last executing test programs: 6m47.419642889s ago: executing program 3 (id=740): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10) socket$igmp(0x2, 0x3, 0x2) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, 0x0) mkdir(0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) 6m45.784202927s ago: executing program 3 (id=746): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, 0x0, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[], 0x0) 6m45.541318912s ago: executing program 3 (id=748): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_uring_setup(0x51d2, &(0x7f0000000140)={0x0, 0x3957, 0x1006, 0x6, 0x402d5}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "fc7771", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x82}}}}}}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x40) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[], 0x48) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB="8c000000", @ANYRES16, @ANYBLOB="000429bd7000fbdbdf250f0000003c0003801400020070696d367265670000000000000000000600040075b50000080001000000000014000600fe8000000000000000000000000000aa08000180060002003e000000060004004e21000008000b007369700008000500010000000800080001ffffff08000500090000"], 0x8c}}, 0x1) sendmsg$IPVS_CMD_SET_INFO(r3, 0x0, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r5}, &(0x7f0000000540), &(0x7f0000000580)=r6}, 0x20) socket$xdp(0x2c, 0x3, 0x0) wait4(0x0, 0x0, 0x80000000, 0xffffffffffffffff) 6m44.16678909s ago: executing program 3 (id=751): r0 = socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r5 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) fsmount(r5, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000011000101", @ANYRES32], 0x20}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) r7 = socket$inet6(0xa, 0x80002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) preadv2(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0, 0x0, 0x0) sendmmsg$inet6(r7, &(0x7f0000001b80)=[{{&(0x7f0000000240)={0xa, 0x4e22, 0x100fff, @mcast2, 0x14}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e24, 0x80000001, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=[@dontfrag={{0x14, 0x29, 0x3e, 0x1}}, @dstopts_2292={{0x18, 0x29, 0x4, {0x87}}}], 0x30}}], 0x2, 0x4000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) 6m40.937645538s ago: executing program 3 (id=756): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10) socket$igmp(0x2, 0x3, 0x2) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, 0x0, 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) 6m39.899141155s ago: executing program 3 (id=764): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac010902"], 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 6m24.791269557s ago: executing program 32 (id=764): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac010902"], 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 21.044314194s ago: executing program 1 (id=3108): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000004000a00002008000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000dd020000000000000000000000000000000000000000000084010500ac14143b000000000000000000000000000000002b00000000000000ac14140c000000000000000000000000000000000000ff00000000000000000000000000fc020000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0000002000000000000000000000000000000003c00000002000000ac1414ba000000000000000000000000000000000103"], 0x23c}}, 0x0) 20.235858199s ago: executing program 1 (id=3112): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x40) 19.961939759s ago: executing program 1 (id=3113): r0 = socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x1, 0x0) fchmodat(r4, &(0x7f0000000000)='.\x00', 0xe0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000011000101", @ANYRES32], 0x20}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) r6 = socket$inet6(0xa, 0x80002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) preadv2(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0, 0x0, 0x0) sendmmsg$inet6(r6, &(0x7f0000001b80)=[{{&(0x7f0000000240)={0xa, 0x4e22, 0x100fff, @mcast2, 0x14}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e24, 0x80000001, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=[@dontfrag={{0x14, 0x29, 0x3e, 0x1}}, @dstopts_2292={{0x18, 0x29, 0x4, {0x87}}}], 0x30}}], 0x2, 0x4000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) 7.050986077s ago: executing program 0 (id=3190): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x14, 0x0, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x90}, 0x20008000) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="7a0a00ff00000000501079000000000095"], 0x0}, 0x94) bind$inet6(r1, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @empty, 0x5}, 0x1c) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000001c0)="4b6a1bc33f6364cd8cfa6f0035e78321403825b1f336e4ba06f1dd123809ae8b32db03e4f1373a42a7a66637065c357825577583a5fde8a3427cc42f7d63c6cf", 0x40) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYRES8=r1, @ANYBLOB="010329bd7000fcdbdf2524"], 0x20}}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) r3 = accept4(r2, 0x0, 0x0, 0x800) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000480)={0x2, 'macvlan1\x00', 0x3}, 0x18) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRES8, @ANYBLOB="010026bd7000fddbdf2506000000140002002001000000000000000000000000000114000300fe88000000000000000000000000010108000400ac1414bb2b00070073797374656d5f753a6f626a6563745f723a7373685f"], 0x70}, 0x1, 0x0, 0x0, 0x4}, 0xc8a0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="7912b8000000000061138c0000000000bf2000000000000015000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000003c6500bf000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_SAVE(r0, 0x0, 0xa0) close(0x3) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x82, 0x0, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) 6.067180434s ago: executing program 0 (id=3196): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) fanotify_init(0x2, 0x101000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f00000038c0)=""/4118, 0x1016}], 0x1) 5.566072062s ago: executing program 0 (id=3201): unshare(0x28000600) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ppoll(&(0x7f0000000100)=[{r0, 0x1024c}], 0x1, 0x0, 0x0, 0x0) 4.816024975s ago: executing program 0 (id=3206): socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x62) listen(r0, 0x4) r1 = socket(0x23, 0x5, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x100000000, 0xca8}, {}, 0x0, 0x0, 0x1, 0x1}, [@tmpl={0xc4, 0x5, [{{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x6c}, 0x0, @in=@local, 0x0, 0x0, 0x0, 0x80}, {{@in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x33}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x3, 0x0, 0x2, 0x81}, {{@in6=@mcast1, 0x0, 0x32}, 0xa, @in6=@private1, 0x0, 0x4, 0x0, 0x2}]}]}, 0x17c}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0) sendmsg$NFT_BATCH(r6, 0x0, 0x800) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x401, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x34}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x4}}}]}, 0x34}}, 0x240080c0) r8 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r8, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r8, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) bind$xdp(0xffffffffffffffff, &(0x7f0000000280)={0x2c, 0xc, 0x0, 0x21, r1}, 0x10) recvmmsg(r8, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, 0x0, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r8, 0x110, 0x3, &(0x7f0000000100), 0x4) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x200}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x94}, 0x1, 0x0, 0x0, 0x4000}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000200)='pids.current\x00', 0x26e1, 0x0) 4.103758826s ago: executing program 4 (id=3209): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000002300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x6f) socket$packet(0x11, 0x3, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x140) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="ad446050e878"}, 0x14) 3.773831361s ago: executing program 4 (id=3212): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000001000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000ac03000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, r3, 0x25, 0x0, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x8000000000000001}}, 0x30) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[], 0x0) 3.554466643s ago: executing program 4 (id=3214): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e23, @rand_addr=0x64010101}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000009c00)={r1, @in6={{0xa, 0x4e21, 0x6, @private2, 0x3}}}, &(0x7f0000009cc0)=0x84) 2.768327545s ago: executing program 5 (id=3217): unshare(0x20000400) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x7, 0x0, 0x0) 2.556038516s ago: executing program 4 (id=3218): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x3f}, 0x1c) syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r1) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0) 2.498794771s ago: executing program 2 (id=3219): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r0, 0x27, 0xe, 0x0, &(0x7f0000000580)="f8ad48cc02cb29dcc8007f5b86dd", 0x0, 0x3, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 2.400189768s ago: executing program 5 (id=3220): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b7"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r4, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @local, @empty, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @empty}}}}, 0x0) 2.368309074s ago: executing program 2 (id=3221): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB="38000000101401002cbd7000fddbdf250800150000000000080001000000000008004a00000000000800030001"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x24001850) 2.225966303s ago: executing program 2 (id=3222): syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) setsockopt(0xffffffffffffffff, 0x103, 0x1, &(0x7f0000000100)="010000000200", 0x6) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 2.071609387s ago: executing program 2 (id=3223): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[], 0x3c}}, 0x0) 2.004136734s ago: executing program 5 (id=3224): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r1, 0x7d4165c9) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0x7d4165c9) listen(r3, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000780)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xc}}, 0x0, 0x0, 0x20, 0x0, "9c0fe2154aa786d10084ecfbe8e86f7d312fcc8fde38d5823d22fbbb55a7837e5f2329f4d662f2185f18fae43e09d661d12a01669d6eef2e4733c2c29a3c3d16ef45c7c1c8ecfcc76b47d9ab9a573f11"}, 0xd8) listen(r6, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000680)={@in6={{0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x81}}, 0x0, 0x0, 0x40, 0x0, "2b20a1a47cddc63b223be606d7303a4d4d11e10450d766feb63b382d54bab577021cad5de4fe7630a33b6deca160b1267ff02123bc27830000000000ffff40000000000000b5b29049cb65f00300"}, 0xd8) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000540)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560a066f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0effeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) 1.92118117s ago: executing program 2 (id=3225): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) accept4(r1, 0x0, 0x0, 0x800) socket$nl_netfilter(0x10, 0x3, 0xc) close(0x3) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r2, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r2, r3, 0x0, 0xffffffff000) ioctl$int_in(r2, 0x5452, &(0x7f00000001c0)=0x3) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x4}, 0x0, &(0x7f0000000240)={0x3fd, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) write(r0, &(0x7f0000000000)="2e000000010001", 0x7) 1.871341902s ago: executing program 0 (id=3226): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000002300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x6f) socket$packet(0x11, 0x3, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x140) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="ad446050e878"}, 0x14) 1.851784855s ago: executing program 5 (id=3227): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b0000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='rcu_utilization\x00', r0, 0x0, 0x100006}, 0x18) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) 1.687917467s ago: executing program 0 (id=3228): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48) 1.643537932s ago: executing program 5 (id=3229): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400244}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0xc}) io_uring_enter(r3, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0) io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0) 1.563752989s ago: executing program 4 (id=3230): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r0, 0x27, 0xe, 0x0, &(0x7f0000000580)="f8ad48cc02cb29dcc8007f5b86dd", 0x0, 0x3, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 1.128280596s ago: executing program 4 (id=3231): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000}, 0x94) 1.027784146s ago: executing program 1 (id=3118): unshare(0xa000400) r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) 522.028027ms ago: executing program 1 (id=3233): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x40) 252.262051ms ago: executing program 1 (id=3234): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="02011400012918000e1a80009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d206", @ANYBLOB="1eb381f6c93a6e3ff91523d9814fe193281e9e3c21b9e020f7ba6b8168da59a35988f84fc162ec72c8ae719fef8daf6da31443c7738d9e"], 0xdd12}], 0x1, 0x0, 0x0, 0x4000007}, 0x4000) 249.486335ms ago: executing program 2 (id=3235): r0 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4) recvmmsg(r0, &(0x7f0000000800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001fc0)=""/65, 0x41}, 0x1}], 0x1, 0x40002122, 0x0) sendmsg$tipc(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x2}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000300)="d159b608afc52a9407", 0x9}], 0x1}, 0x2004c0c0) 0s ago: executing program 5 (id=3236): pipe2(&(0x7f0000000840), 0x0) socket(0x2, 0x3, 0xff) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x69, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x8f) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[], 0x0) kernel console output (not intermixed with test programs): T5935] usb 2-1: USB disconnect, device number 2 [ 98.603808][ T5824] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 98.616765][ T6060] F2FS-fs (loop2): invalid crc value [ 98.723572][ T6060] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 98.733885][ T6060] F2FS-fs (loop2): Start checkpoint disabled! [ 98.747730][ T6060] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 99.498812][ T6060] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 101.905945][ T13] kworker/u8:1: attempt to access beyond end of device [ 101.905945][ T13] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 102.209177][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) [ 102.209202][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 102.209214][ T13] Workqueue: writeback wb_workfn (flush-7:2) [ 102.209243][ T13] Call Trace: [ 102.209250][ T13] [ 102.209258][ T13] dump_stack_lvl+0x189/0x250 [ 102.209289][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.209316][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 102.209346][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 102.209369][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 102.209403][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 102.209438][ T13] f2fs_write_end_io+0x886/0xb60 [ 102.209476][ T13] __submit_merged_bio+0x27a/0x6a0 [ 102.209511][ T13] __submit_merged_write_cond+0x255/0x530 [ 102.209545][ T13] f2fs_write_data_pages+0x261d/0x3000 [ 102.209562][ T13] ? kasan_quarantine_put+0xdd/0x220 [ 102.209619][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 102.209651][ T13] ? trace_cfg80211_return_bss+0x7a/0x1f0 [ 102.209759][ T13] ? unwind_next_frame+0xa5/0x2390 [ 102.209783][ T13] ? unwind_next_frame+0x19ae/0x2390 [ 102.209813][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 102.209833][ T13] do_writepages+0x32e/0x550 [ 102.209873][ T13] ? reacquire_held_locks+0x127/0x1d0 [ 102.209899][ T13] ? writeback_sb_inodes+0x3bc/0x1950 [ 102.209930][ T13] __writeback_single_inode+0x143/0x12d0 [ 102.209956][ T13] ? do_raw_spin_unlock+0x122/0x240 [ 102.209980][ T13] writeback_sb_inodes+0x984/0x1950 [ 102.210030][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 102.210092][ T13] ? rcu_is_watching+0x15/0xb0 [ 102.210129][ T13] wb_writeback+0x43b/0xaf0 [ 102.210159][ T13] ? queue_io+0x3b1/0x590 [ 102.210182][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 102.210212][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 102.210239][ T13] wb_workfn+0x409/0xef0 [ 102.210274][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 102.210301][ T13] ? __lock_acquire+0xab9/0xd20 [ 102.210338][ T13] ? process_one_work+0x868/0x15d0 [ 102.210369][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 102.210393][ T13] ? process_one_work+0x868/0x15d0 [ 102.210415][ T13] process_one_work+0x94a/0x15d0 [ 102.210436][ T13] ? __lock_acquire+0xab9/0xd20 [ 102.210480][ T13] ? __pfx_process_one_work+0x10/0x10 [ 102.210515][ T13] ? assign_work+0x3a1/0x410 [ 102.210541][ T13] worker_thread+0x9b0/0xee0 [ 102.210591][ T13] kthread+0x711/0x8a0 [ 102.210611][ T13] ? __pfx_worker_thread+0x10/0x10 [ 102.210634][ T13] ? __pfx_kthread+0x10/0x10 [ 102.210654][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 102.210674][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.210697][ T13] ? __pfx_kthread+0x10/0x10 [ 102.210715][ T13] ret_from_fork+0x599/0xb30 [ 102.210743][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 102.210781][ T13] ? __switch_to_asm+0x39/0x70 [ 102.210799][ T13] ? __switch_to_asm+0x33/0x70 [ 102.210816][ T13] ? __pfx_kthread+0x10/0x10 [ 102.210835][ T13] ret_from_fork_asm+0x1a/0x30 [ 102.210876][ T13] [ 103.155309][ T13] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 104.344286][ T6143] netlink: 16 bytes leftover after parsing attributes in process `syz.1.46'. [ 105.121733][ T6142] loop3: detected capacity change from 0 to 16 [ 105.223208][ T6142] erofs (device loop3): too large lz4 pclusterblks 16832 [ 107.051444][ T6151] 9pnet_virtio: no channels available for device syz [ 107.069695][ T6151] Bluetooth: MGMT ver 1.23 [ 108.261960][ T6155] loop0: detected capacity change from 0 to 16 [ 108.269362][ T6155] erofs: Unknown parameter '18446744073709551615' [ 108.343557][ T6158] netlink: 12 bytes leftover after parsing attributes in process `syz.2.50'. [ 108.705940][ T6167] netlink: 4 bytes leftover after parsing attributes in process `syz.2.50'. [ 108.803751][ T6157] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 109.039495][ T6179] netlink: 36 bytes leftover after parsing attributes in process `syz.4.55'. [ 110.984403][ T30] audit: type=1326 audit(1762386533.685:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 111.103149][ T30] audit: type=1326 audit(1762386533.715:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 111.249330][ T30] audit: type=1326 audit(1762386533.735:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 111.294296][ T30] audit: type=1326 audit(1762386533.735:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 111.357272][ T30] audit: type=1326 audit(1762386533.735:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 111.506772][ T30] audit: type=1326 audit(1762386533.735:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 111.727859][ T30] audit: type=1326 audit(1762386533.745:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 111.809532][ T30] audit: type=1326 audit(1762386533.745:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 112.167539][ T30] audit: type=1326 audit(1762386533.745:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 112.605416][ T30] audit: type=1326 audit(1762386533.745:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 113.612953][ T6220] netlink: 36 bytes leftover after parsing attributes in process `syz.4.71'. [ 114.086007][ T6226] fuse: Bad value for 'fd' [ 114.429116][ T6235] loop3: detected capacity change from 0 to 256 [ 115.200616][ T6239] FAT-fs (loop3): error, clusters badly computed (0 != 128) [ 115.208149][ T6239] FAT-fs (loop3): Filesystem has been set read-only [ 115.215044][ T6239] FAT-fs (loop3): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 115.943883][ T6253] fuse: Bad value for 'fd' [ 116.871296][ T6266] netlink: 36 bytes leftover after parsing attributes in process `syz.1.85'. [ 116.920098][ T5935] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 117.124172][ T5935] usb 5-1: Using ep0 maxpacket: 32 [ 117.154038][ T5935] usb 5-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=26.2f [ 117.173604][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.212354][ T5935] usb 5-1: Product: syz [ 117.229628][ T5935] usb 5-1: Manufacturer: syz [ 117.797739][ T5935] usb 5-1: SerialNumber: syz [ 117.810831][ T5935] usb 5-1: config 0 descriptor?? [ 117.823026][ T5935] ums-onetouch 5-1:0.0: USB Mass Storage device detected [ 118.046311][ T5935] usb 5-1: USB disconnect, device number 2 [ 118.521928][ T6281] process 'syz.1.89' launched './file0' with NULL argv: empty string added [ 118.993533][ T6262] loop3: detected capacity change from 0 to 40427 [ 119.131159][ T6262] F2FS-fs (loop3): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 119.192217][ T6262] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 119.231107][ T6262] F2FS-fs (loop3): invalid crc value [ 119.536700][ T6262] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 119.614316][ T6262] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 119.660240][ T6262] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 121.569306][ T6318] loop3: detected capacity change from 0 to 1024 [ 121.591018][ T6318] ======================================================= [ 121.591018][ T6318] WARNING: The mand mount option has been deprecated and [ 121.591018][ T6318] and is ignored by this kernel. Remove the mand [ 121.591018][ T6318] option from the mount to silence this warning. [ 121.591018][ T6318] ======================================================= [ 122.265818][ T6318] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.328292][ T6318] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.450477][ T6318] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.690406][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.603368][ T6345] loop3: detected capacity change from 0 to 512 [ 124.650752][ T6345] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 125.471183][ T6345] EXT4-fs (loop3): 1 truncate cleaned up [ 125.487485][ T6345] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.468093][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.740168][ T5935] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 127.904474][ T5935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.950444][ T5935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.986924][ T5935] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 128.019814][ T5935] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 128.080469][ T5935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.123039][ T5935] usb 3-1: config 0 descriptor?? [ 128.914008][ T5935] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 128.922518][ T5935] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 129.606092][ T5935] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 129.613730][ T5935] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 129.626926][ T5935] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 129.656123][ T5935] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 129.708016][ T5935] usb 3-1: USB disconnect, device number 2 [ 129.941835][ T6387] fido_id[6387]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 132.896601][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.904508][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.305336][ T6428] loop2: detected capacity change from 0 to 40427 [ 135.354976][ T6428] F2FS-fs (loop2): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 135.446267][ T6428] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 135.511961][ T6428] F2FS-fs (loop2): invalid crc value [ 135.715083][ T6454] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 136.150199][ T6428] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 136.295768][ T6428] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 136.315912][ T6428] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 137.480784][ T6481] wireguard0: entered promiscuous mode [ 137.520491][ T6481] wireguard0: entered allmulticast mode [ 138.333988][ T6493] tipc: Enabling of bearer rejected, failed to enable media [ 138.645825][ T6503] capability: warning: `syz.2.157' uses deprecated v2 capabilities in a way that may be insecure [ 138.851293][ T6508] overlayfs: failed to clone upperpath [ 141.390116][ T5935] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 141.541130][ T6535] xt_hashlimit: size too large, truncated to 1048576 [ 141.548097][ T6535] xt_hashlimit: max too large, truncated to 1048576 [ 142.091940][ T5935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.115271][ T5935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.156284][ T6538] netlink: 96 bytes leftover after parsing attributes in process `syz.3.172'. [ 142.177668][ T5935] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 142.211850][ T5935] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 142.240116][ T5935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.271158][ T5935] usb 3-1: config 0 descriptor?? [ 142.745832][ T5935] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 142.916369][ T5935] usb 3-1: USB disconnect, device number 3 [ 143.032687][ T6556] fido_id[6556]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 145.222188][ T6580] binfmt_misc: register: failed to install interpreter file ./file1 [ 152.219228][ T6617] FAT-fs (loop7): unable to read boot sector [ 152.959482][ T6629] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.968151][ T6629] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.991912][ T6629] bridge0: entered allmulticast mode [ 153.024202][ T6629] bridge_slave_1: left allmulticast mode [ 153.049891][ T6629] bridge_slave_1: left promiscuous mode [ 153.651489][ T6629] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.682469][ T6629] bridge_slave_0: left allmulticast mode [ 153.691976][ T6629] bridge_slave_0: left promiscuous mode [ 153.697829][ T6629] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.080822][ T6708] netlink: 16 bytes leftover after parsing attributes in process `syz.3.219'. [ 163.520006][ T6730] netlink: 148 bytes leftover after parsing attributes in process `syz.0.227'. [ 165.253786][ T6750] netlink: 16 bytes leftover after parsing attributes in process `syz.3.231'. [ 169.883471][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 169.883489][ T30] audit: type=1326 audit(1762386592.595:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 169.940083][ T30] audit: type=1326 audit(1762386592.595:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 170.038121][ T30] audit: type=1326 audit(1762386592.595:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 170.135291][ T30] audit: type=1326 audit(1762386592.595:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 170.211090][ T30] audit: type=1326 audit(1762386592.595:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 170.244971][ T30] audit: type=1326 audit(1762386592.595:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 170.300891][ T30] audit: type=1326 audit(1762386592.595:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 170.335062][ T30] audit: type=1326 audit(1762386592.595:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 170.402398][ T30] audit: type=1326 audit(1762386592.595:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 170.525398][ T30] audit: type=1326 audit(1762386592.595:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6784 comm="syz.2.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc71d18f6c9 code=0x7ffc0000 [ 171.661811][ T6814] overlayfs: failed to clone upperpath [ 172.650328][ T6831] netlink: 148 bytes leftover after parsing attributes in process `syz.3.255'. [ 175.493667][ T6855] fuse: Bad value for 'fd' [ 176.311950][ T6869] overlayfs: failed to clone upperpath [ 176.693830][ T6874] netlink: 148 bytes leftover after parsing attributes in process `syz.4.266'. [ 178.028591][ T6907] netlink: 148 bytes leftover after parsing attributes in process `syz.3.278'. [ 180.608833][ T6934] overlayfs: failed to clone upperpath [ 183.468433][ T6988] overlayfs: failed to clone upperpath [ 186.573879][ T7013] tipc: Enabling of bearer rejected, failed to enable media [ 187.086495][ T7018] 9p: Bad value for 'rfdno' [ 190.649829][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 190.649847][ T30] audit: type=1326 audit(1762386613.355:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 191.292839][ T30] audit: type=1326 audit(1762386613.715:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 191.315418][ T30] audit: type=1326 audit(1762386613.875:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 191.337673][ T30] audit: type=1326 audit(1762386613.875:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 191.363424][ T30] audit: type=1326 audit(1762386613.885:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 191.385750][ T30] audit: type=1326 audit(1762386613.885:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 191.428477][ T30] audit: type=1326 audit(1762386613.885:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 191.473405][ T30] audit: type=1326 audit(1762386613.885:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 191.613132][ T30] audit: type=1326 audit(1762386613.885:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 191.657281][ T30] audit: type=1326 audit(1762386613.885:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x7ffc0000 [ 192.315966][ T7098] netlink: 76 bytes leftover after parsing attributes in process `syz.3.335'. [ 194.338666][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.360669][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.195041][ T7148] netlink: 76 bytes leftover after parsing attributes in process `syz.1.349'. [ 198.686338][ T7165] netlink: 56 bytes leftover after parsing attributes in process `syz.3.350'. [ 200.375141][ T7180] fuse: Bad value for 'fd' [ 200.882374][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 200.882396][ T30] audit: type=1326 audit(1762386623.585:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 200.929892][ T30] audit: type=1326 audit(1762386623.625:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 200.959511][ T30] audit: type=1326 audit(1762386623.635:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 200.984378][ T30] audit: type=1326 audit(1762386623.635:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 201.007065][ T30] audit: type=1326 audit(1762386623.635:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 201.420156][ T30] audit: type=1326 audit(1762386623.635:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 201.542810][ T30] audit: type=1326 audit(1762386623.635:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 201.624383][ T7190] netlink: 76 bytes leftover after parsing attributes in process `syz.2.362'. [ 201.690053][ T52] Bluetooth: hci0: command 0x0406 tx timeout [ 201.698514][ T5825] Bluetooth: hci1: command 0x0406 tx timeout [ 201.704683][ T5825] Bluetooth: hci3: command 0x0406 tx timeout [ 201.711557][ T52] Bluetooth: hci4: command 0x0406 tx timeout [ 201.717735][ T5825] Bluetooth: hci2: command 0x0406 tx timeout [ 201.755688][ T30] audit: type=1326 audit(1762386623.645:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 201.779534][ T30] audit: type=1326 audit(1762386623.645:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 201.831660][ T30] audit: type=1326 audit(1762386623.645:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 201.859556][ T7195] netlink: 4 bytes leftover after parsing attributes in process `syz.1.364'. [ 204.960137][ T7230] netlink: 76 bytes leftover after parsing attributes in process `syz.4.376'. [ 206.192890][ T7241] netlink: 16 bytes leftover after parsing attributes in process `syz.2.379'. [ 207.881219][ T7258] netlink: 24 bytes leftover after parsing attributes in process `syz.2.386'. [ 208.315723][ T7266] netlink: 76 bytes leftover after parsing attributes in process `syz.2.389'. [ 208.979373][ T7271] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 208.997532][ T7274] netlink: 16 bytes leftover after parsing attributes in process `syz.3.392'. [ 209.012019][ T7271] Cannot find add_set index 0 as target [ 213.240140][ T7304] netlink: 36 bytes leftover after parsing attributes in process `syz.4.399'. [ 215.216959][ T7316] netlink: 76 bytes leftover after parsing attributes in process `syz.4.405'. [ 218.143532][ T7342] tipc: Failed to remove unknown binding: 66,1,1/0:1580866091/1580866093 [ 218.153330][ T7342] tipc: Failed to remove unknown binding: 66,1,1/0:1580866091/1580866093 [ 218.162854][ T7342] tipc: Failed to remove unknown binding: 66,1,1/0:1580866091/1580866093 [ 218.176221][ T7348] overlayfs: failed to clone upperpath [ 220.061487][ T7370] netlink: 16 bytes leftover after parsing attributes in process `syz.1.422'. [ 220.197847][ T7373] netlink: 76 bytes leftover after parsing attributes in process `syz.1.425'. [ 220.743665][ T7389] overlayfs: failed to clone upperpath [ 222.737195][ T7405] netlink: 16 bytes leftover after parsing attributes in process `syz.4.434'. [ 223.883357][ T7414] netlink: 76 bytes leftover after parsing attributes in process `syz.0.439'. [ 224.266999][ T7421] fuse: Bad value for 'fd' [ 225.101057][ T7424] tipc: Enabling of bearer rejected, failed to enable media [ 227.612598][ T7452] netlink: 76 bytes leftover after parsing attributes in process `syz.0.450'. [ 228.337676][ T7465] netlink: 16 bytes leftover after parsing attributes in process `syz.3.455'. [ 230.674556][ T7483] fuse: Bad value for 'fd' [ 231.725757][ T7491] netlink: 76 bytes leftover after parsing attributes in process `syz.0.464'. [ 234.824588][ T7534] netlink: 16 bytes leftover after parsing attributes in process `syz.2.474'. [ 235.262754][ T7533] netlink: 8 bytes leftover after parsing attributes in process `syz.3.467'. [ 237.055709][ T7556] fuse: Bad value for 'fd' [ 245.268086][ T7613] netlink: 16 bytes leftover after parsing attributes in process `syz.1.497'. [ 247.316119][ T7634] netlink: 76 bytes leftover after parsing attributes in process `syz.3.507'. [ 250.306108][ T7659] overlayfs: failed to clone upperpath [ 251.576869][ T7689] netlink: 16 bytes leftover after parsing attributes in process `syz.3.521'. [ 252.613540][ T7698] overlayfs: failed to clone upperpath [ 254.822140][ T7729] overlayfs: failed to clone upperpath [ 255.777410][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.784084][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.852826][ T7750] netlink: 16 bytes leftover after parsing attributes in process `syz.4.548'. [ 259.729342][ T7773] overlayfs: failed to clone upperpath [ 261.720136][ T7800] fuse: Bad value for 'fd' [ 263.376600][ T7822] overlayfs: failed to clone upperpath [ 265.463239][ T7860] overlayfs: failed to clone upperpath [ 266.650269][ T7877] Driver unsupported XDP return value 0 on prog (id 243) dev N/A, expect packet loss! [ 268.380387][ T7904] overlayfs: failed to clone upperpath [ 271.466621][ T7955] overlayfs: failed to clone upperpath [ 273.235656][ T8004] netlink: 56 bytes leftover after parsing attributes in process `syz.3.638'. [ 273.844383][ T8012] overlayfs: failed to clone upperpath [ 275.200377][ T8040] netlink: 56 bytes leftover after parsing attributes in process `syz.3.656'. [ 277.238864][ T8068] netlink: 56 bytes leftover after parsing attributes in process `syz.3.667'. [ 277.254834][ T8069] overlayfs: failed to clone upperpath [ 277.418016][ T8072] tipc: Started in network mode [ 277.423646][ T8072] tipc: Node identity ac14140f, cluster identity 4711 [ 277.436019][ T8072] tipc: New replicast peer: 255.255.255.255 [ 277.445943][ T8072] tipc: Enabled bearer , priority 10 [ 278.564159][ T797] tipc: Node number set to 2886997007 [ 278.804341][ T8093] netlink: 56 bytes leftover after parsing attributes in process `syz.1.678'. [ 280.226986][ T8114] netlink: 96 bytes leftover after parsing attributes in process `syz.0.684'. [ 283.208830][ T8147] netlink: 24 bytes leftover after parsing attributes in process `syz.4.696'. [ 283.242715][ T8144] netlink: 'syz.3.695': attribute type 27 has an invalid length. [ 285.734634][ T8144] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.742520][ T8144] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.237860][ T8144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.282328][ T8144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 286.647612][ T8148] 8021q: adding VLAN 0 to HW filter on device bond0 [ 286.656426][ T8148] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.680091][ T8148] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 286.711662][ T8178] netlink: 96 bytes leftover after parsing attributes in process `syz.2.703'. [ 286.786793][ T36] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.060050][ T36] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.079962][ T36] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.100347][ T36] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.363913][ T43] IPVS: starting estimator thread 0... [ 296.490138][ T8288] IPVS: using max 23 ests per chain, 55200 per kthread [ 297.631294][ T8308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 297.872945][ T8296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 297.885608][ T8296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.170115][ T8296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.229722][ T8350] overlayfs: failed to resolve './bus': -2 [ 303.404259][ T8357] bridge0: port 3(syz_tun) entered blocking state [ 303.412367][ T8357] bridge0: port 3(syz_tun) entered disabled state [ 303.421110][ T8357] syz_tun: entered allmulticast mode [ 303.428794][ T8357] syz_tun: entered promiscuous mode [ 303.437948][ T8357] bridge0: port 3(syz_tun) entered blocking state [ 303.444574][ T8357] bridge0: port 3(syz_tun) entered forwarding state [ 304.972375][ T8379] netlink: 56 bytes leftover after parsing attributes in process `syz.0.765'. [ 312.483816][ T5147] Bluetooth: hci3: unexpected event for opcode 0x080c [ 312.728229][ T8455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 312.795544][ T8455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 315.612809][ T8478] smc: net device bridge_slave_0 applied user defined pnetid SYZ1 [ 315.810928][ T8478] bond1 (unregistering): Released all slaves [ 316.124854][ T8487] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 316.141426][ T8487] IPv6: addrconf: prefix option has invalid lifetime [ 316.153642][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 316.162964][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 316.226926][ T8487] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 316.240054][ T8487] IPv6: addrconf: prefix option has invalid lifetime [ 316.249349][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 316.257676][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 316.337732][ T8493] Zero length message leads to an empty skb [ 316.494597][ T5147] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 316.508018][ T5147] Bluetooth: hci3: Injecting HCI hardware error event [ 316.529695][ T5147] Bluetooth: hci3: hardware error 0x00 [ 317.224671][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.233370][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.776091][ T5147] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 318.941526][ T5147] Bluetooth: latency 20 > max_latency 7 [ 319.137852][ T8370] Set syz1 is full, maxelem 65536 reached [ 319.745301][ T8535] overlayfs: failed to clone upperpath [ 320.326789][ T5833] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 320.336599][ T5833] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 320.345281][ T5833] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 320.353950][ T5833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 320.370204][ T5833] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 321.020391][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 321.792824][ T8566] netlink: 56 bytes leftover after parsing attributes in process `syz.1.827'. [ 322.496893][ T8547] chnl_net:caif_netlink_parms(): no params data found [ 322.650142][ T5833] Bluetooth: hci5: command tx timeout [ 323.846990][ T8547] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.855996][ T8547] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.880560][ T8547] bridge_slave_0: entered allmulticast mode [ 323.896838][ T8547] bridge_slave_0: entered promiscuous mode [ 323.935123][ T8547] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.942817][ T8547] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.950810][ T8547] bridge_slave_1: entered allmulticast mode [ 323.959134][ T8547] bridge_slave_1: entered promiscuous mode [ 324.196933][ T8547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.224360][ T8547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.404837][ T8547] team0: Port device team_slave_0 added [ 324.504604][ T8547] team0: Port device team_slave_1 added [ 324.730039][ T5833] Bluetooth: hci5: command tx timeout [ 324.849377][ T8547] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.856645][ T8547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 324.903070][ T8547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.922245][ T8547] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.929486][ T8547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 324.967246][ T8547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.145864][ T8547] hsr_slave_0: entered promiscuous mode [ 325.160812][ T8547] hsr_slave_1: entered promiscuous mode [ 325.175979][ T8547] debugfs: 'hsr0' already exists in 'hsr' [ 325.189156][ T8547] Cannot create hsr debugfs directory [ 325.562321][ T1148] bridge_slave_1: left allmulticast mode [ 325.581478][ T1148] bridge_slave_1: left promiscuous mode [ 325.589628][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.651265][ T1148] bridge_slave_0: left allmulticast mode [ 325.664031][ T1148] bridge_slave_0: left promiscuous mode [ 325.690551][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.810045][ T5833] Bluetooth: hci5: command tx timeout [ 327.330252][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 327.364144][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 327.401762][ T1148] bond0 (unregistering): Released all slaves [ 327.836033][ T8633] netlink: 148 bytes leftover after parsing attributes in process `syz.4.851'. [ 328.436692][ T1148] hsr_slave_0: left promiscuous mode [ 328.552739][ T8630] overlayfs: failed to clone upperpath [ 328.613716][ T1148] hsr_slave_1: left promiscuous mode [ 328.630592][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 328.696542][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 328.890284][ T5833] Bluetooth: hci5: command tx timeout [ 330.483931][ T1148] team0 (unregistering): Port device team_slave_1 removed [ 330.592189][ T1148] team0 (unregistering): Port device team_slave_0 removed [ 331.711054][ T8547] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 331.775291][ T8547] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 331.946262][ T8547] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 331.990178][ T8547] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 332.085496][ T8707] netlink: 16 bytes leftover after parsing attributes in process `syz.4.867'. [ 333.168809][ T8735] bridge0: port 3(syz_tun) entered blocking state [ 333.186042][ T8735] bridge0: port 3(syz_tun) entered disabled state [ 333.204207][ T8735] syz_tun: entered allmulticast mode [ 333.223873][ T8735] syz_tun: entered promiscuous mode [ 333.242001][ T8735] bridge0: port 3(syz_tun) entered blocking state [ 333.249376][ T8735] bridge0: port 3(syz_tun) entered forwarding state [ 333.290609][ T8547] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.320689][ T8547] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.360948][ T6009] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.368758][ T6009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.436627][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.444190][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.037063][ T8547] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 334.950486][ T5833] Bluetooth: Frame is too long (len 10, expected len 6) [ 335.128326][ T8547] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 335.512621][ T8768] netlink: 56 bytes leftover after parsing attributes in process `syz.1.880'. [ 338.512231][ T8797] netlink: 16 bytes leftover after parsing attributes in process `syz.4.888'. [ 338.525677][ T8797] netlink: 16 bytes leftover after parsing attributes in process `syz.4.888'. [ 339.131380][ T8807] netlink: 16 bytes leftover after parsing attributes in process `syz.2.889'. [ 339.660430][ T8547] veth0_vlan: entered promiscuous mode [ 339.690217][ T8547] veth1_vlan: entered promiscuous mode [ 339.804106][ T8547] veth0_macvtap: entered promiscuous mode [ 339.842691][ T8547] veth1_macvtap: entered promiscuous mode [ 339.919636][ T8547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 339.956271][ T8547] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 340.001468][ T1148] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.031395][ T1148] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.061831][ T6113] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.092981][ T6113] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.279655][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.321602][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.397925][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.430609][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.985597][ T8838] netlink: 148 bytes leftover after parsing attributes in process `syz.5.896'. [ 341.636736][ T8855] overlayfs: missing 'lowerdir' [ 343.307335][ T8878] netlink: 148 bytes leftover after parsing attributes in process `syz.1.907'. [ 343.630334][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 343.641674][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 344.954695][ T8903] netlink: 16 bytes leftover after parsing attributes in process `syz.4.913'. [ 346.845728][ T8920] netlink: 4 bytes leftover after parsing attributes in process `syz.5.922'. [ 349.961618][ T5833] Bluetooth: hci0: Ignoring connect complete event for invalid link type [ 350.348037][ T8956] netlink: 148 bytes leftover after parsing attributes in process `syz.0.932'. [ 353.210207][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 354.397133][ T8993] loop5: detected capacity change from 0 to 256 [ 354.412169][ T8993] exfat: Deprecated parameter 'namecase' [ 354.419985][ T8993] exfat: Deprecated parameter 'namecase' [ 354.458660][ T8993] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbc8dc3cd, utbl_chksum : 0xe619d30d) [ 355.341401][ T9008] netlink: 148 bytes leftover after parsing attributes in process `syz.0.948'. [ 355.882702][ T8547] exFAT-fs (loop5): start_clu is invalid cluster(0xff000008) [ 358.436415][ T9057] loop5: detected capacity change from 0 to 512 [ 358.481107][ T9057] EXT4-fs: inline encryption not supported [ 358.508504][ T9057] EXT4-fs: Ignoring removed mblk_io_submit option [ 358.540044][ T9057] EXT4-fs (loop5): Test dummy encryption mode enabled [ 358.564231][ T9057] EXT4-fs (loop5): orphan cleanup on readonly fs [ 358.602551][ T9057] EXT4-fs error (device loop5): ext4_orphan_get:1392: comm syz.5.959: inode #13: comm syz.5.959: iget: illegal inode # [ 358.680528][ T9057] EXT4-fs (loop5): Remounting filesystem read-only [ 358.709109][ T9057] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 359.419988][ T9069] fuse: Unknown parameter 'group_i00000000000000000000' [ 359.712386][ T9075] netlink: 16 bytes leftover after parsing attributes in process `syz.5.959'. [ 360.190333][ T9077] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 360.202666][ T9077] IPv6: addrconf: prefix option has invalid lifetime [ 360.210849][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 360.219467][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 360.309983][ T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 360.630075][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 360.793481][ T24] usb 6-1: config 0 has an invalid interface number: 196 but max is 0 [ 361.011352][ T24] usb 6-1: config 0 has no interface number 0 [ 361.011407][ T24] usb 6-1: config 0 interface 196 has no altsetting 0 [ 361.017928][ T24] usb 6-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 361.017960][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 361.017980][ T24] usb 6-1: Product: syz [ 361.017995][ T24] usb 6-1: Manufacturer: syz [ 361.018010][ T24] usb 6-1: SerialNumber: syz [ 361.042638][ T24] usb 6-1: config 0 descriptor?? [ 361.507052][ T9099] bridge_slave_0: default FDB implementation only supports local addresses [ 362.403222][ T24] ipheth 6-1:0.196: Unable to find endpoints [ 362.463078][ T24] usb 6-1: USB disconnect, device number 2 [ 362.466300][ T8547] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.610765][ T9108] fuse: Unknown parameter 'group_i00000000000000000000' [ 363.620860][ T5833] Bluetooth: hci4: unexpected cc 0x203c length: 9 > 1 [ 363.627710][ T5833] Bluetooth: hci4: unexpected event for opcode 0x203c [ 363.988949][ T9134] netlink: 56 bytes leftover after parsing attributes in process `syz.1.977'. [ 364.833279][ T9145] loop5: detected capacity change from 0 to 1024 [ 364.981797][ T9145] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 365.144741][ T9152] netlink: 16 bytes leftover after parsing attributes in process `syz.4.982'. [ 365.196965][ T9145] Bluetooth: MGMT ver 1.23 [ 366.636488][ T9161] fuse: Unknown parameter 'group_id00000000000000000000' [ 366.834499][ T8547] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 368.821992][ T9185] netlink: 56 bytes leftover after parsing attributes in process `syz.2.991'. [ 369.410663][ T9199] netlink: 4 bytes leftover after parsing attributes in process `syz.0.992'. [ 369.850189][ T9206] fuse: Unknown parameter 'group_id00000000000000000000' [ 370.150972][ T9219] netlink: 'syz.4.1001': attribute type 4 has an invalid length. [ 370.794263][ T9235] capability: warning: `syz.1.1005' uses 32-bit capabilities (legacy support in use) [ 370.930260][ T9191] loop5: detected capacity change from 0 to 40427 [ 370.995655][ T9191] F2FS-fs (loop5): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 371.040716][ T9191] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 371.076380][ T9191] F2FS-fs (loop5): invalid crc value [ 371.281758][ T9191] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 371.322697][ T9191] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 371.329773][ T9191] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 371.981147][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 371.981166][ T30] audit: type=1326 audit(1762386794.675:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 372.043074][ T30] audit: type=1326 audit(1762386794.675:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 372.096322][ T30] audit: type=1326 audit(1762386794.685:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 372.148432][ T30] audit: type=1326 audit(1762386794.685:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 372.191082][ T30] audit: type=1326 audit(1762386794.685:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 372.217235][ T30] audit: type=1326 audit(1762386794.685:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1018" exe="/root/syz-executor" sig=0 arch=40000003 syscall=150 compat=1 ip=0x200000000006 code=0x7ffc0000 [ 372.241637][ T30] audit: type=1326 audit(1762386794.685:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 372.242524][ T9276] fuse: Unknown parameter 'group_id00000000000000000000' [ 372.284712][ T30] audit: type=1326 audit(1762386794.685:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.0.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 372.481260][ T9281] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1022'. [ 374.731831][ T9315] fuse: Bad value for 'user_id' [ 374.736776][ T9315] fuse: Bad value for 'user_id' [ 374.819223][ T9313] xt_CT: You must specify a L4 protocol and not use inversions on it [ 376.592849][ T9338] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1042'. [ 376.781218][ T9343] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 376.793508][ T9343] IPv6: addrconf: prefix option has invalid lifetime [ 376.803172][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 376.811330][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 376.939041][ T9345] bridge0: port 3(syz_tun) entered disabled state [ 376.946975][ T9345] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.954425][ T9345] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.580827][ T9350] fuse: Bad value for 'user_id' [ 377.585722][ T9350] fuse: Bad value for 'user_id' [ 377.883804][ T5833] Bluetooth: to_multiplier 0 < 10 [ 378.166670][ T5833] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260 [ 378.694821][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.708633][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.182812][ T30] audit: type=1326 audit(1762386801.895:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9378 comm="syz.1.1057" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x0 [ 379.305710][ T9386] fuse: Bad value for 'user_id' [ 379.310865][ T9386] fuse: Bad value for 'user_id' [ 379.452140][ T9394] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1064'. [ 380.031686][ T9401] 9p: Bad value for 'rfdno' [ 380.075389][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 380.177800][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 380.280241][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 380.382618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 380.426675][ T5833] Bluetooth: hci4: command 0x0406 tx timeout [ 381.202762][ T30] audit: type=1800 audit(1762386803.915:131): pid=9413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1070" name="file1" dev="tmpfs" ino=1158 res=0 errno=0 [ 381.363944][ T9416] fuse: Bad value for 'fd' [ 381.901962][ T9430] syz_tun: entered allmulticast mode [ 381.926187][ T9430] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1078'. [ 382.914368][ T9430] syz_tun (unregistering): left allmulticast mode [ 383.289764][ T9461] fuse: Bad value for 'fd' [ 383.429148][ T9470] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 383.454586][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 384.340909][ T9470] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 384.353057][ T9470] IPv6: addrconf: prefix option has invalid lifetime [ 384.360933][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 384.368242][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 385.128563][ T5833] Bluetooth: hci4: Unable to find connection for big 0x02 [ 385.868736][ T9515] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 385.929169][ T9515] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 385.942003][ T9515] IPv6: addrconf: prefix option has invalid lifetime [ 385.949482][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 385.957108][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 386.083884][ T9521] warning: `syz.2.1114' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 387.676458][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 387.685557][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 389.008636][ T9566] netlink: 292 bytes leftover after parsing attributes in process `syz.5.1131'. [ 396.354029][ T9666] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1167'. [ 397.090098][ T9671] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1166'. [ 408.790023][ T5833] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 409.077978][ T9807] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1218'. [ 409.272927][ T9819] netlink: 1272 bytes leftover after parsing attributes in process `syz.4.1199'. [ 409.970639][ T9838] netlink: 144 bytes leftover after parsing attributes in process `syz.5.1231'. [ 410.219793][ T9848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1235'. [ 410.289380][ T30] audit: type=1326 audit(1762386832.995:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 410.342201][ T30] audit: type=1326 audit(1762386832.995:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 410.392711][ T30] audit: type=1326 audit(1762386832.995:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 410.613265][ T30] audit: type=1326 audit(1762386832.995:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 410.635772][ T30] audit: type=1326 audit(1762386832.995:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 410.659178][ T30] audit: type=1326 audit(1762386832.995:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 411.695693][ T30] audit: type=1326 audit(1762386832.995:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 411.926284][ T30] audit: type=1326 audit(1762386832.995:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 411.948935][ T30] audit: type=1326 audit(1762386832.995:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 412.072925][ T30] audit: type=1326 audit(1762386832.995:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 415.664248][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 415.664268][ T30] audit: type=1326 audit(1762386838.355:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9918 comm="syz.0.1262" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x0 [ 417.650489][ T30] audit: type=1326 audit(1762386840.275:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9955 comm="syz.2.1278" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc71d18f6c9 code=0x0 [ 419.962976][T10000] 9p: Could not find request transport: fd0x0000000000000003 [ 421.484719][ T30] audit: type=1800 audit(1762386844.195:164): pid=10019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1297" name="file1" dev="tmpfs" ino=1426 res=0 errno=0 [ 423.323029][ T30] audit: type=1326 audit(1762386846.025:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 423.426927][ T30] audit: type=1326 audit(1762386846.025:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 423.504706][ T30] audit: type=1326 audit(1762386846.055:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 423.556252][ T30] audit: type=1326 audit(1762386846.055:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 423.582663][ T30] audit: type=1326 audit(1762386846.055:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 423.828324][ T30] audit: type=1326 audit(1762386846.055:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 423.850806][ T30] audit: type=1326 audit(1762386846.055:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 423.873319][ T30] audit: type=1326 audit(1762386846.055:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 424.933289][ T30] audit: type=1326 audit(1762386846.065:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 426.595270][T10096] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1330'. [ 428.744311][ T5833] Bluetooth: to_multiplier 0 < 10 [ 430.822026][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 431.095348][ T5833] Bluetooth: to_multiplier 0 < 10 [ 431.231121][T10154] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1332'. [ 432.069565][ T30] kauditd_printk_skb: 84 callbacks suppressed [ 432.069582][ T30] audit: type=1326 audit(1762386854.775:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.0.1368" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x0 [ 433.149944][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 433.205688][ T5833] Bluetooth: to_multiplier 0 < 10 [ 433.211562][T10205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1376'. [ 435.290798][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 435.425403][ T30] audit: type=1326 audit(1762386858.135:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10247 comm="syz.2.1393" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc71d18f6c9 code=0x0 [ 437.436755][ T5833] Bluetooth: hci5: command tx timeout [ 438.698076][ T30] audit: type=1326 audit(1762386861.395:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10286 comm="syz.1.1406" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x0 [ 440.100637][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.107446][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.714391][T10324] 9p: Bad value for 'wfdno' [ 442.906322][T10373] netlink: 'syz.1.1437': attribute type 2 has an invalid length. [ 442.934439][T10373] netlink: 'syz.1.1437': attribute type 2 has an invalid length. [ 442.978119][T10373] netlink: 'syz.1.1437': attribute type 1 has an invalid length. [ 443.004221][T10373] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1437'. [ 445.483337][T10423] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1460'. [ 447.124898][T10471] ecryptfs: Unknown parameter '³' [ 447.184267][T10473] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 447.292650][ T5147] Bluetooth: hci5: command 0x0406 tx timeout [ 449.255467][T10534] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1503'. [ 449.349399][T10536] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 449.428430][T10537] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 449.441267][T10537] IPv6: addrconf: prefix option has invalid lifetime [ 449.449687][ C1] IPv6: addrconf: prefix option has invalid lifetime [ 449.457638][ C1] IPv6: addrconf: prefix option has invalid lifetime [ 450.218545][T10573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1518'. [ 450.342741][T10582] fuse: Unknown parameter 'fd0x0000000000000004' [ 450.767515][T10599] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1528'. [ 454.341455][T10654] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1554'. [ 454.518895][T10661] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1557'. [ 456.096508][T10685] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1564'. [ 458.811365][T10739] bridge_slave_0: default FDB implementation only supports local addresses [ 458.863868][T10739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1585'. [ 458.874153][T10739] bridge_slave_0: default FDB implementation only supports local addresses [ 469.878791][T10883] bridge_slave_1: left allmulticast mode [ 469.910497][T10883] bridge_slave_1: left promiscuous mode [ 469.916372][T10883] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.302237][T10956] IPv6: addrconf: prefix option has invalid lifetime [ 474.353922][ T30] audit: type=1326 audit(1762386897.065:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10958 comm="syz.5.1669" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f51edf8f6c9 code=0x0 [ 476.547543][ T30] audit: type=1326 audit(1762386899.225:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11013 comm="syz.1.1692" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x0 [ 478.617142][T11107] syz.4.1734 uses obsolete (PF_INET,SOCK_PACKET) [ 481.595098][ T30] audit: type=1326 audit(1762386904.305:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11151 comm="syz.0.1752" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x0 [ 482.296733][ T5833] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 482.379406][T11183] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 482.413873][T11183] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 482.426208][T11183] IPv6: addrconf: prefix option has invalid lifetime [ 482.434342][ C1] IPv6: addrconf: prefix option has invalid lifetime [ 482.778418][ T30] audit: type=1326 audit(1762386905.485:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11187 comm="syz.0.1768" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x0 [ 483.165766][T11194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1771'. [ 484.322338][ T30] audit: type=1326 audit(1762386907.035:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11214 comm="syz.4.1779" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2b0238f6c9 code=0x0 [ 484.990474][T11230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1787'. [ 485.784536][T11256] netlink: 'syz.4.1800': attribute type 11 has an invalid length. [ 485.870901][T11256] bridge0: port 3(syz_tun) entered blocking state [ 485.877751][T11256] bridge0: port 3(syz_tun) entered forwarding state [ 485.886201][T11256] bridge0: port 2(bridge_slave_1) entered blocking state [ 485.893624][T11256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 485.901170][T11256] bridge0: port 1(bridge_slave_0) entered blocking state [ 485.908367][T11256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 486.024155][T11256] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 488.007826][T11294] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1814'. [ 488.978530][T11294] netlink: 'syz.1.1814': attribute type 10 has an invalid length. [ 489.209410][ T30] audit: type=1326 audit(1762386911.915:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11299 comm="syz.1.1818" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x0 [ 492.897470][T11364] netem: change failed [ 493.769230][T11425] mac80211_hwsim hwsim13 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 495.931156][ T5948] wlan1: Trigger new scan to find an IBSS to join [ 496.700929][T11499] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1901'. [ 498.000550][T11530] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 498.044846][T11532] IPv6: addrconf: prefix option has invalid lifetime [ 498.357292][T11545] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1920'. [ 500.901006][ T5948] wlan1: Trigger new scan to find an IBSS to join [ 500.911518][T11594] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1939'. [ 501.542909][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.549331][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.776063][T11586] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1933'. [ 502.637104][ T13] wlan1: Creating new IBSS network, BSSID 42:6a:de:f5:9b:74 [ 503.149517][T11638] vcan0: tx drop: invalid sa for name 0xfffffffffffffffd [ 503.165161][T11634] netlink: 51 bytes leftover after parsing attributes in process `syz.5.1956'. [ 503.437165][T11642] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1957'. [ 504.383237][T11661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1963'. [ 506.163429][T11683] xt_hashlimit: size too large, truncated to 1048576 [ 506.343308][T11688] netlink: 124 bytes leftover after parsing attributes in process `syz.5.1973'. [ 506.746356][T11699] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.1977'. [ 508.103683][T11741] tipc: Enabling of bearer rejected, failed to enable media [ 508.552575][ T30] audit: type=1326 audit(1762386931.265:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11761 comm="syz.0.1998" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x0 [ 509.469874][ T30] audit: type=1326 audit(1762386932.175:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11796 comm="syz.0.2012" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x0 [ 510.115573][T11824] netlink: 51 bytes leftover after parsing attributes in process `syz.0.2021'. [ 510.294086][T11831] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2023'. [ 510.374975][T11833] netlink: 'syz.5.2026': attribute type 1 has an invalid length. [ 510.441917][T11833] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 510.475065][T11833] veth3: entered promiscuous mode [ 510.485096][T11833] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 510.495995][T11833] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2026'. [ 510.507209][ T5948] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 510.508770][T11833] 8021q: adding VLAN 0 to HW filter on device bond1 [ 510.706632][ T5948] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 510.780445][T11853] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2035'. [ 510.925553][T11862] netlink: zone id is out of range [ 510.936466][T11862] netlink: zone id is out of range [ 510.952850][T11862] netlink: set zone limit has 8 unknown bytes [ 511.205929][T11870] syz.0.2041 (11870) used greatest stack depth: 17896 bytes left [ 511.573660][T11898] erspan0: entered promiscuous mode [ 511.597528][T11898] erspan0: entered allmulticast mode [ 512.712112][T11945] netlink: 240 bytes leftover after parsing attributes in process `syz.0.2069'. [ 512.922628][T11949] 9p: Bad value for 'wfdno' [ 513.512156][T11978] xt_hashlimit: max too large, truncated to 1048576 [ 514.670282][T12008] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2094'. [ 514.914344][T12020] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 514.928711][T12020] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 514.940871][T12020] IPv6: addrconf: prefix option has invalid lifetime [ 514.950824][ C1] IPv6: addrconf: prefix option has invalid lifetime [ 514.958711][ C1] IPv6: addrconf: prefix option has invalid lifetime [ 516.059357][T12046] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2106'. [ 517.619588][T12069] 9pnet_virtio: no channels available for device syz [ 518.565479][T12091] 9pnet_virtio: no channels available for device syz [ 520.331342][T12091] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1ùàV!‚lü1Ü*ø$pOcÚÉ”Î̱®˜›=f¥£ [ 521.428248][T12136] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 521.470471][T12135] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2139'. [ 521.532220][T12136] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2138'. [ 522.222555][ T5833] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 522.983727][T12155] overlayfs: failed to clone upperpath [ 523.250305][T12172] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2153'. [ 524.987097][T12184] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2156'. [ 527.299452][T12216] overlayfs: failed to clone upperpath [ 528.531583][T12241] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2177'. [ 528.647191][T12236] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.978224][T12236] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.122000][T12249] netlink: 'syz.1.2179': attribute type 12 has an invalid length. [ 529.327011][T12236] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.445806][T12236] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.724705][ T13] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.790537][ T6009] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.858532][ T13] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.939992][ T5948] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.059037][ T30] audit: type=1326 audit(1762386952.765:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12264 comm="syz.1.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 530.141494][ T30] audit: type=1326 audit(1762386952.805:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12264 comm="syz.1.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 530.199088][ T30] audit: type=1326 audit(1762386952.805:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12264 comm="syz.1.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 530.246459][ T30] audit: type=1326 audit(1762386952.805:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12264 comm="syz.1.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 530.311168][ T30] audit: type=1326 audit(1762386952.805:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12264 comm="syz.1.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 530.327604][T12271] xt_hashlimit: max too large, truncated to 1048576 [ 530.375101][ T30] audit: type=1326 audit(1762386952.805:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12264 comm="syz.1.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 530.453292][ T30] audit: type=1326 audit(1762386952.805:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12264 comm="syz.1.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 530.529126][T12274] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 530.593445][ T30] audit: type=1326 audit(1762386952.805:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12264 comm="syz.1.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x7ffc0000 [ 532.177593][T12356] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2219'. [ 532.937253][ T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 537.110891][T12406] xt_hashlimit: max too large, truncated to 1048576 [ 537.406135][T12418] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2240'. [ 537.853166][T12432] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2247'. [ 537.903919][T12432] wireguard0: entered promiscuous mode [ 537.909411][T12432] wireguard0: entered allmulticast mode [ 537.927763][T12442] xt_hashlimit: max too large, truncated to 1048576 [ 538.102354][T12446] overlayfs: failed to clone upperpath [ 538.281451][T12455] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2254'. [ 538.891626][T12472] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 539.720114][T12472] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 539.732299][T12472] IPv6: addrconf: prefix option has invalid lifetime [ 539.740351][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 540.804883][T12492] syz.1.2270 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 540.894307][T12514] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 540.913302][T12514] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 540.925665][T12514] IPv6: addrconf: prefix option has invalid lifetime [ 540.934498][ C1] IPv6: addrconf: prefix option has invalid lifetime [ 540.942555][ C1] IPv6: addrconf: prefix option has invalid lifetime [ 542.583117][T12552] IPv6: addrconf: prefix option has invalid lifetime [ 542.843556][ T30] audit: type=1326 audit(1762386965.555:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.1.2293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311598f6c9 code=0x0 [ 544.369465][T12577] autofs: Unknown parameter 'icmp6' [ 545.492825][T12592] overlayfs: failed to clone upperpath [ 545.534426][T12596] netlink: 'syz.2.2306': attribute type 1 has an invalid length. [ 545.555440][ T30] audit: type=1326 audit(1762386968.265:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12597 comm="syz.5.2307" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f51edf8f6c9 code=0x0 [ 545.784062][T12602] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 545.931279][T12603] veth5: entered promiscuous mode [ 548.672842][T12644] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2323'. [ 549.314204][T12649] geneve2: entered promiscuous mode [ 549.319622][T12649] geneve2: entered allmulticast mode [ 549.582935][T12653] tipc: Enabling of bearer rejected, failed to enable media [ 552.127411][T12682] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2334'. [ 552.437145][T12686] netlink: 'syz.2.2336': attribute type 10 has an invalid length. [ 552.577840][T12686] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 552.587369][T12687] bridge_slave_1: left allmulticast mode [ 552.597153][T12687] bridge_slave_1: left promiscuous mode [ 552.603098][T12687] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.638203][T12687] bridge_slave_0: left allmulticast mode [ 552.644114][T12687] bridge_slave_0: left promiscuous mode [ 552.697098][T12687] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.838306][T12690] erspan0: entered promiscuous mode [ 552.850588][T12690] erspan0: entered allmulticast mode [ 552.896426][T12685] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 554.270125][T12703] openvswitch: netlink: Flow actions attr not present in new flow. [ 554.535521][T12710] netlink: 'syz.4.2341': attribute type 1 has an invalid length. [ 554.930345][T12713] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 555.014519][T12710] veth5: entered promiscuous mode [ 555.285764][T12718] 9p: Bad value for 'wfdno' [ 556.511526][ T30] audit: type=1326 audit(1762386979.225:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12729 comm="syz.1.2353" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f311598f6c9 code=0x0 [ 556.572899][T12734] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2353'. [ 556.600263][T12734] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2353'. [ 556.952836][T12738] overlayfs: failed to clone upperpath [ 557.909385][T12748] 9p: Bad value for 'wfdno' [ 559.803670][T12775] overlayfs: failed to clone upperpath [ 561.139941][T12790] 9pnet_virtio: no channels available for device syz [ 561.205234][T12794] 9p: Bad value for 'wfdno' [ 561.310415][T12795] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 561.360717][T12797] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 561.372554][T12797] IPv6: addrconf: prefix option has invalid lifetime [ 561.380857][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 561.719201][T12790] overlayfs: failed to clone upperpath [ 562.366367][T12808] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2377'. [ 562.981990][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.988334][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.621991][T12832] netlink: 'syz.4.2386': attribute type 1 has an invalid length. [ 563.693866][T12832] veth5: entered promiscuous mode [ 563.716457][T12832] bond2: (slave veth5): Enslaving as a backup interface with a down link [ 564.191579][ T6009] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 566.523816][T12887] 8021q: VLANs not supported on gre0 [ 566.694770][T12875] netlink: 'syz.0.2392': attribute type 10 has an invalid length. [ 566.825653][T12875] team0: Cannot enslave team device to itself [ 566.886533][T12897] tmpfs: Unknown parameter 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿtmpfs' [ 568.667082][T12909] netlink: 'syz.1.2410': attribute type 1 has an invalid length. [ 569.194304][T12917] veth3: entered promiscuous mode [ 569.389611][T12923] netlink: 'syz.5.2415': attribute type 1 has an invalid length. [ 569.623981][T12928] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2415'. [ 569.661486][T12923] veth5: entered promiscuous mode [ 571.213402][T12928] 8021q: adding VLAN 0 to HW filter on device bond2 [ 571.348342][T12946] 9p: Bad value for 'rfdno' [ 571.354973][T12947] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2421'. [ 571.365267][T12947] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2421'. [ 571.678371][T12949] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2417'. [ 572.267106][T12965] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2432'. [ 572.585752][T12973] netlink: 'syz.0.2435': attribute type 1 has an invalid length. [ 572.853986][T12980] autofs: Unknown parameter 'icmp6' [ 573.308970][T12982] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2435'. [ 573.661569][T12981] veth3: entered promiscuous mode [ 573.695303][T12981] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 573.726827][T12982] 8021q: adding VLAN 0 to HW filter on device bond1 [ 573.843977][T12996] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2440'. [ 574.149903][T12985] 9pnet_fd: p9_fd_create_tcp (12985): problem connecting socket to 127.0.0.1 [ 575.461160][T13026] netlink: 'syz.5.2451': attribute type 1 has an invalid length. [ 575.548328][T13029] veth5: entered promiscuous mode [ 575.565220][T13030] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2451'. [ 575.741443][T13030] 8021q: adding VLAN 0 to HW filter on device bond3 [ 575.870270][T13033] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2452'. [ 577.088949][T13059] netlink: 'syz.0.2463': attribute type 1 has an invalid length. [ 577.373327][T13063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2463'. [ 577.460621][T13059] veth5: entered promiscuous mode [ 577.523162][T13059] bond2: (slave veth5): Enslaving as a backup interface with a down link [ 577.578130][T13063] 8021q: adding VLAN 0 to HW filter on device bond2 [ 577.874268][T13071] debugfs: '1ùàV!‚lü1Ü*ø$pOcÚÉ”Î̱®˜›=f¥£Æ>' already exists in 'ieee80211' [ 579.570785][T13101] netlink: 'syz.0.2478': attribute type 1 has an invalid length. [ 579.742650][T13101] veth7: entered promiscuous mode [ 579.773059][T13106] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2478'. [ 579.798769][T13101] bond3: (slave veth7): Enslaving as a backup interface with a down link [ 579.867100][T13106] 8021q: adding VLAN 0 to HW filter on device bond3 [ 580.442053][ T30] audit: type=1326 audit(1762387003.155:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 580.499636][ T30] audit: type=1326 audit(1762387003.155:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 580.543875][ T30] audit: type=1326 audit(1762387003.155:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 580.594764][ T30] audit: type=1326 audit(1762387003.155:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 580.627729][ T30] audit: type=1326 audit(1762387003.155:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 580.665979][ T30] audit: type=1326 audit(1762387003.155:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=73 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 580.745023][ T30] audit: type=1326 audit(1762387003.155:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 580.799498][ T30] audit: type=1326 audit(1762387003.155:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 580.857897][ T30] audit: type=1326 audit(1762387003.155:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 580.904658][ T30] audit: type=1326 audit(1762387003.155:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13111 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 581.074940][ T5833] Bluetooth: hci4: adv larger than maximum supported [ 581.074972][ T5833] Bluetooth: hci4: Malformed LE Event: 0x0d [ 587.064292][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 587.064310][ T30] audit: type=1326 audit(1762387009.775:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 587.236251][ T30] audit: type=1326 audit(1762387009.815:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 587.341800][ T30] audit: type=1326 audit(1762387009.815:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 587.499528][T13200] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 587.501512][ T30] audit: type=1326 audit(1762387009.815:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 587.541103][T13200] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 587.553534][T13200] IPv6: addrconf: prefix option has invalid lifetime [ 587.561777][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 587.569591][ C0] IPv6: addrconf: prefix option has invalid lifetime [ 587.589848][ T30] audit: type=1326 audit(1762387009.815:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f823df8f6c9 code=0x7ffc0000 [ 587.659859][ T30] audit: type=1326 audit(1762387009.815:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f823df2b779 code=0x7ffc0000 [ 587.729929][ T30] audit: type=1326 audit(1762387009.815:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f823df2b779 code=0x7ffc0000 [ 587.789993][ T30] audit: type=1326 audit(1762387009.815:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f823df2b779 code=0x7ffc0000 [ 587.852996][ T30] audit: type=1326 audit(1762387009.815:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f823df2b779 code=0x7ffc0000 [ 587.916155][ T30] audit: type=1326 audit(1762387009.815:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13185 comm="syz.0.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f823df2b779 code=0x7ffc0000 [ 590.012144][T13233] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2524'. [ 591.245769][T13251] netlink: 'syz.1.2530': attribute type 1 has an invalid length. [ 591.472413][T13260] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2530'. [ 591.647249][T13258] veth3: entered promiscuous mode [ 591.657750][T13258] bond2: (slave veth3): Enslaving as a backup interface with a down link [ 591.691168][T13260] 8021q: adding VLAN 0 to HW filter on device bond2 [ 591.919648][T13267] netlink: 'syz.5.2535': attribute type 1 has an invalid length. [ 592.220735][T13269] veth5: entered promiscuous mode [ 592.253822][T13269] bond4: (slave veth5): Enslaving as a backup interface with a down link [ 595.647954][T13326] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 596.408701][T13342] netlink: 'syz.2.2559': attribute type 10 has an invalid length. [ 596.553173][ T1148] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 596.653258][T13342] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 597.662815][T13356] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2565'. [ 597.885280][ T5833] Bluetooth: hci4: unexpected event for opcode 0x1004 [ 600.510269][T13400] 9pnet_virtio: no channels available for device syz [ 601.303076][ T5833] Bluetooth: hci4: unexpected event for opcode 0x0401 [ 601.524802][T13411] team0 (unregistering): Port device team_slave_0 removed [ 601.535273][T13411] team0 (unregistering): Port device team_slave_1 removed [ 601.930133][ T5833] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 601.939606][ T5833] Bluetooth: hci4: Injecting HCI hardware error event [ 601.949893][ T5833] Bluetooth: hci4: hardware error 0x00 [ 602.744882][T13434] autofs: Unknown parameter 'icmp6' [ 604.029990][ T5833] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 604.330185][T13450] netlink: 'syz.4.2595': attribute type 1 has an invalid length. [ 604.437004][T13454] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2595'. [ 604.503637][T13450] veth7: entered promiscuous mode [ 605.485720][T13477] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2606'. [ 605.504422][T13477] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2606'. [ 605.841202][T13484] bond2: entered promiscuous mode [ 605.846942][T13484] 8021q: adding VLAN 0 to HW filter on device bond2 [ 608.380023][T13515] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2618'. [ 608.400268][T13515] openvswitch: netlink: Flow key attr not present in new flow. [ 610.520114][T13518] infiniband syz2: set down [ 610.524866][T13518] infiniband syz2: added ipvlan0 [ 610.535701][T13518] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 610.539929][T13518] infiniband syz2: Couldn't open port 1 [ 610.593550][T13518] RDS/IB: syz2: added [ 610.598119][T13518] smc: adding ib device syz2 with port count 1 [ 610.604698][T13518] smc: ib device syz2 port 1 has no pnetid [ 611.483865][T13522] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2620'. [ 612.315232][T13528] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2621'. [ 614.188132][T13557] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2631'. [ 614.820057][T13561] netlink: 'syz.4.2633': attribute type 1 has an invalid length. [ 614.992542][T13561] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2633'. [ 615.003701][T13559] veth7: entered promiscuous mode [ 616.443188][T13589] 9pnet_virtio: no channels available for device syz [ 616.453494][T13589] overlayfs: failed to clone upperpath [ 616.473469][T13589] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2643'. [ 617.619994][T13606] siw: device registration error -23 [ 618.362099][T13624] netlink: 'syz.0.2656': attribute type 1 has an invalid length. [ 618.470780][T13624] veth9: entered promiscuous mode [ 618.480111][T13628] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2656'. [ 618.984928][T13640] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2658'. [ 619.423513][T13637] syz.0.2661 (13637) used greatest stack depth: 17464 bytes left [ 619.858256][T13664] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2672'. [ 619.869242][T13665] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.2671'. [ 619.880986][T13665] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2671'. [ 619.893789][T13664] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2672'. [ 620.297285][T13675] ipvlan2: entered promiscuous mode [ 620.302779][T13675] ipvlan2: entered allmulticast mode [ 620.309051][T13675] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 620.495752][T13681] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 621.223651][T13707] openvswitch: netlink: Message has 4 unknown bytes. [ 621.580607][T13711] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2688'. [ 621.585249][T13709] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2686'. [ 622.144082][ T30] kauditd_printk_skb: 980 callbacks suppressed [ 622.144100][ T30] audit: type=1800 audit(1762387044.855:1289): pid=13715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2686" name="nullb0" dev="tmpfs" ino=2037 res=0 errno=0 [ 622.226275][T13718] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.2689'. [ 622.300232][T13721] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2689'. [ 622.953185][T13736] IPv6: addrconf: prefix option has invalid lifetime [ 623.826075][T13756] 9p: Could not find request transport: fd0x0000000000000003 [ 623.842391][T13760] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.2707'. [ 623.865162][T13760] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2707'. [ 624.416734][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.423098][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.614914][T13774] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2711'. [ 625.657321][T13792] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2717'. [ 626.394120][T13796] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2718'. [ 626.523373][T13798] xt_CT: No such helper "syz1" [ 627.786643][T13837] veth11: entered promiscuous mode [ 627.804248][T13840] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2732'. [ 627.985852][ T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 628.334241][T13857] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 628.761652][T13875] IPv6: addrconf: prefix option has invalid lifetime [ 629.347537][T13891] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.2753'. [ 629.361886][T13891] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2753'. [ 629.466268][T13898] 9pnet_fd: Insufficient options for proto=fd [ 630.083968][T13907] erspan0: left promiscuous mode [ 630.090154][T13907] erspan0: left allmulticast mode [ 630.109381][T13907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 630.126052][T13907] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 630.938849][T13932] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.2767'. [ 632.622815][T13964] netlink: 240 bytes leftover after parsing attributes in process `syz.5.2780'. [ 632.641490][T13964] netlink: 'syz.5.2780': attribute type 13 has an invalid length. [ 632.818768][T13964] bridge0: port 2(bridge_slave_1) entered disabled state [ 632.826370][T13964] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.194475][T13962] Set syz1 is full, maxelem 6117 reached [ 633.325085][T13964] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 633.380933][T13964] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 634.433314][T13598] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.449976][T13598] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.479048][T13598] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.506104][T13598] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.422226][T14059] overlayfs: failed to clone upperpath [ 637.102085][T14066] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.2824'. [ 637.113354][T14066] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2824'. [ 637.337931][T14072] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.492204][T14072] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.600333][T14072] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.708495][T14072] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.832340][ T60] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.866333][ T60] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.889573][ T60] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.913086][ T60] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.110283][T14097] team0 (unregistering): Port device team_slave_0 removed [ 638.124198][T14097] team0 (unregistering): Port device team_slave_1 removed [ 639.726319][T14124] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 640.483150][T14136] IPv6: addrconf: prefix option has invalid lifetime [ 640.520201][T14138] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2850'. [ 640.541798][T14138] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2850'. [ 642.638170][T14169] overlayfs: failed to clone upperpath [ 645.120404][T14212] tipc: Enabling of bearer rejected, failed to enable media [ 645.853519][T14243] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2888'. [ 646.013789][T14248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2890'. [ 648.250401][T14289] autofs: Unknown parameter 'icmp6' [ 648.844412][ T5147] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 648.860148][ T5147] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 648.868784][ T5147] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 648.884696][ T5147] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 648.892617][ T5147] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 648.892718][T14295] netlink: 'syz.0.2905': attribute type 1 has an invalid length. [ 649.117258][T14295] veth11: entered promiscuous mode [ 649.150754][T14295] bond5: (slave veth11): Enslaving as a backup interface with a down link [ 649.437923][T14308] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2909'. [ 650.971984][ T5833] Bluetooth: hci2: command tx timeout [ 650.993725][T14317] bond6: option arp_all_targets: invalid value (3) [ 651.014710][T14317] bond6 (unregistering): Released all slaves [ 651.429554][T14329] xt_CT: No such helper "syz1" [ 651.546413][T14290] chnl_net:caif_netlink_parms(): no params data found [ 651.596415][T14336] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2917'. [ 651.664341][T14340] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 651.755202][T14290] bridge0: port 1(bridge_slave_0) entered blocking state [ 651.766526][T14290] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.774775][T14290] bridge_slave_0: entered allmulticast mode [ 651.784837][T14290] bridge_slave_0: entered promiscuous mode [ 651.802455][T14290] bridge0: port 2(bridge_slave_1) entered blocking state [ 651.810292][T14290] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.817562][T14290] bridge_slave_1: entered allmulticast mode [ 651.842092][T14290] bridge_slave_1: entered promiscuous mode [ 651.955888][T14290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 651.985463][T14290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 652.097238][T14290] team0: Port device team_slave_0 added [ 652.116514][T14352] netlink: 'syz.5.2924': attribute type 23 has an invalid length. [ 652.126322][T14290] team0: Port device team_slave_1 added [ 652.207513][T14290] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 652.214835][T14290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 652.363032][T14290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 652.376717][T14290] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 652.384102][T14290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 652.411335][T14290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 652.586502][T14357] autofs: Unknown parameter 'icmp6' [ 653.049993][ T5833] Bluetooth: hci2: command tx timeout [ 653.367876][T14290] hsr_slave_0: entered promiscuous mode [ 653.389629][T14290] hsr_slave_1: entered promiscuous mode [ 653.408270][T14370] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 654.446711][T14391] netlink: 'syz.1.2938': attribute type 1 has an invalid length. [ 655.089113][T14401] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2938'. [ 655.181024][ T5833] Bluetooth: hci2: command tx timeout [ 655.225314][T14393] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 655.298828][T14391] veth7: entered promiscuous mode [ 655.309652][T14391] bond3: (slave veth7): Enslaving as a backup interface with a down link [ 655.555288][T14290] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.896867][T14290] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.098327][T14290] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.246909][T14290] bond0: (slave netdevsim0): Releasing backup interface [ 656.285133][T14290] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.503305][ T5833] Bluetooth: hci2: command tx timeout [ 657.683488][T14290] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 657.840322][T14290] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 657.856475][T14290] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 657.877886][T14290] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 657.923192][T14447] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 658.159042][T14454] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2957'. [ 658.199772][T14454] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2957'. [ 658.273825][T14459] netlink: 'syz.4.2960': attribute type 21 has an invalid length. [ 658.300599][T14290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 658.324278][T14459] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2960'. [ 658.396195][T14463] debugfs: '1ùàV!‚lü1Ü*ø$pOc' already exists in 'ieee80211' [ 658.486496][T14290] 8021q: adding VLAN 0 to HW filter on device team0 [ 658.553008][T13598] bridge0: port 1(bridge_slave_0) entered blocking state [ 658.560246][T13598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 658.600747][T13598] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.607971][T13598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 659.141200][T14290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 660.161346][T14290] veth0_vlan: entered promiscuous mode [ 660.493420][T14290] veth1_vlan: entered promiscuous mode [ 660.769552][T14290] veth0_macvtap: entered promiscuous mode [ 660.791205][T14290] veth1_macvtap: entered promiscuous mode [ 660.940198][T14290] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 660.980700][T14290] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 661.005868][T14495] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.2970'. [ 661.025467][T14497] xt_recent: hitcount (4294967294) is larger than allowed maximum (65535) [ 661.053701][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.083441][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.110353][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.119504][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.639422][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 661.677930][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 661.942662][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 661.993621][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 662.705031][ T5147] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 662.715126][T14537] tipc: Enabling of bearer rejected, failed to enable media [ 662.725436][ T5147] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 662.735583][ T5147] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 662.750461][ T5147] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 662.758396][ T5147] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 663.380539][T14556] netlink: 'syz.4.2990': attribute type 1 has an invalid length. [ 663.768981][T14562] veth9: entered promiscuous mode [ 664.819951][ T5833] Bluetooth: hci3: command tx timeout [ 665.004044][T14535] chnl_net:caif_netlink_parms(): no params data found [ 665.645752][ T5824] bridge0: port 3(syz_tun) entered disabled state [ 665.762137][ T5824] syz_tun (unregistering): left allmulticast mode [ 665.768614][ T5824] syz_tun (unregistering): left promiscuous mode [ 665.777401][ T5824] bridge0: port 3(syz_tun) entered disabled state [ 666.284612][T14606] tipc: Enabling of bearer rejected, failed to enable media [ 666.325447][T14535] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.349954][T14535] bridge0: port 1(bridge_slave_0) entered disabled state [ 666.377602][T14535] bridge_slave_0: entered allmulticast mode [ 666.402211][T14535] bridge_slave_0: entered promiscuous mode [ 666.535403][ T60] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 666.614475][T14535] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.674064][T14535] bridge0: port 2(bridge_slave_1) entered disabled state [ 666.701310][T14535] bridge_slave_1: entered allmulticast mode [ 666.709390][T14535] bridge_slave_1: entered promiscuous mode [ 666.949986][ T5833] Bluetooth: hci3: command tx timeout [ 667.089616][ T60] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.190335][T14655] overlayfs: failed to resolve './bus': -2 [ 667.874556][T14535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 668.001460][ T60] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.058177][T14535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 668.253315][ T60] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.341302][T14667] tipc: Enabling of bearer rejected, failed to enable media [ 668.486171][T14535] team0: Port device team_slave_0 added [ 668.545445][T14535] team0: Port device team_slave_1 added [ 668.685883][T14535] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 668.713431][T14535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 668.772040][T14535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 668.785707][T14535] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 668.793029][T14535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 668.843127][T14535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 668.863204][T14701] netlink: 'syz.5.3024': attribute type 1 has an invalid length. [ 668.881619][T14687] tipc: Started in network mode [ 668.886518][T14687] tipc: Node identity faf6fe531c55, cluster identity 4711 [ 668.896746][T14687] tipc: Enabled bearer , priority 0 [ 668.963438][T14691] syzkaller0: entered promiscuous mode [ 668.969442][T14691] syzkaller0: entered allmulticast mode [ 668.993735][ T5833] Bluetooth: hci3: command tx timeout [ 669.000636][T14691] tipc: Resetting bearer [ 669.007934][T14698] netlink: 356 bytes leftover after parsing attributes in process `syz.2.3020'. [ 669.183087][ T13] tipc: Resetting bearer [ 669.192618][T14721] netlink: 'syz.1.3026': attribute type 13 has an invalid length. [ 669.311427][T14728] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3029'. [ 669.339251][T14710] veth7: entered promiscuous mode [ 669.350873][T14710] bond5: (slave veth7): Enslaving as a backup interface with a down link [ 669.366325][T14686] tipc: Resetting bearer [ 669.944448][ T24] tipc: Node number set to 3869507155 [ 670.955976][T14686] tipc: Disabling bearer [ 670.976891][T14718] netlink: 240 bytes leftover after parsing attributes in process `syz.1.3026'. [ 671.053370][ T5833] Bluetooth: hci3: command tx timeout [ 671.297798][T14721] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 671.310358][T14721] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 671.456187][T14738] tipc: Enabling of bearer rejected, failed to enable media [ 671.496979][T14535] hsr_slave_0: entered promiscuous mode [ 671.525206][T14535] hsr_slave_1: entered promiscuous mode [ 671.557206][T14535] debugfs: 'hsr0' already exists in 'hsr' [ 671.569870][T14535] Cannot create hsr debugfs directory [ 671.581878][T13598] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.606363][T13598] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.752429][T13598] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.772294][T13598] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.861441][T14767] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.3040'. [ 672.623903][ T60] bridge_slave_0: left allmulticast mode [ 672.640519][ T60] bridge_slave_0: left promiscuous mode [ 672.665662][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.721475][T14772] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3042'. [ 672.863761][T14777] Bluetooth: MGMT ver 1.23 [ 673.677860][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 673.702212][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 673.716805][ T60] bond0 (unregistering): Released all slaves [ 673.922176][ T60] bond1 (unregistering): (slave veth3): Releasing backup interface [ 673.935177][ T60] bond1 (unregistering): Released all slaves [ 674.150746][ T60] bond2 (unregistering): (slave veth5): Releasing backup interface [ 674.165795][ T60] bond2 (unregistering): Released all slaves [ 674.357755][ T60] bond3 (unregistering): (slave veth7): Releasing backup interface [ 674.375883][ T60] bond3 (unregistering): Released all slaves [ 674.405064][ T60] bond4 (unregistering): Released all slaves [ 674.436815][ T60] bond5 (unregistering): (slave veth11): Releasing backup interface [ 674.455990][ T60] bond5 (unregistering): Released all slaves [ 674.672728][T14828] loop2: detected capacity change from 0 to 512 [ 674.717082][T14828] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 674.767461][T14828] EXT4-fs (loop2): invalid journal inode [ 674.796030][T14828] EXT4-fs (loop2): can't get journal size [ 674.889286][T14828] EXT4-fs (loop2): 1 truncate cleaned up [ 674.917334][T14828] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 675.031172][T14844] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3055'. [ 675.063761][ T30] audit: type=1800 audit(1762387097.775:1290): pid=14828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3051" name="file1" dev="loop2" ino=19 res=0 errno=0 [ 675.894920][T14290] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 676.655619][T14888] netlink: 'syz.2.3069': attribute type 1 has an invalid length. [ 676.757916][ T60] hsr_slave_0: left promiscuous mode [ 676.787634][T14895] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3071'. [ 676.800530][ T60] hsr_slave_1: left promiscuous mode [ 676.807955][T14888] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3069'. [ 676.825028][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 676.838592][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 676.847645][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 676.855709][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 676.883552][ T60] veth1_macvtap: left promiscuous mode [ 676.895027][ T60] veth0_macvtap: left promiscuous mode [ 676.901489][ T60] veth1_vlan: left promiscuous mode [ 676.907207][ T60] veth0_vlan: left promiscuous mode [ 677.678772][ T60] team0 (unregistering): Port device team_slave_1 removed [ 677.721444][ T60] team0 (unregistering): Port device team_slave_0 removed [ 677.859483][ T60] smc: removing net device bridge_slave_0 with user defined pnetid SYZ1 [ 678.150100][T14891] veth3: entered promiscuous mode [ 678.233201][T14535] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 678.326498][T14535] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 678.394112][T14535] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 678.619016][T14535] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 679.363820][T14934] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3079'. [ 679.427074][T14934] netlink: 'syz.1.3079': attribute type 2 has an invalid length. [ 679.664289][T14535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 679.726306][T14535] 8021q: adding VLAN 0 to HW filter on device team0 [ 679.795481][T14947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3083'. [ 679.850825][T14947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3083'. [ 679.875926][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.883159][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 679.952009][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.959192][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 680.141788][T14535] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 680.790400][T14967] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3089'. [ 680.905801][T14976] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3091'. [ 681.314677][T14988] overlayfs: failed to clone upperpath [ 682.014895][T14535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 682.218123][T14535] veth0_vlan: entered promiscuous mode [ 682.235034][T14535] veth1_vlan: entered promiscuous mode [ 682.267532][T14535] veth0_macvtap: entered promiscuous mode [ 682.278876][T14535] veth1_macvtap: entered promiscuous mode [ 682.504461][T14535] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 682.561202][T14535] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 682.607869][ T6008] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.634335][T15019] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.3107'. [ 682.643062][ T6008] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.787124][ T6008] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.804305][ T6008] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.898498][T15021] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3105'. [ 683.507385][T15024] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3109'. [ 683.685965][T13598] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.751784][T13598] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 683.857894][ T6008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.956845][T15037] overlayfs: failed to clone upperpath [ 684.439485][ T6008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 685.254074][ T5147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 685.263745][ T5147] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 685.272275][ T5147] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 685.283138][ T5147] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 685.292577][ T5147] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 685.439660][T15065] team0 (unregistering): Port device team_slave_0 removed [ 685.450645][T15065] team0 (unregistering): Port device team_slave_1 removed [ 685.853335][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.859682][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.370152][ T5833] Bluetooth: hci0: command tx timeout [ 687.670062][T15133] tipc: Enabling of bearer rejected, failed to enable media [ 687.760997][T15062] chnl_net:caif_netlink_parms(): no params data found [ 687.907304][T15137] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 688.226627][ T6008] bond3 (unregistering): (slave ip6gretap1): Releasing backup interface [ 688.236079][ T6008] bond3 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 5a:01:79:7a:cd:8b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 688.818880][ T6008] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 688.833794][ T6008] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 688.844013][ T6008] bond0 (unregistering): Released all slaves [ 688.857529][ T6008] bond1 (unregistering): Released all slaves [ 688.972867][ T6008] bond2 (unregistering): (slave veth3): Releasing backup interface [ 688.983402][ T6008] bond2 (unregistering): Released all slaves [ 688.997529][ T6008] bond3 (unregistering): (slave veth7): Releasing backup interface [ 689.007948][ T6008] bond3 (unregistering): Released all slaves [ 689.083399][T15153] veth11: entered promiscuous mode [ 689.266330][T15062] bridge0: port 1(bridge_slave_0) entered blocking state [ 689.292299][T15062] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.299598][T15062] bridge_slave_0: entered allmulticast mode [ 689.327613][T15062] bridge_slave_0: entered promiscuous mode [ 689.342699][T15062] bridge0: port 2(bridge_slave_1) entered blocking state [ 689.350917][T15062] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.358196][T15062] bridge_slave_1: entered allmulticast mode [ 689.368306][T15062] bridge_slave_1: entered promiscuous mode [ 689.454574][ T5833] Bluetooth: hci0: command tx timeout [ 690.327680][T15062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 690.413187][T15062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 690.428394][T15190] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3155'. [ 690.629409][T15062] team0: Port device team_slave_0 added [ 690.681536][T15062] team0: Port device team_slave_1 added [ 691.095569][T15062] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 691.144674][T15062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 691.369462][T15062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 691.383841][T15062] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 691.390951][T15062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 691.417674][T15062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 691.613676][ T5833] Bluetooth: hci0: command tx timeout [ 692.068084][ T6008] hsr_slave_0: left promiscuous mode [ 692.105558][ T6008] hsr_slave_1: left promiscuous mode [ 692.116694][ T6008] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 692.138709][ T6008] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 693.114824][ T6008] team0 (unregistering): Port device team_slave_1 removed [ 693.153609][ T6008] team0 (unregistering): Port device team_slave_0 removed [ 693.690167][ T5833] Bluetooth: hci0: command tx timeout [ 693.904000][T15062] hsr_slave_0: entered promiscuous mode [ 693.918104][T15062] hsr_slave_1: entered promiscuous mode [ 693.928116][T15062] debugfs: 'hsr0' already exists in 'hsr' [ 693.936720][T15062] Cannot create hsr debugfs directory [ 694.605288][T15261] netlink: 'syz.2.3174': attribute type 23 has an invalid length. [ 695.518623][T15283] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3179'. [ 695.567411][T15283] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3179'. [ 696.583748][T15308] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3186'. [ 697.281810][T15062] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 697.609983][T15062] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 697.795233][T15062] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 697.823973][T15062] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 698.103340][T15334] team0 (unregistering): Port device team_slave_0 removed [ 698.114747][T15334] team0 (unregistering): Port device team_slave_1 removed [ 698.977245][T15062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 699.047517][T15062] 8021q: adding VLAN 0 to HW filter on device team0 [ 699.089907][T15368] netlink: 'syz.4.3204': attribute type 1 has an invalid length. [ 699.349514][T15388] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3204'. [ 699.413105][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.420398][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 699.589316][T15378] veth11: entered promiscuous mode [ 699.635472][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 699.642735][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 700.553495][T15062] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 700.847041][T15062] veth0_vlan: entered promiscuous mode [ 701.034735][T15062] veth1_vlan: entered promiscuous mode [ 701.395267][T15062] veth0_macvtap: entered promiscuous mode [ 701.455904][T15062] veth1_macvtap: entered promiscuous mode [ 701.534457][T15448] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3218'. [ 701.554322][T15062] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 701.588956][T15448] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3218'. [ 701.601099][T15062] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 701.617596][T15452] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3221'. [ 701.664600][ T5976] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.737978][T15456] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3222'. [ 701.764085][ T5976] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.801928][ T5976] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.838732][ T5976] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.095840][ T5976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 702.111653][ T5976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 702.277778][ T6113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 702.308389][ T6113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 702.560231][T15482] Bluetooth: MGMT ver 1.23 [ 704.137461][T11043] ------------[ cut here ]------------ [ 704.143512][T11043] WARNING: ./include/linux/ns_common.h:255 at free_nsproxy+0x415/0x560, CPU#0: syz.4.1703/11043 [ 704.154685][T11043] Modules linked in: [ 704.158647][T11043] CPU: 0 UID: 0 PID: 11043 Comm: syz.4.1703 Not tainted syzkaller #0 PREEMPT(full) [ 704.168984][T11043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 704.180239][T11043] RIP: 0010:free_nsproxy+0x415/0x560 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 704.185878][T11043] Code: 85 ed 0f 8e be 00 00 00 e8 58 22 33 00 48 8b 3d f1 38 ed 10 48 89 de 5b 41 5c 41 5e 41 5f 5d e9 91 69 8e 00 e8 3c 22 33 00 90 <0f> 0b 90 e9 ba fc ff ff e8 2e 22 33 00 4c 89 ff be 03 00 00 00 e8 [ 704.206498][T11043] RSP: 0018:ffffc900106df9f0 EFLAGS: 00010293 [ 704.213129][T11043] RAX: ffffffff818dfb84 RBX: ffff88805e07a8f0 RCX: ffff88807f6cbd00 [ 704.221558][T11043] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 704.230011][T11043] RBP: 00000000ffffffff R08: ffff888073558adb R09: 1ffff1100e6ab15b [ 704.238633][T11043] R10: dffffc0000000000 R11: ffffed100e6ab15c R12: dffffc0000000000 [ 704.247695][T11043] R13: 0000000000000009 R14: ffff888073558888 R15: ffff888073558ad8 [ 704.256222][T11043] FS: 0000000000000000(0000) GS:ffff888125ed5000(0000) knlGS:0000000000000000 [ 704.265673][T11043] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 704.272801][T11043] CR2: 00007f6eebd7a000 CR3: 000000005d4e6000 CR4: 00000000003526f0 [ 704.281588][T11043] Call Trace: [ 704.284895][T11043] [ 704.287930][T11043] do_exit+0x6b8/0x2300 [ 704.292907][T11043] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 704.298320][T11043] ? do_raw_spin_lock+0x121/0x290 [ 704.303819][T11043] ? __pfx_do_exit+0x10/0x10 [ 704.308454][T11043] do_group_exit+0x21c/0x2d0 [ 704.313527][T11043] ? lockdep_hardirqs_on+0x9c/0x150 [ 704.318761][T11043] get_signal+0x1285/0x1340 [ 704.323768][T11043] arch_do_signal_or_restart+0x9a/0x7a0 [ 704.329347][T11043] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 704.336253][T11043] ? exit_to_user_mode_loop+0x55/0x4f0 [ 704.336356][ T5147] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 704.342172][T11043] exit_to_user_mode_loop+0x87/0x4f0 [ 704.352282][ T5147] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 704.354724][T11043] ret_from_fork+0x61c/0xb30 [ 704.363111][ T5147] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 704.366251][T11043] ? __pfx_ret_from_fork+0x10/0x10 [ 704.374693][ T5147] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 704.379661][T11043] ? __switch_to_asm+0x39/0x70 [ 704.387597][ T5147] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 704.391689][T11043] ? __switch_to_asm+0x33/0x70 [ 704.403432][T11043] ret_from_fork_asm+0x1a/0x30 [ 704.408258][T11043] [ 704.412676][T11043] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 704.419978][T11043] CPU: 0 UID: 0 PID: 11043 Comm: syz.4.1703 Not tainted syzkaller #0 PREEMPT(full) [ 704.429447][T11043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 704.439512][T11043] Call Trace: [ 704.442800][T11043] [ 704.445740][T11043] dump_stack_lvl+0x99/0x250 [ 704.450444][T11043] ? __asan_memcpy+0x40/0x70 [ 704.455066][T11043] ? __pfx_dump_stack_lvl+0x10/0x10 [ 704.460290][T11043] ? __pfx__printk+0x10/0x10 [ 704.465013][T11043] vpanic+0x237/0x6d0 [ 704.469098][T11043] ? __pfx_vpanic+0x10/0x10 [ 704.473703][T11043] ? is_bpf_text_address+0x26/0x2b0 [ 704.478961][T11043] panic+0xb9/0xc0 [ 704.482772][T11043] ? __pfx_panic+0x10/0x10 [ 704.487197][T11043] __warn+0x334/0x4c0 [ 704.491176][T11043] ? free_nsproxy+0x415/0x560 [ 704.495852][T11043] ? free_nsproxy+0x415/0x560 [ 704.500526][T11043] report_bug+0x2be/0x4f0 [ 704.504852][T11043] ? free_nsproxy+0x415/0x560 [ 704.509523][T11043] ? free_nsproxy+0x415/0x560 [ 704.514196][T11043] ? free_nsproxy+0x417/0x560 [ 704.518910][T11043] handle_bug+0x84/0x160 [ 704.523243][T11043] exc_invalid_op+0x1a/0x50 [ 704.527746][T11043] asm_exc_invalid_op+0x1a/0x20 [ 704.532595][T11043] RIP: 0010:free_nsproxy+0x415/0x560 [ 704.537879][T11043] Code: 85 ed 0f 8e be 00 00 00 e8 58 22 33 00 48 8b 3d f1 38 ed 10 48 89 de 5b 41 5c 41 5e 41 5f 5d e9 91 69 8e 00 e8 3c 22 33 00 90 <0f> 0b 90 e9 ba fc ff ff e8 2e 22 33 00 4c 89 ff be 03 00 00 00 e8 [ 704.557571][T11043] RSP: 0018:ffffc900106df9f0 EFLAGS: 00010293 [ 704.563637][T11043] RAX: ffffffff818dfb84 RBX: ffff88805e07a8f0 RCX: ffff88807f6cbd00 [ 704.571613][T11043] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 704.579580][T11043] RBP: 00000000ffffffff R08: ffff888073558adb R09: 1ffff1100e6ab15b [ 704.587556][T11043] R10: dffffc0000000000 R11: ffffed100e6ab15c R12: dffffc0000000000 [ 704.595534][T11043] R13: 0000000000000009 R14: ffff888073558888 R15: ffff888073558ad8 [ 704.603517][T11043] ? free_nsproxy+0x414/0x560 [ 704.608209][T11043] do_exit+0x6b8/0x2300 [ 704.612363][T11043] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 704.617735][T11043] ? do_raw_spin_lock+0x121/0x290 [ 704.622762][T11043] ? __pfx_do_exit+0x10/0x10 [ 704.627358][T11043] do_group_exit+0x21c/0x2d0 [ 704.631939][T11043] ? lockdep_hardirqs_on+0x9c/0x150 [ 704.637135][T11043] get_signal+0x1285/0x1340 [ 704.641658][T11043] arch_do_signal_or_restart+0x9a/0x7a0 [ 704.647210][T11043] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 704.653372][T11043] ? exit_to_user_mode_loop+0x55/0x4f0 [ 704.658920][T11043] exit_to_user_mode_loop+0x87/0x4f0 [ 704.664298][T11043] ret_from_fork+0x61c/0xb30 [ 704.668895][T11043] ? __pfx_ret_from_fork+0x10/0x10 [ 704.674013][T11043] ? __switch_to_asm+0x39/0x70 [ 704.678872][T11043] ? __switch_to_asm+0x33/0x70 [ 704.683731][T11043] ret_from_fork_asm+0x1a/0x30 [ 704.688532][T11043] [ 704.691921][T11043] Kernel Offset: disabled [ 704.696243][T11043] Rebooting in 86400 seconds..