last executing test programs: 3m47.490163229s ago: executing program 4 (id=5): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='.\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x185093, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000008080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x152) 3m46.76842364s ago: executing program 4 (id=13): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'team_slave_0\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r0, r2, 0x25, 0x0, @void}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(0x0, 0x0, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000200)=r3, 0x2) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) bpf$LINK_DETACH(0x22, 0x0, 0x0) 3m46.17407449s ago: executing program 4 (id=17): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000004c0)={&(0x7f0000000680), 0x6e, 0x0}, 0x40) sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0) 3m44.4309618s ago: executing program 32 (id=17): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000004c0)={&(0x7f0000000680), 0x6e, 0x0}, 0x40) sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0) 2m7.172570833s ago: executing program 1 (id=353): r0 = socket$inet_sctp(0x2, 0x1, 0x84) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syncfs(r0) 2m4.471887271s ago: executing program 1 (id=356): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000008b40)=[{{&(0x7f00000001c0)={0xa, 0x4e21, 0x7ffffffd, @local, 0x8}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000200)="c6", 0x1}], 0x1}}], 0x1, 0x20004051) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x7d, 0x0, &(0x7f0000000000)) 2m3.646679348s ago: executing program 1 (id=359): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 1m57.409430603s ago: executing program 1 (id=365): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f00000000c0)='./file0\x00', 0x8a, &(0x7f0000000380)={[{@jqfmt_vfsold}, {@data_err_ignore}, {@mb_optimize_scan}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@init_itable_val={'init_itable', 0x3d, 0x102}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}]}, 0x6, 0x473, &(0x7f0000001200)="$eJzs3MtvG8UfAPCv7Th9/+JfKY+WFkILouKRNOmDHrgUgcQBJCQ4FHEKSVqVug1qgkSrCloO5YgqcUcckfgLuFAuCDghcUICiSNCqlAvLZyM1t5NXcdO7MSxA/58JCcznlnNfHd37PGs1wEMrNHkTy5ie0T8EhEjtey9FUZr/+7cujz9163L07moVF7/M1etd/vW5emsarbdtlqmUlmm3WtvRUyVy7MX0vz4wrl3x+cvXnr2zLmp07OnZ89PHj9+5PC+4WOTR7sSZxLX7T0fzO3d/fKb11+dPnn97e+/TPq7PS2vj6NbRmt7t6knut1Yn+2oS+eG+tgROlKIiORwFavjfyQKsWWxbCRe+qivnQPWVaWSr2xqXXylAvyHJRN1YBBlb/TJ59/s0aOpx4Zw80QsrmPcSR+1kqHIp3WK6Wek9TAaESev/P1Z8oh1WocAAKh340REPNNs/pePB+rq/S+9hlKKiP9HxM6IuC8idkXE/RHVug9GxEMdtt94hWTp/KcysqrA2pTM/55Pr23dO//LZn9RKqS5HdX4i7lTZ8qzh9J9cjCKm5L8xDJtfPPiT5+0Kquf/yWPpP1sLpj244+hhgW6mamFqbXEXO/m1Yg9Q83izy3OeZP58e6I2LPKNs489cXeVmWlFeNfRhcm5ZXPI56sHf8r0RB/Jtfy+uTEc8cmj45vjvLsofHsrFjqhx+vvdaq/ZWP//q6eaMSWxvO/4bdWsptjpi/eOls9XrtfIcN/Bxx7dePW36mWe35P5x7o5oeTp97f2ph4cJExHDulaXPT97dNstn9ZPz/+CB5uN/Z7pNcvwfjojkJN4XEY9ExKNp3x+LiP0RcWCZXfDdC4+/03n8y6zKd1ES/0zT17/F87+UpO4e/84ThbPfftV5/Imt6fE/Us0dTLdp5/Wv3Q6udf8BAADAv0G++h34XH5sMZ3Pj43VvsO/K7bmy3PzC0+fmnvv/Eztu/KlKOazla6RuvXQiXQtL8tPNuQPp+vGnxa2VPNj03PlmX4HDwNuW4vxn/i9UPv/W197CKwr92vB4DL+YXAZ/zC4jH8YXMY/DK5m4//DPvQD6L0V3v+39KofQO+Z/8PgMv5hcK00/vf35l5koLda3hufX9Mt/xJ9Snw9vLbfamg/EfkNEvIGTRTaqHM1HYW1Z4rRtPJQ2z9mcU8ie1NfufKmpkV9fFECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoon8CAAD///T43is=") r0 = open(0x0, 0x8000, 0x112) ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000000)={0x0, 0x0, "7e29587245efd88af49375ea73963522"}) 1m56.023873263s ago: executing program 1 (id=371): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe468}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x3000000) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f00000003c0)='system.posix_acl_default\x00', &(0x7f0000000a00)={{}, {0x1, 0x5}, [], {0x4, 0xab1cfde4f2373a6b}, [], {0x10, 0x1}, {0x20, 0x1}}, 0x24, 0x1) 1m55.364103813s ago: executing program 1 (id=376): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20) sendto$inet6(r0, &(0x7f00000004c0)="2b985c", 0xfffffffffffffc46, 0x8000, 0x0, 0x0) 1m39.915477767s ago: executing program 33 (id=376): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20) sendto$inet6(r0, &(0x7f00000004c0)="2b985c", 0xfffffffffffffc46, 0x8000, 0x0, 0x0) 16.731361513s ago: executing program 6 (id=637): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) unshare(0x24020400) r0 = fsmount(0xffffffffffffffff, 0x1, 0x0) sync_file_range(r0, 0x2, 0x9, 0x2) 13.980738356s ago: executing program 6 (id=644): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r3, 0x0, 0xf3a, 0x0) close(r2) write(r0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x100000d, 0x6031, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r4 = socket(0x15, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x2711, 0x0, &(0x7f0000000000)) 13.380512319s ago: executing program 2 (id=645): r0 = socket$l2tp(0x2, 0x2, 0x73) fsetxattr(r0, &(0x7f0000003140)=@random={'security.', '\x00'}, 0x0, 0x0, 0x1) 12.805188642s ago: executing program 2 (id=647): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xff}]}) socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r2, &(0x7f0000000340)="41000000010001", 0x7) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a44000010400010902"], 0x0) ioctl$sock_bt_hci(r0, 0x400448ca, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r3, &(0x7f0000000040)="05000000010000", 0x7) 12.704484658s ago: executing program 3 (id=648): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000fee000)=0x5, 0x4) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x28001, @empty, 0xffffff5d}, 0x1c) listen(r0, 0x50) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e23, 0x8d, @empty, 0x4}, 0x1c) listen(0xffffffffffffffff, 0x50) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r1, 0xffffffffffffffff, 0x0) 12.196652422s ago: executing program 3 (id=650): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000800)={0x24, 0x2, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2400}, @CTA_MARK_MASK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) 11.601341913s ago: executing program 3 (id=652): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001680), 0x0, 0x2090) rename(0x0, &(0x7f0000000080)='./file0\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@deltaction={0x14, 0x31, 0x4, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080) r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) shutdown(r0, 0x1) r2 = socket(0x10, 0x803, 0x0) sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x2}, 0x1}) recvmmsg(r2, &(0x7f00000037c0), 0x0, 0x2040000, &(0x7f0000003700)={0x77359400}) r3 = socket$kcm(0x10, 0x2, 0x0) mount$9p_unix(0x0, 0x0, 0x0, 0x301200a, 0x0) sendmsg$kcm(r3, 0x0, 0x0) 10.413575171s ago: executing program 0 (id=654): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x700}, {0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0xb, 0x4, 0x10, 0x4], 0x3, [0xb, 0x101, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x47, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 10.071865841s ago: executing program 6 (id=656): socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$BTRFS_IOC_ENCODED_WRITE(0xffffffffffffffff, 0x40789440, &(0x7f00000005c0)={&(0x7f0000000140)=[{&(0x7f0000000040)}], 0x1, 0x101, 0x0, 0x6, 0x1, 0xfffffffffffffccc, 0x4}) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000), 0xc, 0x0}, 0x0) bind$802154_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x15, 0x5, 0x0) getsockopt(r3, 0x200000000114, 0x2710, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) 7.97728446s ago: executing program 3 (id=658): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1, 0xf}}]}}]}, 0x48}}, 0x20040084) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x700}, {0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0xb, 0x4, 0x10, 0x4], 0x3, [0xb, 0x101, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x47, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r8 = socket$kcm(0x11, 0x3, 0x0) close(0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r8, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r9, 0x3e}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000180)="2703", 0x2}], 0x1}, 0x5) 7.774622014s ago: executing program 0 (id=659): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40140, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="850000002f000000840000000000000095000000000000008560fc2b2062f611fc2f864ef177d634e46e8dcfe61b4fb9f600344d592fee49e176fe6ad28fbcb1f9259bfc63e9030971917e30b6f42e8f9dd6ab0ce07312a135cd363aa7e5bcef8fd0e8c7d2082584156c52ebfd69e8e13b7a8b477abc86468e11b6242133ce882f05e16b91c37b3437347f6058b4489c759783b9d4dfb55d0085a26e41201a6d8c8ced33e10048e756a40538b32bf653fa3c831a4e60599ed7a0f999d18de9984522a7cdb6fc30015633a0132c9578b7da5bd7280a5f7e28fd858ba712020b23ef8a2785b6c146c48b48ca7e232d0489661396e9303b38aa5d26d06e2e676795fd2733f95da570bab301000000ffffffff2a2792a630d8fcdc"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff60}, 0x48) close(r0) r2 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400", @ANYRES64], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000002c0)=0x80, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x8, r4}, 0x10) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x18082, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 7.33336891s ago: executing program 2 (id=660): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000000), r0) setuid(0xee01) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40848c0) sendmsg$GTP_CMD_DELPDP(r0, 0x0, 0x20000000) 7.049977639s ago: executing program 6 (id=661): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605) sendmsg$DEVLINK_CMD_PORT_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, 0x0, 0x200, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x3, 0x0, 'queue1\x00', 0x8001}) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2) 6.651363126s ago: executing program 5 (id=662): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x3e8, 0xf, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee68886dd87", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 6.634876203s ago: executing program 0 (id=663): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x2, 0x10000, 0x0, r2}, &(0x7f0000000100)=0x10) 6.433460586s ago: executing program 2 (id=664): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000440)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x100000}]}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x58}}, 0x8000) ioctl$NILFS_IOCTL_CHANGE_CPMODE(r0, 0x40106e80, &(0x7f00000004c0)={0xf}) 6.095204044s ago: executing program 6 (id=665): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xff}]}) socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r3, &(0x7f0000000340)="41000000010001", 0x7) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a44000010400010902"], 0x0) ioctl$sock_bt_hci(r0, 0x400448ca, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000040)="05000000010000", 0x7) 5.970484347s ago: executing program 3 (id=666): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r3, 0x0, 0xf3a, 0x0) close(r2) write(r0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x100000d, 0x6031, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r4 = socket(0x15, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x2711, 0x0, &(0x7f0000000000)) 5.970251264s ago: executing program 0 (id=667): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_MASK={0x4}, @NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x104}}, 0x20008000) 5.678085484s ago: executing program 2 (id=668): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001680), 0x0, 0x2090) rename(0x0, &(0x7f0000000080)='./file0\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@deltaction={0x14, 0x31, 0x4, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080) r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) shutdown(r0, 0x1) r2 = socket(0x10, 0x803, 0x0) sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x2}, 0x1}) recvmmsg(r2, &(0x7f00000037c0), 0x0, 0x2040000, &(0x7f0000003700)={0x77359400}) r3 = socket$kcm(0x10, 0x2, 0x0) mount$9p_unix(0x0, 0x0, 0x0, 0x301200a, 0x0) sendmsg$kcm(r3, 0x0, 0x0) 5.186754143s ago: executing program 5 (id=669): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000", @ANYRES32=0x1, @ANYRES32=0x0], 0x50) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000002c0)=ANY=[], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000040)) bpf$TOKEN_CREATE(0x24, &(0x7f0000000500)={0x0, r0}, 0x8) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[], &(0x7f0000000700)=""/218, 0x28, 0xda, 0x1, 0x1}, 0x28) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r3, 0xc0096616, &(0x7f00000006c0)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) setreuid(0xee00, 0x0) keyctl$clear(0x11, 0xfffffffffffffffd) 5.102397617s ago: executing program 0 (id=670): r0 = socket(0x2b, 0x1, 0x1) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e5b, 0x80000000, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x5}, 0x1c) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, 0x0, 0x0) 3.799868194s ago: executing program 5 (id=671): socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$BTRFS_IOC_ENCODED_WRITE(0xffffffffffffffff, 0x40789440, &(0x7f00000005c0)={&(0x7f0000000140)=[{&(0x7f0000000040)}], 0x1, 0x101, 0x0, 0x6, 0x1, 0xfffffffffffffccc, 0x4}) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000), 0xc, 0x0}, 0x0) bind$802154_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2710, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) 2.206057511s ago: executing program 0 (id=672): r0 = syz_clone(0xa1080, 0x0, 0x30, 0x0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_pidfd_open(r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x43501) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000340)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f00000004c0)={0x4b5a9da54893e123, 0x3, 0x18, 0x2}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r1) syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), r1) syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), r1) 2.200538282s ago: executing program 5 (id=673): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40140, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="850000002f000000840000000000000095000000000000008560fc2b2062f611fc2f864ef177d634e46e8dcfe61b4fb9f600344d592fee49e176fe6ad28fbcb1f9259bfc63e9030971917e30b6f42e8f9dd6ab0ce07312a135cd363aa7e5bcef8fd0e8c7d2082584156c52ebfd69e8e13b7a8b477abc86468e11b6242133ce882f05e16b91c37b3437347f6058b4489c759783b9d4dfb55d0085a26e41201a6d8c8ced33e10048e756a40538b32bf653fa3c831a4e60599ed7a0f999d18de9984522a7cdb6fc30015633a0132c9578b7da5bd7280a5f7e28fd858ba712020b23ef8a2785b6c146c48b48ca7e232d0489661396e9303b38aa5d26d06e2e676795fd2733f95da570bab301000000ffffffff2a2792a630d8fcdc"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff60}, 0x48) close(r0) r2 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400", @ANYRES64], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000002c0)=0x80, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x8, r4}, 0x10) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x18082, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 1.017002715s ago: executing program 5 (id=674): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000000), r0) setuid(0xee01) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40848c0) sendmsg$GTP_CMD_DELPDP(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44800}, 0x20000000) 916.171481ms ago: executing program 6 (id=675): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605) sendmsg$DEVLINK_CMD_PORT_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, 0x0, 0x200, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x3, 0x0, 'queue1\x00', 0x8001}) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2) 421.537517ms ago: executing program 3 (id=676): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000001180)=[{0x6, 0x5, 0x5, 0x7ffc4001}]}) io_setup(0x2, &(0x7f00000001c0)=0x0) io_destroy(r0) 61.218499ms ago: executing program 2 (id=677): r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'ip6gretap0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x58, 0x0, 0x810, 0x70bd25, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0x43, 0xa9, @random="4e00a0e7c9b80b32020bc98613a207f3ef8c5fd22e2ef0724113143befbff9661f09763fc7e86bbbc830dd1e3c3fe296e48267078387812ca680f6953ac0f5"}]}, 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x84000) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x1a}, 0x94) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="3f011400dcdc14"], 0xdd12}], 0x1}, 0x200400d1) 0s ago: executing program 5 (id=678): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', 0x0}) sendto$packet(r1, &(0x7f0000000380)="05", 0x1, 0x240458d1, &(0x7f0000000200)={0x11, 0x8100, r3, 0x1, 0x85, 0x6, @local}, 0x14) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.18' (ED25519) to the list of known hosts. [ 154.977802][ T5762] cgroup: Unknown subsys name 'net' [ 155.120383][ T5762] cgroup: Unknown subsys name 'cpuset' [ 155.133388][ T5762] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 160.505445][ T5762] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 164.565536][ T5785] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 164.590227][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 164.597915][ T5787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 164.607106][ T5787] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 164.616123][ T5787] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 164.627117][ T5787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 164.630615][ T5792] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 164.636214][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 164.644263][ T5792] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 164.653316][ T5787] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 164.666104][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 164.675083][ T5787] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 164.685589][ T5787] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 164.693932][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 164.707297][ T5787] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 164.711498][ T5794] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 164.726055][ T5073] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 164.726543][ T5794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 164.744767][ T5786] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 164.757340][ T5794] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 164.759978][ T5073] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 164.773389][ T5786] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 164.782735][ T5073] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 164.843309][ T49] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 164.860727][ T49] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 166.208100][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 166.250495][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 166.494389][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 166.527554][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 166.706952][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 166.789300][ T5787] Bluetooth: hci0: command tx timeout [ 166.860542][ T5787] Bluetooth: hci1: command tx timeout [ 166.860645][ T49] Bluetooth: hci2: command tx timeout [ 166.866081][ T5787] Bluetooth: hci3: command tx timeout [ 166.939290][ T5787] Bluetooth: hci4: command tx timeout [ 167.204455][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.218227][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.227363][ T5781] bridge_slave_0: entered allmulticast mode [ 167.238053][ T5781] bridge_slave_0: entered promiscuous mode [ 167.281989][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.299449][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.306986][ T5782] bridge_slave_0: entered allmulticast mode [ 167.332512][ T5782] bridge_slave_0: entered promiscuous mode [ 167.358220][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.371624][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.392851][ T5781] bridge_slave_1: entered allmulticast mode [ 167.406388][ T5781] bridge_slave_1: entered promiscuous mode [ 167.439518][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.447082][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.456111][ T5782] bridge_slave_1: entered allmulticast mode [ 167.464530][ T5782] bridge_slave_1: entered promiscuous mode [ 167.631713][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.640645][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.648136][ T5793] bridge_slave_0: entered allmulticast mode [ 167.657124][ T5793] bridge_slave_0: entered promiscuous mode [ 167.688492][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.696056][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.704260][ T5780] bridge_slave_0: entered allmulticast mode [ 167.712944][ T5780] bridge_slave_0: entered promiscuous mode [ 167.752426][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.762223][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.770192][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.777571][ T5793] bridge_slave_1: entered allmulticast mode [ 167.786003][ T5793] bridge_slave_1: entered promiscuous mode [ 167.803078][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.813025][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.820798][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.828161][ T5780] bridge_slave_1: entered allmulticast mode [ 167.836894][ T5780] bridge_slave_1: entered promiscuous mode [ 167.876972][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.914032][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.945327][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.953039][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.960882][ T5783] bridge_slave_0: entered allmulticast mode [ 167.968913][ T5783] bridge_slave_0: entered promiscuous mode [ 168.068924][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.076617][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.085342][ T5783] bridge_slave_1: entered allmulticast mode [ 168.109474][ T5783] bridge_slave_1: entered promiscuous mode [ 168.208036][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.254621][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.292942][ T5781] team0: Port device team_slave_0 added [ 168.305067][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.322783][ T5782] team0: Port device team_slave_0 added [ 168.336380][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.353576][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.370368][ T5781] team0: Port device team_slave_1 added [ 168.403257][ T5782] team0: Port device team_slave_1 added [ 168.439744][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.591429][ T5793] team0: Port device team_slave_0 added [ 168.626796][ T5780] team0: Port device team_slave_0 added [ 168.657053][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.664595][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.691005][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.711664][ T5793] team0: Port device team_slave_1 added [ 168.719778][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.726831][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.753584][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.772400][ T5780] team0: Port device team_slave_1 added [ 168.784480][ T5783] team0: Port device team_slave_0 added [ 168.792424][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.799989][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.826727][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.863711][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.869574][ T5787] Bluetooth: hci0: command tx timeout [ 168.871259][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.902797][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.939535][ T5073] Bluetooth: hci2: command tx timeout [ 168.940092][ T49] Bluetooth: hci1: command tx timeout [ 168.945393][ T5787] Bluetooth: hci3: command tx timeout [ 168.956115][ T5783] team0: Port device team_slave_1 added [ 169.019342][ T5787] Bluetooth: hci4: command tx timeout [ 169.067123][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.074670][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.100798][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.116927][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.124297][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.150557][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.164329][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.171736][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.198108][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.236655][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.243870][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.270808][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.287329][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.294707][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.320985][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.350602][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.359953][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.386206][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.508314][ T5782] hsr_slave_0: entered promiscuous mode [ 169.516664][ T5782] hsr_slave_1: entered promiscuous mode [ 169.576047][ T5781] hsr_slave_0: entered promiscuous mode [ 169.585720][ T5781] hsr_slave_1: entered promiscuous mode [ 169.594003][ T5781] debugfs: 'hsr0' already exists in 'hsr' [ 169.600262][ T5781] Cannot create hsr debugfs directory [ 169.794056][ T5780] hsr_slave_0: entered promiscuous mode [ 169.802348][ T5780] hsr_slave_1: entered promiscuous mode [ 169.810114][ T5780] debugfs: 'hsr0' already exists in 'hsr' [ 169.815964][ T5780] Cannot create hsr debugfs directory [ 169.848068][ T5793] hsr_slave_0: entered promiscuous mode [ 169.857069][ T5793] hsr_slave_1: entered promiscuous mode [ 169.864936][ T5793] debugfs: 'hsr0' already exists in 'hsr' [ 169.870831][ T5793] Cannot create hsr debugfs directory [ 169.963078][ T5783] hsr_slave_0: entered promiscuous mode [ 169.971942][ T5783] hsr_slave_1: entered promiscuous mode [ 169.979466][ T5783] debugfs: 'hsr0' already exists in 'hsr' [ 169.985314][ T5783] Cannot create hsr debugfs directory [ 170.939602][ T5787] Bluetooth: hci0: command tx timeout [ 171.019375][ T5787] Bluetooth: hci1: command tx timeout [ 171.019467][ T49] Bluetooth: hci3: command tx timeout [ 171.024931][ T5073] Bluetooth: hci2: command tx timeout [ 171.077285][ T5782] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 171.099364][ T5787] Bluetooth: hci4: command tx timeout [ 171.106991][ T5782] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 171.124184][ T5782] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 171.154944][ T5782] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 171.275173][ T5781] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 171.314222][ T5781] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 171.333765][ T5781] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 171.368492][ T5781] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 171.498688][ T5780] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 171.545799][ T5780] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 171.583327][ T5780] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 171.633419][ T5780] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 171.850741][ T5793] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 171.874915][ T5793] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 171.921212][ T5793] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 171.947110][ T5793] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 172.205795][ T5783] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 172.241334][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.261247][ T5783] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 172.298845][ T5783] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 172.343157][ T5783] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 172.487110][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.517272][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.634517][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.641903][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.696313][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.703640][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.744836][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.803779][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.811218][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.851867][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.911448][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.918824][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.021260][ T5787] Bluetooth: hci0: command tx timeout [ 173.044623][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.100379][ T5787] Bluetooth: hci3: command tx timeout [ 173.100792][ T5073] Bluetooth: hci1: command tx timeout [ 173.105909][ T5787] Bluetooth: hci2: command tx timeout [ 173.175658][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.183025][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.191791][ T5787] Bluetooth: hci4: command tx timeout [ 173.225700][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.293806][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.301215][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.388818][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.475705][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.483226][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.583222][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.590632][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.776224][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.024871][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.108783][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.116314][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.228605][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.236131][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.514678][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.671591][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.206357][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.324052][ T5781] veth0_vlan: entered promiscuous mode [ 175.454492][ T5781] veth1_vlan: entered promiscuous mode [ 175.623189][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.838004][ T5780] veth0_vlan: entered promiscuous mode [ 175.904262][ T5781] veth0_macvtap: entered promiscuous mode [ 175.924397][ T5781] veth1_macvtap: entered promiscuous mode [ 175.958267][ T5780] veth1_vlan: entered promiscuous mode [ 176.006137][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.173368][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.190421][ T5793] veth0_vlan: entered promiscuous mode [ 176.255716][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.370812][ T1104] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.385317][ T1104] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.440001][ T5793] veth1_vlan: entered promiscuous mode [ 176.478605][ T1104] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.500012][ T1104] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.546075][ T5780] veth0_macvtap: entered promiscuous mode [ 176.617356][ T5782] veth0_vlan: entered promiscuous mode [ 176.724929][ T5780] veth1_macvtap: entered promiscuous mode [ 176.777009][ T5783] veth0_vlan: entered promiscuous mode [ 176.827270][ T5782] veth1_vlan: entered promiscuous mode [ 176.903865][ T5783] veth1_vlan: entered promiscuous mode [ 176.995293][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.095268][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.130781][ T5793] veth0_macvtap: entered promiscuous mode [ 177.184726][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.207741][ T5793] veth1_macvtap: entered promiscuous mode [ 177.255098][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.274495][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.297813][ T5782] veth0_macvtap: entered promiscuous mode [ 177.326789][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.396496][ T5782] veth1_macvtap: entered promiscuous mode [ 177.466604][ T5783] veth0_macvtap: entered promiscuous mode [ 177.582638][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.615121][ T5783] veth1_macvtap: entered promiscuous mode [ 177.665540][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.708301][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.763008][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.833223][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.847833][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.865436][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.924603][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.961176][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.030560][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.072968][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 178.125964][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.152171][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.178877][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.246531][ T1104] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.272794][ T1104] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.328510][ T1104] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.394824][ T1104] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.092322][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.155087][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.327881][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.369679][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.797771][ T5781] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 182.347216][ T5955] loop2: detected capacity change from 0 to 512 [ 182.401584][ T5955] ======================================================= [ 182.401584][ T5955] WARNING: The mand mount option has been deprecated and [ 182.401584][ T5955] and is ignored by this kernel. Remove the mand [ 182.401584][ T5955] option from the mount to silence this warning. [ 182.401584][ T5955] ======================================================= [ 182.660170][ T5955] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.762273][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.780699][ T5955] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 182.808859][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.035519][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.059419][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.157061][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.887887][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.921523][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.107617][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.117480][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.278751][ T1085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.305883][ T1085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.456802][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.510958][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.810767][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.818748][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.071966][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.086294][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.119514][ T5990] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 185.324002][ T5990] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 186.362029][ T5868] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 186.491630][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.589379][ T5868] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 186.641862][ T5868] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 186.728517][ T5868] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 186.763267][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.772660][ T5868] usb 2-1: Product: syz [ 186.776990][ T5868] usb 2-1: Manufacturer: syz [ 186.809340][ T5868] usb 2-1: SerialNumber: syz [ 186.823944][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.838268][ T5868] usb 2-1: config 0 descriptor?? [ 186.872498][ T6002] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 186.930271][ T6002] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 187.064665][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.200293][ T6002] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 187.219860][ T6002] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 187.280574][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.735694][ T12] bridge_slave_1: left allmulticast mode [ 187.757383][ T12] bridge_slave_1: left promiscuous mode [ 187.771216][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.825016][ T12] bridge_slave_0: left allmulticast mode [ 187.859528][ T12] bridge_slave_0: left promiscuous mode [ 187.866035][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.072707][ T5868] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 188.382564][ T6013] netlink: 12 bytes leftover after parsing attributes in process `syz.2.20'. [ 188.624070][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.701691][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.755981][ T12] bond0 (unregistering): Released all slaves [ 188.909632][ T6020] loop2: detected capacity change from 0 to 512 [ 188.918846][ T6020] EXT4-fs: Ignoring removed orlov option [ 188.978327][ T5868] dm9601 2-1:0.0 eth5: register 'dm9601' at usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet, 9a:26:63:1b:bb:b3 [ 189.091845][ T5868] usb 2-1: USB disconnect, device number 2 [ 189.107046][ T6020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.131721][ T6020] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.203409][ T5868] dm9601 2-1:0.0 eth5: unregister 'dm9601' usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet [ 189.495819][ T49] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 189.511821][ T49] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 189.541913][ T49] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 189.582677][ T49] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 189.602349][ T49] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 189.873097][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.901409][ T6035] syz.1.25 uses obsolete (PF_INET,SOCK_PACKET) [ 190.466396][ T6043] loop2: detected capacity change from 0 to 512 [ 190.501688][ T6043] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 190.641775][ T6043] EXT4-fs (loop2): 1 truncate cleaned up [ 190.721233][ T6043] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.809651][ T6047] Zero length message leads to an empty skb [ 190.948459][ T12] hsr_slave_0: left promiscuous mode [ 190.967506][ T12] hsr_slave_1: left promiscuous mode [ 190.997698][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 191.025751][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 191.047874][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 191.069719][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 191.156197][ T12] veth1_macvtap: left promiscuous mode [ 191.179757][ T12] veth0_macvtap: left promiscuous mode [ 191.194770][ T12] veth1_vlan: left promiscuous mode [ 191.232119][ T12] veth0_vlan: left promiscuous mode [ 191.240199][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.659441][ T49] Bluetooth: hci1: command tx timeout [ 192.259508][ T29] audit: type=1326 audit(1774608788.082:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6062 comm="syz.2.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f264299c799 code=0x7ffc0000 [ 192.352615][ T29] audit: type=1326 audit(1774608788.142:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6062 comm="syz.2.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f264299c799 code=0x7ffc0000 [ 192.498935][ T29] audit: type=1326 audit(1774608788.202:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6062 comm="syz.2.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f264299c799 code=0x7ffc0000 [ 192.621584][ T29] audit: type=1326 audit(1774608788.202:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6062 comm="syz.2.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f264299c799 code=0x7ffc0000 [ 192.743026][ T29] audit: type=1326 audit(1774608788.202:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6062 comm="syz.2.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f264299c799 code=0x7ffc0000 [ 193.196116][ T12] team0 (unregistering): Port device team_slave_1 removed [ 193.330909][ T12] team0 (unregistering): Port device team_slave_0 removed [ 193.739634][ T49] Bluetooth: hci1: command tx timeout [ 194.012559][ T6052] IPv6: sit1: Disabled Multicast RS [ 194.661532][ T6077] netlink: 24 bytes leftover after parsing attributes in process `syz.2.33'. [ 194.740979][ T6077] netlink: 24 bytes leftover after parsing attributes in process `syz.2.33'. [ 194.889915][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.33'. [ 195.260610][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.33'. [ 195.465378][ T53] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.524936][ T53] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.699291][ T53] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.721938][ T6090] capability: warning: `syz.1.38' uses deprecated v2 capabilities in a way that may be insecure [ 195.773787][ T53] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.803774][ T6090] loop1: detected capacity change from 0 to 512 [ 195.819727][ T49] Bluetooth: hci1: command tx timeout [ 195.958945][ T29] audit: type=1326 audit(1774608791.802:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6096 comm="syz.0.39" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f172719c799 code=0x0 [ 196.056465][ T6099] Bluetooth: MGMT ver 1.23 [ 196.237496][ T6029] chnl_net:caif_netlink_parms(): no params data found [ 196.364076][ T6103] loop3: detected capacity change from 0 to 1024 [ 196.389370][ T2142] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 196.441964][ T6103] EXT4-fs: Ignoring removed nomblk_io_submit option [ 196.448814][ T6103] EXT4-fs: Ignoring removed bh option [ 196.519787][ T6103] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 196.586047][ T6103] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 196.615225][ T2142] usb 1-1: config 0 has no interfaces? [ 196.653102][ T2142] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 196.679210][ T6103] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840e028, mo2=0000] [ 196.739215][ T2142] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 196.748141][ T6103] System zones: 0-1, 3-12 [ 196.753286][ T2142] usb 1-1: Product: syz [ 196.757599][ T2142] usb 1-1: Manufacturer: syz [ 196.780698][ T6103] EXT4-fs error (device loop3): ext4_ext_check_inode:521: inode #3: comm syz.3.41: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 196.861403][ T6103] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 196.864284][ T6103] EXT4-fs (loop3): Remounting filesystem read-only [ 196.873811][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 196.873900][ C0] EXT4-fs (loop3): initial error at time 1774608792: ext4_ext_check_inode:521: inode 3 [ 196.874046][ C0] EXT4-fs (loop3): last error at time 1774608792: ext4_ext_check_inode:521: inode 3 [ 196.912137][ T2142] usb 1-1: config 0 descriptor?? [ 197.037756][ T6103] EXT4-fs warning (device loop3): ext4_enable_quotas:7236: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 197.204852][ T6103] EXT4-fs (loop3): mount failed [ 197.215137][ T49] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 197.723643][ T6121] netlink: 40 bytes leftover after parsing attributes in process `syz.1.44'. [ 197.899539][ T5787] Bluetooth: hci1: command tx timeout [ 198.146082][ T5787] Bluetooth: hci0: command 0x0401 tx timeout [ 198.157375][ T49] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 198.421692][ T6029] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.448026][ T6029] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.481778][ T6029] bridge_slave_0: entered allmulticast mode [ 198.518429][ T6029] bridge_slave_0: entered promiscuous mode [ 198.620433][ T6029] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.628346][ T6029] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.673389][ T6029] bridge_slave_1: entered allmulticast mode [ 198.716371][ T6029] bridge_slave_1: entered promiscuous mode [ 199.348871][ T6029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.647923][ T6029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.800589][ T6140] netlink: 20 bytes leftover after parsing attributes in process `syz.1.49'. [ 199.883920][ T795] usb 1-1: USB disconnect, device number 2 [ 199.910910][ T6141] netlink: 4 bytes leftover after parsing attributes in process `syz.1.49'. [ 200.433791][ T6140] netlink: 4 bytes leftover after parsing attributes in process `syz.1.49'. [ 200.504749][ T6141] netlink: 4 bytes leftover after parsing attributes in process `syz.1.49'. [ 200.542473][ T6150] loop0: detected capacity change from 0 to 512 [ 200.636988][ T6029] team0: Port device team_slave_0 added [ 200.675782][ T53] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.695793][ T53] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.897369][ T6029] team0: Port device team_slave_1 added [ 201.182461][ T53] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 201.240406][ T1104] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 201.480066][ T6029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.508174][ T6029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 201.523610][ T6154] loop3: detected capacity change from 0 to 8192 [ 201.583506][ T6029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.632710][ T6161] netlink: 24 bytes leftover after parsing attributes in process `syz.2.55'. [ 201.652381][ T6029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.686260][ T6029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 201.762994][ T6029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.804730][ T6161] erspan0: entered promiscuous mode [ 201.810787][ T6161] erspan0: entered allmulticast mode [ 202.268498][ T6165] Cannot find set identified by id 3 to match [ 202.368591][ T6029] hsr_slave_0: entered promiscuous mode [ 202.413318][ T6029] hsr_slave_1: entered promiscuous mode [ 202.979252][ T29] audit: type=1326 audit(1774608798.822:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6173 comm="syz.0.60" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f172719c799 code=0x0 [ 203.299502][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 203.539609][ T10] usb 1-1: config 0 has no interfaces? [ 203.596907][ T10] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 203.606343][ T6181] netlink: 20 bytes leftover after parsing attributes in process `syz.2.62'. [ 203.639657][ T10] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 203.697113][ T10] usb 1-1: Product: syz [ 203.717878][ T6181] netlink: 4 bytes leftover after parsing attributes in process `syz.2.62'. [ 203.725301][ T10] usb 1-1: Manufacturer: syz [ 203.770244][ T6182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.62'. [ 203.811963][ T10] usb 1-1: config 0 descriptor?? [ 203.928522][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 203.952854][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.098671][ T6182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.62'. [ 204.156315][ T6188] loop3: detected capacity change from 0 to 512 [ 205.325260][ T6029] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 205.417316][ T6029] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 205.559662][ T6029] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 205.598599][ T6207] netlink: 24 bytes leftover after parsing attributes in process `syz.2.67'. [ 205.695701][ T6029] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 206.205858][ T38] usb 1-1: USB disconnect, device number 3 [ 206.595962][ T6208] loop1: detected capacity change from 0 to 8192 [ 207.411707][ T6029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.762438][ T6029] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.925575][ T150] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.933110][ T150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.157221][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.164737][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.798572][ T29] audit: type=1326 audit(1774608804.642:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6240 comm="syz.1.80" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8dc239c799 code=0x0 [ 209.207534][ T38] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 209.430647][ T38] usb 2-1: config 0 has no interfaces? [ 209.464029][ T38] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 209.504492][ T38] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 209.544911][ T38] usb 2-1: Product: syz [ 209.577235][ T38] usb 2-1: Manufacturer: syz [ 209.636569][ T38] usb 2-1: config 0 descriptor?? [ 210.410866][ T6261] capability: warning: `syz.0.85' uses 32-bit capabilities (legacy support in use) [ 210.866900][ T6029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.957850][ T38] usb 2-1: USB disconnect, device number 3 [ 212.152685][ T6289] fuse: Unknown parameter 'user_i00000000000000000000' [ 213.222052][ T6029] veth0_vlan: entered promiscuous mode [ 213.351317][ T6029] veth1_vlan: entered promiscuous mode [ 213.845047][ T6315] netlink: 32 bytes leftover after parsing attributes in process `syz.1.101'. [ 213.875466][ T29] audit: type=1326 audit(1774608809.722:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6312 comm="syz.2.102" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f264299c799 code=0x0 [ 213.876421][ T6029] veth0_macvtap: entered promiscuous mode [ 214.088398][ T6029] veth1_macvtap: entered promiscuous mode [ 214.231066][ T795] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 214.346901][ T6029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.445815][ T795] usb 3-1: config 0 has no interfaces? [ 214.458724][ T795] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 214.470596][ T795] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 214.478794][ T795] usb 3-1: Product: syz [ 214.487556][ T6029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.525730][ T795] usb 3-1: Manufacturer: syz [ 214.552935][ T795] usb 3-1: config 0 descriptor?? [ 214.562407][ T6323] fuse: Unknown parameter 'user_id00000000000000000000' [ 214.636498][ T57] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.665889][ T57] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.727945][ T57] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.766657][ T57] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.156357][ T6333] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 215.518199][ T6328] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 215.529484][ T6338] program syz.3.108 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 216.322157][ T6348] netlink: 12 bytes leftover after parsing attributes in process `syz.1.111'. [ 216.348161][ T6348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.111'. [ 216.388917][ T6348] 8021q: VLANs not supported on caif0 [ 216.954210][ T795] usb 3-1: USB disconnect, device number 2 [ 217.243869][ T6363] fuse: Unknown parameter 'user_id00000000000000000000' [ 217.574028][ T6369] process 'syz.1.118' launched './file0' with NULL argv: empty string added [ 217.715800][ T6372] program syz.0.119 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 218.089626][ T6377] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 218.438641][ T6374] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 218.521902][ T6385] netlink: 12 bytes leftover after parsing attributes in process `syz.0.123'. [ 218.549526][ T6385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.123'. [ 218.576032][ T6385] 8021q: VLANs not supported on nlmon0 [ 218.925193][ T6390] loop2: detected capacity change from 0 to 512 [ 219.084745][ T6390] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 219.180923][ T6390] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.272287][ T6401] loop1: detected capacity change from 0 to 128 [ 219.337429][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.418388][ T6401] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 219.514734][ T6401] ext4 filesystem being mounted at /29/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 221.576842][ T6420] program syz.0.132 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 222.504982][ T5780] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 225.534001][ T6433] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 225.949498][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.957496][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.253506][ T150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.277053][ T150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.026076][ T6572] loop2: detected capacity change from 0 to 512 [ 232.705627][ T6583] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 232.771491][ T6586] netlink: 48 bytes leftover after parsing attributes in process `syz.2.182'. [ 233.064210][ T6575] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 236.696697][ T6625] loop3: detected capacity change from 0 to 512 [ 237.331689][ T6633] loop5: detected capacity change from 0 to 128 [ 237.384028][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.195'. [ 237.409233][ T6633] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 237.499572][ T29] audit: type=1800 audit(1774608833.342:11): pid=6633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.196" name="file2" dev="loop5" ino=1048610 res=0 errno=0 [ 237.688437][ T6643] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 237.731161][ T6643] FAT-fs (loop5): Filesystem has been set read-only [ 237.768214][ T6643] syz.5.196: attempt to access beyond end of device [ 237.768214][ T6643] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 237.863523][ T6643] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 240.651719][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 241.061554][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 242.130299][ T6691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.211'. [ 243.966718][ T6717] 8021q: VLANs not supported on ip_vti0 [ 246.332200][ T6743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.227'. [ 247.065751][ T6747] Invalid ELF header magic: != ELF [ 247.298783][ T6756] netlink: 'syz.2.231': attribute type 5 has an invalid length. [ 248.199629][ T29] audit: type=1326 audit(1774608843.982:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6766 comm="syz.2.236" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f264299c799 code=0x0 [ 248.764637][ T6776] 8021q: VLANs not supported on ip_vti0 [ 249.676998][ T6780] netlink: 4 bytes leftover after parsing attributes in process `syz.5.239'. [ 250.741506][ T1104] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 250.751053][ T6780] netlink: 4 bytes leftover after parsing attributes in process `syz.5.239'. [ 250.797704][ T1104] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 250.872445][ T1104] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 250.922744][ T1104] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 251.115749][ T6791] usb usb8: usbfs: process 6791 (syz.3.242) did not claim interface 0 before use [ 251.556124][ T6802] netlink: 'syz.5.246': attribute type 5 has an invalid length. [ 252.617600][ T6816] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 252.650888][ T6816] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.942438][ T10] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 252.958698][ T6816] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.048267][ T6816] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.187633][ T10] usb 6-1: config 0 has no interfaces? [ 253.344852][ T10] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 253.799715][ T6816] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.929645][ T6816] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.084241][ T6825] 8021q: VLANs not supported on ip_vti0 [ 254.332772][ T10] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 254.341374][ T10] usb 6-1: Product: syz [ 254.345695][ T10] usb 6-1: Manufacturer: syz [ 254.350566][ T10] usb 6-1: SerialNumber: syz [ 254.362196][ T10] usb 6-1: config 0 descriptor?? [ 254.516325][ T6816] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 254.647355][ T6816] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.954181][ T6820] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.115130][ T6820] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.512788][ T81] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.562097][ T81] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.664260][ T81] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.695538][ T81] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.799746][ T150] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.859229][ T150] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.889982][ T1104] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.898396][ T1104] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.987055][ T10] usb 6-1: USB disconnect, device number 2 [ 257.223752][ T6867] loop1: detected capacity change from 0 to 512 [ 257.326736][ T6867] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.379989][ T6867] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 257.633308][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.127255][ T6881] netlink: 12 bytes leftover after parsing attributes in process `syz.0.273'. [ 259.488035][ T6853] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 260.662779][ T6906] netlink: 12 bytes leftover after parsing attributes in process `syz.2.285'. [ 262.787766][ T6932] loop2: detected capacity change from 0 to 512 [ 262.861268][ T6932] EXT4-fs: Ignoring removed mblk_io_submit option [ 262.967029][ T6932] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 263.274186][ T6932] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 263.329860][ T6932] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 263.535160][ T29] audit: type=1800 audit(1774608859.382:13): pid=6932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.294" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 264.297680][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.629259][ T6943] netlink: 16 bytes leftover after parsing attributes in process `syz.2.298'. [ 264.802282][ T6922] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 265.364436][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 265.371290][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 266.091675][ T6952] netlink: 'syz.2.302': attribute type 12 has an invalid length. [ 269.363198][ T6964] 8021q: VLANs not supported on ip_vti0 [ 269.954764][ T6974] netlink: 16 bytes leftover after parsing attributes in process `syz.2.309'. [ 271.170538][ T6983] netlink: 12 bytes leftover after parsing attributes in process `syz.0.315'. [ 271.386942][ T6990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.315'. [ 271.444541][ T6989] program syz.5.313 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 271.565401][ T6983] bond1: entered allmulticast mode [ 271.576063][ T6994] loop2: detected capacity change from 0 to 128 [ 271.600728][ T6983] 8021q: adding VLAN 0 to HW filter on device bond1 [ 271.790632][ T6996] netlink: 56 bytes leftover after parsing attributes in process `syz.1.318'. [ 271.835953][ T6987] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 271.853901][ T29] audit: type=1800 audit(1774608867.702:14): pid=6998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.317" name="bus" dev="loop2" ino=1048611 res=0 errno=0 [ 271.890553][ T6987] batadv1: entered allmulticast mode [ 271.898253][ T6987] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 272.068772][ T7001] netlink: 16 bytes leftover after parsing attributes in process `syz.5.320'. [ 272.160496][ T6990] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 272.226459][ T6990] batadv1: left allmulticast mode [ 272.283237][ T6990] bond1 (unregistering): Released all slaves [ 272.882750][ T7005] 8021q: VLANs not supported on ip_vti0 [ 275.646990][ T7009] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 277.235030][ T29] audit: type=1326 audit(1774608873.082:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52179c799 code=0x7ffc0000 [ 277.319507][ T29] audit: type=1326 audit(1774608873.082:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52179c799 code=0x7ffc0000 [ 277.408802][ T29] audit: type=1326 audit(1774608873.152:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52179c799 code=0x7ffc0000 [ 277.465281][ T7030] loop2: detected capacity change from 0 to 512 [ 277.521368][ T29] audit: type=1326 audit(1774608873.152:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52179c799 code=0x7ffc0000 [ 277.560974][ T7030] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 277.606939][ T29] audit: type=1326 audit(1774608873.162:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa52175cfce code=0x7ffc0000 [ 277.669447][ T29] audit: type=1326 audit(1774608873.162:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52179c799 code=0x7ffc0000 [ 277.745937][ T29] audit: type=1326 audit(1774608873.162:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52179c799 code=0x7ffc0000 [ 277.781241][ T7038] netlink: 56 bytes leftover after parsing attributes in process `syz.0.333'. [ 277.800375][ T29] audit: type=1326 audit(1774608873.172:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52179c799 code=0x7ffc0000 [ 277.855105][ T29] audit: type=1326 audit(1774608873.172:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52179c799 code=0x7ffc0000 [ 277.948978][ T29] audit: type=1326 audit(1774608873.192:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.5.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa52175cfce code=0x7ffc0000 [ 279.849689][ T7045] 8021q: VLANs not supported on ip_vti0 [ 280.608262][ T7030] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 280.727883][ T7030] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.330: bad orphan inode 4 [ 280.832573][ T7030] loop2: lost filesystem error report for type 5 error -117 [ 280.839195][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 280.853401][ C1] EXT4-fs (loop2): initial error at time 1774608876: ext4_orphan_get:1417 [ 280.862225][ C1] EXT4-fs (loop2): last error at time 1774608876: ext4_orphan_get:1417 [ 280.876032][ T7030] EXT4-fs (loop2): 1 orphan inode deleted [ 280.939852][ T7030] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 281.473477][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.897727][ T7067] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 283.497333][ T7072] netlink: 56 bytes leftover after parsing attributes in process `syz.2.344'. [ 284.807236][ T7084] loop0: detected capacity change from 0 to 512 [ 284.830016][ T7084] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 285.085918][ T7084] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 285.141836][ T7084] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.348: bad orphan inode 4 [ 285.206515][ T7084] loop0: lost filesystem error report for type 5 error -117 [ 285.209242][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 285.223577][ C0] EXT4-fs (loop0): initial error at time 1774608881: ext4_orphan_get:1417 [ 285.232409][ C0] EXT4-fs (loop0): last error at time 1774608881: ext4_orphan_get:1417 [ 285.256677][ T7084] EXT4-fs (loop0): 1 orphan inode deleted [ 285.292248][ T7084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 287.361074][ T7098] 8021q: VLANs not supported on ip_vti0 [ 287.979704][ T7091] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 288.534589][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.545267][ T5786] Bluetooth: hci2: command 0x0406 tx timeout [ 288.554821][ T5785] Bluetooth: hci3: command 0x0406 tx timeout [ 288.558337][ T5792] Bluetooth: hci4: command 0x0406 tx timeout [ 288.670869][ T7108] netlink: 56 bytes leftover after parsing attributes in process `syz.2.357'. [ 289.016692][ T7110] loop5: detected capacity change from 0 to 128 [ 294.865068][ T7124] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 295.674507][ T7130] loop1: detected capacity change from 0 to 512 [ 295.769619][ T7130] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 295.858245][ T7130] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 295.914958][ T7130] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.365: bad orphan inode 4 [ 295.975203][ T7130] loop1: lost filesystem error report for type 5 error -117 [ 295.976373][ T7130] EXT4-fs (loop1): 1 orphan inode deleted [ 295.984142][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 295.984230][ C1] EXT4-fs (loop1): initial error at time 1774608891: ext4_orphan_get:1417 [ 295.984345][ C1] EXT4-fs (loop1): last error at time 1774608891: ext4_orphan_get:1417 [ 296.223035][ T7130] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.381539][ T7138] loop3: detected capacity change from 0 to 1024 [ 296.473472][ T7138] EXT4-fs: inline encryption not supported [ 296.568123][ T7138] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 296.632231][ T7138] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 296.700717][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.871175][ T7138] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.368: bg 0: block 112: padding at end of block bitmap is not set [ 296.989261][ T7138] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 31 with error 117 [ 297.023438][ T7138] EXT4-fs (loop3): This should not happen!! Data will be lost [ 297.023438][ T7138] [ 297.310332][ T1104] EXT4-fs error (device loop3): ext4_map_blocks:818: inode #15: block 3: comm kworker/u8:11: lblock 3 mapped to illegal pblock 3 (length 3) [ 297.354612][ T7153] syzkaller0: entered promiscuous mode [ 297.399888][ T7153] syzkaller0: entered allmulticast mode [ 297.406675][ T1104] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 297.440013][ T1104] EXT4-fs (loop3): This should not happen!! Data will be lost [ 297.440013][ T1104] [ 297.468972][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 297.528078][ T7157] netlink: 28 bytes leftover after parsing attributes in process `syz.2.375'. [ 297.541919][ T7153] macsec1: entered promiscuous mode [ 297.866706][ T7157] geneve2: entered promiscuous mode [ 299.264442][ T7172] loop0: detected capacity change from 0 to 512 [ 299.389699][ T7172] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 299.514655][ T7172] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 299.838813][ T7172] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.382: bad orphan inode 4 [ 300.316896][ T7172] loop0: lost filesystem error report for type 5 error -117 [ 300.319200][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 300.333374][ C1] EXT4-fs (loop0): initial error at time 1774608896: ext4_orphan_get:1417 [ 300.342173][ C1] EXT4-fs (loop0): last error at time 1774608896: ext4_orphan_get:1417 [ 300.446030][ T7172] EXT4-fs (loop0): 1 orphan inode deleted [ 300.629872][ T7172] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 301.331018][ T7133] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 302.287501][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.984189][ T7184] loop5: detected capacity change from 0 to 256 [ 303.596661][ T7195] loop3: detected capacity change from 0 to 128 [ 305.406711][ T7208] loop3: detected capacity change from 0 to 512 [ 305.584146][ T7208] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 305.613308][ T7208] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 305.635379][ T7208] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.395: bad orphan inode 4 [ 305.646060][ T7208] loop3: lost filesystem error report for type 5 error -117 [ 305.649214][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 305.663387][ C1] EXT4-fs (loop3): initial error at time 1774608901: ext4_orphan_get:1417 [ 305.672214][ C1] EXT4-fs (loop3): last error at time 1774608901: ext4_orphan_get:1417 [ 305.684086][ T7208] EXT4-fs (loop3): 1 orphan inode deleted [ 305.693895][ T7208] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.577455][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 309.116095][ T7217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.398'. [ 309.164267][ T7217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.398'. [ 313.207656][ T7247] netlink: 56 bytes leftover after parsing attributes in process `syz.3.409'. [ 313.503724][ T5787] Bluetooth: hci1: command 0x0406 tx timeout [ 314.014894][ T5073] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 314.032195][ T5073] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 314.041813][ T5073] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 314.057467][ T5073] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 314.110622][ T5073] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 316.249531][ T5787] Bluetooth: hci5: command tx timeout [ 317.172616][ T7264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.412'. [ 317.220548][ T7266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.412'. [ 317.460022][ T7266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.412'. [ 317.665700][ T7011] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.744148][ T7011] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.955943][ T7011] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 318.034470][ T7011] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 318.299820][ T5787] Bluetooth: hci5: command tx timeout [ 318.461184][ T7285] netlink: 56 bytes leftover after parsing attributes in process `syz.0.419'. [ 318.750552][ T7252] chnl_net:caif_netlink_parms(): no params data found [ 320.369550][ T7305] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 320.380233][ T5787] Bluetooth: hci5: command tx timeout [ 321.973470][ T7313] netlink: 48 bytes leftover after parsing attributes in process `syz.0.428'. [ 322.017072][ T7313] netlink: 48 bytes leftover after parsing attributes in process `syz.0.428'. [ 322.091453][ T7313] netlink: 4 bytes leftover after parsing attributes in process `syz.0.428'. [ 322.207952][ T7319] netlink: 56 bytes leftover after parsing attributes in process `syz.5.431'. [ 322.318317][ T7313] netlink: 4 bytes leftover after parsing attributes in process `syz.0.428'. [ 322.471285][ T5787] Bluetooth: hci5: command tx timeout [ 322.689601][ T7252] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.749641][ T7252] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.757446][ T7252] bridge_slave_0: entered allmulticast mode [ 322.859618][ T7252] bridge_slave_0: entered promiscuous mode [ 322.923516][ T7252] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.946513][ T7252] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.964288][ T7252] bridge_slave_1: entered allmulticast mode [ 322.993410][ T7252] bridge_slave_1: entered promiscuous mode [ 325.059558][ T7252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.503756][ T7252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.072423][ T7010] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.112310][ T7010] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.640918][ T7351] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 326.811819][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 326.818812][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 327.144397][ T7357] netlink: 56 bytes leftover after parsing attributes in process `syz.3.443'. [ 327.762284][ T7361] loop0: detected capacity change from 0 to 1024 [ 327.930833][ T7361] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 328.289788][ T7010] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 328.369372][ T7010] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.493281][ T7252] team0: Port device team_slave_0 added [ 328.543757][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.585081][ T7252] team0: Port device team_slave_1 added [ 328.881905][ T7010] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 328.949434][ T7010] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.194622][ T7252] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 329.223110][ T7252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 329.296759][ T7252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 329.477559][ T7010] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 329.518420][ T7010] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.587003][ T7252] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 329.610683][ T7252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 329.683742][ T7252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.040115][ T7391] netlink: 56 bytes leftover after parsing attributes in process `syz.2.455'. [ 330.685033][ T7252] hsr_slave_0: entered promiscuous mode [ 330.774080][ T7252] hsr_slave_1: entered promiscuous mode [ 330.819471][ T7252] debugfs: 'hsr0' already exists in 'hsr' [ 330.856602][ T7252] Cannot create hsr debugfs directory [ 331.153728][ T7402] loop2: detected capacity change from 0 to 256 [ 331.590088][ T7403] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 331.638318][ T7400] loop0: detected capacity change from 0 to 512 [ 331.715534][ T7402] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 331.865197][ T7400] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 331.920074][ T7400] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 333.135530][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.391440][ T7010] bridge_slave_1: left allmulticast mode [ 333.397278][ T7010] bridge_slave_1: left promiscuous mode [ 333.440065][ T7010] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.523240][ T7010] bridge_slave_0: left allmulticast mode [ 333.567086][ T7010] bridge_slave_0: left promiscuous mode [ 333.599991][ T7010] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.604214][ T7414] netlink: 'syz.3.464': attribute type 30 has an invalid length. [ 333.630299][ T7414] netlink: 8 bytes leftover after parsing attributes in process `syz.3.464'. [ 334.097271][ T7425] netlink: 56 bytes leftover after parsing attributes in process `syz.0.467'. [ 334.384857][ T7010] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 334.403676][ T7010] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 334.421512][ T7010] bond0 (unregistering): Released all slaves [ 334.500957][ T7414] bond0: option arp_missed_max: invalid value (0) [ 334.507841][ T7414] bond0: option arp_missed_max: allowed values 1 - 255 [ 335.018194][ T7434] kernel profiling enabled (shift: 63) [ 335.054213][ T7434] profiling shift: 63 too large [ 335.698031][ T7010] hsr_slave_0: left promiscuous mode [ 335.739509][ T7010] hsr_slave_1: left promiscuous mode [ 335.776729][ T7010] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 335.839254][ T7010] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 335.891987][ T7010] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 335.952611][ T7010] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 336.148836][ T7010] veth1_macvtap: left promiscuous mode [ 336.185822][ T7010] veth0_macvtap: left promiscuous mode [ 336.212467][ T7010] veth1_vlan: left promiscuous mode [ 336.243918][ T7010] veth0_vlan: left promiscuous mode [ 336.878023][ T7459] loop0: detected capacity change from 0 to 1024 [ 336.923385][ T7459] EXT4-fs: Ignoring removed mblk_io_submit option [ 336.979908][ T7459] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 337.012616][ T7459] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 337.142709][ T7459] EXT4-fs error (device loop0): ext4_ext_check_inode:521: inode #11: comm syz.0.477: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 337.274193][ T7459] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 337.275040][ T7459] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.477: couldn't read orphan inode 11 (err -117) [ 337.284756][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 337.284843][ C0] EXT4-fs (loop0): initial error at time 1774608933: ext4_ext_check_inode:521: inode 11 [ 337.284996][ C0] EXT4-fs (loop0): last error at time 1774608933: ext4_ext_check_inode:521: inode 11 [ 337.714612][ T7459] loop0: lost filesystem error report for type 5 error -117 [ 337.731379][ T7459] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 338.145589][ T7473] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 338.274846][ T7459] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.477: Invalid block bitmap block 0 in block_group 0 [ 338.413793][ T7459] __quota_error: 10 callbacks suppressed [ 338.413874][ T7459] Quota error (device loop0): write_blk: dquota write failed [ 338.454426][ T7459] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 338.507921][ T7459] EXT4-fs error (device loop0): ext4_acquire_dquot:7001: comm syz.0.477: Failed to acquire dquot type 0 [ 338.613409][ T7476] EXT4-fs error (device loop0): __ext4_get_inode_loc:4782: comm syz.0.477: Invalid inode table block 8589934593 in block_group 0 [ 338.754029][ T7010] team0 (unregistering): Port device team_slave_1 removed [ 338.942858][ T7010] team0 (unregistering): Port device team_slave_0 removed [ 339.120470][ T191] EXT4-fs error (device loop0): __ext4_get_inode_loc:4782: comm kworker/u8:7: Invalid inode table block 8589934593 in block_group 0 [ 339.231221][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 340.244665][ T7252] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 340.401245][ T7252] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 340.517730][ T7486] loop5: detected capacity change from 0 to 512 [ 340.534918][ T7252] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 340.650770][ T7252] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 342.894752][ T7516] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 343.447749][ T7252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.706711][ T7252] 8021q: adding VLAN 0 to HW filter on device team0 [ 344.740902][ T191] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.748346][ T191] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.971060][ T191] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.978522][ T191] bridge0: port 2(bridge_slave_1) entered forwarding state [ 344.998506][ T7535] netlink: 12 bytes leftover after parsing attributes in process `syz.5.497'. [ 345.049825][ T7535] netlink: 8 bytes leftover after parsing attributes in process `syz.5.497'. [ 345.103236][ T7535] 8021q: VLANs not supported on caif0 [ 347.496520][ T7566] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 349.470832][ T7581] netlink: 12 bytes leftover after parsing attributes in process `syz.3.512'. [ 349.480290][ T7581] netlink: 8 bytes leftover after parsing attributes in process `syz.3.512'. [ 349.523843][ T7581] 8021q: VLANs not supported on caif0 [ 349.587994][ T7252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 351.128085][ T7606] 8021q: VLANs not supported on ip_vti0 [ 354.613087][ T7637] netlink: 12 bytes leftover after parsing attributes in process `syz.2.525'. [ 354.714513][ T7637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.525'. [ 354.801665][ T7637] 8021q: VLANs not supported on caif0 [ 354.842792][ T7639] netlink: 36 bytes leftover after parsing attributes in process `syz.5.526'. [ 354.883796][ T7639] netlink: 16 bytes leftover after parsing attributes in process `syz.5.526'. [ 354.932418][ T7639] netlink: 36 bytes leftover after parsing attributes in process `syz.5.526'. [ 355.000102][ T7639] netlink: 36 bytes leftover after parsing attributes in process `syz.5.526'. [ 355.436829][ T7252] veth0_vlan: entered promiscuous mode [ 355.607822][ T7252] veth1_vlan: entered promiscuous mode [ 355.868378][ T7649] xt_hashlimit: size too large, truncated to 1048576 [ 356.204806][ T7252] veth0_macvtap: entered promiscuous mode [ 356.357493][ T7252] veth1_macvtap: entered promiscuous mode [ 356.734224][ T7252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 356.998752][ T7252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 357.174926][ T7011] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.332724][ T7011] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.412879][ T7011] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.523178][ T7011] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.301882][ T7676] 8021q: VLANs not supported on ip_vti0 [ 361.491678][ T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 361.712012][ T10] usb 3-1: config 0 has no interfaces? [ 361.774134][ T10] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 361.832972][ T10] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 361.884051][ T10] usb 3-1: Product: syz [ 361.914249][ T10] usb 3-1: Manufacturer: syz [ 361.999508][ T10] usb 3-1: config 0 descriptor?? [ 364.210726][ T38] usb 3-1: USB disconnect, device number 3 [ 364.883152][ T7737] 8021q: VLANs not supported on ip_vti0 [ 365.697060][ T7745] netlink: 132 bytes leftover after parsing attributes in process `syz.0.547'. [ 368.343770][ T191] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.401201][ T191] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.477980][ T7768] xt_hashlimit: size too large, truncated to 1048576 [ 368.788730][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.830454][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 369.588269][ T7782] loop6: detected capacity change from 0 to 512 [ 369.644708][ T7782] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 369.835314][ T7782] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2 [ 370.370011][ T7782] EXT4-fs error (device loop6): ext4_orphan_get:1417: comm syz.6.407: bad orphan inode 4 [ 370.394491][ T38] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 370.427897][ T7782] loop6: lost filesystem error report for type 5 error -117 [ 370.429264][ C0] EXT4-fs (loop6): error count since last fsck: 1 [ 370.443659][ C0] EXT4-fs (loop6): initial error at time 1774608966: ext4_orphan_get:1417 [ 370.452491][ C0] EXT4-fs (loop6): last error at time 1774608966: ext4_orphan_get:1417 [ 370.464695][ T7782] EXT4-fs (loop6): 1 orphan inode deleted [ 370.518629][ T7782] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 370.555497][ T38] usb 4-1: config 0 has no interfaces? [ 370.585942][ T38] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 370.603099][ T7791] 8021q: VLANs not supported on ip_vti0 [ 370.677349][ T38] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 370.701466][ T38] usb 4-1: Product: syz [ 370.705966][ T38] usb 4-1: Manufacturer: syz [ 371.165244][ T38] usb 4-1: config 0 descriptor?? [ 371.214463][ T7252] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.866563][ T7807] macsec1: entered promiscuous mode [ 371.889862][ T7807] syzkaller0: entered promiscuous mode [ 371.984739][ T7807] syzkaller0: left promiscuous mode [ 372.672003][ T10] usb 4-1: USB disconnect, device number 2 [ 372.885408][ T7824] loop0: detected capacity change from 0 to 512 [ 372.990598][ T7824] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2808: inode #11: comm syz.0.569: corrupted xattr block 95: invalid header [ 373.010161][ T7824] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 373.019240][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 373.035074][ C1] EXT4-fs (loop0): initial error at time 1774608968: ext4_expand_extra_isize_ea:2808: inode 11 [ 373.045830][ C1] EXT4-fs (loop0): last error at time 1774608968: ext4_expand_extra_isize_ea:2808: inode 11 [ 373.092974][ T7832] netlink: 12 bytes leftover after parsing attributes in process `syz.2.572'. [ 373.102734][ T7832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.572'. [ 373.117032][ T7832] 8021q: VLANs not supported on caif0 [ 373.123057][ T7824] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2858: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 373.158543][ T7824] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.569: bg 0: block 7: invalid block bitmap [ 373.250084][ T7824] loop0: lost filesystem error report for type 5 error -117 [ 373.254032][ T7824] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6685: Corrupt filesystem [ 373.317685][ T7824] loop0: lost filesystem error report for type 5 error -117 [ 373.321295][ T7824] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2970: inode #11: comm syz.0.569: corrupted xattr block 95: invalid header [ 373.374117][ T7824] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 373.375653][ T7824] EXT4-fs warning (device loop0): ext4_evict_inode:275: xattr delete (err -117) [ 373.415715][ T7824] EXT4-fs (loop0): 1 orphan inode deleted [ 373.474748][ T7824] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 374.535952][ T7847] 8021q: VLANs not supported on ip_vti0 [ 374.645551][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 376.858254][ T7865] macsec1: entered promiscuous mode [ 376.898364][ T7865] syzkaller0: entered promiscuous mode [ 376.977936][ T7865] syzkaller0: left promiscuous mode [ 377.349456][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 377.535973][ T7879] netlink: 12 bytes leftover after parsing attributes in process `syz.5.585'. [ 377.582560][ T10] usb 1-1: config 0 has no interfaces? [ 377.600547][ T7879] netlink: 8 bytes leftover after parsing attributes in process `syz.5.585'. [ 377.645481][ T10] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 377.674979][ T10] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 377.701990][ T10] usb 1-1: Product: syz [ 377.706339][ T10] usb 1-1: Manufacturer: syz [ 377.737321][ T7879] 8021q: VLANs not supported on caif0 [ 377.751599][ T10] usb 1-1: config 0 descriptor?? [ 380.347652][ T7917] 8021q: VLANs not supported on ip_vti0 [ 380.688877][ T38] usb 1-1: USB disconnect, device number 4 [ 382.290544][ T7932] fuse: Unknown parameter '00000000000000000000' [ 382.320469][ T7931] netlink: 12 bytes leftover after parsing attributes in process `syz.5.599'. [ 382.339978][ T7931] netlink: 8 bytes leftover after parsing attributes in process `syz.5.599'. [ 382.409969][ T7931] 8021q: VLANs not supported on nlmon0 [ 383.717210][ T7954] loop3: detected capacity change from 0 to 128 [ 384.779358][ T5842] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 384.982741][ T5842] usb 1-1: config 0 has no interfaces? [ 385.039596][ T5842] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 385.109455][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 385.189299][ T5842] usb 1-1: Product: syz [ 385.215117][ T5842] usb 1-1: Manufacturer: syz [ 385.273967][ T5842] usb 1-1: config 0 descriptor?? [ 386.340478][ T7982] 8021q: VLANs not supported on ip_vti0 [ 388.335215][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 388.360119][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 388.549648][ T10] usb 1-1: USB disconnect, device number 5 [ 389.172653][ T7993] fuse: Unknown parameter '00000000000000000000' [ 389.290147][ T7995] netlink: 12 bytes leftover after parsing attributes in process `syz.6.612'. [ 389.349609][ T7995] netlink: 8 bytes leftover after parsing attributes in process `syz.6.612'. [ 389.359020][ T7995] 8021q: VLANs not supported on nlmon0 [ 390.161185][ T10] kernel write not supported for file bpf-prog (pid: 10 comm: kworker/0:1) [ 392.000632][ T38] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 392.226551][ T38] usb 4-1: config 0 has no interfaces? [ 392.258773][ T8033] 8021q: VLANs not supported on ip_vti0 [ 392.327127][ T38] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 392.444664][ T38] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 392.549293][ T38] usb 4-1: Product: syz [ 392.553669][ T38] usb 4-1: Manufacturer: syz [ 392.671994][ T38] usb 4-1: config 0 descriptor?? [ 393.561028][ T8042] netlink: 12 bytes leftover after parsing attributes in process `syz.6.627'. [ 393.677891][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.6.627'. [ 393.786413][ T8042] 8021q: VLANs not supported on nlmon0 [ 394.708740][ T38] usb 4-1: USB disconnect, device number 3 [ 395.340712][ T10] kernel write not supported for file bpf-prog (pid: 10 comm: kworker/0:1) [ 395.540929][ T8067] syzkaller1: entered promiscuous mode [ 395.588253][ T8067] syzkaller1: entered allmulticast mode [ 397.241588][ T8087] 8021q: VLANs not supported on ip_vti0 [ 398.315316][ T29] audit: type=1326 audit(1774608994.162:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8093 comm="syz.5.642" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa52179c799 code=0x0 [ 398.939753][ T38] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 399.219217][ T38] usb 6-1: config 0 has no interfaces? [ 399.383722][ T38] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 399.418449][ T38] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 399.428894][ T38] usb 6-1: Product: syz [ 399.435086][ T38] usb 6-1: Manufacturer: syz [ 399.445596][ T38] usb 6-1: config 0 descriptor?? [ 399.715751][ T38] kernel write not supported for file bpf-prog (pid: 38 comm: kworker/1:1) [ 400.065812][ T29] audit: type=1326 audit(1774608995.912:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8112 comm="syz.2.647" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f264299c799 code=0x0 [ 400.499322][ T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 400.719821][ T10] usb 3-1: config 0 has no interfaces? [ 400.736253][ T10] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 400.779360][ T10] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 400.787568][ T10] usb 3-1: Product: syz [ 400.819340][ T10] usb 3-1: Manufacturer: syz [ 400.843805][ T10] usb 3-1: config 0 descriptor?? [ 401.833780][ T10] usb 6-1: USB disconnect, device number 3 [ 402.026464][ T8138] 8021q: VLANs not supported on ip_vti0 [ 405.078155][ T8149] loop5: detected capacity change from 0 to 1024 [ 405.193905][ T10] usb 3-1: USB disconnect, device number 4 [ 405.433816][ T8149] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 405.618115][ T38] kernel write not supported for file bpf-prog (pid: 38 comm: kworker/1:1) [ 405.948204][ T6029] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 406.809283][ T29] audit: type=1326 audit(1774609002.652:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8174 comm="syz.6.665" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4d4759c799 code=0x0 [ 408.786691][ T8192] 8021q: VLANs not supported on ip_vti0 [ 409.144866][ T10] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 409.324831][ T10] usb 7-1: config 0 has no interfaces? [ 411.033457][ T38] kernel write not supported for file bpf-prog (pid: 38 comm: kworker/1:1) [ 411.191882][ T10] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 412.497620][ T10] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 412.511629][ T10] usb 7-1: config 0 descriptor?? [ 412.519936][ T10] usb 7-1: can't set config #0, error -71 [ 412.544801][ T10] usb 7-1: USB disconnect, device number 2 [ 412.635197][ T29] audit: type=1326 audit(1774609008.482:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8b99c799 code=0x7ffc0000 [ 412.727468][ T29] audit: type=1326 audit(1774609008.522:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8b99c799 code=0x7ffc0000 [ 412.823489][ T8211] ===================================================== [ 412.831059][ T8211] BUG: KMSAN: uninit-value in netif_skb_features+0x70d/0x1b80 [ 412.836699][ T29] audit: type=1326 audit(1774609008.542:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8b99c799 code=0x7ffc0000 [ 412.838673][ T8211] netif_skb_features+0x70d/0x1b80 [ 412.838792][ T8211] validate_xmit_skb+0xb6/0x2400 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 412.871463][ T8211] validate_xmit_skb_list+0xd4/0x320 [ 412.876915][ T8211] sch_direct_xmit+0xd4/0xcf0 [ 412.882125][ T8211] __dev_queue_xmit+0x301d/0x5980 [ 412.887337][ T8211] packet_xmit+0x8f/0x710 [ 412.892144][ T8211] packet_sendmsg+0x91d9/0xa320 [ 412.897240][ T8211] ____sys_sendmsg+0xf37/0xfd0 [ 412.902434][ T8211] ___sys_sendmsg+0x271/0x3b0 [ 412.907264][ T8211] __x64_sys_sendmsg+0x211/0x3e0 [ 412.912515][ T8211] x64_sys_call+0x1e20/0x3ea0 [ 412.917409][ T8211] do_syscall_64+0x134/0xf80 [ 412.922474][ T8211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.928616][ T8211] [ 412.931207][ T8211] Uninit was created at: [ 412.935747][ T8211] kmem_cache_alloc_node_noprof+0x3cd/0x12d0 [ 412.942103][ T8211] __alloc_skb+0x855/0x1190 [ 412.946810][ T8211] alloc_skb_with_frags+0xc5/0xa60 [ 412.952322][ T8211] sock_alloc_send_pskb+0xacb/0xc60 [ 412.957777][ T8211] packet_sendmsg+0x7477/0xa320 [ 412.963010][ T8211] ____sys_sendmsg+0xf37/0xfd0 [ 412.967932][ T8211] ___sys_sendmsg+0x271/0x3b0 [ 412.972918][ T8211] __x64_sys_sendmsg+0x211/0x3e0 [ 412.978009][ T8211] x64_sys_call+0x1e20/0x3ea0 [ 412.983056][ T8211] do_syscall_64+0x134/0xf80 [ 412.987813][ T8211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.994053][ T8211] [ 412.996494][ T8211] CPU: 0 UID: 0 PID: 8211 Comm: syz.2.677 Not tainted syzkaller #0 PREEMPT(full) [ 413.006027][ T8211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 413.009462][ T29] audit: type=1326 audit(1774609008.542:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8b99c799 code=0x7ffc0000 [ 413.016329][ T8211] ===================================================== [ 413.016386][ T8211] Disabling lock debugging due to kernel taint [ 413.016435][ T8211] Kernel panic - not syncing: kmsan.panic set ... [ 413.016512][ T8211] CPU: 0 UID: 0 PID: 8211 Comm: syz.2.677 Tainted: G B syzkaller #0 PREEMPT(full) [ 413.016646][ T8211] Tainted: [B]=BAD_PAGE [ 413.016687][ T8211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 413.016755][ T8211] Call Trace: [ 413.016793][ T8211] [ 413.016830][ T8211] __dump_stack+0x26/0x30 [ 413.016965][ T8211] dump_stack_lvl+0x50/0x1c0 [ 413.017087][ T8211] ? dump_stack+0x12/0x25 [ 413.017218][ T8211] dump_stack+0x1e/0x25 [ 413.017334][ T8211] vpanic+0x7b4/0x1430 [ 413.017492][ T8211] panic+0x15d/0x160 [ 413.017667][ T8211] kmsan_report+0x31a/0x320 [ 413.017824][ T8211] ? __msan_warning+0x1b/0x30 [ 413.017956][ T8211] ? netif_skb_features+0x70d/0x1b80 [ 413.018069][ T8211] ? validate_xmit_skb+0xb6/0x2400 [ 413.018183][ T8211] ? validate_xmit_skb_list+0xd4/0x320 [ 413.018297][ T8211] ? sch_direct_xmit+0xd4/0xcf0 [ 413.018445][ T8211] ? __dev_queue_xmit+0x301d/0x5980 [ 413.018557][ T8211] ? packet_xmit+0x8f/0x710 [ 413.018658][ T8211] ? packet_sendmsg+0x91d9/0xa320 [ 413.018809][ T8211] ? ____sys_sendmsg+0xf37/0xfd0 [ 413.018925][ T8211] ? ___sys_sendmsg+0x271/0x3b0 [ 413.019044][ T8211] ? __x64_sys_sendmsg+0x211/0x3e0 [ 413.019171][ T8211] ? x64_sys_call+0x1e20/0x3ea0 [ 413.019307][ T8211] ? do_syscall_64+0x134/0xf80 [ 413.019433][ T8211] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.019560][ T8211] ? __skb_flow_dissect+0x941a/0xa1f0 [ 413.019817][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.019975][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.020145][ T8211] __msan_warning+0x1b/0x30 [ 413.020291][ T8211] netif_skb_features+0x70d/0x1b80 [ 413.020446][ T8211] validate_xmit_skb+0xb6/0x2400 [ 413.020560][ T8211] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 413.020730][ T8211] ? sch_direct_xmit+0x21/0xcf0 [ 413.020880][ T8211] ? filter_irq_stacks+0x49/0x190 [ 413.021117][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.021297][ T8211] validate_xmit_skb_list+0xd4/0x320 [ 413.021439][ T8211] sch_direct_xmit+0xd4/0xcf0 [ 413.021589][ T8211] ? kmsan_get_metadata+0x146/0x160 [ 413.021747][ T8211] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 413.021921][ T8211] __dev_queue_xmit+0x301d/0x5980 [ 413.022047][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.022210][ T8211] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 413.022384][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.022540][ T8211] ? __dev_queue_xmit+0x27a/0x5980 [ 413.022696][ T8211] packet_xmit+0x8f/0x710 [ 413.022802][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.022965][ T8211] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 413.023139][ T8211] packet_sendmsg+0x91d9/0xa320 [ 413.023303][ T8211] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 413.023479][ T8211] ? aa_label_sk_perm+0x759/0x810 [ 413.023654][ T8211] ? tomoyo_socket_bind_permission+0x2e1/0x370 [ 413.023824][ T8211] ? stack_trace_save_user+0x130/0x170 [ 413.023988][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.024249][ T8211] ? __pfx_packet_sendmsg+0x10/0x10 [ 413.024447][ T8211] ____sys_sendmsg+0xf37/0xfd0 [ 413.024614][ T8211] ___sys_sendmsg+0x271/0x3b0 [ 413.024732][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.024930][ T8211] ? __rcu_read_unlock+0x6c/0xd0 [ 413.025122][ T8211] ? __fget_files+0x3b4/0x4a0 [ 413.025287][ T8211] ? __fget_files+0x3b9/0x4a0 [ 413.025406][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.025565][ T8211] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 413.025740][ T8211] __x64_sys_sendmsg+0x211/0x3e0 [ 413.025881][ T8211] ? kmsan_get_metadata+0xf1/0x160 [ 413.026056][ T8211] x64_sys_call+0x1e20/0x3ea0 [ 413.026205][ T8211] do_syscall_64+0x134/0xf80 [ 413.026334][ T8211] ? clear_bhb_loop+0x50/0xa0 [ 413.026458][ T8211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.026584][ T8211] RIP: 0033:0x7f264299c799 [ 413.026664][ T8211] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 413.026764][ T8211] RSP: 002b:00007f2643806028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 413.026862][ T8211] RAX: ffffffffffffffda RBX: 00007f2642c15fa0 RCX: 00007f264299c799 [ 413.026941][ T8211] RDX: 00000000200400d1 RSI: 0000200000002ac0 RDI: 0000000000000003 [ 413.027011][ T8211] RBP: 00007f2642a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 413.027078][ T8211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 413.027139][ T8211] R13: 00007f2642c16038 R14: 00007f2642c15fa0 R15: 00007ffcd17e0b28 [ 413.027262][ T8211] [ 413.039010][ T8211] Kernel Offset: disabled