected capacity change from 0 to 2048 [ 349.992121][ T7837] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 350.022733][ T7837] UDF-fs: Scanning with blocksize 512 failed [ 350.109798][ T7837] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 350.925826][ T7846] loop5: detected capacity change from 0 to 64 [ 351.926030][ T154] attempt to access beyond end of device [ 351.926030][ T154] loop5: rw=1, want=268435470, limit=64 [ 352.266039][ T154] Buffer I/O error on dev loop5, logical block 134217734, lost async page write [ 354.258218][ T7869] ip6t_REJECT: ECHOREPLY is not supported [ 355.763388][ T7882] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 355.808165][ T7882] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 355.825231][ T7888] loop4: detected capacity change from 0 to 64 [ 355.844202][ T7889] overlayfs: failed to set xattr on upper [ 355.909640][ T7889] overlayfs: ...falling back to index=off,metacopy=off. [ 357.535940][ T7896] loop5: detected capacity change from 0 to 8192 [ 357.594692][ T7900] loop6: detected capacity change from 0 to 2048 [ 357.698795][ T4570] attempt to access beyond end of device [ 357.698795][ T4570] loop4: rw=1, want=268435470, limit=64 [ 357.732260][ T7900] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 357.760238][ T7900] UDF-fs: Scanning with blocksize 512 failed [ 357.786146][ T7900] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 357.791662][ T4570] Buffer I/O error on dev loop4, logical block 134217734, lost async page write [ 358.115618][ T7905] loop1: detected capacity change from 0 to 40427 [ 358.215202][ T7905] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value [ 359.102846][ T7918] ip6t_REJECT: ECHOREPLY is not supported [ 362.166718][ T7938] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 362.207101][ T7938] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 362.407289][ T7941] overlayfs: failed to set xattr on upper [ 362.425470][ T7941] overlayfs: ...falling back to index=off,metacopy=off. [ 363.214417][ T7949] loop1: detected capacity change from 0 to 64 [ 363.434073][ T9] attempt to access beyond end of device [ 363.434073][ T9] loop1: rw=1, want=268435470, limit=64 [ 363.494221][ T9] Buffer I/O error on dev loop1, logical block 134217734, lost async page write [ 363.630039][ T7956] bond1: (slave vlan0): Opening slave failed [ 364.903021][ T7963] loop1: detected capacity change from 0 to 8192 [ 365.139458][ T7972] overlayfs: missing 'lowerdir' [ 366.130553][ T7977] overlayfs: failed to set xattr on upper [ 366.136549][ T7977] overlayfs: ...falling back to index=off,metacopy=off. [ 366.289463][ T7976] loop2: detected capacity change from 0 to 2048 [ 366.675298][ T7976] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 366.891893][ T7976] UDF-fs: Scanning with blocksize 512 failed [ 366.954225][ T7976] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 367.557737][ T7986] loop4: detected capacity change from 0 to 40427 [ 367.652431][ T7986] F2FS-fs (loop4): Unrecognized mount option "age_extent_cache" or missing value [ 368.173044][ T7992] ip6t_REJECT: ECHOREPLY is not supported [ 368.180030][ T7990] loop2: detected capacity change from 0 to 64 [ 368.515545][ T1393] attempt to access beyond end of device [ 368.515545][ T1393] loop2: rw=1, want=268435470, limit=64 [ 368.547337][ T1393] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 368.950294][ T7998] bond1: (slave vlan0): Enslaving as a backup interface with an up link [ 370.356049][ T8014] overlayfs: missing 'lowerdir' [ 371.432268][ T8024] loop6: detected capacity change from 0 to 2048 [ 371.473271][ T8024] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 371.501531][ T8024] UDF-fs: Scanning with blocksize 512 failed [ 371.559226][ T8024] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 371.790523][ T8032] loop1: detected capacity change from 0 to 64 [ 372.574008][ T8038] loop4: detected capacity change from 0 to 8192 [ 373.935427][ T8053] overlayfs: missing 'lowerdir' [ 375.291367][ T8066] FAT-fs (loop4): error, clusters badly computed (2 != 1) [ 375.328321][ T8066] FAT-fs (loop4): Filesystem has been set read-only [ 376.707574][ T8078] loop1: detected capacity change from 0 to 2048 [ 376.885883][ T8077] loop5: detected capacity change from 0 to 40427 [ 376.936436][ T8078] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 376.947202][ T8077] F2FS-fs (loop5): Unrecognized mount option "age_extent_cache" or missing value [ 377.100497][ T8078] UDF-fs: Scanning with blocksize 512 failed [ 377.178163][ T8078] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 377.195935][ T8082] ip6t_REJECT: ECHOREPLY is not supported [ 377.209307][ T8081] loop2: detected capacity change from 0 to 64 [ 378.650912][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.657571][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.668167][ T8095] overlayfs: missing 'workdir' [ 381.871324][ T8119] loop5: detected capacity change from 0 to 8 [ 382.050994][ T8124] loop2: detected capacity change from 0 to 64 [ 383.543276][ T8134] overlayfs: missing 'workdir' [ 383.798000][ T8138] loop2: detected capacity change from 0 to 2048 [ 384.381243][ T8138] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 384.389387][ T8138] UDF-fs: Scanning with blocksize 512 failed [ 384.449206][ T8138] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 384.801320][ T8150] loop6: detected capacity change from 0 to 40427 [ 384.912887][ T8150] F2FS-fs (loop6): Unrecognized mount option "age_extent_cache" or missing value [ 385.270786][ T8156] ip6t_REJECT: ECHOREPLY is not supported [ 386.565363][ T8166] device syzkaller0 entered promiscuous mode [ 386.573137][ T8159] loop1: detected capacity change from 0 to 8192 [ 387.505532][ T8172] overlayfs: missing 'workdir' [ 387.805098][ T8179] device syzkaller0 entered promiscuous mode [ 388.029718][ T8182] FAT-fs (loop1): error, clusters badly computed (2 != 1) [ 388.062801][ T8182] FAT-fs (loop1): Filesystem has been set read-only [ 390.936152][ T8218] loop5: detected capacity change from 0 to 40427 [ 390.989844][ T8218] F2FS-fs (loop5): Unrecognized mount option "age_extent_cache" or missing value [ 391.247585][ T8220] ip6t_REJECT: ECHOREPLY is not supported [ 392.342963][ T8231] loop1: detected capacity change from 0 to 2048 [ 393.098148][ T8231] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 393.105977][ T8231] UDF-fs: Scanning with blocksize 512 failed [ 393.185633][ T8231] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 393.277975][ T8236] loop4: detected capacity change from 0 to 8 [ 393.590730][ T8246] device syzkaller0 entered promiscuous mode [ 393.611443][ T8246] 0: reclassify loop, rule prio 0, protocol 800 [ 394.004180][ T8256] overlayfs: failed to set xattr on upper [ 394.115511][ T8258] loop5: detected capacity change from 0 to 8192 [ 394.129938][ T8256] overlayfs: ...falling back to index=off,metacopy=off. [ 394.671196][ T8266] FAT-fs (loop5): error, clusters badly computed (2 != 1) [ 394.678573][ T8266] FAT-fs (loop5): Filesystem has been set read-only [ 397.130366][ T8284] loop4: detected capacity change from 0 to 8 [ 397.151173][ T8274] loop5: detected capacity change from 0 to 2048 [ 397.252959][ T8274] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 397.268155][ T8274] UDF-fs: Scanning with blocksize 512 failed [ 397.400993][ T8274] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 397.498948][ T8290] loop4: detected capacity change from 0 to 40427 [ 397.554231][ T8290] F2FS-fs (loop4): Unrecognized mount option "age_extent_cache" or missing value [ 397.594432][ T8296] overlayfs: failed to set xattr on upper [ 397.629341][ T8296] overlayfs: ...falling back to index=off,metacopy=off. [ 397.722604][ T8296] overlayfs: failed to resolve './file0': -2 [ 398.514850][ T8306] ip6t_REJECT: ECHOREPLY is not supported [ 401.494991][ T8331] loop6: detected capacity change from 0 to 8 [ 401.672437][ T8338] loop4: detected capacity change from 0 to 2048 [ 401.690963][ T8341] overlayfs: failed to set xattr on upper [ 401.738422][ T8341] overlayfs: ...falling back to index=off,metacopy=off. [ 401.795693][ T8338] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 401.889939][ T8338] UDF-fs: Scanning with blocksize 512 failed [ 401.921957][ T8338] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 404.917284][ T8377] loop4: detected capacity change from 0 to 8 [ 405.185605][ T8383] overlayfs: failed to set xattr on upper [ 405.199065][ T8383] overlayfs: ...falling back to index=off,metacopy=off. [ 405.233103][ T8383] overlayfs: failed to resolve './file0': -2 [ 406.483136][ T8402] device syzkaller0 entered promiscuous mode [ 407.718476][ T8414] tipc: Enabled bearer , priority 0 [ 407.763726][ T8414] device syzkaller0 entered promiscuous mode [ 407.930960][ T8414] tipc: Resetting bearer [ 407.942485][ T8413] tipc: Resetting bearer [ 407.960841][ T8413] tipc: Disabling bearer [ 408.116795][ T8427] overlayfs: failed to set xattr on upper [ 408.124876][ T8427] overlayfs: ...falling back to index=off,metacopy=off. [ 408.133894][ T8427] overlayfs: failed to resolve './file0': -2 [ 409.453630][ T8441] sch_tbf: burst 240 is lower than device lo mtu (65550) ! [ 409.749425][ T8446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1020'. [ 409.801328][ T4232] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 410.049231][ T4232] usb 7-1: Using ep0 maxpacket: 32 [ 410.091073][ T8446] device hsr_slave_1 left promiscuous mode [ 410.178812][ T4232] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 410.358735][ T4232] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 410.518183][ T4232] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 410.556976][ T4232] usb 7-1: Product: syz [ 410.577262][ T4232] usb 7-1: Manufacturer: syz [ 410.596602][ T4232] usb 7-1: SerialNumber: syz [ 410.637006][ T4232] usb 7-1: config 0 descriptor?? [ 410.688466][ T8439] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 410.947998][ T8455] tipc: Enabled bearer , priority 0 [ 410.992006][ T8455] device syzkaller0 entered promiscuous mode [ 411.029587][ T8455] tipc: Resetting bearer [ 411.063947][ T8454] tipc: Resetting bearer [ 411.091422][ T8454] tipc: Disabling bearer [ 412.133901][ T4284] usb 7-1: USB disconnect, device number 7 [ 412.252754][ T8469] tipc: Started in network mode [ 412.278225][ T8469] tipc: Node identity 080211000001, cluster identity 4711 [ 412.388491][ T8469] tipc: Enabled bearer , priority 0 [ 413.225773][ T8482] loop5: detected capacity change from 0 to 7 [ 413.302646][ T8482] Dev loop5: unable to read RDB block 7 [ 413.384754][ T8482] loop5: unable to read partition table [ 413.391526][ T8482] loop5: partition table beyond EOD, truncated [ 413.397772][ T8482] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 413.421778][ T3561] Dev loop5: unable to read RDB block 7 [ 413.427408][ T3561] loop5: unable to read partition table [ 413.448318][ T3561] loop5: partition table beyond EOD, truncated [ 413.512437][ T4231] tipc: Node number set to 134418688 [ 414.406825][ T8499] loop1: detected capacity change from 0 to 2048 [ 415.206578][ T8499] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 415.215546][ T8499] UDF-fs: Scanning with blocksize 512 failed [ 415.245247][ T8499] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 415.254204][ T4427] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 415.508164][ T4284] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 415.667911][ T4427] usb 7-1: Using ep0 maxpacket: 32 [ 415.768266][ T4284] usb 3-1: Using ep0 maxpacket: 32 [ 415.809534][ T4427] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 415.888216][ T4284] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 415.953841][ T4284] usb 3-1: config 0 interface 0 has no altsetting 0 [ 415.985469][ T4284] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 416.018290][ T4427] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 416.046095][ T4427] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 416.052510][ T4284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.074959][ T4427] usb 7-1: Product: syz [ 416.088405][ T4427] usb 7-1: Manufacturer: syz [ 416.097257][ T4427] usb 7-1: SerialNumber: syz [ 416.126677][ T4427] usb 7-1: config 0 descriptor?? [ 416.135703][ T4284] usb 3-1: config 0 descriptor?? [ 416.148475][ T8498] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 416.689411][ T8523] overlayfs: failed to resolve './file1': -2 [ 416.899564][ T8529] tipc: Started in network mode [ 416.904775][ T8529] tipc: Node identity bec8392bb871, cluster identity 4711 [ 416.937768][ T8529] tipc: Enabled bearer , priority 0 [ 416.968559][ T8530] device syzkaller0 entered promiscuous mode [ 416.998428][ T4284] corsair-cpro 0003:1B1C:0C10.0004: unknown main item tag 0x0 [ 417.006068][ T4284] corsair-cpro 0003:1B1C:0C10.0004: unknown main item tag 0x0 [ 417.014640][ T8529] tipc: Resetting bearer [ 417.042121][ T4284] corsair-cpro 0003:1B1C:0C10.0004: unknown main item tag 0x0 [ 417.057254][ T4284] corsair-cpro 0003:1B1C:0C10.0004: unknown main item tag 0x0 [ 417.073360][ T4284] corsair-cpro 0003:1B1C:0C10.0004: unknown main item tag 0x0 [ 417.097610][ T4284] corsair-cpro 0003:1B1C:0C10.0004: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.2-1/input0 [ 417.130770][ T8528] tipc: Resetting bearer [ 417.148307][ T8528] tipc: Disabling bearer [ 417.492590][ T4574] usb 7-1: USB disconnect, device number 8 [ 417.511251][ T4284] corsair-cpro: probe of 0003:1B1C:0C10.0004 failed with error -110 [ 417.550197][ T4284] usb 3-1: USB disconnect, device number 7 [ 417.944785][ T8540] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1051'. [ 418.369693][ T8547] fido_id[8547]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 418.661163][ T8553] loop4: detected capacity change from 0 to 8 [ 419.714340][ T4574] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 420.007713][ T4574] usb 5-1: Using ep0 maxpacket: 32 [ 420.621752][ T4574] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 420.808378][ T4574] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 420.858120][ T4574] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 420.908152][ T4574] usb 5-1: Product: syz [ 420.934450][ T4574] usb 5-1: Manufacturer: syz [ 420.950065][ T4574] usb 5-1: SerialNumber: syz [ 420.996893][ T4574] usb 5-1: config 0 descriptor?? [ 421.038487][ T8572] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 421.186067][ T8594] loop1: detected capacity change from 0 to 8 [ 421.508171][ T4427] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 421.764461][ T8607] tipc: Enabling of bearer rejected, already enabled [ 421.806783][ T8607] tipc: Resetting bearer [ 422.027432][ T4427] usb 3-1: config index 0 descriptor too short (expected 3133, got 61) [ 422.797980][ T4427] usb 3-1: config 0 has an invalid interface number: 156 but max is 1 [ 422.816244][ T4578] usb 5-1: USB disconnect, device number 8 [ 422.843861][ T4427] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 422.898343][ T4427] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 422.925691][ T4427] usb 3-1: config 0 has no interface number 0 [ 422.937868][ T4427] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 422.970727][ T4427] usb 3-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 423.015175][ T4427] usb 3-1: New USB device found, idVendor=abcd, idProduct=cde3, bcdDevice= 5.b9 [ 423.034775][ T4427] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.128662][ T4427] usb 3-1: config 0 descriptor?? [ 423.980969][ T4427] usb 3-1: MIDIStreaming interface descriptor not found [ 424.286856][ T4578] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 424.463379][ T8645] device syzkaller1 entered promiscuous mode [ 424.478957][ T8645] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3944. macoff=96 [ 424.588182][ T4578] usb 7-1: Using ep0 maxpacket: 16 [ 424.708339][ T4578] usb 7-1: config index 0 descriptor too short (expected 51443, got 18) [ 424.888358][ T4578] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 424.947577][ T4578] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.768111][ T4578] usb 7-1: Product: syz [ 425.772344][ T4578] usb 7-1: Manufacturer: syz [ 425.778891][ T4578] usb 7-1: SerialNumber: syz [ 425.793333][ T4578] r8152-cfgselector 7-1: config 0 descriptor?? [ 426.083140][ T4574] usb 3-1: USB disconnect, device number 8 [ 426.098376][ T4578] r8152-cfgselector 7-1: Unknown version 0x0000 [ 426.398311][ T4231] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 426.768088][ T4231] usb 6-1: Using ep0 maxpacket: 32 [ 426.888547][ T4231] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 427.178485][ T4231] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 427.279214][ T4231] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 427.488113][ T4231] usb 6-1: Product: syz [ 427.517930][ T4231] usb 6-1: Manufacturer: syz [ 427.537185][ T4231] usb 6-1: SerialNumber: syz [ 427.576817][ T4231] usb 6-1: config 0 descriptor?? [ 427.655337][ T8655] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 427.851644][ T4578] r8152-cfgselector 7-1: Unknown version 0x0000 [ 427.878259][ T4578] r8152-cfgselector 7-1: USB disconnect, device number 9 [ 429.369440][ T8697] device syzkaller0 entered promiscuous mode [ 430.172191][ T4427] usb 6-1: USB disconnect, device number 11 [ 430.796116][ T8711] loop4: detected capacity change from 0 to 2048 [ 430.913129][ T8711] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 430.948107][ T8711] UDF-fs: Scanning with blocksize 512 failed [ 430.999693][ T8711] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 432.055092][ T8722] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1106'. [ 433.432433][ T8739] tipc: Failed to remove unknown binding: 66,0,0/134418688:2237565340/2237565342 [ 433.548789][ T8739] tipc: Failed to remove unknown binding: 66,0,0/134418688:2237565340/2237565341 [ 433.758542][ T8739] tipc: Failed to remove unknown binding: 66,0,0/134418688:2237565340/2237565342 [ 433.908263][ T8739] tipc: Failed to remove unknown binding: 66,0,0/134418688:2237565340/2237565341 [ 436.305627][ T8786] netlink: 666 bytes leftover after parsing attributes in process `syz.5.1125'. [ 436.613058][ T8790] loop2: detected capacity change from 0 to 2048 [ 436.812495][ T8790] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 437.652950][ T8790] UDF-fs: Scanning with blocksize 512 failed [ 437.784648][ T8803] ================================================================== [ 437.793319][ T8803] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 437.802559][ T8803] Read of size 1 at addr ffff888076e2c608 by task syz.4.1131/8803 [ 437.810389][ T8803] [ 437.812743][ T8803] CPU: 0 PID: 8803 Comm: syz.4.1131 Not tainted syzkaller #0 [ 437.820183][ T8803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 437.830262][ T8803] Call Trace: [ 437.833559][ T8803] [ 437.836509][ T8803] dump_stack_lvl+0x188/0x250 [ 437.841222][ T8803] ? show_regs_print_info+0x20/0x20 [ 437.846463][ T8803] ? load_image+0x400/0x400 [ 437.850998][ T8803] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 437.856498][ T8803] print_address_description+0x60/0x2d0 [ 437.862095][ T8803] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 437.868641][ T8803] kasan_report+0xdf/0x130 [ 437.873092][ T8803] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 437.879629][ T8803] xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 437.886198][ T8803] ? xfrm_policy_addr_delta+0x212/0x340 [ 437.891783][ T8803] xfrm_policy_inexact_insert_node+0x950/0xb60 [ 437.897976][ T8803] ? __kasan_kmalloc+0xb5/0xf0 [ 437.902857][ T8803] ? xfrm_policy_alloc+0x75/0x2b0 [ 437.907939][ T8803] xfrm_policy_inexact_alloc_chain+0x7ce/0xea0 [ 437.914227][ T8803] ? xfrm_policy_inexact_insert+0xe0/0x1460 [ 437.920142][ T8803] xfrm_policy_inexact_insert+0xe0/0x1460 [ 437.925862][ T8803] ? do_raw_spin_lock+0x128/0x2f0 [ 437.930985][ T8803] ? __rwlock_init+0x140/0x140 [ 437.935758][ T8803] ? policy_hash_bysel+0x135/0x7b0 [ 437.940970][ T8803] xfrm_policy_insert+0x112/0x930 [ 437.945996][ T8803] xfrm_add_policy+0x4f2/0x880 [ 437.950843][ T8803] ? xfrm_dump_sa_done+0xc0/0xc0 [ 437.955776][ T8803] ? apparmor_capable+0x12c/0x190 [ 437.960797][ T8803] ? __nla_parse+0x3c/0x50 [ 437.965231][ T8803] xfrm_user_rcv_msg+0x5e5/0x910 [ 437.970283][ T8803] ? xfrm_netlink_rcv+0x90/0x90 [ 437.975151][ T8803] ? xfrm_netlink_rcv+0x66/0x90 [ 437.980013][ T8803] ? __mutex_lock_common+0x465/0x2400 [ 437.985383][ T8803] netlink_rcv_skb+0x1f5/0x440 [ 437.990148][ T8803] ? xfrm_netlink_rcv+0x90/0x90 [ 437.994991][ T8803] ? netlink_ack+0xb50/0xb50 [ 437.999572][ T8803] ? __lock_acquire+0x7d10/0x7d10 [ 438.004593][ T8803] xfrm_netlink_rcv+0x75/0x90 [ 438.009262][ T8803] netlink_unicast+0x774/0x920 [ 438.014020][ T8803] netlink_sendmsg+0x8ba/0xbe0 [ 438.018778][ T8803] ? netlink_getsockopt+0x570/0x570 [ 438.023967][ T8803] ? aa_sock_msg_perm+0x94/0x150 [ 438.028907][ T8803] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 438.034184][ T8803] ? security_socket_sendmsg+0x7c/0xa0 [ 438.039634][ T8803] ? netlink_getsockopt+0x570/0x570 [ 438.044821][ T8803] ____sys_sendmsg+0x5b7/0x8f0 [ 438.049582][ T8803] ? __sys_sendmsg_sock+0x30/0x30 [ 438.054616][ T8803] ? import_iovec+0x6f/0xa0 [ 438.059134][ T8803] ___sys_sendmsg+0x236/0x2e0 [ 438.063810][ T8803] ? __sys_sendmsg+0x2a0/0x2a0 [ 438.068573][ T8803] ? percpu_counter_add_batch+0x13b/0x160 [ 438.074334][ T8803] __se_sys_sendmsg+0x1af/0x290 [ 438.079212][ T8803] ? __x64_sys_sendmsg+0x80/0x80 [ 438.084169][ T8803] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 438.090178][ T8803] ? lockdep_hardirqs_on+0x94/0x140 [ 438.095374][ T8803] do_syscall_64+0x4c/0xa0 [ 438.099788][ T8803] ? clear_bhb_loop+0x30/0x80 [ 438.104465][ T8803] ? clear_bhb_loop+0x30/0x80 [ 438.109250][ T8803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 438.115141][ T8803] RIP: 0033:0x7f72aa752799 [ 438.119639][ T8803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 438.139344][ T8803] RSP: 002b:00007f72a89ac028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 438.147799][ T8803] RAX: ffffffffffffffda RBX: 00007f72aa9cbfa0 RCX: 00007f72aa752799 [ 438.155784][ T8803] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 438.163754][ T8803] RBP: 00007f72aa7e8c99 R08: 0000000000000000 R09: 0000000000000000 [ 438.171731][ T8803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 438.179714][ T8803] R13: 00007f72aa9cc038 R14: 00007f72aa9cbfa0 R15: 00007ffee6ed0148 [ 438.187885][ T8803] [ 438.190944][ T8803] [ 438.193283][ T8803] Allocated by task 8803: [ 438.197612][ T8803] __kasan_kmalloc+0xb5/0xf0 [ 438.202203][ T8803] sk_prot_alloc+0xe7/0x210 [ 438.206698][ T8803] sk_alloc+0x2f/0x310 [ 438.210762][ T8803] pfkey_create+0xd8/0x560 [ 438.215180][ T8803] __sock_create+0x47b/0x900 [ 438.219800][ T8803] __sys_socket+0xe2/0x170 [ 438.224207][ T8803] __x64_sys_socket+0x76/0x80 [ 438.228988][ T8803] do_syscall_64+0x4c/0xa0 [ 438.233399][ T8803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 438.239298][ T8803] [ 438.241623][ T8803] Last potentially related work creation: [ 438.247449][ T8803] kasan_save_stack+0x35/0x60 [ 438.252137][ T8803] kasan_record_aux_stack+0xb8/0x100 [ 438.257474][ T8803] call_rcu+0x189/0x950 [ 438.261624][ T8803] netlink_release+0x1369/0x17b0 [ 438.266569][ T8803] sock_close+0xd5/0x240 [ 438.270893][ T8803] __fput+0x234/0x930 [ 438.274864][ T8803] task_work_run+0x125/0x1a0 [ 438.279616][ T8803] exit_to_user_mode_loop+0x10f/0x130 [ 438.284975][ T8803] exit_to_user_mode_prepare+0xee/0x180 [ 438.290523][ T8803] syscall_exit_to_user_mode+0x16/0x40 [ 438.295994][ T8803] do_syscall_64+0x58/0xa0 [ 438.300406][ T8803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 438.306322][ T8803] [ 438.308643][ T8803] The buggy address belongs to the object at ffff888076e2c000 [ 438.308643][ T8803] which belongs to the cache kmalloc-2k of size 2048 [ 438.322794][ T8803] The buggy address is located 1544 bytes inside of [ 438.322794][ T8803] 2048-byte region [ffff888076e2c000, ffff888076e2c800) [ 438.336324][ T8803] The buggy address belongs to the page: [ 438.341950][ T8803] page:ffffea0001db8a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76e28 [ 438.352089][ T8803] head:ffffea0001db8a00 order:3 compound_mapcount:0 compound_pincount:0 [ 438.360409][ T8803] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 438.368555][ T8803] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888016c42000 [ 438.377656][ T8803] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 438.386322][ T8803] page dumped because: kasan: bad access detected [ 438.392753][ T8803] page_owner tracks the page as allocated [ 438.398511][ T8803] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4294, ts 64880639722, free_ts 64876745688 [ 438.419000][ T8803] get_page_from_freelist+0x1bbd/0x1ca0 [ 438.424579][ T8803] __alloc_pages+0x1ee/0x480 [ 438.429178][ T8803] new_slab+0xb6/0x4b0 [ 438.433246][ T8803] ___slab_alloc+0x80a/0xdd0 [ 438.438058][ T8803] __kmalloc_node+0x200/0x3b0 [ 438.443108][ T8803] kvmalloc_node+0x84/0x130 [ 438.447614][ T8803] prealloc_shrinker+0x43e/0x7c0 [ 438.452546][ T8803] alloc_super+0x740/0x950 [ 438.456958][ T8803] sget+0x1ca/0x440 [ 438.460787][ T8803] mount_bdev+0xec/0x3c0 [ 438.465046][ T8803] legacy_get_tree+0xe6/0x180 [ 438.469800][ T8803] vfs_get_tree+0x88/0x270 [ 438.474204][ T8803] do_new_mount+0x24a/0xa40 [ 438.478760][ T8803] __se_sys_mount+0x2e3/0x3d0 [ 438.483427][ T8803] do_syscall_64+0x4c/0xa0 [ 438.487858][ T8803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 438.493752][ T8803] page last free stack trace: [ 438.498427][ T8803] free_unref_page_prepare+0x637/0x6c0 [ 438.503986][ T8803] free_unref_page+0x8f/0x2a0 [ 438.508652][ T8803] __unfreeze_partials+0x1a5/0x200 [ 438.513753][ T8803] put_cpu_partial+0x12d/0x190 [ 438.518605][ T8803] qlist_free_all+0x35/0x90 [ 438.523110][ T8803] kasan_quarantine_reduce+0x150/0x160 [ 438.528561][ T8803] __kasan_slab_alloc+0x2f/0xd0 [ 438.533410][ T8803] slab_post_alloc_hook+0x4c/0x380 [ 438.538519][ T8803] kmem_cache_alloc+0x100/0x290 [ 438.543384][ T8803] getname_flags+0xb5/0x500 [ 438.547895][ T8803] user_path_at_empty+0x2a/0x190 [ 438.552837][ T8803] vfs_statx+0x107/0x500 [ 438.557084][ T8803] __x64_sys_newfstatat+0x15f/0x200 [ 438.562268][ T8803] do_syscall_64+0x4c/0xa0 [ 438.566673][ T8803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 438.572557][ T8803] [ 438.574890][ T8803] Memory state around the buggy address: [ 438.580644][ T8803] ffff888076e2c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.588833][ T8803] ffff888076e2c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 438.596901][ T8803] >ffff888076e2c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 438.604986][ T8803] ^ [ 438.609345][ T8803] ffff888076e2c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 438.617517][ T8803] ffff888076e2c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 438.625594][ T8803] ================================================================== [ 438.633745][ T8803] Disabling lock debugging due to kernel taint [ 438.640143][ T8803] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 438.647446][ T8803] CPU: 0 PID: 8803 Comm: syz.4.1131 Tainted: G B syzkaller #0 [ 438.656220][ T8803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 438.666275][ T8803] Call Trace: [ 438.669568][ T8803] [ 438.672597][ T8803] dump_stack_lvl+0x188/0x250 [ 438.677268][ T8803] ? show_regs_print_info+0x20/0x20 [ 438.682547][ T8803] ? load_image+0x400/0x400 [ 438.687043][ T8803] panic+0x2e5/0x810 [ 438.691017][ T8803] ? bpf_jit_dump+0xd0/0xd0 [ 438.695721][ T8803] ? _raw_spin_unlock_irqrestore+0xbc/0x120 [ 438.701607][ T8803] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 438.707497][ T8803] ? _raw_spin_unlock+0x40/0x40 [ 438.712351][ T8803] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 438.718937][ T8803] check_panic_on_warn+0x80/0xa0 [ 438.723876][ T8803] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 438.730394][ T8803] end_report+0x6d/0xf0 [ 438.734566][ T8803] kasan_report+0x102/0x130 [ 438.739086][ T8803] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 438.745602][ T8803] xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 438.751944][ T8803] ? xfrm_policy_addr_delta+0x212/0x340 [ 438.757481][ T8803] xfrm_policy_inexact_insert_node+0x950/0xb60 [ 438.763647][ T8803] ? __kasan_kmalloc+0xb5/0xf0 [ 438.768408][ T8803] ? xfrm_policy_alloc+0x75/0x2b0 [ 438.773453][ T8803] xfrm_policy_inexact_alloc_chain+0x7ce/0xea0 [ 438.779605][ T8803] ? xfrm_policy_inexact_insert+0xe0/0x1460 [ 438.785509][ T8803] xfrm_policy_inexact_insert+0xe0/0x1460 [ 438.791225][ T8803] ? do_raw_spin_lock+0x128/0x2f0 [ 438.796247][ T8803] ? __rwlock_init+0x140/0x140 [ 438.801017][ T8803] ? policy_hash_bysel+0x135/0x7b0 [ 438.806180][ T8803] xfrm_policy_insert+0x112/0x930 [ 438.811236][ T8803] xfrm_add_policy+0x4f2/0x880 [ 438.815996][ T8803] ? xfrm_dump_sa_done+0xc0/0xc0 [ 438.821014][ T8803] ? apparmor_capable+0x12c/0x190 [ 438.826166][ T8803] ? __nla_parse+0x3c/0x50 [ 438.830586][ T8803] xfrm_user_rcv_msg+0x5e5/0x910 [ 438.835513][ T8803] ? xfrm_netlink_rcv+0x90/0x90 [ 438.840442][ T8803] ? xfrm_netlink_rcv+0x66/0x90 [ 438.845372][ T8803] ? __mutex_lock_common+0x465/0x2400 [ 438.850738][ T8803] netlink_rcv_skb+0x1f5/0x440 [ 438.855490][ T8803] ? xfrm_netlink_rcv+0x90/0x90 [ 438.860433][ T8803] ? netlink_ack+0xb50/0xb50 [ 438.865007][ T8803] ? __lock_acquire+0x7d10/0x7d10 [ 438.870027][ T8803] xfrm_netlink_rcv+0x75/0x90 [ 438.874777][ T8803] netlink_unicast+0x774/0x920 [ 438.879530][ T8803] netlink_sendmsg+0x8ba/0xbe0 [ 438.884282][ T8803] ? netlink_getsockopt+0x570/0x570 [ 438.889475][ T8803] ? aa_sock_msg_perm+0x94/0x150 [ 438.894401][ T8803] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 438.899766][ T8803] ? security_socket_sendmsg+0x7c/0xa0 [ 438.905214][ T8803] ? netlink_getsockopt+0x570/0x570 [ 438.910406][ T8803] ____sys_sendmsg+0x5b7/0x8f0 [ 438.915296][ T8803] ? __sys_sendmsg_sock+0x30/0x30 [ 438.920339][ T8803] ? import_iovec+0x6f/0xa0 [ 438.924866][ T8803] ___sys_sendmsg+0x236/0x2e0 [ 438.929558][ T8803] ? __sys_sendmsg+0x2a0/0x2a0 [ 438.934322][ T8803] ? percpu_counter_add_batch+0x13b/0x160 [ 438.940044][ T8803] __se_sys_sendmsg+0x1af/0x290 [ 438.944903][ T8803] ? __x64_sys_sendmsg+0x80/0x80 [ 438.949926][ T8803] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 438.955914][ T8803] ? lockdep_hardirqs_on+0x94/0x140 [ 438.961115][ T8803] do_syscall_64+0x4c/0xa0 [ 438.965529][ T8803] ? clear_bhb_loop+0x30/0x80 [ 438.970209][ T8803] ? clear_bhb_loop+0x30/0x80 [ 438.974909][ T8803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 438.980820][ T8803] RIP: 0033:0x7f72aa752799 [ 438.985230][ T8803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 439.004958][ T8803] RSP: 002b:00007f72a89ac028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 439.013479][ T8803] RAX: ffffffffffffffda RBX: 00007f72aa9cbfa0 RCX: 00007f72aa752799 [ 439.021480][ T8803] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 439.029485][ T8803] RBP: 00007f72aa7e8c99 R08: 0000000000000000 R09: 0000000000000000 [ 439.037456][ T8803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 439.045437][ T8803] R13: 00007f72aa9cc038 R14: 00007f72aa9cbfa0 R15: 00007ffee6ed0148 [ 439.053409][ T8803] [ 439.056526][ T8803] Kernel Offset: disabled [ 439.060871][ T8803] Rebooting in 86400 seconds..