last executing test programs: 1m36.683260533s ago: executing program 3 (id=2165): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00) 1m35.090323886s ago: executing program 3 (id=2170): syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x0, 0x7fff0000}]}) socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r1], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x12, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 1m31.123468645s ago: executing program 3 (id=2184): prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737908320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005900)=ANY=[@ANYBLOB="1c000000150a0102"], 0x1c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 1m28.741453981s ago: executing program 3 (id=2194): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'wrr\x00', 0x4, 0x81, 0x5}, {@rand_addr=0xac1414aa, 0x4e23, 0x3, 0x1cb, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x4, 0x6b35e9d94325c671, 0xffffffffffffffff, 0x0) 1m27.777664945s ago: executing program 3 (id=2200): shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) socket(0x40000000015, 0x5, 0x0) socket(0x40000000015, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x495, &(0x7f0000000200)={0x0, 0x3661, 0x0, 0x1, 0x29}, &(0x7f0000000340)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 1m24.11376861s ago: executing program 3 (id=2207): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x0, 0x1000002, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0) 1m8.017293659s ago: executing program 32 (id=2207): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x0, 0x1000002, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0) 15.413781541s ago: executing program 5 (id=2364): socket$inet(0x2, 0x2, 0x1) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000040), &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f}) 14.446868536s ago: executing program 5 (id=2367): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 14.13711217s ago: executing program 5 (id=2370): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='contention_end\x00', r0, 0x0, 0x4}, 0x18) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008082, &(0x7f00000001c0)={[{@nodioread_nolock}, {@nolazytime}, {@abort}, {@errors_continue}, {@dioread_nolock}, {@jqfmt_vfsv0}, {@nomblk_io_submit}, {@nobarrier}]}, 0x0, 0x5e0, &(0x7f00000011c0)="$eJzs3c1vVFUbAPDnTj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sQxd3pv6bR3+kU7t3J/v2TouefM5Zzb6dNz5vScOwFU1mD6Ty1if0RMJxH9yfxiWWdkhYMLz3vw50dn00cS9fprvyeRZHn585Psa192ck9E/PhDEvs6VtY7M3ft4vjU1OTV7Hh49tL08MzctcMXLo2fnzw/eXn0hdETx48dPzFyZFPXdb0g7/TNd9/v/2TszW+++isZ+faXsSROxsvZE5dex1YZjMHG9yRZWdR3YqsrK0lH9nOy9CVOOoue2dW+RrFu+euXvjpPRH90xMMXrz8+fqXUxgHbqp5E1IGKSsQ/VFQ+Dsjf2y9/H1wrZVQCtMP9UwsTACvjv3NhbjB6GnMDux8ksXRaJ4mIzc3MNdsTEXfvjN08d2fsZmzTPBxQbP5GRDxZFP9JI/4HoicGGvFfa4r/dFxwJvua5r+6yfqXTxWLf2ifhfjvWTX+o0X8v7Uk/t/eZP2DD5Pv9DbFf+9mLwkAAAAAAAAq6/apiHi+6O//tcX1P1Gw/qcvIk5uQf2Dy45X/v2/dm8LqgEK3D8V8VLh+t9avvp3oCNL/aexHqArOXdhavJIRPw3Ig5F1670eGSVOg5/uu/LVmWD2fq//JHWfzdbC5i1417nruZzJsZnxx/1uoGI+zcinipc/5ss9v9JQf+f/j6YXmcd+569daZV2drxD2yX+tcRBwv7/4d3rUhWvz/HcGM8MJyPClZ6+sPPvmtV/2bjv/AWE8CGpP3/7tXjfyBZer+emY3XcXSus96qbLPj/+7k9cYtZ7qzvA/GZ2evjkR0J6c70tym/NGNtxkeR3k85PGSxv+hZ1af/ysa//dGxPyy/zv5o3lPce7/f/f92qo9xv9QnjT+JzbU/288MXpr4PtW9a+v/z/W6OsPZTnm/2DBF3mYdjfnF4RjZ1FRu9sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+DWkTsiaQ2tJiu1YaGIvoi4n+xuzZ1ZWb2uXNX3rs8kZY1Pv+/ln/Sb//CcZJ//v/AkuPRZcdHI2JvRHze0ds4Hjp7ZWqi7IsHAAAAAAAAAAAAAAAAAACAHaKvxf7/1G8dZbcO2HadZTcAKE1B/P9URjuA9tP/Q3WJf6gu8Q/VJf6husQ/VJf4h+oS/1Bd4h8AAAAAAB4rew/c/jmJiPkXexuPVHdW1lVqy4DtViu7AUBp3OIHqsvSH6gu7/GBZI3ynpYnrXXmaqbPPsLJAAAAAAAAAAAAAFA5B/fb/w9VZf8/VJf9/1Bd+f7/AyW3A2g/7/GBWGMnf+H+/zXPAgAAAAAAAAAAAAC20szctYvjU1OTVyXe2BnNaGeiXq9fT38Kdkp7/uWJfCn8TmnPskS+1299Z5X3OwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGj2TwAAAP//+Ekkyg==") socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0}, 0x94) sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000010101010000"], 0x44}}, 0x0) preadv(r2, &(0x7f0000000380)=[{&(0x7f0000000280)=""/240, 0xf0}], 0x1, 0x33, 0x2) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 14.13604754s ago: executing program 2 (id=2371): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x10681, 0x20000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002) r6 = socket(0x10, 0x803, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r8}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) r9 = socket(0x10, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r10}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r2, @ANYBLOB="01"], 0x3c}}, 0x0) 11.582238378s ago: executing program 2 (id=2373): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) 8.820205569s ago: executing program 1 (id=2376): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r3, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000640)=ANY=[@ANYBLOB="30e01b3981dd"], 0x1000f) 8.810372379s ago: executing program 0 (id=2377): r0 = syz_open_dev$sndctrl(0x0, 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0xc0045543, &(0x7f0000000d40)=0xfdfdffff) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x9ccdbce1ad0b74a2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$BINDER_GET_FROZEN_INFO(0xffffffffffffffff, 0xc00c620f, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r4, 0x6, 0x22, &(0x7f0000000a00)=0x6, 0x4) 8.75356195s ago: executing program 2 (id=2378): socket$inet(0x2, 0x2, 0x1) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000040), &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f}) 8.75187633s ago: executing program 4 (id=2379): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000380)={0x28, 0x0, 0x2711, @host}, 0x10) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) io_setup(0x6, &(0x7f0000000540)) 7.708580936s ago: executing program 0 (id=2380): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 7.42432247s ago: executing program 5 (id=2381): socket$inet_tcp(0x2, 0x1, 0x0) socket$kcm(0xf, 0x3, 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x140, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2b442, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_io_uring_setup(0x42e9, &(0x7f0000000200)={0x0, 0xfe3a, 0x0, 0x3, 0x20000}, &(0x7f0000000180)=0x0, &(0x7f0000000300)=0x0) socketpair(0x1e, 0x80004, 0x0, &(0x7f0000000cc0)) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r4}, 0x0, 0x0}, 0x20) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x10, 0x4007, @fd_index=0x8000000, 0x2, 0x0}) io_uring_enter(r1, 0x3f70, 0x0, 0x0, 0x0, 0x0) 7.42360011s ago: executing program 2 (id=2382): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000200), 0x3, 0x570, &(0x7f0000000680)="$eJzs3V1rHFUYAOB3Nkm/tSmUoiIS6IWV2k2T+FFBsF6KFgt6X5dkGmo23ZLdlCYW2l7YG2+kCCIWxB/gvZfFP+CvKGihSAl64U1kNrPtNtnN52q2zvPAtOfMzObM2TPv2Xd2dtkACmsk+6cU8WLcjK+TiMNt2wYj3ziyst/So+uT2ZLE8vInfySR5Ota+yf5/wfzygsR8cuXESdLa9utLyzOVKrVdC6vjzZmr4zWFxZPXZqtTKfT6eXxiYkzb06Mv/P2Wz3r62vn//ru43sfnPnq+NK3Pz04cieJs3Eo39bejx242V4ZiZH8ORmKs6t2HOtBY/0k2e0DYFsG8jgfimwOOBwDedQD/383ImIZKKhE/ENBtfKA1rV9j66DnxkP31+5AFrb/8GV90ZiX/Pa6MBS8tSVUXa9O9yD9rM2fv797p1siQ3eh7jRg/YAWm7eiojTg4Nr578kn/+273TzzeP1rW6jaK8/sJvuZfnP653yn9Lj/Cc65D8HO8Tudmwc/6UHPWimqyz/e7dj/vt46hoeyGvPNXO+oeTipWp6OiKej4gTMbQ3q693P+fM0v3lbtva879sydpv5YL5cTwY3Pv0Y6YqjcpO+tzu4a2Il57kv0msmf/3NXPd1eOfPR/nN9nGsfTuK922bdz/dr3PgJd/jHi14/g/uaOVrH9/crR5Poy2zoq1/rx97Ndu7W+t/72Xjf+B9fs/nLTfr61vvY0f9v2ddtu23fN/T/Jps7wnX3et0mjMjUXsST5au378yWNb9db+Wf9PHF9//ut0/u+PiM822f/bR2933bUfxn9qS+O/9cL9D7/4vlv7mxv/N5qlE/mazcx/mz3AnTx3AAAAAAAA0G9KEXEoklL5cblUKpdXPt9xNA6UqrV64+TF2vzlqWh+V3Y4hkqtO92H2z4PMZZ/HrZVH19Vn4iIIxHxzcD+Zr08WatO7XbnAQAAAAAAAAAAAAAAAAAAoE8c7PL9/8xvA7t9dMC/zk9+Q3FtGP+9+KUnoC95/Yfi6hL/pgUoAIEOxSX+objEPxSX+IfiEv9QXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeur8uXPZsrz06PpkVp+6ujA/U7t6aiqtz5Rn5yfLk7W5K+XpWm26mpYna7Mb/b1qrXZlbDzmr4020npjtL6weGG2Nn+5ceHSbGU6vZAO/Se9AgAAAAAAAAAAAAAAAAAAgGdLfWFxplKtpnMKXQvvxW4fxucv7+ThSedRTto6uGJbTQz2yzAp9LSwyxMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALT5JwAA//821zOC") mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000100)='./file0\x00', 0x3000000, &(0x7f0000000700)=ANY=[@ANYBLOB="646f74732c646f74732c646f74732c636865636b3d72656c617865642c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030302c6e6f646f74732c646f74732c6e6f646f74732c6e6f646f74732c636865636b3d7374726963742c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c646f74732c646f74732c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c6e6f646f74732c646f74732c666d61736b3d30303030303030303030303030303030303030303030322c6e6f646f74732c646f74732c666c7573682c6e6f646f74732c636865636b3d6e6f726d616c2c0079c7cebee7a0df8765ffc536c4e752679b645307d1bf097e07b8e261bb27d1bb80ee490fc501e4f230ddf1483b11ac5c39a93cfc3ba360037c79a9be063a3bf5015e3d6a8cad0e98ccb29619c51c44ec612fc7ff44fa8cf7759eada764c43ba9d602a958bd209ace3df01c3dae04baa94aedc5515da8160ae0"], 0xfd, 0x1bf, &(0x7f0000000300)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") read$FUSE(0xffffffffffffffff, 0x0, 0x0) userfaultfd(0x801) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) mount$bind(0x0, &(0x7f0000000140)='.\x00', 0x0, 0x825, 0x0) chdir(&(0x7f0000000140)='./file0\x00') syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x300001a, &(0x7f00000004c0)={[{@nombcache}, {@abort}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7}}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@orlov}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") socketpair$unix(0x1, 0x2, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) 7.42314554s ago: executing program 0 (id=2383): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200), 0x4, r4}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r6], &(0x7f0000000200), &(0x7f0000000580)=[r5], &(0x7f0000000040)}) 7.157193204s ago: executing program 1 (id=2384): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) close(r0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{}, 0x0, 0x0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xe7b, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000049c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a4693989c36ffffffffffffd0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1530f8d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c11090000000000000000b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c8565117fcb8ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17911540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db55474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc240000000000127535a468702cac97b6b82a6e65d4cf1200"/2702], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe80, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f088a847e0ffff00124000632f77fbac141416e000030a94029f034d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 7.118981095s ago: executing program 4 (id=2385): socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB], 0x48) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r1, &(0x7f0000000240), 0x0}, 0x20) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x0, @none}, &(0x7f0000000140)=0xe, 0x800) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r3) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c80)={0x34, r4, 0x1, 0x70bd25, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010101}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r5) sendmsg$NLBL_MGMT_C_ADD(r5, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000c80)={0x34, r6, 0x1, 0x400000, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private=0xa010101}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast1=0xa010101}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x34}}, 0x0) 6.353968576s ago: executing program 5 (id=2386): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE(0x0, 0x0, 0x0) recvmmsg$unix(r1, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0) 6.352491226s ago: executing program 0 (id=2387): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r4, 0x0, 0x0, 0x10002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 6.06342106s ago: executing program 4 (id=2388): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x9) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x7e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0x387040000}) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 6.06263332s ago: executing program 1 (id=2389): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x2bac, &(0x7f0000000340), &(0x7f0000000100)=0x0, &(0x7f0000000000)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_READ=@pass_buffer={0x16, 0x29, 0x4000, @fd_index=0x5, 0x9, 0x0, 0x0, 0x14}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x80000004, 0x0, 0x4) io_uring_enter(0xffffffffffffffff, 0x1469, 0x0, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x47e9, 0xeb13, 0x6, 0x0, 0x0) 2.693433881s ago: executing program 0 (id=2390): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="7912b800000000006113640000000000bf2000000000000015000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000003c650000000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a56715a0a62a26a0f6a5480a55c22fe394ae0000000000000000000000000000437d57defb79ea000500000000000000000000f014a4a318ba48d35ae9f438000000000000db894b62a614cb1fdd46619c5d2200000000000700000000000000000000006dcd2f421400f69947e4f26e099c9e8369080663c909b7e7c87e3b5e8e5a6df77c8f7338cd5a85f211a41b5d529d4243e47d7ab0d5991756b59d363ba30b18fc2ff189a4e8db38ab97c6a125e2785619e84c6a2b50f0e3ff83ef5149aff43dc899fdebdc2c496e6bdd4dd4d21f06fe133f4444272c5f0839ad663100452a6c6b6421f7e89a33b339401eee2cd466ab2a93a1ee7fb8a9e455ba1c6e17b02a1cd7bf35d36cf5b2a0f063469ae0d0b9fc042b48e98626eb0f9754d8cbbefa3079fe63063047baff09e9aaf7600000fba9a88db9ebef86f7cb522a784bb6d37e5f802757a15c6735138b493db9df53440a63fc565a0b190a710ae1e6807cbeb415ac841e94b706974160a60a14e571274f333d23186143b95514c79b50994cb39cda343bda8f01cf8ec7cdfdace0289e83ce50a57d68bfecfaf69fe7ff5b0375a47d3eb57b41d8a0589b82a1cf1149ba3f21ea2b65433321eb1a6f04ecc713c2b26d27baa49e54c2babec86335b9f418b5a5eb997bc9dd65197124b9aa80fc4aa8defb986bf05c41b919886bb81ecd3d24cf9ecc7004000000000000002c70d32f5d55ef2a2cf7560cb2884f46a92b3c25550f73e407fc5d514b2b7a6b690e290e676266addb7d96e723dec9c418eec8c48dffb6f432b4d5fef16e4f0051ba7efc690022c3f62b37cb5682d8bfdfc637ad3bf089ef0117bcd395322fcfb8e8e0a6e2babceb5f289b1d991770681192bcd0b584c3497e455f30ab918a690514a87a7d8e1d5f169a4e680e9c390071d26f2e0e26fc062f2785f14c0404fe01fb4000000000000000577dcb1698a9021a36d73ed03651c1937b2c84046023a1a0a87b208e33ad2d7c2892b176877264e1d699b7401eb917b289f6f67060fda0fa44b54bd87517a2bf09dba7209e41db4288b61bda5960952c45e5c55f2cd68bf9c6ff33e46109584bf42e8696ef1876564fef6f24cbbed0db8ab7fda1ffcc8c9fd4ab2cbe8f8df8e5535b12a942a948ea"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)=@ipv4_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x2000}}, 0x1c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r1, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r3, &(0x7f0000000000)={0x1d, r4}, 0x10) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f00000000c0), 0xf00) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x3, {0x0, 0x0, 0x0, r7, {0x7, 0x1}, {0xffff}, {0x1}}}, 0x24}}, 0x0) 2.69239819s ago: executing program 5 (id=2391): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x13) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x400, &(0x7f0000000000)={[{@grpjquota}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x1, 0x4a6, &(0x7f0000000a40)="$eJzs3c9rXNUeAPDvzDRpkua9/niPR9sHr4U+6HtKM/mBNFEXulIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLvzKT5NXXQNAO5nw/czrn33M73nAzfw51z750bQGadTv7JRQxGxBcRcbixunmH042XtbvXp5IlF/X6xe9z6X7JemvX1v87FBGrEdEXEc89FfFybnvc6vLK7GS5XFpsrhdrcwvF6vLKuStzkzOlmdL8yPj5iYnx4bHRiV3r6803X7154eNnej/6+Y07t9/69JOkWYPNuo392E2NrvfE0Q3bDkTE4w8iWBcUmv3p73ZD+FOSz+8fEXEmzf/DUUg/TSAL6vV6/bf6wXbVq3Vg38qnx8C5/FBENMr5/NBQ4xj+nzGQL1eqtYcvV5bmpxvHykeiJ3/5Srk03PyucCR6csn6SFq+tz66ZX0sIj0GfrvQn64PTVXK03s71AFbHNqS/z8VGvkPZISv/JBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yH7JL/kMmPXvhQrLUW/e/T19dXpqtXD03XarODs0tTQ1NVRYXhmYqlZn0np25P3q/cqWyMPJILF0r1krVWrG6vHJprrI0X7uU3td/qdSzJ70COnH01K2vchGx+mh/uiR6m3VyFfa3ej0X3b4HGeiOQrcHIKBrTP1BdvmOD+zwE72b9LWrWNj9tgB7I9/tBgBdc/aE83+QVeb/IbvM/0N2OcYHzP9D9pj/h+wabPP8r79teHbXcET8PSK+LPQcbD3rC9gP8t/mmsf/Zw//d3BrbW/ul/QUQW9EvPb+xXevTdZqiyPJ9h/Wt9fea24f7Ub7gU618rSVxwBAdq3dvT7VWvYy7ndPNi5C2B7/QHNusi89Rzmwltt0rUJul65dWL0REcd3ip9rPu+8ceZjYK2wLf6x5muu8RZpew+kz03fm/gnNsT/z4b4J//yXwWy4VYy/gzvlH/5NKdjPf82jz+Du3TtRPvxL78+/hXajH+nOozxygevf9M2/o2IkzvGb8XrS2NtjZ+07WyH8e+8+Py/2tXVP2y8z07xW5JSsTa3UKwur5xLf0dupjQ/Mn5+YmJ8eGx0opjOURdbM9XbPXb889v36/9Am/jt+v9Es03/77D/v/77sxdO3yf+/87s/PkfaxM/0R8RD3UY/8fRr19qV5fEn27T//x94ifbxjqMX33n6YMd7goA7IHq8srsZLlcWlRQUFBYL3R7ZAIetHtJ3+2WAAAAAAAAAAAAAJ3ai8uJu91HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID94PcAAAD//5j81ps=") openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x187842, 0x147) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0x1}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61"], 0x10b8}, 0xff4c) write$tcp_mem(r2, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48) ioctl$SNAPSHOT_UNFREEZE(r2, 0x3302) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0xd, 0x0, 0x81, 0xfffffffb}) r4 = shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil) shmctl$SHM_UNLOCK(r4, 0xc) capset(0x0, &(0x7f0000002100)={0x81, 0x8000003, 0x0, 0xfffffffc, 0x0, 0x5}) 2.655609661s ago: executing program 4 (id=2392): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0x1}}], {0x14}}, 0x88}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r4 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r4, 0x6b, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4) 2.653161091s ago: executing program 1 (id=2393): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3}) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdf, 0x1ff, 0xe}) r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000400)={r5}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x86, 0xfff, 0x800}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8}) close_range(r0, 0xffffffffffffffff, 0x0) 2.650105761s ago: executing program 2 (id=2394): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.516591343s ago: executing program 1 (id=2395): socket$inet(0x2, 0x2, 0x1) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000040), &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f}) 2.368610915s ago: executing program 2 (id=2396): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000c00000004000000010000840203000000000000030000000000000000"], 0x0, 0x58}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) socket$tipc(0x1e, 0x5, 0x0) close(0xffffffffffffffff) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, 0x0, 0x0) 1.640430436s ago: executing program 1 (id=2397): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000000)={{r4, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f00000003c0)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r5, 0xffffffffffffffff}, 0x4) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r7, 0x0, 0xe, 0x48000000, &(0x7f0000000300)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.552419097s ago: executing program 4 (id=2398): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x800) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYBLOB="000000000a0101010100000004000000e070a091f16ac01987b1d47000"], 0x20) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) msgget$private(0x0, 0x2c0) ioctl$TIOCGPGRP(r4, 0x5437, 0x0) 1.426410539s ago: executing program 0 (id=2399): socket$inet6(0xa, 0x3, 0x8000000003c) socket$inet6(0xa, 0x3, 0x8000000003c) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udp(0x2, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000240), &(0x7f00000003c0)=r6}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r5, r2, 0x25, 0x0, @val=@tcx={@void, @value=r5}}, 0x1c) syz_emit_ethernet(0x82, &(0x7f0000000640)={@random='\x00\a\x00', @multicast, @val={@val={0x88a8, 0x1, 0x1, 0x2}, {0x8100, 0x2, 0x0, 0x4}}, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "2f23aa", 0x44, 0x2f, 0x0, @empty, @mcast2, {[], {{0x0, 0x0, 0x1, 0x1}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0x8, 0x88be, 0x0, {{0x1, 0x1, 0x10, 0x0, 0x0, 0x1, 0x0, 0x5}, 0x1, {0x6}}}, {0x8, 0x22eb, 0x1, {{0x8, 0x2, 0x3, 0x3, 0x1, 0x1, 0x6, 0x3}, 0x2, {0x7, 0x6, 0x1, 0x7, 0x0, 0x0, 0x2, 0x0, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}}, 0x0) 0s ago: executing program 4 (id=2400): socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) connect$can_bcm(r1, &(0x7f0000000300)={0x1d, r2}, 0x10) sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x74, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r5, {0x1}, {0x0, 0xa}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) read(r1, &(0x7f0000000240)=""/114, 0x72) kernel console output (not intermixed with test programs): binder: 4231 RLIMIT_NICE not set [ 52.372014][ T4231] binder: 4230:4231 got new transaction with bad transaction stack, transaction 5 has target 4230:4231 [ 52.408687][ T4231] binder: 4230:4231 transaction failed 29201/-71, size 0-48 line 2973 [ 52.416503][ T1534] binder: release 4230:4231 transaction 5 out, still active [ 52.427891][ T1534] binder: undelivered TRANSACTION_COMPLETE [ 52.429996][ T1534] binder: undelivered TRANSACTION_ERROR: 29201 [ 52.455890][ C0] vcan0: j1939_tp_rxtimer: 0x0000000066bd22cb: rx timeout, send abort [ 52.462032][ C0] vcan0: j1939_tp_rxtimer: 0x00000000d7287c53: abort rx timeout. Force session deactivation [ 52.518460][ T1534] binder: release 4230:4231 transaction 5 in, still active [ 52.520695][ T1534] binder: send failed reply for transaction 5, target dead [ 52.780932][ T4243] netlink: 'syz.2.29': attribute type 10 has an invalid length. [ 52.825046][ T4228] loop1: detected capacity change from 0 to 8192 [ 52.879249][ T4242] Cannot find add_set index 0 as target [ 52.911875][ T4243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.913049][ T4228] loop1: p1 < > p2 < p5 > p3 p4 [ 52.939371][ T4243] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 52.948722][ T4228] loop1: p3 start 83890176 is beyond EOD, truncated [ 52.950616][ T4228] loop1: p4 size 16776960 extends beyond EOD, truncated [ 52.955646][ T4246] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 52.958139][ T4246] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 52.960160][ C0] vcan0: j1939_tp_rxtimer: 0x0000000066bd22cb: abort rx timeout. Force session deactivation [ 52.984179][ T4228] loop1: p5 size 16776960 extends beyond EOD, truncated [ 53.005118][ T4246] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 53.007335][ T4246] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 53.075073][ T4246] bond0: (slave batadv0): Releasing backup interface [ 53.121257][ T4258] loop0: detected capacity change from 0 to 128 [ 53.160543][ T4251] netlink: 44 bytes leftover after parsing attributes in process `syz.3.31'. [ 53.289102][ T4260] device syzkaller0 entered promiscuous mode [ 55.704577][ T4281] loop3: detected capacity change from 0 to 1024 [ 57.817585][ T4203] udevd[4203]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 57.829094][ T4281] ======================================================= [ 57.829094][ T4281] WARNING: The mand mount option has been deprecated and [ 57.829094][ T4281] and is ignored by this kernel. Remove the mand [ 57.829094][ T4281] option from the mount to silence this warning. [ 57.829094][ T4281] ======================================================= [ 57.864793][ T4183] udevd[4183]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 57.911439][ T4223] udevd[4223]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 57.948582][ T4025] udevd[4025]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 57.995916][ T4281] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,auto_da_alloc=0x00000000000000ff,grpquota,,errors=continue. Quota mode: writeback. [ 58.074698][ T4300] loop4: detected capacity change from 0 to 1024 [ 58.129011][ T4300] EXT4-fs (loop4): inline encryption not supported [ 58.131196][ T4300] EXT4-fs (loop4): Ignoring removed bh option [ 58.206568][ T4309] loop0: detected capacity change from 0 to 1024 [ 58.250586][ T4183] udevd[4183]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 58.280929][ T4203] udevd[4203]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 58.287590][ T4025] udevd[4025]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 58.296318][ T4300] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,dioread_lock,data_err=ignore,max_dir_size_kb=0x000000000000000a,data_err=ignore,grpquota,noblock_validity,user_xattr,bh,errors=remount-ro,. Quota mode: writeback. [ 58.324923][ T4223] udevd[4223]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 59.080008][ T4309] process 'syz.0.47' launched '/dev/fd/6' with NULL argv: empty string added [ 59.276304][ T4323] netlink: 156 bytes leftover after parsing attributes in process `syz.3.51'. [ 60.111656][ T4328] Zero length message leads to an empty skb [ 61.253416][ T4354] syz.0.60 uses obsolete (PF_INET,SOCK_PACKET) [ 63.436740][ T4351] loop4: detected capacity change from 0 to 32768 [ 64.398969][ T4351] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by syz.4.62 (4351) [ 64.428918][ T4351] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 64.431716][ T4351] BTRFS info (device loop4): turning on sync discard [ 64.433646][ T4351] BTRFS info (device loop4): unrecognized rescue option 'ignoremetacsums' [ 64.436362][ T4351] BTRFS error (device loop4): unrecognized rescue value ignoremetacsums [ 64.636927][ T4351] BTRFS error (device loop4): open_ctree failed: -22 [ 64.639423][ T4183] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by udevd (4183) [ 65.594343][ T4397] netlink: 16 bytes leftover after parsing attributes in process `syz.1.76'. [ 66.564257][ T4410] binder: 4409:4410 tried to acquire reference to desc 0, got 1 instead [ 66.603423][ T4416] capability: warning: `syz.2.81' uses 32-bit capabilities (legacy support in use) [ 67.466587][ T4101] binder: undelivered transaction 11, process died. [ 67.542258][ T2368] binder: undelivered TRANSACTION_COMPLETE [ 69.117627][ C0] sched: RT throttling activated [ 69.414463][ T4425] netlink: 28 bytes leftover after parsing attributes in process `syz.4.86'. [ 69.418432][ T4425] netlink: 28 bytes leftover after parsing attributes in process `syz.4.86'. [ 69.642877][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.650743][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 73.449351][ T4481] netlink: 'syz.0.102': attribute type 1 has an invalid length. [ 73.536717][ T4484] bond1: (slave veth3): Enslaving as an active interface with a down link [ 74.459046][ T4481] netlink: 28 bytes leftover after parsing attributes in process `syz.0.102'. [ 74.462399][ T4481] 8021q: adding VLAN 0 to HW filter on device bond1 [ 74.487547][ T4489] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 74.731772][ T4503] netlink: 12 bytes leftover after parsing attributes in process `syz.3.108'. [ 74.761080][ T1959] cfg80211: failed to load regulatory.db [ 75.905758][ T4507] loop3: detected capacity change from 0 to 8192 [ 77.815108][ T26] audit: type=1326 audit(530.755:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 77.831055][ T26] audit: type=1326 audit(530.765:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 77.866753][ T26] audit: type=1326 audit(530.765:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 77.907426][ T26] audit: type=1326 audit(530.765:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 77.933464][ T26] audit: type=1326 audit(530.765:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 77.966653][ T26] audit: type=1326 audit(530.765:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 77.997866][ T26] audit: type=1326 audit(530.765:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 78.030564][ T26] audit: type=1326 audit(530.765:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 78.061349][ T26] audit: type=1326 audit(530.785:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=178 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 78.097241][ T26] audit: type=1326 audit(530.785:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x7ffc0000 [ 79.773739][ T4551] bpf_jit: unknown atomic op code f1 [ 80.157007][ T4561] bridge0: port 3(vxlan0) entered blocking state [ 80.809207][ T4561] bridge0: port 3(vxlan0) entered disabled state [ 80.818262][ T4561] device vxlan0 entered promiscuous mode [ 82.581410][ T4582] device vlan2 entered promiscuous mode [ 82.689410][ T4588] devpts: called with bogus options [ 84.417533][ T4604] infiniband syz!: set active [ 84.419173][ T4604] infiniband syz!: added team_slave_0 [ 85.083827][ T4604] infiniband syz!: Couldn't open port 1 [ 85.110069][ T4604] RDS/IB: syz!: added [ 85.111622][ T4604] smc: adding ib device syz! with port count 1 [ 85.113439][ T4604] smc: ib device syz! port 1 has pnetid [ 85.134986][ T4608] loop3: detected capacity change from 0 to 164 [ 86.223380][ T4608] isofs_fill_super: get root inode failed [ 86.516584][ T4619] netlink: 48 bytes leftover after parsing attributes in process `syz.1.146'. [ 86.543469][ T4619] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 86.545576][ T4619] IPv6: NLM_F_CREATE should be set when creating new route [ 86.998243][ T4638] tipc: Started in network mode [ 86.999794][ T4638] tipc: Node identity cef10ea96604, cluster identity 4711 [ 87.001865][ T4638] tipc: Enabled bearer , priority 0 [ 87.057155][ T4638] device syzkaller0 entered promiscuous mode [ 87.154963][ T4636] tipc: Resetting bearer [ 87.256267][ T4636] tipc: Disabling bearer [ 87.376932][ T26] kauditd_printk_skb: 141 callbacks suppressed [ 87.376944][ T26] audit: type=1326 audit(540.315:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdc55ba8 code=0x7ffc0000 [ 87.394744][ T26] audit: type=1326 audit(540.335:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdc55ba8 code=0x7ffc0000 [ 87.410560][ T26] audit: type=1326 audit(540.355:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=22 compat=0 ip=0xffffbdc55ba8 code=0x7ffc0000 [ 87.446920][ T26] audit: type=1326 audit(540.355:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdc55ba8 code=0x7ffc0000 [ 87.462363][ T26] audit: type=1326 audit(540.355:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdc55ba8 code=0x7ffc0000 [ 87.548356][ T4660] ODEBUG: Out of memory. ODEBUG disabled [ 88.587588][ T4683] netlink: 40 bytes leftover after parsing attributes in process `syz.4.169'. [ 88.591235][ T4683] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.593382][ T4683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.021246][ T4730] capability: warning: `syz.0.184' uses deprecated v2 capabilities in a way that may be insecure [ 95.570899][ T4733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.185'. [ 95.631015][ T4741] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 95.702460][ T4745] netlink: 44 bytes leftover after parsing attributes in process `syz.0.191'. [ 95.705194][ T4745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.191'. [ 95.708360][ T4745] netlink: 16 bytes leftover after parsing attributes in process `syz.0.191'. [ 96.621784][ T4761] netlink: 4 bytes leftover after parsing attributes in process `syz.2.195'. [ 97.488072][ T4774] tmpfs: Bad value for 'size' [ 100.044561][ T26] audit: type=1326 audit(552.985:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.057712][ T26] audit: type=1326 audit(552.995:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.063480][ T26] audit: type=1326 audit(552.995:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.077045][ T4803] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 100.077740][ T26] audit: type=1326 audit(552.995:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.086609][ T4803] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 100.095795][ T26] audit: type=1326 audit(552.995:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.129029][ T26] audit: type=1326 audit(552.995:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.134967][ T26] audit: type=1326 audit(552.995:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.157675][ T26] audit: type=1326 audit(552.995:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.163686][ T26] audit: type=1326 audit(552.995:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=5 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.173695][ T4807] 9pnet: p9_errstr2errno: server reported unknown error 184467440 [ 100.197874][ T26] audit: type=1326 audit(552.995:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 100.483082][ T4820] netlink: 'syz.0.214': attribute type 5 has an invalid length. [ 104.844321][ C0] vcan0: j1939_tp_rxtimer: 0x0000000068528d3d: rx timeout, send abort [ 105.061034][ T4862] loop4: detected capacity change from 0 to 64 [ 105.346771][ C0] vcan0: j1939_tp_rxtimer: 0x0000000068528d3d: abort rx timeout. Force session deactivation [ 106.930347][ T4883] tipc: Started in network mode [ 106.937667][ T4883] tipc: Node identity ac1414aa, cluster identity 4711 [ 106.940543][ T4883] tipc: Enabled bearer , priority 10 [ 106.978086][ T4883] tipc: Enabled bearer , priority 0 [ 108.336287][ T4036] tipc: Node number set to 2886997162 [ 108.561002][ T4902] netlink: 'syz.2.237': attribute type 10 has an invalid length. [ 109.843470][ T4902] team0: Port device dummy0 added [ 110.019843][ T4913] netlink: 'syz.2.237': attribute type 10 has an invalid length. [ 110.874032][ T4913] team0: Port device dummy0 removed [ 110.898792][ T4913] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 113.338796][ T4943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.248'. [ 114.635275][ T4968] netlink: 40 bytes leftover after parsing attributes in process `syz.0.255'. [ 115.540889][ T4979] overlayfs: statfs failed on './file0' [ 115.726931][ T4980] netlink: 12 bytes leftover after parsing attributes in process `syz.1.259'. [ 115.888902][ T4985] netlink: 'syz.1.261': attribute type 1 has an invalid length. [ 116.785341][ T4992] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.801116][ T4985] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 116.902018][ T4992] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.920395][ T4985] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 117.093335][ T4985] bond1 (unregistering): Released all slaves [ 118.156407][ T4992] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.073888][ T4992] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.108792][ T5028] netlink: 16 bytes leftover after parsing attributes in process `syz.1.272'. [ 120.126543][ T4992] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.130577][ T5039] netlink: 36 bytes leftover after parsing attributes in process `syz.3.276'. [ 120.163756][ T4992] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.181176][ T4992] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.183872][ T5043] netlink: 'syz.0.279': attribute type 21 has an invalid length. [ 120.186650][ T5039] batman_adv: batadv0: Adding interface: dummy0 [ 120.189539][ T5039] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.196681][ T5039] batman_adv: batadv0: Interface activated: dummy0 [ 120.212211][ T4992] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.241304][ T5039] batadv0: mtu less than device minimum [ 120.255946][ T5039] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.264045][ T5039] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.271777][ T5039] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.279532][ T5039] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.287211][ T5039] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.294922][ T5039] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.302693][ T5039] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.310582][ T5039] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.318399][ T5039] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.577368][ T5062] netlink: 4 bytes leftover after parsing attributes in process `syz.2.284'. [ 120.632596][ T5037] sctp: [Deprecated]: syz.1.277 (pid 5037) Use of int in maxseg socket option. [ 120.632596][ T5037] Use struct sctp_assoc_value instead [ 122.114093][ T5079] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 122.117424][ T5079] F2FS-fs (loop7): Unable to read 1th superblock [ 122.119603][ T5079] blk_update_request: I/O error, dev loop7, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 122.122612][ T5079] F2FS-fs (loop7): Unable to read 2th superblock [ 125.110676][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 125.110689][ T26] audit: type=1326 audit(578.055:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.112690][ T5105] tipc: Started in network mode [ 125.131060][ T26] audit: type=1326 audit(578.055:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.131205][ T5105] tipc: Node identity 7f000001, cluster identity 4711 [ 125.136911][ T26] audit: type=1326 audit(578.065:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=243 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.162014][ T5105] tipc: Enabled bearer , priority 10 [ 125.165767][ T26] audit: type=1326 audit(578.065:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.171735][ T26] audit: type=1326 audit(578.065:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.180395][ T5114] loop4: detected capacity change from 0 to 16 [ 125.194441][ T26] audit: type=1326 audit(578.065:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.206059][ T26] audit: type=1326 audit(578.065:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.236361][ T26] audit: type=1326 audit(578.065:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.276302][ T26] audit: type=1326 audit(578.075:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=208 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.297788][ T26] audit: type=1326 audit(578.195:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.297" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa929ba8 code=0x7ffc0000 [ 125.365337][ T5114] erofs: (device loop4): erofs_superblock_csum_verify: invalid checksum 0xf42a7b3b, 0x7bbbea8c expected [ 126.424017][ T5022] tipc: Node number set to 2130706433 [ 126.496409][ T5143] fuse: Bad value for 'fd' [ 126.554954][ T4183] udevd[4183]: incorrect erofs checksum on /dev/loop4 [ 126.595739][ T5105] tipc: Enabled bearer , priority 10 [ 126.608990][ T5149] udc-core: couldn't find an available UDC or it's busy [ 126.610939][ T5149] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 126.721085][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 126.728203][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 126.737216][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 126.741146][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 126.744266][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 126.746552][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 126.762110][ T5156] infiniband syz!: set active [ 126.764775][ T5156] infiniband syz!: set active [ 128.022441][ T5188] netlink: 4 bytes leftover after parsing attributes in process `syz.2.323'. [ 129.935690][ T5224] device vlan3 entered promiscuous mode [ 129.937419][ T5224] device bridge0 entered promiscuous mode [ 129.942643][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan3: link becomes ready [ 130.000553][ T5224] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 130.004160][ T5224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 130.014805][ T5224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 130.026304][ T5224] device bridge_slave_0 left promiscuous mode [ 130.035037][ T5224] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.093579][ T5224] device bridge_slave_1 left promiscuous mode [ 130.111419][ T5224] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.150720][ T5224] bond0: (slave bond_slave_0): Releasing backup interface [ 130.197237][ T5224] bond0: (slave bond_slave_1): Releasing backup interface [ 130.273729][ T5224] team0: Port device team_slave_0 removed [ 130.290570][ T5224] team0: Port device team_slave_1 removed [ 130.292786][ T5224] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.295178][ T5224] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 130.299874][ T5224] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.302739][ T5224] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.317264][ T5224] IPv6: ADDRCONF(NETDEV_CHANGE): vxlan0: link becomes ready [ 130.323148][ T5224] bond1: (slave veth3): Releasing active interface [ 130.757178][ T5246] loop4: detected capacity change from 0 to 1024 [ 130.899570][ T5246] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,,errors=continue. Quota mode: none. [ 130.941827][ T5252] loop3: detected capacity change from 0 to 128 [ 130.986261][ T5252] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 131.049904][ T5255] netlink: 4 bytes leftover after parsing attributes in process `syz.1.346'. [ 131.079209][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.081121][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.223207][ T5252] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 131.247247][ T5252] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 132.158034][ T4314] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 132.162214][ T4314] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 132.166454][ T4314] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 132.240359][ T5268] loop4: detected capacity change from 0 to 128 [ 132.255393][ T4314] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 133.243646][ T5268] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,inode_readahead_blks=0x0000000000004000,usrjquota=,acl,grpjquota=,,errors=continue. Quota mode: none. [ 133.254399][ T5274] af_packet: tpacket_rcv: packet too big, clamped from 4087 to 4294967272. macoff=96 [ 134.924623][ T5306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.363'. [ 135.008228][ T5310] binder: 5309:5310 tried to acquire reference to desc 0, got 1 instead [ 135.023365][ T5310] binder_alloc: 5309: binder_alloc_buf failed to map page at 20ffd000 in userspace [ 135.039987][ T5310] binder: 5309:5310 transaction failed 29201/-12, size 0-0 line 3085 [ 135.057150][ T4036] binder: undelivered TRANSACTION_ERROR: 29201 [ 136.110589][ T5331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.371'. [ 136.211554][ T5334] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 136.223531][ T5334] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 136.237960][ T5334] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 137.449751][ T5403] loop4: detected capacity change from 0 to 64 [ 137.884147][ T7] libceph: connect (1)[c::]:6789 error -101 [ 137.886300][ T7] libceph: mon0 (1)[c::]:6789 connect error [ 137.895201][ T7] libceph: connect (1)[c::]:6789 error -101 [ 137.896939][ T7] libceph: mon0 (1)[c::]:6789 connect error [ 138.159135][ T7] libceph: connect (1)[c::]:6789 error -101 [ 138.161032][ T7] libceph: mon0 (1)[c::]:6789 connect error [ 138.681021][ T4447] libceph: connect (1)[c::]:6789 error -101 [ 138.684452][ T4447] libceph: mon0 (1)[c::]:6789 connect error [ 139.204821][ T5420] ceph: No mds server is up or the cluster is laggy [ 140.461063][ T5497] netlink: 44 bytes leftover after parsing attributes in process `syz.4.384'. [ 140.496385][ T5497] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.499028][ T5497] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.793534][ T5534] netlink: 'syz.3.395': attribute type 4 has an invalid length. [ 142.014589][ T5542] loop3: detected capacity change from 0 to 128 [ 143.138310][ T5542] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,inode_readahead_blks=0x0000000000004000,usrjquota=,acl,grpjquota=,,errors=continue. Quota mode: none. [ 144.114097][ T5561] netlink: 44 bytes leftover after parsing attributes in process `syz.2.403'. [ 144.134611][ T5561] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.136852][ T5561] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.616735][ T5577] netlink: 104 bytes leftover after parsing attributes in process `syz.1.410'. [ 146.826374][ T5597] udc-core: couldn't find an available UDC or it's busy [ 146.858209][ T5597] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 147.253589][ T5597] netlink: 47 bytes leftover after parsing attributes in process `syz.4.414'. [ 148.506874][ T5613] tipc: Enabling of bearer rejected, failed to enable media [ 150.193357][ T5676] netlink: 4 bytes leftover after parsing attributes in process `syz.1.424'. [ 150.366575][ T5683] netlink: 60 bytes leftover after parsing attributes in process `syz.4.427'. [ 150.407975][ T5685] netlink: 44 bytes leftover after parsing attributes in process `syz.3.426'. [ 150.410822][ T5681] netlink: 44 bytes leftover after parsing attributes in process `syz.3.426'. [ 150.501519][ T5687] binder: 5686:5687 tried to acquire reference to desc 0, got 1 instead [ 150.504628][ T5687] binder: 5686:5687 got transaction with invalid data ptr [ 150.506615][ T5687] binder: 5686:5687 transaction failed 29201/-14, size 0-24 line 3186 [ 150.546992][ T5022] binder: undelivered TRANSACTION_ERROR: 29201 [ 150.570122][ T5689] syz.3.429 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 150.629788][ T5691] loop4: detected capacity change from 0 to 128 [ 150.667485][ T5694] netlink: 'syz.3.431': attribute type 39 has an invalid length. [ 150.708372][ T5691] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 152.026147][ T5705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.435'. [ 155.547138][ T5739] netlink: 36 bytes leftover after parsing attributes in process `syz.4.444'. [ 156.281299][ T5736] block nbd3: shutting down sockets [ 156.435929][ T5750] loop3: detected capacity change from 0 to 512 [ 156.440756][ T5749] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 156.478712][ T5749] netlink: 12 bytes leftover after parsing attributes in process `syz.4.447'. [ 156.493730][ T5750] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2825: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 156.497883][ T5750] EXT4-fs (loop3): 1 truncate cleaned up [ 156.499451][ T5750] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 158.903032][ T5752] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 7: invalid block bitmap [ 163.510643][ T5865] netlink: 'syz.1.467': attribute type 21 has an invalid length. [ 163.530273][ T5865] netlink: 132 bytes leftover after parsing attributes in process `syz.1.467'. [ 163.532814][ T5865] netlink: 'syz.1.467': attribute type 1 has an invalid length. [ 163.534974][ T5865] netlink: 12 bytes leftover after parsing attributes in process `syz.1.467'. [ 163.579233][ T5865] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 167.436359][ T5903] loop3: detected capacity change from 0 to 128 [ 169.240996][ T5917] netlink: 44 bytes leftover after parsing attributes in process `syz.2.481'. [ 169.397793][ T2368] Bluetooth: hci1: command 0x0406 tx timeout [ 169.399617][ T2368] Bluetooth: hci4: command 0x0406 tx timeout [ 169.402681][ T2368] Bluetooth: hci3: command 0x0406 tx timeout [ 169.404403][ T2368] Bluetooth: hci2: command 0x0406 tx timeout [ 169.413925][ T2368] Bluetooth: hci0: command 0x0406 tx timeout [ 169.632015][ T5933] Cannot find add_set index 0 as target [ 172.422716][ T5962] netlink: 156 bytes leftover after parsing attributes in process `syz.0.497'. [ 174.590596][ T5983] netlink: 16 bytes leftover after parsing attributes in process `syz.0.514'. [ 174.637919][ T5999] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 174.640014][ T5999] IPv6: NLM_F_CREATE should be set when creating new route [ 174.930522][ T6013] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 174.930522][ T6013] The task syz.4.508 (6013) triggered the difference, watch for misbehavior. [ 176.369791][ T5999] tipc: Resetting bearer [ 177.274263][ T5999] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.276717][ T5999] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.282188][ T5999] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.284605][ T5999] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.345547][ T6062] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 179.370581][ T6062] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.372902][ T6062] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.389099][ T6076] netlink: 'syz.0.516': attribute type 10 has an invalid length. [ 179.415661][ T6076] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.418557][ T6076] team0: Port device bond0 added [ 180.552699][ T6099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.522'. [ 181.933003][ T6088] loop3: detected capacity change from 0 to 32768 [ 182.943923][ T6088] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 182.946543][ T6088] BTRFS info (device loop3): turning on sync discard [ 182.953885][ T6088] BTRFS info (device loop3): unrecognized rescue option 'ignoremetacsums' [ 182.959048][ T6121] netlink: 4 bytes leftover after parsing attributes in process `syz.1.540'. [ 183.067743][ T6088] BTRFS error (device loop3): unrecognized rescue value ignoremetacsums [ 183.133751][ T6088] BTRFS error (device loop3): open_ctree failed: -22 [ 183.142374][ T5824] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by udevd (5824) [ 185.149452][ T6141] loop3: detected capacity change from 0 to 512 [ 185.203051][ T6145] netlink: 8 bytes leftover after parsing attributes in process `syz.4.534'. [ 185.344451][ T6141] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,grpjquota=,nodelalloc,,errors=continue. Quota mode: writeback. [ 187.999089][ T6170] loop3: detected capacity change from 0 to 64 [ 193.150574][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.152382][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.350629][ T6202] netlink: 16 bytes leftover after parsing attributes in process `syz.4.553'. [ 203.054621][ T6288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.578'. [ 203.099159][ T6288] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 203.130923][ T6296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.578'. [ 203.133465][ T6296] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 204.462219][ T6300] netlink: 'syz.2.583': attribute type 1 has an invalid length. [ 207.131525][ T6300] bond1: (slave veth3): Enslaving as an active interface with a down link [ 210.778471][ T6338] rdma_rxe: rxe_register_device failed with error -23 [ 210.781298][ T6338] rdma_rxe: failed to add team_slave_0 [ 211.747533][ T6326] netlink: 'syz.3.598': attribute type 1 has an invalid length. [ 212.006602][ T6352] bond1: (slave veth3): Enslaving as an active interface with a down link [ 212.024189][ T6326] netlink: 28 bytes leftover after parsing attributes in process `syz.3.598'. [ 212.871623][ T6326] 8021q: adding VLAN 0 to HW filter on device bond1 [ 218.902757][ T6398] rdma_rxe: rxe_register_device failed with error -23 [ 218.906384][ T6398] rdma_rxe: failed to add team_slave_0 [ 222.428998][ T6434] loop3: detected capacity change from 0 to 1024 [ 224.503816][ T6444] netlink: 'syz.1.622': attribute type 10 has an invalid length. [ 224.611699][ T6444] team0: Port device dummy0 added [ 224.618008][ T6449] netlink: 'syz.1.622': attribute type 10 has an invalid length. [ 224.661369][ T6449] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 224.862895][ T6452] rdma_rxe: rxe_register_device failed with error -23 [ 224.865039][ T6452] rdma_rxe: failed to add team_slave_0 [ 226.147710][ T6449] team0: Failed to send options change via netlink (err -105) [ 226.150046][ T6449] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 226.571386][ T6449] team0: Port device dummy0 removed [ 226.575201][ T6449] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 226.601764][ T6458] netlink: 'syz.0.624': attribute type 1 has an invalid length. [ 227.167990][ T6467] tmpfs: Bad value for 'size' [ 228.115918][ T6461] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 228.321715][ T6458] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface [ 229.604367][ T6458] bond2 (unregistering): Released all slaves [ 229.855194][ T6488] netlink: 'syz.3.632': attribute type 5 has an invalid length. [ 231.919875][ T6501] netlink: 'syz.2.645': attribute type 5 has an invalid length. [ 234.528291][ T6525] tmpfs: Bad value for 'size' [ 235.492969][ T6535] netlink: 'syz.3.646': attribute type 1 has an invalid length. [ 235.562687][ T6540] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 235.575829][ T6541] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 236.624783][ T6535] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface [ 237.195749][ T6535] bond2 (unregistering): Released all slaves [ 240.746995][ T6600] netlink: 'syz.4.667': attribute type 1 has an invalid length. [ 241.701206][ C0] vcan0: j1939_tp_rxtimer: 0x00000000d2a72ab8: rx timeout, send abort [ 241.703864][ C0] vcan0: j1939_tp_rxtimer: 0x0000000070f5ada8: rx timeout, send abort [ 241.763226][ T6600] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 242.096325][ C1] vcan0: j1939_tp_rxtimer: 0x0000000001ac75c0: rx timeout, send abort [ 242.197858][ C1] vcan0: j1939_xtp_rx_abort_one: 0x000000003b53509c: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 242.203701][ C0] vcan0: j1939_tp_rxtimer: 0x00000000d2a72ab8: abort rx timeout. Force session deactivation [ 242.206542][ C0] vcan0: j1939_tp_rxtimer: 0x0000000070f5ada8: abort rx timeout. Force session deactivation [ 242.502488][ T6600] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 242.530843][ T6600] bond1 (unregistering): Released all slaves [ 242.576797][ T26] kauditd_printk_skb: 16 callbacks suppressed [ 242.576844][ T26] audit: type=1326 audit(695.515:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6628 comm="syz.2.673" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdc55ba8 code=0x0 [ 242.601807][ C1] vcan0: j1939_tp_rxtimer: 0x0000000001ac75c0: abort rx timeout. Force session deactivation [ 246.611598][ T6676] MPTCP: addr_signal error, add_addr=1, echo=0 [ 246.724804][ T6682] syz.0.687 sent an empty control message without MSG_MORE. [ 246.825757][ T6681] netlink: 'syz.1.686': attribute type 10 has an invalid length. [ 246.833888][ T6681] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.835978][ T6681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.838270][ T6681] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.840238][ T6681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.879998][ T6681] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 248.036099][ T6698] tipc: Enabling of bearer rejected, failed to enable media [ 248.095297][ T6701] netlink: 24 bytes leftover after parsing attributes in process `syz.0.694'. [ 248.177296][ T6712] tipc: Enabling of bearer rejected, failed to enable media [ 249.204638][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.700'. [ 249.209483][ T6722] team1 (uninitialized): Failed to send options change via netlink (err -105) [ 249.224890][ T6722] 8021q: adding VLAN 0 to HW filter on device team1 [ 249.957919][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.084648][ T26] audit: type=1326 audit(703.025:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6744 comm="syz.1.709" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x0 [ 250.197444][ T6743] netlink: 4 bytes leftover after parsing attributes in process `syz.3.706'. [ 252.342784][ T6772] loop3: detected capacity change from 0 to 512 [ 252.398034][ T6772] EXT4-fs (loop3): Unrecognized mount option "dont_measure" or missing value [ 252.496613][ T6759] tc_dump_action: action bad kind [ 254.111487][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 254.114546][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 254.495929][ T6816] device veth0 entered promiscuous mode [ 254.565970][ T6815] device veth0 left promiscuous mode [ 257.228784][ T6858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.740'. [ 257.233184][ T6858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.740'. [ 259.977431][ T6884] "syz.1.748" (6884) uses obsolete ecb(arc4) skcipher [ 261.211616][ T6898] netlink: 108 bytes leftover after parsing attributes in process `syz.1.753'. [ 261.633163][ T6899] xt_ecn: cannot match TCP bits for non-tcp packets [ 262.807421][ T6907] syz.3.756 (6907): drop_caches: 2 [ 262.953398][ T6911] device batadv_slave_1 entered promiscuous mode [ 262.959669][ T6911] device veth1_virt_wifi entered promiscuous mode [ 262.970263][ T6910] device veth1_virt_wifi left promiscuous mode [ 262.978329][ T6910] device batadv_slave_1 left promiscuous mode [ 263.079209][ T6914] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 263.317169][ T6925] loop3: detected capacity change from 0 to 8 [ 263.344440][ T6925] SQUASHFS error: Unknown LZ4 version [ 263.351488][ T6925] squashfs image failed sanity check [ 264.837171][ T6949] loop3: detected capacity change from 0 to 8 [ 265.623981][ T6963] netlink: 'syz.2.779': attribute type 33 has an invalid length. [ 265.637403][ T6963] netlink: 152 bytes leftover after parsing attributes in process `syz.2.779'. [ 265.954473][ T6971] netlink: 60 bytes leftover after parsing attributes in process `syz.0.782'. [ 265.984659][ T6973] netlink: 4 bytes leftover after parsing attributes in process `syz.0.783'. [ 265.990229][ T6973] netlink: 12 bytes leftover after parsing attributes in process `syz.0.783'. [ 266.069834][ T6977] netlink: 'syz.0.785': attribute type 1 has an invalid length. [ 266.081235][ T6977] device bond2 entered promiscuous mode [ 266.096408][ T6977] bond2: (slave ip6gretap2): making interface the new active one [ 266.099572][ T6977] device ip6gretap2 entered promiscuous mode [ 266.112237][ T6977] bond2: (slave ip6gretap2): Enslaving as an active interface with an up link [ 266.143116][ T6977] netlink: 28 bytes leftover after parsing attributes in process `syz.0.785'. [ 266.146347][ T6977] device bond2 left promiscuous mode [ 266.153071][ T6977] device ip6gretap2 left promiscuous mode [ 266.156312][ T6977] 8021q: adding VLAN 0 to HW filter on device bond2 [ 266.535934][ T7002] loop3: detected capacity change from 0 to 512 [ 266.598138][ T7002] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 266.614825][ T7002] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 266.626971][ T7002] EXT4-fs (loop3): 1 truncate cleaned up [ 266.633265][ T7002] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,dioread_lock,noauto_da_alloc,lazytime,nombcache,max_batch_time=0x000000000000000a,,errors=continue. Quota mode: none. [ 266.647332][ T7002] tipc: Enabled bearer , priority 0 [ 268.050324][ T25] tipc: Node number set to 2834632361 [ 268.211275][ T7037] loop3: detected capacity change from 0 to 1024 [ 268.215993][ T7041] 9pnet: Could not find request transport: 0xffffffffffffffff [ 274.249945][ T7072] input: syz0 as /devices/virtual/input/input2 [ 275.095820][ T7081] tipc: Started in network mode [ 275.097255][ T7081] tipc: Node identity ac14142f, cluster identity 4711 [ 275.115767][ T7081] tipc: New replicast peer: 0.0.0.0 [ 275.123350][ T7081] tipc: Enabled bearer , priority 10 [ 276.141398][ T4036] tipc: Node number set to 2886997039 [ 276.167917][ T7103] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709 [ 279.230616][ T7140] netlink: 4 bytes leftover after parsing attributes in process `syz.2.836'. [ 281.287019][ T7177] netlink: 4 bytes leftover after parsing attributes in process `syz.1.850'. [ 281.287348][ T7175] netlink: 'syz.4.848': attribute type 5 has an invalid length. [ 281.297114][ T7180] netlink: 20 bytes leftover after parsing attributes in process `syz.3.849'. [ 281.316836][ T7180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.849'. [ 281.365491][ T7182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.851'. [ 281.386536][ T7182] netlink: 12 bytes leftover after parsing attributes in process `syz.2.851'. [ 281.447394][ T7182] netlink: 156 bytes leftover after parsing attributes in process `syz.2.851'. [ 282.676179][ T7200] tipc: Can't add remote ip to TIPC UDP multicast bearer [ 283.700055][ T7214] netlink: 'syz.2.860': attribute type 10 has an invalid length. [ 283.703180][ T7214] bond0: (slave wlan1): Opening slave failed [ 285.584479][ T7235] netlink: 'syz.1.867': attribute type 33 has an invalid length. [ 285.586612][ T7235] netlink: 152 bytes leftover after parsing attributes in process `syz.1.867'. [ 285.918369][ T7241] netlink: 108 bytes leftover after parsing attributes in process `syz.3.866'. [ 288.376830][ T7256] delete_channel: no stack [ 291.460175][ T7268] netlink: 4 bytes leftover after parsing attributes in process `syz.3.886'. [ 291.857530][ T7288] netlink: 12 bytes leftover after parsing attributes in process `syz.1.893'. [ 291.948319][ T7292] bridge2: port 1(veth0_to_bond) entered blocking state [ 291.960343][ T7292] bridge2: port 1(veth0_to_bond) entered disabled state [ 291.964570][ T7292] device veth0_to_bond entered promiscuous mode [ 292.032074][ T7295] netlink: 'syz.3.881': attribute type 33 has an invalid length. [ 292.051782][ T7295] netlink: 152 bytes leftover after parsing attributes in process `syz.3.881'. [ 292.079068][ T148] bond0: (slave bond_slave_0): link status definitely down, disabling slave [ 292.655206][ T7303] netlink: 32 bytes leftover after parsing attributes in process `syz.2.884'. [ 292.711620][ T7304] netlink: 108 bytes leftover after parsing attributes in process `syz.0.883'. [ 293.320707][ T7305] netlink: 32 bytes leftover after parsing attributes in process `syz.2.884'. [ 295.708391][ T7324] device syzkaller0 entered promiscuous mode [ 295.713733][ T7330] device vlan0 entered promiscuous mode [ 297.512603][ T7359] netlink: 'syz.2.903': attribute type 39 has an invalid length. [ 298.432693][ T7377] netlink: 47 bytes leftover after parsing attributes in process `syz.1.908'. [ 298.498831][ T7378] netlink: 104 bytes leftover after parsing attributes in process `syz.0.921'. [ 298.659817][ T7390] netlink: 'syz.4.915': attribute type 4 has an invalid length. [ 298.681118][ T7389] loop3: detected capacity change from 0 to 4096 [ 298.751548][ T7391] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 299.077027][ T7398] netlink: 4 bytes leftover after parsing attributes in process `syz.0.918'. [ 299.130222][ T4447] libceph: connect (1)[c::]:6789 error -101 [ 299.132040][ T4447] libceph: mon0 (1)[c::]:6789 connect error [ 299.143287][ T4447] libceph: connect (1)[c::]:6789 error -101 [ 299.145141][ T4447] libceph: mon0 (1)[c::]:6789 connect error [ 300.199138][ T7] libceph: connect (1)[c::]:6789 error -101 [ 300.201040][ T7] libceph: mon0 (1)[c::]:6789 connect error [ 300.233010][ T7401] ceph: No mds server is up or the cluster is laggy [ 301.092288][ T6068] libceph: connect (1)[c::]:6789 error -101 [ 301.094189][ T6068] libceph: mon0 (1)[c::]:6789 connect error [ 302.687823][ T6068] libceph: connect (1)[c::]:6789 error -101 [ 302.689610][ T6068] libceph: mon0 (1)[c::]:6789 connect error [ 302.692359][ T6068] libceph: connect (1)[c::]:6789 error -101 [ 302.694008][ T6068] libceph: mon0 (1)[c::]:6789 connect error [ 302.731701][ T7456] netlink: 36 bytes leftover after parsing attributes in process `syz.1.928'. [ 305.127559][ T7493] tipc: Can't add remote ip to TIPC UDP multicast bearer [ 306.282335][ T7506] "syz.3.939" (7506) uses obsolete ecb(arc4) skcipher [ 306.640131][ T7520] device veth0 entered promiscuous mode [ 307.118384][ T7519] device veth0 left promiscuous mode [ 307.553904][ T7529] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 307.590314][ T26] audit: type=1326 audit(5916.532:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7530 comm="syz.4.951" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ebd1ba8 code=0x0 [ 310.242897][ T7580] xt_TCPMSS: Only works on TCP SYN packets [ 312.804548][ T7604] 9pnet: Unknown protocol version 9p20\++} [ 312.898193][ T7607] tipc: Enabling of bearer rejected, failed to enable media [ 314.032432][ T7628] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 314.038488][ T7628] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 314.931148][ T7634] loop3: detected capacity change from 0 to 1024 [ 315.112377][ T7639] netlink: 'syz.2.983': attribute type 2 has an invalid length. [ 316.103709][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.107528][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.907210][ T4276] hfsplus: b-tree write err: -5, ino 4 [ 317.134170][ T7655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.987'. [ 317.140786][ T7655] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.142842][ T7655] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.908701][ T7670] kAFS: unable to lookup cell '' [ 322.379642][ T7694] netlink: 32 bytes leftover after parsing attributes in process `syz.4.999'. [ 322.468341][ T7694] netlink: 32 bytes leftover after parsing attributes in process `syz.4.999'. [ 323.262322][ T7679] tc_dump_action: action bad kind [ 323.348314][ T7700] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1000'. [ 323.469542][ T7704] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1003'. [ 326.119627][ T7743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1025'. [ 326.131357][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 326.961055][ T7743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1025'. [ 326.967722][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 327.217382][ T7746] tc_dump_action: action bad kind [ 334.908994][ T7828] netlink: 'syz.1.1038': attribute type 10 has an invalid length. [ 335.202554][ T7832] delete_channel: no stack [ 343.280404][ T7895] delete_channel: no stack [ 343.549093][ T7903] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1062'. [ 345.333773][ T7950] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1069'. [ 345.366286][ T7954] loop3: detected capacity change from 0 to 256 [ 345.397369][ T7954] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 345.560453][ T7954] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 346.738649][ T7954] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 346.740853][ T7954] UDF-fs: Scanning with blocksize 512 failed [ 346.773992][ T7954] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 346.808846][ T7954] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 349.475579][ T7987] MPTCP: kernel_bind error, err=-22 [ 351.230523][ T8000] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1087'. [ 351.306610][ T8002] loop3: detected capacity change from 0 to 512 [ 351.339399][ T8002] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 351.355359][ T8002] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 351.367555][ T8002] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 351.375246][ T8002] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 351.379475][ T8002] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=e040e01c, mo2=0000] [ 351.381747][ T8002] EXT4-fs (loop3): failed to initialize system zone (-117) [ 351.383833][ T8002] EXT4-fs (loop3): mount failed [ 351.453093][ T8010] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253 [ 351.455883][ T8010] PKCS7: Only support pkcs7_signedData type [ 354.655017][ T8052] loop3: detected capacity change from 0 to 1024 [ 361.103400][ T8103] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1119'. [ 365.547967][ T8158] loop3: detected capacity change from 0 to 64 [ 365.863607][ T8158] device vlan3 entered promiscuous mode [ 365.872239][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1135'. [ 365.880928][ T8158] device bond0 entered promiscuous mode [ 365.882421][ T8158] device bond_slave_0 entered promiscuous mode [ 365.884211][ T8158] device bond_slave_1 entered promiscuous mode [ 367.112072][ T8178] futex_wake_op: syz.0.1141 tries to shift op by 36; fix this program [ 367.583810][ T8185] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 368.589591][ T8181] net_ratelimit: 10 callbacks suppressed [ 368.589615][ T8181] Set syz0 is full, maxelem 0 reached [ 371.056916][ T8221] mmap: syz.2.1155 (8221) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 371.089130][ T8221] Injecting memory failure for pfn 0x213dbd at process virtual address 0x2005b000 [ 371.102433][ T8221] Memory failure: 0x213dbd: recovery action for reserved kernel page: Ignored [ 371.147645][ T8225] binder: 8224:8225 tried to acquire reference to desc 0, got 1 instead [ 371.156459][ T8225] binder: 8224:8225 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 371.159978][ T8225] binder: 8225 RLIMIT_NICE not set [ 371.161440][ T8225] binder: 8225 RLIMIT_NICE not set [ 371.174601][ T8225] binder: 8224:8225 got reply transaction with bad transaction stack, transaction 28 has target 8224:8225 [ 371.177725][ T8225] binder: 8224:8225 transaction failed 29201/-71, size 0-0 line 2837 [ 371.180606][ T4786] binder: release 8224:8225 transaction 28 out, still active [ 371.182534][ T4786] binder: undelivered TRANSACTION_COMPLETE [ 371.184607][ T4786] binder: undelivered TRANSACTION_ERROR: 29201 [ 371.212015][ T4786] binder: release 8224:8225 transaction 28 in, still active [ 371.214194][ T4786] binder: send failed reply for transaction 28, target dead [ 371.388188][ T8231] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1159'. [ 371.492356][ T8239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1163'. [ 371.858527][ T8139] Set syz1 is full, maxelem 65536 reached [ 374.044863][ T8262] netlink: 'syz.2.1170': attribute type 4 has an invalid length. [ 374.059364][ T8262] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1170'. [ 374.069931][ T8262] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 374.142437][ T8267] 8021q: adding VLAN 0 to HW filter on device bond0 [ 374.171634][ T8267] bond0: (slave rose0): Enslaving as an active interface with an up link [ 374.175712][ T5487] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 374.177998][ T8273] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1174'. [ 374.188438][ T8273] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1174'. [ 376.824406][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 376.826247][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 376.841452][ T8310] netlink: 'syz.3.1183': attribute type 13 has an invalid length. [ 376.953526][ T8315] netlink: 'syz.3.1184': attribute type 10 has an invalid length. [ 377.029266][ T8315] device wlan1 entered promiscuous mode [ 377.050251][ T8315] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 377.072737][ T8318] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1185'. [ 379.542466][ T8364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1196'. [ 380.408768][ T8371] netlink: 'syz.4.1197': attribute type 5 has an invalid length. [ 383.329370][ T8405] netlink: 'syz.2.1205': attribute type 1 has an invalid length. [ 383.743703][ T8416] netlink: 'syz.3.1201': attribute type 2 has an invalid length. [ 383.746351][ T8416] netlink: 'syz.3.1201': attribute type 1 has an invalid length. [ 383.748833][ T8416] netlink: 'syz.3.1201': attribute type 1 has an invalid length. [ 385.403810][ T8434] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1209'. [ 385.643462][ T8437] netlink: 'syz.4.1212': attribute type 4 has an invalid length. [ 385.664074][ T8437] netlink: 'syz.4.1212': attribute type 4 has an invalid length. [ 385.857730][ T8445] loop3: detected capacity change from 0 to 1024 [ 386.730902][ T8445] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 386.801590][ T8445] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,max_dir_size_kb=0x0000000000000002,norecovery,debug_want_extra_isize=0x0000000000000080,block_validity,nodiscard,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 386.926234][ T8464] tipc: Enabled bearer , priority 18 [ 387.155052][ T8484] netlink: 'syz.4.1226': attribute type 8 has an invalid length. [ 387.177830][ T8484] bridge0: port 3(syz_tun) entered blocking state [ 387.207706][ T8484] bridge0: port 3(syz_tun) entered disabled state [ 387.234275][ T8484] device syz_tun entered promiscuous mode [ 388.221286][ T8493] tipc: Enabling of bearer rejected, failed to enable media [ 388.298826][ T8493] tipc: Enabled bearer , priority 0 [ 388.399951][ T8493] device syzkaller0 entered promiscuous mode [ 389.200798][ T8492] tipc: Resetting bearer [ 390.011304][ T8492] tipc: Disabling bearer [ 390.071331][ T8509] netlink: 550 bytes leftover after parsing attributes in process `syz.0.1235'. [ 390.327863][ T8527] netlink: 'syz.4.1241': attribute type 10 has an invalid length. [ 390.398587][ T8527] bridge0: port 3(syz_tun) entered disabled state [ 391.101824][ T8527] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 391.142033][ T8538] xt_nat: multiple ranges no longer supported [ 391.487564][ T8554] MPTCP: kernel_bind error, err=-99 [ 392.825470][ T8569] loop3: detected capacity change from 0 to 512 [ 394.407879][ T8576] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1257'. [ 394.474754][ T8569] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 394.510803][ T8582] netlink: 71 bytes leftover after parsing attributes in process `syz.0.1258'. [ 394.698210][ T26] audit: type=1326 audit(8581.657:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ebd1ba8 code=0x7ffc0000 [ 394.707810][ T26] audit: type=1326 audit(8581.667:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=10 compat=0 ip=0xffff8ebd1ba8 code=0x7ffc0000 [ 394.734373][ T26] audit: type=1326 audit(8581.667:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ebd1ba8 code=0x7ffc0000 [ 394.768563][ T26] audit: type=1326 audit(8581.717:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff8ebd1ba8 code=0x7ffc0000 [ 394.782125][ T26] audit: type=1326 audit(8581.717:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ebd1ba8 code=0x7ffc0000 [ 394.788127][ T26] audit: type=1326 audit(8581.747:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ebd1ba8 code=0x7ffc0000 [ 394.815279][ T26] audit: type=1326 audit(8581.777:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff8ebd1ba8 code=0x7ffc0000 [ 394.829632][ T26] audit: type=1326 audit(8581.787:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ebd1ba8 code=0x7ffc0000 [ 394.835661][ T26] audit: type=1326 audit(8581.787:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8591 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ebd1ba8 code=0x7ffc0000 [ 395.741506][ T8608] tipc: Enabling of bearer rejected, already enabled [ 397.527731][ T8619] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1264'. [ 397.586411][ T8623] sctp: [Deprecated]: syz.1.1271 (pid 8623) Use of int in max_burst socket option. [ 397.586411][ T8623] Use struct sctp_assoc_value instead [ 397.716857][ T8631] loop3: detected capacity change from 0 to 2048 [ 397.795557][ T8631] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 398.322504][ T8631] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,barrier=0x0000000000000007,dioread_nolock,,errors=continue. Quota mode: writeback. [ 398.613597][ T8654] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 398.725719][ T8658] 8021q: VLANs not supported on ip6gre0 [ 398.948081][ T8667] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1282'. [ 399.808292][ T8674] netlink: 'syz.4.1284': attribute type 10 has an invalid length. [ 399.820792][ T5470] tipc: Subscription rejected, illegal request [ 399.957849][ T8674] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 400.914560][ T8695] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1290'. [ 403.036344][ T8714] 9pnet: Could not find request transport: f [ 407.194919][ T8783] bond0: (slave syz_tun): Releasing backup interface [ 407.246511][ T8783] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 407.259317][ T8783] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 407.266238][ T8783] device bridge_slave_0 left promiscuous mode [ 407.278849][ T8783] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.481890][ T8783] device bridge_slave_1 left promiscuous mode [ 407.486180][ T8783] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.504737][ T7] Bluetooth: hci1: command 0x0409 tx timeout [ 408.528009][ T8783] bond0: (slave bond_slave_0): Releasing backup interface [ 409.316798][ T8783] bond0: (slave bond_slave_1): Releasing backup interface [ 409.555042][ T8783] rdma_rxe: ignoring netdev event = 27 for team_slave_0 [ 409.559651][ T8783] rdma_rxe: ignoring netdev event = 26 for team_slave_0 [ 409.562404][ T8783] rdma_rxe: ignoring netdev event = 21 for team_slave_0 [ 409.569880][ T8783] rdma_rxe: ignoring netdev event = 10 for team_slave_0 [ 409.581673][ T8783] infiniband syz!: set down [ 409.583651][ T8783] rdma_rxe: ignoring netdev event = 27 for team_slave_0 [ 409.585634][ T8783] rdma_rxe: ignoring netdev event = 9 for team_slave_0 [ 409.593545][ T8783] rdma_rxe: ignoring netdev event = 8 for team_slave_0 [ 409.595811][ T8783] team0: Port device team_slave_0 removed [ 410.231877][ T8783] team0: Port device team_slave_1 removed [ 410.234246][ T8783] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 410.237669][ T8783] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.246207][ T8783] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 410.250192][ T8783] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.267051][ T8783] bond0: (slave wlan1): Releasing backup interface [ 410.431752][ T8786] team0: Failed to change to mode "loadbalance" [ 410.674884][ T8824] loop3: detected capacity change from 0 to 4096 [ 410.880178][ T8831] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 412.643924][ T8840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1336'. [ 412.854032][ T8846] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1336'. [ 414.841205][ T8869] netlink: 'syz.4.1342': attribute type 10 has an invalid length. [ 415.091002][ T8869] 8021q: adding VLAN 0 to HW filter on device team0 [ 415.094256][ T8869] bond0: (slave team0): Enslaving as an active interface with an up link [ 415.120439][ T8875] netlink: 'syz.4.1342': attribute type 1 has an invalid length. [ 415.945659][ T8877] tipc: Enabled bearer , priority 10 [ 416.121170][ T8891] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1352'. [ 416.135687][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready [ 416.153360][ T8891] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1352'. [ 416.172055][ T8893] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1353'. [ 416.265915][ T8898] loop3: detected capacity change from 0 to 256 [ 417.925231][ T8914] mac80211_hwsim hwsim12 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 418.772292][ T8921] xt_ipcomp: unknown flags B [ 420.756249][ T8947] netlink: 'syz.0.1368': attribute type 1 has an invalid length. [ 420.774085][ T8947] 8021q: adding VLAN 0 to HW filter on device bond3 [ 420.792484][ T8947] bond3: (slave veth7): Enslaving as an active interface with a down link [ 420.828862][ T8947] bond3: (slave vlan0): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 423.938562][ T8971] xt_bpf: check failed: parse error [ 425.862348][ T8997] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1387'. [ 425.923248][ T8997] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1387'. [ 425.929609][ T9004] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1388'. [ 425.951668][ T9004] loop3: detected capacity change from 0 to 1024 [ 427.186169][ T9004] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 427.193889][ T9004] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.1388: bg 0: block 260: invalid block bitmap [ 427.226432][ T9004] smc: net device bond0 applied user defined pnetid SYZ0 [ 427.234589][ T9004] smc: net device bond0 erased user defined pnetid SYZ0 [ 427.537177][ T9026] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1395'. [ 427.724290][ T9030] bridge0: port 1(syz_tun) entered blocking state [ 427.731996][ T9030] bridge0: port 1(syz_tun) entered disabled state [ 429.892327][ T9041] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1397'. [ 430.136235][ T9047] sch_fq: defrate 0 ignored. [ 431.823475][ T9074] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1411'. [ 432.587164][ T9074] bridge4: port 1(ip6gretap1) entered blocking state [ 432.589255][ T9074] bridge4: port 1(ip6gretap1) entered disabled state [ 432.592200][ T9074] device ip6gretap1 entered promiscuous mode [ 432.608665][ T9074] device veth5 entered promiscuous mode [ 432.610503][ T9074] bridge4: port 2(veth5) entered blocking state [ 432.612303][ T9074] bridge4: port 2(veth5) entered disabled state [ 435.643907][ T9111] netlink: 'syz.1.1421': attribute type 4 has an invalid length. [ 436.575787][ T9128] netlink: 'syz.0.1429': attribute type 1 has an invalid length. [ 436.622228][ T9128] 8021q: adding VLAN 0 to HW filter on device bond4 [ 437.094821][ T9131] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 437.534715][ T9128] 8021q: adding VLAN 0 to HW filter on device bond4 [ 437.548072][ T9128] bond4: (slave vxcan1): The slave device specified does not support setting the MAC address [ 437.567374][ T9128] bond4: (slave vxcan1): Error -22 calling dev_set_mtu [ 437.677713][ T9138] device veth11 entered promiscuous mode [ 437.696082][ T9138] bond4: (slave veth11): Enslaving as an active interface with a down link [ 437.753360][ T9145] bond4: (slave ip6gretap3): making interface the new active one [ 437.756214][ T9145] bond4: (slave ip6gretap3): Enslaving as an active interface with an up link [ 438.714321][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 438.716324][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.833448][ T9197] netlink: 'syz.1.1451': attribute type 1 has an invalid length. [ 442.869540][ T9197] 8021q: adding VLAN 0 to HW filter on device bond1 [ 442.933608][ T9197] bond1: (slave vlan1): making interface the new active one [ 442.945445][ T9197] bond1: (slave vlan1): Enslaving as an active interface with an up link [ 442.951101][ T4314] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 443.155330][ T9216] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1459'. [ 444.406909][ T9220] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1457'. [ 444.910397][ T9216] bond5 (unregistering): Released all slaves [ 445.337281][ T9233] bond0: (slave dummy0): Releasing backup interface [ 445.406612][ T9233] device bridge_slave_0 left promiscuous mode [ 445.408540][ T9233] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.120305][ T9233] device bridge_slave_1 left promiscuous mode [ 446.122439][ T9233] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.971259][ T9233] bond0: (slave bond_slave_0): Releasing backup interface [ 447.057318][ T9233] bond0: (slave bond_slave_1): Releasing backup interface [ 447.116570][ T9233] team0: Port device team_slave_0 removed [ 447.133608][ T9233] team0: Port device team_slave_1 removed [ 447.152183][ T9233] bond1: (slave veth3): Releasing active interface [ 447.251873][ T9233] tipc: Resetting bearer [ 447.262053][ T9233] device ip6gretap1 left promiscuous mode [ 447.269038][ T9233] bridge4: port 1(ip6gretap1) entered disabled state [ 447.317370][ T9233] bridge4: port 2(veth5) entered disabled state [ 448.147264][ T9242] netlink: 'syz.2.1465': attribute type 10 has an invalid length. [ 448.151038][ T9242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 448.153766][ T9242] team0: Port device bond0 added [ 448.188021][ T9245] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1465'. [ 448.196190][ T9245] tipc: Disabling bearer [ 448.213293][ T9245] team0 (unregistering): Port device bond0 removed [ 448.332175][ T26] audit: type=1326 audit(8635.299:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9268 comm="syz.0.1476" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x0 [ 452.298756][ T9337] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1493'. [ 454.945275][ T9360] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1502'. [ 455.939424][ T9380] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1507'. [ 455.942119][ T9380] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1507'. [ 456.674784][ T9391] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 456.680968][ T9391] loop3: detected capacity change from 0 to 256 [ 456.742579][ T9391] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097152) [ 456.756745][ T9391] FAT-fs (loop3): Filesystem has been set read-only [ 457.040683][ T9406] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1511'. [ 458.232344][ T26] audit: type=1326 audit(8645.199:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9413 comm="syz.0.1519" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x0 [ 460.523429][ T9444] netlink: 'syz.3.1527': attribute type 3 has an invalid length. [ 460.734748][ T9452] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1530'. [ 460.775941][ T9452] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1530'. [ 461.871821][ T9470] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1536'. [ 463.378776][ T9486] device batadv0 entered promiscuous mode [ 463.553683][ T9486] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 463.561727][ T9486] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 463.565448][ T4314] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 468.426919][ T9546] netlink: 'syz.3.1559': attribute type 11 has an invalid length. [ 470.883491][ T9570] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 470.894643][ T9570] CIFS mount error: No usable UNC path provided in device string! [ 470.894643][ T9570] [ 470.984571][ T9570] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 474.650497][ T9616] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 474.769400][ T9616] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 474.805351][ T9618] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 474.809086][ T9616] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 474.822805][ T9616] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 474.826083][ T9616] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 474.830638][ T9616] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 474.833113][ T9616] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 479.382420][ T9650] xt_TCPMSS: Only works on TCP SYN packets [ 484.688072][ T9712] device ipip0 entered promiscuous mode [ 485.240012][ T9723] wireguard: wg1: Could not create IPv4 socket [ 491.721205][ T9757] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1622'. [ 491.725296][ T9758] cgroup2: Unknown parameter 'pids_localevents' [ 491.969551][ T9755] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1624'. [ 492.823116][ T9773] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1630'. [ 492.827134][ T9775] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1628'. [ 492.848517][ T9773] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1630'. [ 492.852770][ T9773] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1630'. [ 495.200479][ T9797] fuse: Bad value for 'fd' [ 495.983897][ T9800] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1639'. [ 495.995620][ T9800] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1639'. [ 496.939575][ T9820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1642'. [ 499.910667][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 499.912479][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.182487][ T9876] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1658'. [ 506.381349][ T9894] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1664'. [ 507.769516][ T9908] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1667'. [ 509.204847][ T9894] netlink: 'syz.3.1664': attribute type 1 has an invalid length. [ 509.207118][ T9894] netlink: 'syz.3.1664': attribute type 2 has an invalid length. [ 512.258089][ T9937] netlink: 'syz.0.1677': attribute type 1 has an invalid length. [ 512.334573][ T9937] 8021q: adding VLAN 0 to HW filter on device bond5 [ 512.367682][ T9939] device ip6erspan0 entered promiscuous mode [ 512.409870][ T9939] bond5: (slave ip6erspan0): making interface the new active one [ 512.528202][ T9939] bond5: (slave ip6erspan0): Enslaving as an active interface with an up link [ 512.538103][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready [ 513.677904][ T9937] device vlan0 entered promiscuous mode [ 513.698510][ T9937] device bond5 entered promiscuous mode [ 513.731788][ T9937] bond5: (slave vlan0): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 513.836948][ T9957] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1683'. [ 515.748062][ T9977] x_tables: unsorted entry at hook 1 [ 516.841588][ T9989] kernel read not supported for file /šLŲ (pid: 9989 comm: syz.2.1690) [ 518.396383][ C0] vxcan1: j1939_tp_rxtimer: 0x00000000fee70942: rx timeout, send abort [ 518.399103][ C0] vxcan1: j1939_xtp_rx_abort_one: 0x00000000fee70942: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 519.504072][T10044] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1707'. [ 519.507145][T10044] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1707'. [ 519.737369][T10056] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1710'. [ 519.745607][T10056] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1710'. [ 519.889383][T10064] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253 [ 519.904563][T10064] PKCS7: Only support pkcs7_signedData type [ 523.730552][T10091] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1723'. [ 526.842957][T10130] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1733'. [ 526.864534][T10130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1733'. [ 526.883177][ T26] audit: type=1326 audit(8713.853:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10125 comm="syz.0.1733" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x0 [ 530.421763][T10174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1745'. [ 534.344393][T10205] ceph: No mds server is up or the cluster is laggy [ 536.094778][T10222] MPTCP: kernel_bind error, err=-22 [ 538.593023][T10258] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1776'. [ 544.337313][T10286] device batadv_slave_1 entered promiscuous mode [ 544.351597][T10284] device batadv_slave_1 left promiscuous mode [ 544.562551][T10295] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1780'. [ 544.767656][T10301] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1778'. [ 544.778699][T10301] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1778'. [ 545.324142][T10300] device vlan2 entered promiscuous mode [ 545.325881][T10300] device bond0 entered promiscuous mode [ 545.327431][T10300] device bond_slave_0 entered promiscuous mode [ 545.360885][T10300] device bond_slave_1 entered promiscuous mode [ 545.362767][T10300] device dummy0 entered promiscuous mode [ 545.364422][T10300] device bridge0 entered promiscuous mode [ 551.750417][T10362] Injecting memory failure for pfn 0x213dbd at process virtual address 0x2005b000 [ 551.753281][T10362] Memory failure: 0x213dbd: already hardware poisoned [ 552.178735][T10380] futex_wake_op: syz.3.1806 tries to shift op by 36; fix this program [ 552.316310][T10383] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 553.073616][T10385] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1818'. [ 556.703377][T10422] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1820'. [ 558.441224][T10432] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1823'. [ 558.475001][T10432] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1823'. [ 558.548255][T10436] netlink: 'syz.4.1824': attribute type 10 has an invalid length. [ 558.568052][T10436] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 558.657048][T10440] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1826'. [ 558.709263][T10446] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1829'. [ 558.747805][T10448] netlink: 'syz.2.1831': attribute type 13 has an invalid length. [ 560.106462][T10478] netlink: 'syz.1.1839': attribute type 4 has an invalid length. [ 560.108778][T10478] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1839'. [ 560.130353][T10478] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 561.133148][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 561.149452][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.747246][T10544] netlink: 'syz.4.1853': attribute type 2 has an invalid length. [ 566.382836][T10544] netlink: 'syz.4.1853': attribute type 1 has an invalid length. [ 567.091432][T10544] netlink: 'syz.4.1853': attribute type 1 has an invalid length. [ 567.175245][T10552] tipc: Started in network mode [ 567.177997][T10552] tipc: Node identity 7f000001, cluster identity 4711 [ 567.306185][T10552] tipc: Enabled bearer , priority 10 [ 567.314812][T10552] tipc: Enabling of bearer rejected, failed to enable media [ 567.375297][T10556] netlink: 'syz.3.1863': attribute type 1 has an invalid length. [ 567.502159][T10562] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 568.431269][ T6068] tipc: Node number set to 2130706433 [ 568.534706][T10582] netlink: 550 bytes leftover after parsing attributes in process `syz.3.1872'. [ 568.587769][T10589] netlink: 'syz.3.1874': attribute type 5 has an invalid length. [ 568.661994][T10599] netlink: 'syz.1.1876': attribute type 4 has an invalid length. [ 568.665008][T10599] netlink: 'syz.1.1876': attribute type 4 has an invalid length. [ 568.755517][T10596] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1875'. [ 568.868551][T10608] netlink: 'syz.2.1878': attribute type 8 has an invalid length. [ 568.937701][T10608] bridge0: port 1(syz_tun) entered blocking state [ 568.945747][T10608] bridge0: port 1(syz_tun) entered disabled state [ 568.948465][T10608] device syz_tun entered promiscuous mode [ 573.689439][T10653] device vlan3 entered promiscuous mode [ 578.713454][T10702] tipc: Enabled bearer , priority 18 [ 578.737998][T10700] MPTCP: addr_signal error, add_addr=1, echo=0 [ 578.749110][T10700] MPTCP: addr_signal error, add_addr=1, echo=0 [ 578.751168][T10700] MPTCP: addr_signal error, add_addr=1, echo=0 [ 579.012893][T10711] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1910'. [ 579.096720][ T26] audit: type=1326 audit(8766.066:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 579.139306][ T26] audit: type=1326 audit(8766.116:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 579.224014][ T26] audit: type=1326 audit(8766.196:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=10 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 579.237747][ T26] audit: type=1326 audit(8766.206:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 579.310061][T10717] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1925'. [ 579.325788][ T26] audit: type=1326 audit(8766.206:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 579.335430][ T26] audit: type=1326 audit(8766.206:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 579.345009][ T26] audit: type=1326 audit(8766.206:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 579.357941][ T26] audit: type=1326 audit(8766.206:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 579.746189][ T26] audit: type=1326 audit(8766.206:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 580.173118][ T26] audit: type=1326 audit(8766.206:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.0.1911" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b6bba8 code=0x7ffc0000 [ 580.259984][T10734] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1915'. [ 580.493223][T10744] netlink: 71 bytes leftover after parsing attributes in process `syz.4.1919'. [ 584.074593][T10772] netlink: 'syz.1.1930': attribute type 8 has an invalid length. [ 584.087388][T10772] bridge0: port 4(syz_tun) entered blocking state [ 584.090117][T10772] bridge0: port 4(syz_tun) entered disabled state [ 584.092666][T10772] device syz_tun entered promiscuous mode [ 584.097007][T10772] bridge0: port 4(syz_tun) entered blocking state [ 584.099093][T10772] bridge0: port 4(syz_tun) entered forwarding state [ 584.285781][T10787] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1931'. [ 585.171543][T10794] sctp: [Deprecated]: syz.2.1947 (pid 10794) Use of int in max_burst socket option. [ 585.171543][T10794] Use struct sctp_assoc_value instead [ 585.185502][T10799] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 585.187713][T10797] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1948'. [ 585.261365][T10804] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1939'. [ 586.582641][T10818] netlink: 'syz.3.1943': attribute type 8 has an invalid length. [ 586.708090][T10818] bridge0: port 3(syz_tun) entered blocking state [ 586.716166][T10818] bridge0: port 3(syz_tun) entered disabled state [ 586.718866][T10818] device syz_tun entered promiscuous mode [ 587.659490][ T5472] tipc: Subscription rejected, illegal request [ 588.236730][T10846] sctp: [Deprecated]: syz.3.1952 (pid 10846) Use of int in max_burst socket option. [ 588.236730][T10846] Use struct sctp_assoc_value instead [ 588.356978][T10850] 9pnet: Could not find request transport: f [ 588.888399][ T4101] Bluetooth: hci2: command 0x0409 tx timeout [ 590.761722][T10873] netlink: 'syz.1.1965': attribute type 10 has an invalid length. [ 590.792877][T10873] bridge0: port 4(syz_tun) entered disabled state [ 590.824233][T10880] sctp: [Deprecated]: syz.0.1968 (pid 10880) Use of int in max_burst socket option. [ 590.824233][T10880] Use struct sctp_assoc_value instead [ 590.830563][T10873] bridge0: port 4(syz_tun) entered disabled state [ 591.635503][T10873] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 595.765234][T10907] tipc: Enabled bearer , priority 10 [ 595.837301][T10914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1978'. [ 595.852819][T10914] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 595.859936][T10916] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1979'. [ 595.915873][T10914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1978'. [ 596.051729][T10921] netlink: 'syz.0.1982': attribute type 10 has an invalid length. [ 596.054192][T10921] device syz_tun entered promiscuous mode [ 596.076620][T10921] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 600.269841][T10960] tipc: Bearer : already 2 bearers with priority 10 [ 600.284550][T10960] tipc: Bearer : trying with adjusted priority [ 600.306501][T10960] tipc: Enabled bearer , priority 9 [ 601.697219][T10975] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1997'. [ 601.706602][T10975] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 601.782637][T10975] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1997'. [ 603.102567][T10994] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2003'. [ 604.350319][T11018] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2007'. [ 604.385945][T11018] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2007'. [ 607.836262][T11051] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2019'. [ 607.847959][T11051] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 607.859079][T11051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2019'. [ 607.874024][T11055] netlink: 'syz.3.2020': attribute type 10 has an invalid length. [ 607.876304][T11055] tipc: Resetting bearer [ 607.916610][T11055] tipc: Resetting bearer [ 607.930010][T11055] 8021q: adding VLAN 0 to HW filter on device team0 [ 607.947621][T11055] device team0 entered promiscuous mode [ 607.949279][T11055] device team_slave_0 entered promiscuous mode [ 607.951435][T11055] device team_slave_1 entered promiscuous mode [ 608.017764][T11055] bond0: (slave team0): Enslaving as an active interface with an up link [ 608.050819][T11058] netlink: 'syz.3.2020': attribute type 1 has an invalid length. [ 609.235005][T11069] 9pnet: Could not find request transport: f [ 610.025684][T11072] xt_ipcomp: unknown flags B [ 612.312057][T11084] netlink: 'syz.4.2031': attribute type 1 has an invalid length. [ 612.324350][T11084] 8021q: adding VLAN 0 to HW filter on device bond1 [ 612.380246][T11084] bond1: (slave veth5): Enslaving as an active interface with a down link [ 612.537635][T11084] bond1: (slave vlan7): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 614.253315][T11103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2045'. [ 614.256110][T11100] xt_bpf: check failed: parse error [ 614.280083][T11104] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 614.354997][T11103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2045'. [ 615.474753][T11109] netlink: 'syz.2.2037': attribute type 10 has an invalid length. [ 615.490211][T11109] netlink: 'syz.2.2037': attribute type 1 has an invalid length. [ 623.167222][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.169151][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 623.198492][T11161] netlink: 'syz.2.2050': attribute type 1 has an invalid length. [ 623.423262][T11161] 8021q: adding VLAN 0 to HW filter on device bond3 [ 623.448337][T11172] bond3: (slave veth9): Enslaving as an active interface with a down link [ 623.454471][T11169] sch_tbf: burst 4398 is lower than device lo mtu (11337746) ! [ 624.356175][T11177] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2053'. [ 624.432097][T11177] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2053'. [ 626.519404][T11161] bond3: (slave vlan1): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 628.096746][T11222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2066'. [ 629.025383][T11234] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2072'. [ 629.038831][T11234] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2072'. [ 629.054348][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 629.054359][ T26] audit: type=1326 audit(8816.028:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11226 comm="syz.1.2071" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x0 [ 629.071767][T11234] netlink: 'syz.0.2072': attribute type 10 has an invalid length. [ 629.074358][T11234] bridge0: port 1(team0) entered blocking state [ 629.079101][T11234] bridge0: port 1(team0) entered disabled state [ 629.082789][T11234] device team0 entered promiscuous mode [ 629.084268][T11234] device bond0 entered promiscuous mode [ 629.085784][T11234] device macvlan0 entered promiscuous mode [ 629.093975][T11234] bridge0: port 1(team0) entered blocking state [ 629.095789][T11234] bridge0: port 1(team0) entered forwarding state [ 629.098466][ T5370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 629.103009][ T5370] IPv6: ADDRCONF(NETDEV_CHANGE): vlan3: link becomes ready [ 632.759405][T11270] overlayfs: conflicting options: userxattr,redirect_dir=follow [ 635.971796][ T7] libceph: connect (1)[c::]:6789 error -101 [ 635.973736][ T7] libceph: mon0 (1)[c::]:6789 connect error [ 635.975916][ T7] libceph: connect (1)[c::]:6789 error -101 [ 635.977633][ T7] libceph: mon0 (1)[c::]:6789 connect error [ 636.502475][T11307] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2092'. [ 637.088039][ T7] libceph: connect (1)[c::]:6789 error -101 [ 637.089924][ T7] libceph: mon0 (1)[c::]:6789 connect error [ 637.091917][T11293] ceph: No mds server is up or the cluster is laggy [ 637.627687][T11280] libceph: connect (1)[c::]:6789 error -101 [ 637.629671][T11280] libceph: mon0 (1)[c::]:6789 connect error [ 642.178317][T11353] xt_TCPMSS: Only works on TCP SYN packets [ 644.769975][ T4036] libceph: connect (1)[c::]:6789 error -101 [ 644.772925][ T4036] libceph: mon0 (1)[c::]:6789 connect error [ 644.780674][T11374] ceph: No mds server is up or the cluster is laggy [ 644.864308][ T4036] libceph: connect (1)[c::]:6789 error -101 [ 644.866474][ T4036] libceph: mon0 (1)[c::]:6789 connect error [ 644.886291][T11391] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2114'. [ 645.126875][ T25] libceph: connect (1)[c::]:6789 error -101 [ 645.128639][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 646.699166][T11401] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2117'. [ 646.712691][T11401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2117'. [ 647.036854][T11403] tmpfs: Bad value for 'size' [ 647.882264][ T25] libceph: connect (1)[c::]:6789 error -101 [ 647.887323][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 655.317747][T11473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2136'. [ 656.040976][T11479] tipc: Enabled bearer , priority 17 [ 660.276359][T11521] tipc: Resetting bearer [ 662.000895][T11536] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2152'. [ 662.014149][T11536] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2152'. [ 662.272734][T11536] bridge0: port 3(syz_tun) entered blocking state [ 662.274698][T11536] bridge0: port 3(syz_tun) entered listening state [ 662.276629][T11536] bridge0: port 2(bridge_slave_1) entered blocking state [ 662.278864][T11536] bridge0: port 2(bridge_slave_1) entered listening state [ 662.280974][T11536] bridge0: port 1(bridge_slave_0) entered blocking state [ 662.282967][T11536] bridge0: port 1(bridge_slave_0) entered listening state [ 662.789690][T11542] netlink: 'syz.3.2152': attribute type 10 has an invalid length. [ 662.793008][T11542] bond0: (slave team0): Releasing backup interface [ 663.904055][T11542] device team0 left promiscuous mode [ 663.913678][T11542] device team_slave_0 left promiscuous mode [ 663.923932][T11542] device team_slave_1 left promiscuous mode [ 663.936606][T11542] tipc: Resetting bearer [ 664.065675][T11542] tipc: Resetting bearer [ 664.067870][T11542] bridge0: port 4(team0) entered blocking state [ 664.069917][T11542] bridge0: port 4(team0) entered disabled state [ 664.072432][T11542] device team0 entered promiscuous mode [ 664.074174][T11542] device team_slave_0 entered promiscuous mode [ 664.076257][T11542] device team_slave_1 entered promiscuous mode [ 664.148957][T11572] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2162'. [ 664.182052][T11572] bond4 (unregistering): Released all slaves [ 666.696094][T11595] netlink: 'syz.3.2170': attribute type 1 has an invalid length. [ 666.798384][T11605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2169'. [ 666.808857][T11605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2169'. [ 667.324865][T11595] 8021q: adding VLAN 0 to HW filter on device bond2 [ 667.607968][T11609] bond2: (slave veth0_to_bond): making interface the new active one [ 667.611890][T11609] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 668.370319][T11611] device veth1 entered promiscuous mode [ 668.372263][T11611] device veth1 left promiscuous mode [ 668.399754][T11611] bond2: (slave vlan4): Enslaving as an active interface with an up link [ 668.402337][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 668.411525][T11619] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2174'. [ 668.414608][T11619] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2174'. [ 668.638243][T11619] netlink: 'syz.4.2174': attribute type 10 has an invalid length. [ 668.641630][T11619] bond0: (slave team0): Releasing backup interface [ 668.643436][T11619] bond0: (slave team0): the permanent HWaddr of slave - aa:aa:aa:aa:aa:1a - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 669.394169][T11619] bridge0: port 2(team0) entered blocking state [ 669.396151][T11619] bridge0: port 2(team0) entered disabled state [ 669.419248][T11619] device team0 entered promiscuous mode [ 669.531719][T11636] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2177'. [ 669.572862][T11636] bond2 (unregistering): Released all slaves [ 671.259485][T11673] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2189'. [ 671.262157][T11673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2189'. [ 671.308774][T11673] netlink: 'syz.2.2189': attribute type 10 has an invalid length. [ 672.227839][T11684] netlink: 'syz.2.2193': attribute type 1 has an invalid length. [ 672.399833][T11684] 8021q: adding VLAN 0 to HW filter on device bond4 [ 672.438225][T11684] device vlan1 entered promiscuous mode [ 672.439914][T11684] device bond4 entered promiscuous mode [ 673.291657][T11695] netlink: 277 bytes leftover after parsing attributes in process `syz.1.2205'. [ 675.066098][T11723] netlink: 'syz.2.2214': attribute type 1 has an invalid length. [ 677.324269][T11728] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready [ 677.337051][T11728] IPv6: ADDRCONF(NETDEV_CHANGE): vxlan0: link becomes ready [ 677.423328][T11730] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 677.427630][T11730] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 677.430067][T11730] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 677.432373][T11730] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 677.436077][T11730] bond5: (slave geneve2): making interface the new active one [ 677.439516][T11730] bond5: (slave geneve2): Enslaving as an active interface with an up link [ 679.052905][T11755] netlink: 'syz.1.2213': attribute type 1 has an invalid length. [ 679.566001][T11755] 8021q: adding VLAN 0 to HW filter on device bond3 [ 684.615642][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 684.617489][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.231901][T11843] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 693.076491][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 693.079049][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 693.081618][ C0] bridge0: port 3(syz_tun) entered learning state [ 693.625059][T11880] netlink: 'syz.4.2249': attribute type 1 has an invalid length. [ 693.673982][T11880] 8021q: adding VLAN 0 to HW filter on device bond2 [ 693.831198][T11880] bond2: (slave gretap1): making interface the new active one [ 693.843041][T11880] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 693.845531][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 693.989864][T11739] bridge0: port 3(syz_tun) entered disabled state [ 694.018994][T11739] device syz_tun left promiscuous mode [ 694.020683][T11739] bridge0: port 3(syz_tun) entered disabled state [ 695.842781][ T7] Bluetooth: hci5: command 0x0409 tx timeout [ 696.238987][ T4450] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.997047][ T4450] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.778735][ T4450] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.865145][T11944] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2264'. [ 697.890657][ T4450] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.922629][ T7] Bluetooth: hci5: command 0x041b tx timeout [ 698.070200][T11886] chnl_net:caif_netlink_parms(): no params data found [ 698.937052][T11886] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.939196][T11886] bridge0: port 1(bridge_slave_0) entered disabled state [ 698.942301][T11886] device bridge_slave_0 entered promiscuous mode [ 698.982599][T11886] bridge0: port 2(bridge_slave_1) entered blocking state [ 698.984758][T11886] bridge0: port 2(bridge_slave_1) entered disabled state [ 698.992129][T11886] device bridge_slave_1 entered promiscuous mode [ 699.149206][T11886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 699.153180][ T4450] tipc: Disabling bearer [ 699.155558][ T4450] tipc: Disabling bearer [ 699.159497][ T4450] tipc: Left network mode [ 699.170365][T11886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 699.300761][T11886] team0: Port device team_slave_0 added [ 699.327059][T11886] team0: Port device team_slave_1 added [ 699.397081][T11886] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 699.408811][T11886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.434032][T11886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 699.548943][T11886] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 699.551009][T11886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.574948][T11886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 699.654447][T11886] device hsr_slave_0 entered promiscuous mode [ 699.692671][T11886] device hsr_slave_1 entered promiscuous mode [ 699.732395][T11886] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 699.734593][T11886] Cannot create hsr debugfs directory [ 699.909786][T11886] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 699.934251][T11886] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 699.976881][T11886] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 700.005153][T11886] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 700.012656][ T4447] Bluetooth: hci5: command 0x040f tx timeout [ 700.129858][T11886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 700.140674][T11886] 8021q: adding VLAN 0 to HW filter on device team0 [ 700.155517][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 700.158224][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 700.172502][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 700.175418][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 700.178117][ T4206] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.180131][ T4206] bridge0: port 1(bridge_slave_0) entered forwarding state [ 700.190427][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 700.196923][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 700.199877][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 700.203155][ T4385] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.205169][ T4385] bridge0: port 2(bridge_slave_1) entered forwarding state [ 700.208898][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 700.234547][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 700.237788][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 700.246218][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 700.260743][T11886] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 700.271564][T11886] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 700.277130][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 700.279981][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 700.283085][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 700.286342][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 700.289172][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 700.292103][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 700.302687][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 700.327427][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 700.428707][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 700.431013][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 700.445122][T11886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 700.577482][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 700.580516][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 700.598280][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 700.600958][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 700.605698][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 700.613327][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 700.617499][T11886] device veth0_vlan entered promiscuous mode [ 700.634605][T11886] device veth1_vlan entered promiscuous mode [ 700.651979][T11886] device veth0_macvtap entered promiscuous mode [ 700.659891][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 700.662893][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 700.665504][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 700.668234][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 700.670959][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 700.678287][T11886] device veth1_macvtap entered promiscuous mode [ 700.690139][T11886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 700.693455][T11886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.696231][T11886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 700.699007][T11886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.703215][T11886] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 700.705363][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 700.707985][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 700.710829][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 700.721379][T11886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 700.725042][T11886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.727823][T11886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 700.730746][T11886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.735284][T11886] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 700.737508][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 700.740386][ T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 700.757143][T11886] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.759777][T11886] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.762106][T11886] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.769021][T11886] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.910858][ T4450] bond0: (slave wlan1): Releasing backup interface [ 700.946193][ T4450] device wlan1 left promiscuous mode [ 700.973209][ T5487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 700.975760][ T5487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 700.980097][T11141] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 700.986104][T11141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 700.989361][T11141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 700.995906][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 701.127174][T12045] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 702.189094][ T7] Bluetooth: hci5: command 0x0419 tx timeout [ 703.316272][T12057] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2281'. [ 704.688518][T12057] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2281'. [ 707.943173][ T4450] device hsr_slave_0 left promiscuous mode [ 709.085771][ T4450] device hsr_slave_1 left promiscuous mode [ 709.922528][ T4450] batman_adv: batadv0: Interface deactivated: dummy0 [ 709.924470][ T4450] batman_adv: batadv0: Removing interface: dummy0 [ 709.927251][ T4450] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 709.930084][ T4450] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 709.938527][ T4450] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 709.943116][ T4450] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 709.945805][ T4450] device team0 left promiscuous mode [ 709.947225][ T4450] device team_slave_0 left promiscuous mode [ 709.949415][ T4450] device team_slave_1 left promiscuous mode [ 709.952885][ T4450] bridge0: port 4(team0) entered disabled state [ 710.178048][ T4450] device bridge_slave_1 left promiscuous mode [ 710.180010][ T4450] bridge0: port 2(bridge_slave_1) entered disabled state [ 710.292924][ T4450] device bridge_slave_0 left promiscuous mode [ 710.295008][ T4450] bridge0: port 1(bridge_slave_0) entered disabled state [ 710.572790][ T4450] device veth1_macvtap left promiscuous mode [ 710.574981][ T4450] device veth0_macvtap left promiscuous mode [ 710.576847][ T4450] device veth1_vlan left promiscuous mode [ 710.578576][ T4450] device veth0_vlan left promiscuous mode [ 710.717023][ T4450] bond2 (unregistering): (slave vlan4): Releasing active interface [ 710.719251][ T4450] device veth0_to_bond entered promiscuous mode [ 710.758836][ T4450] bond2 (unregistering): (slave veth0_to_bond): Releasing active interface [ 710.761341][ T4450] device veth0_to_bond left promiscuous mode [ 710.793205][ T4450] bond2 (unregistering): Released all slaves [ 710.983567][ T4450] bond1 (unregistering): (slave veth3): Releasing active interface [ 711.030138][ T4450] bond1 (unregistering): Released all slaves [ 711.120560][ T4450] team0 (unregistering): Port device team_slave_1 removed [ 711.129746][ T4450] team0 (unregistering): Port device team_slave_0 removed [ 711.139039][ T4450] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 711.172973][ T4450] device bond_slave_1 left promiscuous mode [ 711.182692][ T4450] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 711.224074][ T4450] device bond_slave_0 left promiscuous mode [ 711.308166][ T4450] bond0 (unregistering): Released all slaves [ 711.421812][T12126] netlink: 'syz.4.2288': attribute type 1 has an invalid length. [ 717.830767][T12187] tipc: Enabling of bearer rejected, failed to enable media [ 718.531705][T12193] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2302'. [ 718.573342][T12193] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2302'. [ 718.630267][T12193] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.470917][T12193] device bridge_slave_1 left promiscuous mode [ 719.696122][T12193] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.115057][T12234] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2311'. [ 731.357163][T12306] tipc: Enabling of bearer rejected, failed to enable media [ 734.355588][ T26] audit: type=1326 audit(8920.394:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12330 comm="syz.2.2329" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdc55ba8 code=0x0 [ 734.402962][T12338] tipc: Enabling of bearer rejected, failed to enable media [ 735.508276][T12371] loop5: detected capacity change from 0 to 16 [ 736.554536][T12371] erofs: (device loop5): mounted with root inode @ nid 36. [ 736.597563][T12369] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 736.606638][T12369] erofs: (device loop5): z_erofs_readpage: failed to read, err [-117] [ 736.613939][T12369] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 736.616812][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 42 @ nid 36 [ 736.619295][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 41 @ nid 36 [ 736.621763][T12369] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 736.624356][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 736.626834][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 39 @ nid 36 [ 736.629167][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 38 @ nid 36 [ 736.632075][T12369] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 736.634501][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 31 @ nid 36 [ 736.637018][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 27 @ nid 36 [ 736.639676][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 26 @ nid 36 [ 736.642358][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 25 @ nid 36 [ 736.644998][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 24 @ nid 36 [ 736.647407][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 23 @ nid 36 [ 736.649993][T12369] erofs: (device loop5): z_erofs_extent_lookback: unknown type 3 @ lcn 15 of nid 36 [ 736.652648][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 16 @ nid 36 [ 736.655076][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 65535 of nid 36 [ 736.658013][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 15 @ nid 36 [ 736.660615][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 61439 of nid 36 [ 736.663556][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 14 @ nid 36 [ 736.666065][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 57343 of nid 36 [ 736.668823][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 13 @ nid 36 [ 736.671403][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 36863 of nid 36 [ 736.674177][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 8 @ nid 36 [ 736.676775][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 4 @ nid 36 [ 736.679236][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36 [ 736.682086][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 0 @ nid 36 [ 736.684769][T12369] attempt to access beyond end of device [ 736.684769][T12369] loop5: rw=524288, want=312, limit=16 [ 736.687748][T12369] attempt to access beyond end of device [ 736.687748][T12369] loop5: rw=524288, want=1049280, limit=16 [ 736.690918][T12369] attempt to access beyond end of device [ 736.690918][T12369] loop5: rw=524288, want=24, limit=16 [ 736.693920][T12369] attempt to access beyond end of device [ 736.693920][T12369] loop5: rw=524288, want=736, limit=16 [ 736.696943][T12369] attempt to access beyond end of device [ 736.696943][T12369] loop5: rw=524288, want=776, limit=16 [ 736.699872][T12369] attempt to access beyond end of device [ 736.699872][T12369] loop5: rw=524288, want=848, limit=16 [ 736.702949][T12369] attempt to access beyond end of device [ 736.702949][T12369] loop5: rw=524288, want=13478624104, limit=16 [ 736.706480][T12369] attempt to access beyond end of device [ 736.706480][T12369] loop5: rw=524288, want=13478624080, limit=16 [ 736.711005][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 360447 of nid 36 [ 736.713748][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 87 @ nid 36 [ 736.716252][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 736.718765][T12369] erofs: (device loop5): z_erofs_extent_lookback: unknown type 3 @ lcn 84 of nid 36 [ 736.721335][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 85 @ nid 36 [ 736.723823][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 348159 of nid 36 [ 736.726622][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 84 @ nid 36 [ 736.729160][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 344063 of nid 36 [ 736.733138][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 83 @ nid 36 [ 736.735715][T12369] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 736.738236][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 82 @ nid 36 [ 736.740697][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 81 @ nid 36 [ 736.743208][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 80 @ nid 36 [ 736.745629][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 79 @ nid 36 [ 736.748073][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 78 @ nid 36 [ 736.750650][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 77 @ nid 36 [ 736.752961][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 315391 of nid 36 [ 736.755671][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 76 @ nid 36 [ 736.758192][T12369] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 736.760794][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 75 @ nid 36 [ 736.763271][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 307199 of nid 36 [ 736.766145][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 74 @ nid 36 [ 736.768599][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 73 @ nid 36 [ 736.771084][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 72 @ nid 36 [ 736.773472][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 71 @ nid 36 [ 736.775980][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 290815 of nid 36 [ 736.778838][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 70 @ nid 36 [ 736.781482][T12369] erofs: (device loop5): z_erofs_extent_lookback: unknown type 3 @ lcn 64 of nid 36 [ 736.784064][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 65 @ nid 36 [ 736.786621][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 266239 of nid 36 [ 736.789458][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 64 @ nid 36 [ 736.792056][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 262143 of nid 36 [ 736.794885][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 63 @ nid 36 [ 736.797345][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 61 @ nid 36 [ 736.799909][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 59 @ nid 36 [ 736.802480][T12369] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 736.804997][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 58 @ nid 36 [ 736.807502][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 57 @ nid 36 [ 736.809978][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 56 @ nid 36 [ 736.812537][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 55 @ nid 36 [ 736.815080][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 54 @ nid 36 [ 736.817548][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 53 @ nid 36 [ 736.820072][T12369] erofs: (device loop5): z_erofs_extent_lookback: unknown type 3 @ lcn 50 of nid 36 [ 736.822912][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 51 @ nid 36 [ 736.825483][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 208895 of nid 36 [ 736.828231][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 50 @ nid 36 [ 736.830637][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 49 @ nid 36 [ 736.833145][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 200703 of nid 36 [ 736.835765][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 48 @ nid 36 [ 736.838314][T12369] erofs: (device loop5): z_erofs_map_blocks_iter: unknown type 3 @ offset 196607 of nid 36 [ 736.841044][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 47 @ nid 36 [ 736.843472][T12369] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 736.846306][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 46 @ nid 36 [ 736.848741][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 45 @ nid 36 [ 736.851400][T12369] erofs: (device loop5): z_erofs_readahead: readahead error at page 44 @ nid 36 [ 736.854124][T12369] attempt to access beyond end of device [ 736.854124][T12369] loop5: rw=524288, want=56, limit=16 [ 736.857071][T12369] attempt to access beyond end of device [ 736.857071][T12369] loop5: rw=524288, want=24, limit=16 [ 742.111945][ T26] audit: type=1326 audit(8928.454:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12415 comm="syz.1.2347" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffac784ba8 code=0x0 [ 745.661619][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.080182][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.234823][T12490] ceph: No source [ 749.789830][T12505] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2371'. [ 749.924351][T12459] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 750.130668][T12459] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 752.761355][T12515] loop5: detected capacity change from 0 to 1024 [ 755.217674][T12534] fido_id[12534]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 758.887740][T12583] loop5: detected capacity change from 0 to 512 [ 759.865501][T12584] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2390'. [ 759.980764][T12583] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 761.563274][T12583] kernel profiling enabled (shift: 17) [ 761.639860][T12617] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 761.642743][T12617] Mem abort info: [ 761.643766][T12617] ESR = 0x0000000086000006 [ 761.645104][T12617] EC = 0x21: IABT (current EL), IL = 32 bits [ 761.646826][T12617] SET = 0, FnV = 0 [ 761.647959][T12617] EA = 0, S1PTW = 0 [ 761.649133][T12617] FSC = 0x06: level 2 translation fault [ 761.650731][T12617] user pgtable: 4k pages, 48-bit VAs, pgdp=000000010db49000 [ 761.652685][T12617] [0000000000000000] pgd=080000012896d003, p4d=080000012896d003, pud=080000011b130003, pmd=0000000000000000 [ 761.656013][T12617] Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP [ 761.657918][T12617] Modules linked in: [ 761.658983][T12617] CPU: 0 PID: 12617 Comm: syz.0.2399 Not tainted 5.15.186-syzkaller #0 [ 761.661281][T12617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 761.664271][T12617] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 761.666458][T12617] pc : 0x0 [ 761.667263][T12617] lr : bond_xdp_xmit+0x254/0x404 [ 761.668604][T12617] sp : ffff80001f9e73a0 [ 761.669791][T12617] x29: ffff80001f9e7460 x28: 0000000000000000 x27: ffff80001f9e73c8 [ 761.671961][T12617] x26: dfff800000000000 x25: ffff8000121860d8 x24: ffff0000f4b48000 [ 761.674135][T12617] x23: fffffbffeff96f48 x22: ffff0000e62f4000 x21: fffffbffeff96f48 [ 761.676345][T12617] x20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000200 [ 761.678557][T12617] x17: 0000000000000002 x16: ffff8000082bf708 x15: 0000000000000001 [ 761.680785][T12617] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000080000 [ 761.683006][T12617] x11: 000000000000044c x10: ffff800020dba000 x9 : ffff80001f9e7400 [ 761.685159][T12617] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 [ 761.687467][T12617] x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000001 [ 761.689719][T12617] x2 : ffff80001f9e7420 x1 : 0000000000000001 x0 : ffff0000f4b48000 [ 761.691867][T12617] Call trace: [ 761.692751][T12617] 0x0 [ 761.693517][T12617] bq_xmit_all+0xc44/0x1020 [ 761.694729][T12617] __dev_flush+0xc4/0x18c [ 761.695928][T12617] xdp_do_flush+0x14/0x28 [ 761.697122][T12617] tun_get_user+0x2434/0x31c4 [ 761.698382][T12617] tun_chr_write_iter+0xfc/0x20c [ 761.699751][T12617] vfs_write+0x7c8/0xa2c [ 761.700839][T12617] ksys_write+0x120/0x210 [ 761.702092][T12617] __arm64_sys_write+0x7c/0x90 [ 761.703346][T12617] invoke_syscall+0x98/0x2b8 [ 761.704577][T12617] el0_svc_common+0x138/0x258 [ 761.705879][T12617] do_el0_svc+0x58/0x14c [ 761.707028][T12617] el0_svc+0x78/0x1e0 [ 761.708168][T12617] el0t_64_sync_handler+0xcc/0xe4 [ 761.709526][T12617] el0t_64_sync+0x1a0/0x1a4 [ 761.710748][T12617] Code: bad PC value [ 761.711798][T12617] ---[ end trace fd64cd0144468177 ]--- [ 762.319710][T12617] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 762.321938][T12617] SMP: stopping secondary CPUs [ 762.323295][T12617] Kernel Offset: disabled [ 762.324495][T12617] CPU features: 0x8,000081c1,21302e40 [ 762.326021][T12617] Memory Limit: none [ 762.928284][T12617] Rebooting in 86400 seconds..