last executing test programs: 4.214547109s ago: executing program 3 (id=1527): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000100001000000000000000000d100000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028004080080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a19020000000000000000010020000c00024000000000000000010900010073797a3100000000200004"], 0xe8}}, 0x0) 4.086824751s ago: executing program 3 (id=1529): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x5, &(0x7f0000000300), &(0x7f00000003c0)=0x4) 3.907352175s ago: executing program 3 (id=1533): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={0x0, 0xfdd0}) 3.667418559s ago: executing program 3 (id=1536): syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@errors_remount}, {@gid}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@fmask={'fmask', 0x3d, 0x8c1}}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@errors_continue}, {@keep_last_dots}, {@errors_remount}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'ascii'}}, {@namecase}]}, 0x1, 0x1531, &(0x7f0000001f80)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k1imSTJJUkuSZIkSW4JSZMcSUgMuSUNSch1SC5DSC4Tk8b9fr8kJEmTJCG5Jev/Ef7qVL9zzu/0O86neb6fz/5Yz+z9rP287/Ne1t6YbzoOqtageuV6RAT/FrzwRxIAxAJAPwC4BgACACgdVzru/P7sEpP+vZOwP9fDqVe6AnYlcf+zNu5/1sb9z9q4/1kb9z9r4/5nbdz/rI37z1hWtnFq/mt5y7ob3///66vzh3v4+/8vJLPE6C9Wl7i+E0DMP5vC/c/auP9/WcE/cxD3P2vj/mdVsVe6APZfgN//f0lNfh1m+8MDuf9ZG/efsazsSt9/vtIbRLL2c3ClX3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxrKGU/6i0+AVAFwKr3RdjDHGGGOMMcYY+/P4bFe6AsYYY4wxxhhjjP3fQxAgQUEAMZANYiE75AABAFdDLrgGInAtxMF1kBuuhzyQF/JBfoiHAlAQNBiwQBBCISgMUbgBisCNUBRugmJQHByUgAS4GUrCLVAKboXScBuUgduhLJSD8lAB7oCKcCdUgrugMtwNVaAqVIPqcA/UgHuhJtwHteB+qA0PQB14EOrCQ1APHob68Ag0gEehITwGjaAxNIGm0Ox/lf8idIWXoBt0hyToAT3hZegFvaEP9IV+8Ar0h1dhALwGyTAQBsHrMBjegCHwJgyFYTAc3oIRMBJGwWgYA2MhBcbBeHgbJsA7MBEmwWSYAqkwFabBuzAdZsBMeA9mwfswG+bAXJgHafABzIcFkA4fwkL4CDJgESyGJbAUlsFyWAErYRWshjWwFtbBetgAG2ETbIYtsBW2wXb4GHbAJ7ATdsFu+BT2wGf/Yv7Jv8vvhICAAgUqVBiDMRiLsZgDc2BOzIm5MBdGMIJxGIe5MTfmwTyYD/NhPMZjQSyIBg0SEhbCQhjFKBbBIlgUi2IxLIYOHSZgApbEW7AUlsLSWBrLYBksi+WwHFbAClgRK2IlrISVsTJWwSpYDavhPXgP9sCaWBNrYS2sjbUv3Z7CelgP62N9bIANsCE2xEbYCJtgE2yGzbA5NscW2AJbYStsja2xDbbBREzEttgW22E7bI/tsQN2wI7YETthZ+yc+WI2wJfwJeyOVUQP7Ik9sRcmZ+uDfbEvvoL98VV8FV/DZByIg/B1fB3fwCF4AofiMByOw7GiGImjcDSSGIspmILjcTxOwAk4ESfhJJyCqTgVp+E0nI4zcAa+h7PwfXwf5+AcnIdpmIbzcQGmYzouxJOYgYtwMS7BpbgMl+IKXIkrcDWuwdW4DtfhBtyAm3ATbsEtuA234ceoAPAT3IW7MBn34B7ci3txH+7D/bgfMzETD+ABPIgH8RAewsN4GI/gUTyGR/E4HscTeBJP4Sk8g2fwLD4f/1X9j29alQziPCWUiBExIlbEihwih8gpcopcIpeIiIiIE3Eit8gt8og8Ip/IJ+JFvCgoCgojjCARxgCAiIqoKCKKiKKiqCgmigknnEgQCaKkKClKiVKitLhNlBG3i7KinGjpKogKoqJo5SqJu0RlUVlUEVVFNVFdVBc1RA1RU9QUtUQtUVvUFnXEg6Ku6IF98GFxvjMNxEBsKAZhI9FYyIufYM3FEGwhWopW4kkxDIdiG9HcJYpnRFsxCtuJv4nR+JzoIMZiR/GC6CQ6iy7iRdFVtHDdRHcxEXuInmIK9hK9RR/RV0zHquI9nJW9mnhNJIuBYpB4XczDN8QQ8aYYKoaJ4eItMUKMFKPEaDFGjBUpYpwYL94WE8Q7YqKYJCaLKSJVTBXTxLtiupghZor3xCzxvpgt5oi5Yp5IEx+I+WKBSBcfioXiI5EhFonFYolYKpaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie3iY7FDfCJ2il1it/hU7BGfib3ic7FPfCH2iy9FpvhKHBBfi4PiG3FIfCsOi+/EEXFUHBPfi+PiB3FCnBSnxGlxRvwozoqfxDnhBUiUQkqpZCBjZDYZK7PLHPIqmVMGF5/da2WcvE7mltfLPDKvzCfzy3hZQBaUWhppJclQFpKFZVTeIIvIG2VReZMsJotLJ0vIBHmzLClvkaXkrbK0vE2WkbfLsrKcLC8ryDtkRXmnhMiFc1SRVWU1WV3eI5PgXllT3idryftlbfmArCMflHXlQ7KefFjWl4/IBvJR2VA+JhvJxrKJbCqbycdlc/mEbCFbylbySdlaPiXbyKdlonxGtpX+4kvkOdlBPi87yhdkJ9lZdpE/yXPSy26yu4QeIHvKl2Uv2Vv2kX1lP/mK7C9flQPkazJZDpSD5OtysHxDDpFvyqFymBwu35Ij5Eg5So6WY+RYmSLHyfHybTlBviMnyklyspwiU+VU2efiTDOl/If5b/9O/oCfz75BbpSb5Ga5RW6V2+R2+bHcIXfInXKn3C13yz1yj9wr98p9cp/cL/fLTJkpD8gD8qA8KA/JQ/KwPCyPyKPytPxeHpc/yBPypDwpT8sz8ow8e/E5AIVKKKmUClSMyqZiVXaVQ12lcqqrVS51jYqoa1Wcuk7lVterPCqvyqfyq3hVQBVUWhllFalQFVKFVVTdgBdfMKqYKq6cKqES1M3/Sr4qom5URdVNv8q/VF/SH9TXTDVTzVVz1UK1UK1UK9VatVZtVBuVqBJVW9VWtVPtVHvVXnVQHVRH1VF1Up1UF9VFdVVdVTfVTSWpJNVTvax6qd6qj+qr+qlXVH/VXw1QA1SySlaD1CA1WA1WQ9QQNVQNVcPVcDVCjVCj1Cg1Ro1RKSpFjVfj1QQ1QU1UE9VkNVmlqlQ1TU1T09V0NVPNVLPULDVbzVZz1VyVptLUfDVfpat0tVAtVBlqkVqklqglaplaplaoFWqVWqXWqDVqnVqnMtRGtVFtVpvVVrVVbVfb1Q61Q+1UO9VutVvtUXvUXrVX7VP71H61X2WqTHVAHVAH1UF1SB1Sh9VhdUQdUcfUMXVcHVcn1Al1Sp1SZ9QZdVadVefUufPLvkAEIlCBCmKCmCA2iA1yBDmCnEHOIFeQK4gEkSAuiAtyB9cHeYK8Qb4gfxAfFAgKBjowgQ3ExaZHgxuCIsGNQdHgpqBYUDxwQYkgIbg5KBncEpQKbg1KB7cFZYLbg7JBuaB8UCG4I6gY3BlUCu4KKgd3B1WCqkG1oHpwT1AjuDeoGdwX1AruD2oHDwR1ggeDusFDQb3g4aB+8EjQIHg0aBg8FjQKGgdNgqZBsz91fu9P5H3CddPddZLuoXvql3Uv3Vv30X11P/2K7q9f1QP0azpZD9SD9Ot6sH5DD9Fv6qF6mB6u39Ij9Eg9So/WY/RYnaLH6fH6bT1Bv6Mn6kl6sp6iU/VUPU2/q6frGXqmfk/P0u/r2XqOnqvn6TT9gZ6vF+h0/aFeqD/SGXqRXqyX6KV6mV6uV+iVepVerdfotXqdXq836I16k96st+itepverj/WO/QneqfepXfrT/Ue/Zneqz/X+/QXer/+Umfqr/QB/bU+qL/Rh/S3+rD+Th/RR/Ux/b0+rn/QJ/RJfUqf1mf0j/qs/kmf0/784v7817tRRpkYE2NiTazJYXKYnCanyWVymYiJmDgTZ3Kb3CaPyWPymXwm3sSbgqagOY8MmUKmkImaqCliipiipqgpZooZZ5xJMAmmpClpSplSprQpbcqYMqasKWvKm/LmDnOHudPcae4yd5m7zd2mqqlqqpvqpoapYWqamqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkmpgmpplpZpqb5qaFaWFamVamtWlt2pg2JtEkmramrWln2pn2pr3pYDqYjqaj6WQ6mS6mi+lquppupptJMkmmp+lpeplepo/pY/qZfqa/6W8GmAEm2SSbQWaQGWwGmyFmiBlqhpnh5xeqZqQZZUZ/O8aMNSkmxYw3480EM8FMNBPNZDPZpJpUM81MM9PNdDPTzDSzzCwz28w2c81ck2bSzHwz36SbdLPQLDQZJsMsNovNUrPULDfLzUqz0qw2q81aWGvWm/Vmo9loNpvNZqvZarab7WaH2WF2mp1mt9lt9pg9Zq/Za/aZfWa/2W8yTaY5YA6Yg+agOWQOmcPmsDlijphj5pg5bo6bE+aEOWVOmTMm78XvS29ibXabw15lc9qrbS57jf37OJ/Nb+NtAVvQapvH5v1VbKy1Re1Ntpgtbp0tYRPszb+Jy9pytrytYO+wFe2dttJv4hr2XlvT3mdr2fttdXvPr+La9gFbxz5q6yIC2Ma2vm1qG9hHbUP7mG1kG9smtqltbZ+ybezTNtE+Y9vaZ38Tz7cL7Eq7yq62a+xOu8uesqftQfuNPWN/tN1sd9vPvmL721ftAPuaTbYDfxMPt2/ZEXakHWVH2zF27G/iyXaKTbVT7TT7rp1uZ/wmTrMf2Fk23c62c+xcO+/n+HxN6fZDu9B+ZDNsAIvtErvULrPL7Yr/X+sSu86utxvsDvuJ3Wy32K12m91+aSFsd9nd9lO7x35mD9iv7T77hd1vD9lM+9XP8fnHd8h+aw/b7+wRe9Qes9/b4/YH9XPuyF4A9kf7vf3JnrPeAiEBSVIUUAxlo1jKTjnoKspJV1MuuoYidC3F0XWUm66nPJSX8lF+iqcCVJA0GbJEFFIhKkxRuoEulVeMipOjEpRAN1NJuoVK0a1Umm6jMnQ7laVyVJ4q0B1Uke6kSnQXVaa7qQpVpWpUne6hGnQv1aT7qBbdT7XpAapDD1Jdeojq0cNUnx6hBvQoNaTHqBE1pibUlJrR49ScnqAW1JJa0ZPUmp6iNvQ0JdIz1JaepXb0N2pPz1EHep460gvUiTpTF3qRutJL1I26UxL1oJ70MvWi3tSH+lI/eoX606s0gF6jZBpIg+h1Gkxv0BB6k4bSMBpOb9EIGkmjaDSNobGUQuNoPL1NE+gdmkiTaDJNoVSaStPoXZpOM2gmvUez6H2aTXNoLs2jNPqA5tMCSqcPaSF9RBm0iBbTElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDt9TDvoE9pJu2g3fUp76DPaS5/TPvqC9tOXlElf0QH6mg7SN3SIvvXd6Ts6QkfpGH1Px+kHOkEn6RSdpjP0I52ln+gceYIQQxHKUIVBGBNmC2PD7GGO8KowZ3h1mCu8JoyE14Zx4XVh7vD6ME+YN8wX5g/jwwJhwVCHJrQhhWFYKCwcRsMbwiLhjWHREMNiYfHQhSXChPDmsGR4S1gqvDUsHd4WlglvD8uG5cJH768Q3hFWDO8MK4V3hZXDu8MqYdWwWlg9vCesEd4b1gzvC2uF94elwgfCOuGDYd3wobBe+HBYP3wkbBA+GjYMHwsbhY3DJmHTsFn4eNg8fCJsEbYMW4VPhq3Dp8I24dNhYvhM2DZ89uf9Dyz44/1JYY+wZ/hy+HLo/X1ybnReNC36QXR+dEE0PfphdGH0o2hGdFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10fXRD1Pvq2cChE0465QIX47K5WJfd5XBXuZzuapfLXeMi7loX565zud31Lo/L6/K5/C7eFXAFnXbGWUcudIVcYRd1N7gi7kZX1N3kirnizrkSLsE1dc1cM9fcPeFauJaulXvSPemeck+5p93T7hnX1j3r2rm/ufbuOdfBPe+edy+4Tq6z6+JedF3duFwX3pNJrqfr6Xq5Xq6P6+P6uX6uv+vvBrgBLtklu0FukBvsBrshbogb6oa64W64G+FGuFFulBvjxrgUl+LGu/FugpvgJrqJbrKb7FJdqpvmprnpbrqrOOPCWWa72W6um+vSXJqb786vGdPdQrfQZbgMt9gtdkvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt9Nfc2FSt8ftdXvdPrfP7Xdfukz3lTvgvnYH3TfukPvWHXbfuSPuqDvmvnfH3Q/uhDvpTrnT7oz70Z11P7lzzruUyLjI+MjbkQmRdyITI5MikyNTIqmRqZFpkXcj0yMzIjMj70VmRd6PzI7MicyNzIukRT6IzI8siKRHPowsjHwUyYgsiiyOLIksjSyLeF9gc+gL+cI+6m/wRfyNvqi/yRfzxb3zJXyCv9mX9Lf4Uv5WX9rf5sv4231ZX86X94/5Rr6xb+Kb+mb+cd/cP+Fb+Ja+lX/St/ZP+Tb+aZ/on/Ft/bO+nf+bb++f8x38876jf8F38p19F/+i7+pf8t18d5/ke/ie/mXfy/f2fXxf38+/4vv7V/0A/5pP9gP9IP+6H+zf8EP8m36oH+aHx7zlR1y6RIaxPsWP8+P9236Cf8dP9JP8ZD/Fp/qpfpp/10/3M/xM/56f5d/3s/0cP9fP82n+Az/fL/Dp/kO/0H/kM/yiSzeV/XK/wq/0q/xqv8av9ev8er/Bb/Sb/Ga/xW/12/x2/7Hf4T/xO/0uv9t/6vf4z/xe/7nf57/w+/2XPtN/5Q/4r/1B/40/5L/1h/13/og/6o/57/1x/4M/4U/6U/60P+N/9Gf9T/4c/581xhhjjLF/yrjLQ/HrPRdu5/f4nRzxi4N7AsDVW/Jn/nL/+RXl2jwXxr1FfOsIADzTvePDl7YqVZKSki4emyEhKDwH4NLfBJ0XA5fjRdAKnoJEaAklf7f+3qLzGfoH80dvA8jxi5xYuBxfnv9zAEz6nfkff3L4/DLhqbj/Yf45AEULX87JDpfjRdDq5/srLaHUH9Sft/kv64/97fzZv0gBaPGLnJxwOb5cfwI8Ac9C4q+OZIwxxhhjjDHGLugtyre/dP156V98/t71eby6nJMNLsf/6PqcMcYYY4wxxhhjV95znbs8/XhiYsv2//qg0v8q658eNIT/q5l58LsD7wEu/UQBwL85IcD5gfxPPopN/5FzJV986/z9rqWnfQD/Ha38MwZX+IOJMcYYY4wx9qe7vOj/9c/VlSqIMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLgv4Tv07sSj9GxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Er7fwEAAP//nXwDKg==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) 3.256754547s ago: executing program 3 (id=1541): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, 0x0) 2.127415459s ago: executing program 3 (id=1553): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {0x0, 0x0, 0x0, 0x2, 0x2}}, 0x48) 1.882178994s ago: executing program 32 (id=1553): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {0x0, 0x0, 0x0, 0x2, 0x2}}, 0x48) 1.451512982s ago: executing program 1 (id=1561): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001e0001002bbd7000000000000200000001000007000000000c000a4000000000000001ff080001"], 0x30}}, 0x4000000) 1.304363335s ago: executing program 0 (id=1562): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000640)=@ethtool_perm_addr={0x4b, 0x41, "4b721b782a17a7b6a00d963e3f7fdafd95073830fb8cfb34eb7cbd173ef6f04cba5a1e6a6f0ef6c61346d54f61bd850519514421d1f3050000f99b355dcb6ab9ed"}}) 1.299071935s ago: executing program 2 (id=1563): r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r0, 0x107, 0xa, 0x0, &(0x7f0000000000)) 1.05044115s ago: executing program 2 (id=1564): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000540)=[{{&(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4, 0x4, 0x3, 0x3}]}}}], 0x18}}], 0x1, 0x0) 1.03104793s ago: executing program 1 (id=1565): r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x0, 0x3a, '$', 0x3a, '!-$M--', 0x3a, './file0', 0x3a, [0x4f, 0x4f, 0x50, 0x50, 0x43, 0x43]}, 0x34) 1.002802841s ago: executing program 0 (id=1566): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000000)) 818.477615ms ago: executing program 2 (id=1567): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x38e, 0x20800) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x200000c96bd) 779.555695ms ago: executing program 0 (id=1568): r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x34325241, 0x3, [0x2], [0x480ffff], [], [0x400000000000000]}) 737.781096ms ago: executing program 1 (id=1569): r0 = syz_open_dev$sndpcmp(&(0x7f0000002440), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS64(r0, 0xc0984124, 0x0) 611.580538ms ago: executing program 0 (id=1570): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000400000100c280000700030004"], 0x48}}, 0x0) 466.420031ms ago: executing program 2 (id=1571): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f0000000040)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}) 438.717782ms ago: executing program 1 (id=1572): r0 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000002940)={&(0x7f0000001400)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000980)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x6}}, @ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x0, 0x4, "ef61"}]}}}, @ip_retopts={{0x10}}], 0x40}, 0x0) 267.863145ms ago: executing program 1 (id=1573): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0xffff, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f0000000080)={0x1, 0x0, {0x2130b322, 0x4, 0x20005, 0xc69}}) 207.163946ms ago: executing program 2 (id=1574): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x100}}, 0x0) 186.132957ms ago: executing program 0 (id=1575): r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r0, r0}, &(0x7f00000000c0)=""/22, 0x16, &(0x7f00000001c0)={&(0x7f0000000140)={'crct10dif\x00'}}) 29.23596ms ago: executing program 1 (id=1576): r0 = socket$inet(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @private}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000007000000890704"], 0x18}, 0x0) 13.46525ms ago: executing program 0 (id=1577): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x25dfdbfe, {{@in=@broadcast, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x2, 0x0, 0x0, 0x0, 0xff}, {@in6=@private2, 0x4d6, 0x6c}, @in=@private=0x8010101, {0x0, 0x192, 0x9ba3, 0x2, 0x251c, 0x3, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3502, 0xa, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x800}, 0x0) 0s ago: executing program 2 (id=1578): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x9, 0xc, 0x32314152, 0x2, 0x6, 0x6, 0x5, 0xa6e, 0x0, 0x2, 0x2, 0x5}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.240' (ED25519) to the list of known hosts. syzkaller login: [ 81.675295][ T5774] cgroup: Unknown subsys name 'net' [ 81.813651][ T5774] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.696716][ T5774] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.447191][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.456865][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.465183][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.474214][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.482739][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.492112][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.500324][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.508652][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.542602][ T5797] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.554160][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.559244][ T5800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.573300][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.577615][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.582497][ T5797] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.587787][ T5802] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.594813][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.603087][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.610400][ T5797] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.617899][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.623287][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.631243][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.637470][ T5797] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.647413][ T5802] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.659684][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.230537][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 86.301945][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 86.321260][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 86.397623][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 86.474925][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.482418][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.490430][ T5785] bridge_slave_0: entered allmulticast mode [ 86.498444][ T5785] bridge_slave_0: entered promiscuous mode [ 86.541151][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.549454][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.557185][ T5785] bridge_slave_1: entered allmulticast mode [ 86.564755][ T5785] bridge_slave_1: entered promiscuous mode [ 86.652357][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.659866][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.668539][ T5790] bridge_slave_0: entered allmulticast mode [ 86.676134][ T5790] bridge_slave_0: entered promiscuous mode [ 86.685226][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.692510][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.701928][ T5790] bridge_slave_1: entered allmulticast mode [ 86.709841][ T5790] bridge_slave_1: entered promiscuous mode [ 86.717739][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.725138][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.732741][ T5784] bridge_slave_0: entered allmulticast mode [ 86.740290][ T5784] bridge_slave_0: entered promiscuous mode [ 86.751074][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.789407][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.797115][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.805905][ T5784] bridge_slave_1: entered allmulticast mode [ 86.813439][ T5784] bridge_slave_1: entered promiscuous mode [ 86.822540][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.914857][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.922939][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.931353][ T5787] bridge_slave_0: entered allmulticast mode [ 86.938969][ T5787] bridge_slave_0: entered promiscuous mode [ 86.951674][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.980466][ T5785] team0: Port device team_slave_0 added [ 86.987880][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.996458][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.006579][ T5787] bridge_slave_1: entered allmulticast mode [ 87.014813][ T5787] bridge_slave_1: entered promiscuous mode [ 87.026520][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.038912][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.052075][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.064321][ T5785] team0: Port device team_slave_1 added [ 87.159293][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.167211][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.193552][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.226136][ T5790] team0: Port device team_slave_0 added [ 87.237834][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.251718][ T5784] team0: Port device team_slave_0 added [ 87.261525][ T5784] team0: Port device team_slave_1 added [ 87.269473][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.277060][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.303968][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.325798][ T5790] team0: Port device team_slave_1 added [ 87.336696][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.386971][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.394604][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.424423][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.464814][ T5787] team0: Port device team_slave_0 added [ 87.471782][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.479014][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.507055][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.590087][ T5787] team0: Port device team_slave_1 added [ 87.618213][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.626222][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.653575][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.666945][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.674348][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.700881][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.724251][ T5785] hsr_slave_0: entered promiscuous mode [ 87.731353][ T5785] hsr_slave_1: entered promiscuous mode [ 87.739624][ T5789] Bluetooth: hci3: command tx timeout [ 87.745650][ T5802] Bluetooth: hci2: command tx timeout [ 87.746133][ T5102] Bluetooth: hci0: command tx timeout [ 87.752611][ T5797] Bluetooth: hci1: command tx timeout [ 87.837514][ T5784] hsr_slave_0: entered promiscuous mode [ 87.845211][ T5784] hsr_slave_1: entered promiscuous mode [ 87.851826][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.862566][ T5784] Cannot create hsr debugfs directory [ 87.926256][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.934533][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.962652][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.983262][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.990379][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.018927][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.054094][ T5790] hsr_slave_0: entered promiscuous mode [ 88.060958][ T5790] hsr_slave_1: entered promiscuous mode [ 88.068271][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.081324][ T5790] Cannot create hsr debugfs directory [ 88.209147][ T5787] hsr_slave_0: entered promiscuous mode [ 88.218099][ T5787] hsr_slave_1: entered promiscuous mode [ 88.225440][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.233409][ T5787] Cannot create hsr debugfs directory [ 88.637358][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.651660][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.663853][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.676389][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.777455][ T5784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.789068][ T5784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.801062][ T5784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.814947][ T5784] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.918384][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.948333][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.959137][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.970907][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.068078][ T5787] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.081977][ T5787] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.103905][ T5787] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.114873][ T5787] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.206629][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.247398][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.287783][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.320026][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.330401][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.338067][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.357229][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.389973][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.397435][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.419096][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.426406][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.457489][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.464913][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.521278][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.578284][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.585638][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.600503][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.621098][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.628352][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.700373][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.774968][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.782196][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.799486][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.806893][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.821031][ T5797] Bluetooth: hci1: command tx timeout [ 89.821044][ T5102] Bluetooth: hci2: command tx timeout [ 89.826951][ T5797] Bluetooth: hci0: command tx timeout [ 89.826988][ T5797] Bluetooth: hci3: command tx timeout [ 90.214847][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.270849][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.338266][ T5785] veth0_vlan: entered promiscuous mode [ 90.386726][ T5785] veth1_vlan: entered promiscuous mode [ 90.458246][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.471104][ T5784] veth0_vlan: entered promiscuous mode [ 90.496277][ T5785] veth0_macvtap: entered promiscuous mode [ 90.510588][ T5784] veth1_vlan: entered promiscuous mode [ 90.526657][ T5785] veth1_macvtap: entered promiscuous mode [ 90.591720][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.612201][ T5784] veth0_macvtap: entered promiscuous mode [ 90.626439][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.646761][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.678667][ T5784] veth1_macvtap: entered promiscuous mode [ 90.696928][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.709258][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.718549][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.727904][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.751773][ T5790] veth0_vlan: entered promiscuous mode [ 90.786585][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.798597][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.812464][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.840659][ T5790] veth1_vlan: entered promiscuous mode [ 90.849718][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.862050][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.876344][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.890941][ T5784] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.901090][ T5784] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.911155][ T5784] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.921384][ T5784] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.018866][ T5787] veth0_vlan: entered promiscuous mode [ 91.068338][ T5787] veth1_vlan: entered promiscuous mode [ 91.076203][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.092780][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.165319][ T5790] veth0_macvtap: entered promiscuous mode [ 91.200403][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.208527][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.208579][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.220232][ T5790] veth1_macvtap: entered promiscuous mode [ 91.238085][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.297686][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.307524][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.326318][ T5787] veth0_macvtap: entered promiscuous mode [ 91.357374][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.371172][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.381643][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.393437][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.406342][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.421916][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.434055][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.445532][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.456316][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.469447][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.493847][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.503216][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.511992][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.522051][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.542143][ T5787] veth1_macvtap: entered promiscuous mode [ 91.670386][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.703206][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.723090][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.748862][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.774984][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.796116][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.825067][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.857344][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.879206][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.890723][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.903879][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.909197][ T5102] Bluetooth: hci3: command tx timeout [ 91.914070][ T5789] Bluetooth: hci0: command tx timeout [ 91.920097][ T5102] Bluetooth: hci1: command tx timeout [ 91.925297][ T5797] Bluetooth: hci2: command tx timeout [ 91.937077][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.947860][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.960322][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.018530][ T5879] netlink: 'syz.2.6': attribute type 3 has an invalid length. [ 92.049752][ T5787] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.076407][ T5787] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.096214][ T5787] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.124905][ T5787] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.207147][ T5881] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 92.234050][ T5881] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 92.368721][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.393784][ T5881] syz.1.7 (5881) used greatest stack depth: 20296 bytes left [ 92.401538][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.484357][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.501780][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.596860][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.626141][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.680792][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.732080][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.555599][ T5917] netlink: 52 bytes leftover after parsing attributes in process `syz.1.21'. [ 93.973645][ T5789] Bluetooth: hci1: command tx timeout [ 93.979333][ T5789] Bluetooth: hci3: command tx timeout [ 93.985157][ T5802] Bluetooth: hci0: command tx timeout [ 93.990660][ T5802] Bluetooth: hci2: command tx timeout [ 94.163742][ T5938] syz.3.30[5938]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 94.252020][ T5938] loop3: detected capacity change from 0 to 2048 [ 94.340914][ T5938] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 94.372501][ T5938] UDF-fs: Scanning with blocksize 512 failed [ 94.415382][ T5938] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 94.419628][ T5946] loop1: detected capacity change from 0 to 256 [ 94.591411][ T5946] FAT-fs (loop1): Directory bread(block 64) failed [ 94.633204][ T5946] FAT-fs (loop1): Directory bread(block 65) failed [ 94.640069][ T5946] FAT-fs (loop1): Directory bread(block 66) failed [ 94.681368][ T5946] FAT-fs (loop1): Directory bread(block 67) failed [ 94.701502][ T5946] FAT-fs (loop1): Directory bread(block 68) failed [ 94.709193][ T5946] FAT-fs (loop1): Directory bread(block 69) failed [ 94.718296][ T5946] FAT-fs (loop1): Directory bread(block 70) failed [ 94.726058][ T5946] FAT-fs (loop1): Directory bread(block 71) failed [ 94.732761][ T5946] FAT-fs (loop1): Directory bread(block 72) failed [ 94.741448][ T5946] FAT-fs (loop1): Directory bread(block 73) failed [ 95.377316][ T5968] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.583865][ T9] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 95.790805][ T9] usb 4-1: config index 0 descriptor too short (expected 1307, got 27) [ 95.814118][ T9] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 95.822469][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 95.850430][ T9] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 95.891344][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 95.928035][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 95.967261][ T9] usb 4-1: string descriptor 0 read error: -22 [ 95.983199][ T9] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 95.992418][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.065786][ T9] usb 4-1: config 0 descriptor?? [ 96.084943][ T5962] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 96.102430][ T9] hub 4-1:0.0: bad descriptor, ignoring hub [ 96.125257][ T9] hub: probe of 4-1:0.0 failed with error -5 [ 96.150826][ T5989] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 96.159872][ T9] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5 [ 96.250417][ C0] usb_acecad 4-1:0.0: can't resubmit intr, dummy_hcd.3-1/input0, status -1 [ 96.601166][ T5830] usb 4-1: USB disconnect, device number 2 [ 96.749115][ T5974] loop2: detected capacity change from 0 to 40427 [ 96.828058][ T5974] F2FS-fs (loop2): invalid crc value [ 96.859332][ T5974] F2FS-fs (loop2): Found nat_bits in checkpoint [ 96.993389][ T5974] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 97.261753][ T6011] loop1: detected capacity change from 0 to 256 [ 97.582112][ T6015] loop3: detected capacity change from 0 to 4096 [ 97.652589][ T6015] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 97.750750][ T23] cfg80211: failed to load regulatory.db [ 97.821657][ T6015] ntfs3: loop3: Failed to initialize $Secure (-22). [ 98.584026][ T5776] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 98.815683][ T5776] usb 1-1: Using ep0 maxpacket: 8 [ 98.830170][ T5776] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 98.845460][ T5776] usb 1-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 98.855132][ T5776] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.873092][ T5776] usb 1-1: Product: syz [ 98.883433][ T5776] usb 1-1: Manufacturer: syz [ 98.894738][ T5776] usb 1-1: SerialNumber: syz [ 98.917102][ T5776] usb 1-1: config 0 descriptor?? [ 98.942209][ T5776] cdc_phonet 1-1:0.0: skipping garbage [ 98.958790][ T5776] cdc_phonet 1-1:0.0: invalid descriptor buffer length [ 98.975354][ T5776] cdc_phonet: probe of 1-1:0.0 failed with error -22 [ 99.183696][ T5776] usb 1-1: USB disconnect, device number 2 [ 100.374127][ T6076] proc: Unknown parameter 'tmpfs' [ 100.469841][ T6080] netlink: 'syz.1.99': attribute type 2 has an invalid length. [ 100.699785][ T6087] ax25_connect(): syz.2.101 uses autobind, please contact jreuter@yaina.de [ 100.874653][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 101.058126][ T6096] loop0: detected capacity change from 0 to 512 [ 101.064884][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 101.082744][ T23] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 101.112936][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.154400][ T23] usb 4-1: config 0 descriptor?? [ 101.185954][ T23] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 101.494993][ T6108] netlink: 16 bytes leftover after parsing attributes in process `syz.2.113'. [ 101.607383][ T23] gspca_vc032x: reg_w err -71 [ 101.616287][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.621711][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.657939][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.673260][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.685378][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.701507][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.723036][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.728409][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.753229][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.764031][ T6115] loop2: detected capacity change from 0 to 1764 [ 101.773108][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.778500][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.808622][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.832361][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.848698][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.873144][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.889050][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.906273][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.923406][ T23] gspca_vc032x: I2c Bus Busy Wait 00 [ 101.932065][ T23] gspca_vc032x: Unknown sensor... [ 101.942258][ T23] vc032x: probe of 4-1:0.0 failed with error -22 [ 101.986019][ T23] usb 4-1: USB disconnect, device number 3 [ 102.110745][ T6122] loop2: detected capacity change from 0 to 512 [ 102.130937][ T6122] ======================================================= [ 102.130937][ T6122] WARNING: The mand mount option has been deprecated and [ 102.130937][ T6122] and is ignored by this kernel. Remove the mand [ 102.130937][ T6122] option from the mount to silence this warning. [ 102.130937][ T6122] ======================================================= [ 102.265059][ T6122] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 102.355776][ T6122] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.464014][ T6122] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.841286][ T6116] loop1: detected capacity change from 0 to 32768 [ 102.903789][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.977155][ T6116] [ 102.977155][ T6116] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.977155][ T6116] [ 103.047705][ T6141] 9pnet_virtio: no channels available for device syz [ 103.110209][ T5785] [ 103.110209][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.110209][ T5785] [ 103.137847][ T5785] [ 103.137847][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.137847][ T5785] [ 104.432816][ T6154] loop1: detected capacity change from 0 to 32768 [ 104.463843][ T6154] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.132 (6154) [ 104.560150][ T6154] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 104.588080][ T6154] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 104.608008][ T6181] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 104.623184][ T6154] BTRFS info (device loop1): using free space tree [ 104.737128][ T6195] i2c i2c-0: Invalid block write size 252 [ 104.871204][ T6154] BTRFS info (device loop1): enabling ssd optimizations [ 104.894305][ T6154] BTRFS info (device loop1): auto enabling async discard [ 105.216466][ T6211] ieee802154 phy0 wpan0: encryption failed: -22 [ 105.247290][ T5785] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 106.082243][ T6239] netlink: 'syz.3.166': attribute type 1 has an invalid length. [ 106.194290][ T6241] loop1: detected capacity change from 0 to 512 [ 106.254797][ T6241] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -13 [ 106.285950][ T5830] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 106.287227][ T6247] tmpfs: Bad value for 'mpol' [ 106.338954][ T6241] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #13: comm syz.1.167: iget: bad i_size value: 12154757448730 [ 106.389331][ T6241] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.167: couldn't read orphan inode 13 (err -117) [ 106.420497][ T6241] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.491760][ T6241] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 106.522282][ T5830] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 106.555485][ T5830] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.578661][ T5830] usb 3-1: Product: syz [ 106.594529][ T5830] usb 3-1: Manufacturer: syz [ 106.599223][ T5830] usb 3-1: SerialNumber: syz [ 106.620649][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.645855][ T5830] r8152-cfgselector 3-1: config 0 descriptor?? [ 107.129182][ T5830] r8152-cfgselector 3-1: Unknown version 0x0000 [ 107.155603][ T5830] r8152-cfgselector 3-1: USB disconnect, device number 2 [ 107.647553][ T6286] netlink: 4 bytes leftover after parsing attributes in process `syz.3.186'. [ 107.657389][ T6286] netlink: zone id is out of range [ 107.662564][ T6286] netlink: del zone limit has 4 unknown bytes [ 107.869653][ T6294] loop2: detected capacity change from 0 to 512 [ 107.928673][ T6294] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 107.964867][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.3.193'. [ 107.974127][ T6299] netlink: 56 bytes leftover after parsing attributes in process `syz.3.193'. [ 108.019833][ T6294] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 108.060048][ T6294] System zones: 0-1, 15-15, 18-18, 34-34 [ 108.072866][ T6294] EXT4-fs (loop2): orphan cleanup on readonly fs [ 108.091086][ T6294] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 108.102537][ T6294] EXT4-fs warning (device loop2): ext4_enable_quotas:7175: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 108.120602][ T6294] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 108.131213][ T6294] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.190: bg 0: block 40: padding at end of block bitmap is not set [ 108.151811][ T6294] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 108.177832][ T6303] netlink: 'syz.3.195': attribute type 1 has an invalid length. [ 108.185585][ T6294] EXT4-fs (loop2): 1 truncate cleaned up [ 108.187149][ T6294] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 108.210262][ T6303] netlink: 224 bytes leftover after parsing attributes in process `syz.3.195'. [ 108.262494][ T6294] EXT4-fs error (device loop2): ext4_encrypted_get_link:46: inode #16: comm syz.2.190: bad symlink. [ 108.400494][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.472763][ T6307] IPv6: NLM_F_CREATE should be specified when creating new route [ 108.627037][ T6312] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 108.765698][ T6289] loop0: detected capacity change from 0 to 32768 [ 108.823317][ T6289] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.189 (6289) [ 108.862398][ T6289] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 108.878007][ T6289] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 108.897127][ T6289] BTRFS info (device loop0): using free space tree [ 108.953412][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 109.002676][ T6289] BTRFS info (device loop0): enabling ssd optimizations [ 109.013420][ T6289] BTRFS info (device loop0): auto enabling async discard [ 109.022259][ T6336] process 'syz.3.204' launched './file1' with NULL argv: empty string added [ 109.146294][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 109.169543][ T9] usb 2-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 109.199413][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.229148][ T9] usb 2-1: Product: syz [ 109.237437][ T6341] random: crng reseeded on system resumption [ 109.243729][ T9] usb 2-1: Manufacturer: syz [ 109.243916][ T9] usb 2-1: SerialNumber: syz [ 109.263308][ T9] usb 2-1: config 0 descriptor?? [ 109.305417][ T9] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 109.407814][ T5790] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 109.439993][ T6346] netlink: 'syz.2.208': attribute type 1 has an invalid length. [ 109.726818][ T9] gspca_sonixj: reg_r err -71 [ 109.750796][ T9] sonixj: probe of 2-1:0.0 failed with error -71 [ 109.775628][ T9] usb 2-1: USB disconnect, device number 2 [ 109.999201][ T6354] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.211'. [ 110.666226][ T6376] SET target dimension over the limit! [ 110.670853][ T6372] loop0: detected capacity change from 0 to 2048 [ 110.821236][ T6381] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 111.076373][ T6381] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 111.106405][ T6381] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 111.153182][ T6381] Remounting filesystem read-only [ 111.167933][ T1086] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 111.190639][ T1086] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 111.210331][ T1086] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.234311][ T1086] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.263925][ T1086] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.278568][ T1086] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 111.286199][ T1086] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 111.293930][ T1086] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.309380][ T1086] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.349351][ T1086] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.375740][ T5790] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 111.415017][ T5790] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 111.421967][ T5790] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 111.449713][ T6399] netlink: 'syz.2.235': attribute type 7 has an invalid length. [ 111.457793][ T5790] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 111.470992][ T6399] netlink: 'syz.2.235': attribute type 8 has an invalid length. [ 111.479108][ T5790] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 111.499692][ T5790] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 111.526307][ T5790] NILFS (loop0): discard dirty page: offset=0, ino=5 [ 111.564979][ T5790] NILFS (loop0): discard dirty block: blocknr=41, size=1024 [ 111.572537][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.616765][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.643923][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.650910][ T6403] loop3: detected capacity change from 0 to 256 [ 111.676921][ T5790] NILFS (loop0): discard dirty page: offset=0, ino=4 [ 111.681942][ T6403] exfat: Deprecated parameter 'namecase' [ 111.697030][ T5790] NILFS (loop0): discard dirty block: blocknr=40, size=1024 [ 111.711743][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.723086][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.737019][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.748209][ T5790] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 111.756237][ T5790] NILFS (loop0): discard dirty block: blocknr=42, size=1024 [ 111.765590][ T5790] NILFS (loop0): discard dirty block: blocknr=43, size=1024 [ 111.821729][ T5790] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 111.842100][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.860076][ T6403] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 111.886786][ T5790] NILFS (loop0): discard dirty page: offset=196608, ino=3 [ 111.903343][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.946978][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 111.965350][ T5790] NILFS (loop0): discard dirty block: blocknr=49, size=1024 [ 111.974182][ T5790] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 112.352577][ T6424] netlink: 20 bytes leftover after parsing attributes in process `syz.1.247'. [ 113.347681][ T6462] loop3: detected capacity change from 0 to 512 [ 113.384079][ T6462] EXT4-fs: Ignoring removed mblk_io_submit option [ 113.406251][ T6464] netlink: 'syz.2.266': attribute type 10 has an invalid length. [ 113.421909][ T6462] EXT4-fs (loop3): orphan cleanup on readonly fs [ 113.453240][ T6462] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 113.526850][ T6462] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.265: attempt to clear invalid blocks 2 len 1 [ 113.564036][ T6464] team0: Cannot enslave team device to itself [ 113.606800][ T6462] EXT4-fs (loop3): Remounting filesystem read-only [ 113.626972][ T6462] EXT4-fs (loop3): 1 truncate cleaned up [ 113.664446][ T6462] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 113.886089][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.082878][ T6481] loop3: detected capacity change from 0 to 256 [ 114.164347][ T6481] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 114.353592][ T6489] loop1: detected capacity change from 0 to 1024 [ 114.371895][ T6491] netlink: 176 bytes leftover after parsing attributes in process `syz.2.279'. [ 114.780155][ T6501] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 115.457472][ T6529] xt_hashlimit: size too large, truncated to 1048576 [ 115.491771][ T6529] xt_hashlimit: max too large, truncated to 1048576 [ 116.198251][ T6559] netlink: 'syz.3.314': attribute type 12 has an invalid length. [ 116.552469][ T6575] loop1: detected capacity change from 0 to 64 [ 116.723174][ T5830] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 116.930044][ T5830] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 116.954184][ T5830] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.970624][ T5830] usb 4-1: Product: syz [ 116.975609][ T5830] usb 4-1: Manufacturer: syz [ 116.987988][ T5830] usb 4-1: SerialNumber: syz [ 117.008158][ T5830] usb 4-1: config 0 descriptor?? [ 117.023206][ T5830] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 004 [ 117.450664][ T5830] (null): failure reading functionality [ 117.465755][ T5830] i2c i2c-1: failure reading functionality [ 117.514777][ T5830] i2c i2c-1: connected i2c-tiny-usb device [ 117.576896][ T5830] usb 4-1: USB disconnect, device number 4 [ 117.872293][ T6591] loop2: detected capacity change from 0 to 164 [ 117.922618][ T6591] Unsupported NM flag settings (8) [ 118.104029][ T6597] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled [ 118.994551][ T6628] loop3: detected capacity change from 0 to 4096 [ 119.026730][ T6628] ntfs: (device loop3): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 119.099671][ T6628] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 119.119551][ T6628] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 119.156508][ T6628] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 119.193623][ T6628] ntfs: volume version 3.1. [ 119.205988][ T6628] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 119.253277][ T6628] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 119.279337][ T6628] ntfs: (device loop3): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 119.324721][ T6628] ntfs: (device loop3): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is missing. [ 119.358635][ T6628] ntfs: (device loop3): ntfs_read_locked_index_inode(): Failed with error code -2 while reading index inode (mft_no 0x0, name_len 2. [ 119.401229][ T6628] ntfs: (device loop3): load_and_init_quota(): Failed to load $Quota/$Q index. [ 119.753751][ T6653] "syz.0.361" (6653) uses obsolete ecb(arc4) skcipher [ 120.175469][ T6673] loop1: detected capacity change from 0 to 256 [ 120.206792][ T6673] exFAT-fs (loop1): error, The cluster chain has a loop [ 120.220120][ T6674] netlink: 64 bytes leftover after parsing attributes in process `syz.0.370'. [ 120.233094][ T6673] exFAT-fs (loop1): failed to count the number of clusters in root [ 120.242012][ T6673] exFAT-fs (loop1): failed to recognize exfat type [ 120.253708][ T6674] netlink: 64 bytes leftover after parsing attributes in process `syz.0.370'. [ 120.373283][ T55] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 120.577527][ T55] usb 3-1: config 0 has an invalid interface number: 199 but max is 1 [ 120.603836][ T55] usb 3-1: config 0 has no interface number 1 [ 120.620547][ T55] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 120.652805][ T55] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 120.686312][ T55] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 120.701022][ T55] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 120.729816][ T55] usb 3-1: SerialNumber: syz [ 120.752694][ T55] usb 3-1: config 0 descriptor?? [ 120.782762][ T55] usb 3-1: Found UVC 0.00 device (0002:0000) [ 120.790644][ T55] usb 3-1: No valid video chain found. [ 121.041459][ T55] usb 3-1: USB disconnect, device number 3 [ 121.761553][ T6727] capability: warning: `syz.0.397' uses deprecated v2 capabilities in a way that may be insecure [ 122.441283][ T6753] Driver unsupported XDP return value 0 on prog (id 22) dev N/A, expect packet loss! [ 123.000262][ T6777] netlink: 224 bytes leftover after parsing attributes in process `syz.3.419'. [ 123.147239][ T6783] loop2: detected capacity change from 0 to 1024 [ 123.377917][ T59] hfsplus: b-tree write err: -5, ino 4 [ 123.525518][ T6791] nvme_fabrics: missing parameter 'transport=%s' [ 123.543836][ T6791] nvme_fabrics: missing parameter 'nqn=%s' [ 123.701908][ T6801] loop1: detected capacity change from 0 to 128 [ 123.757964][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 123.769692][ T6801] FAT-fs (loop1): Filesystem has been set read-only [ 123.781854][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 123.796735][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 123.834936][ T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 123.839525][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 123.866743][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 123.882466][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 123.898057][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 123.916402][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 123.932933][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 123.952745][ T6801] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 54) [ 124.055822][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 124.093236][ T8] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 124.101413][ T8] usb 1-1: config 0 has no interface number 0 [ 124.138475][ T8] usb 1-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 124.181134][ T8] usb 1-1: config 0 interface 89 has no altsetting 0 [ 124.193314][ T8] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 124.202836][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 124.214543][ T8] usb 1-1: Product: syz [ 124.218961][ T8] usb 1-1: Manufacturer: syz [ 124.224334][ T8] usb 1-1: SerialNumber: syz [ 124.242088][ T8] usb 1-1: config 0 descriptor?? [ 124.261981][ T8] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 124.291580][ T8] em28xx 1-1:0.89: Video interface 89 found: [ 124.454152][ T6798] loop2: detected capacity change from 0 to 32768 [ 124.599581][ T6798] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 124.784374][ T8] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 124.896883][ T8] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 124.958513][ T8] em28xx 1-1:0.89: board has no eeprom [ 124.966147][ T6798] XFS (loop2): Ending clean mount [ 125.033640][ T6798] XFS (loop2): Quotacheck needed: Please wait. [ 125.088558][ T8] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 125.112257][ T8] em28xx 1-1:0.89: analog set to bulk mode. [ 125.165508][ T5871] em28xx 1-1:0.89: Registering V4L2 extension [ 125.184950][ T8] usb 1-1: USB disconnect, device number 3 [ 125.205173][ T8] em28xx 1-1:0.89: Disconnecting em28xx [ 125.222100][ T6798] XFS (loop2): Quotacheck: Done. [ 125.367004][ T5871] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 125.403091][ T5871] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 125.414580][ T5784] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 125.439605][ T5871] em28xx 1-1:0.89: No AC97 audio processor [ 125.532096][ T5871] usb 1-1: Decoder not found [ 125.573240][ T5871] em28xx 1-1:0.89: failed to create media graph [ 125.593150][ T5871] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 125.674120][ T5871] em28xx 1-1:0.89: Registering snapshot button... [ 125.698129][ T5871] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input7 [ 125.727406][ T5871] em28xx 1-1:0.89: Remote control support is not available for this card. [ 125.748459][ T8] em28xx 1-1:0.89: Closing input extension [ 125.764296][ T8] em28xx 1-1:0.89: Deregistering snapshot button [ 125.803088][ T5830] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 125.896817][ T8] em28xx 1-1:0.89: Freeing device [ 126.016150][ T5830] usb 2-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=5e.ad [ 126.053519][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.109674][ T5830] usb 2-1: config 0 descriptor?? [ 126.188026][ T6866] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 126.351401][ T6873] tmpfs: Bad value for 'mpol' [ 126.404862][ T5830] snd-usb-hiface: probe of 2-1:0.0 failed with error -22 [ 126.640850][ T5776] usb 2-1: USB disconnect, device number 3 [ 126.829088][ T6889] overlayfs: missing 'lowerdir' [ 127.009886][ T6897] netlink: 'syz.3.471': attribute type 21 has an invalid length. [ 127.018331][ T6897] netlink: 4 bytes leftover after parsing attributes in process `syz.3.471'. [ 127.384890][ T6913] loop0: detected capacity change from 0 to 1024 [ 127.394123][ T6913] EXT4-fs: inline encryption not supported [ 127.400015][ T6913] EXT4-fs: Ignoring removed i_version option [ 127.455905][ T6913] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 127.562475][ T6919] netlink: 32 bytes leftover after parsing attributes in process `syz.2.482'. [ 127.583955][ T6913] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm syz.0.479: lblock 2 mapped to illegal pblock 2 (length 1) [ 127.649154][ T6913] __quota_error: 3 callbacks suppressed [ 127.649172][ T6913] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 127.733440][ T6913] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 48: comm syz.0.479: lblock 0 mapped to illegal pblock 48 (length 1) [ 127.776958][ T6913] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 127.792745][ T6913] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.479: Failed to acquire dquot type 0 [ 127.811889][ T6929] loop3: detected capacity change from 0 to 128 [ 127.832903][ T6913] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 127.857959][ T6913] EXT4-fs error (device loop0): ext4_evict_inode:252: inode #11: comm syz.0.479: mark_inode_dirty error [ 127.870895][ T6929] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 127.885675][ T6929] ext4 filesystem being mounted at /117/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 127.896809][ T6913] EXT4-fs warning (device loop0): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 127.908162][ T6913] EXT4-fs (loop0): 1 orphan inode deleted [ 127.915493][ T6913] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.940126][ T43] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 127.980858][ T6929] EXT4-fs warning (device loop3): verify_group_input:151: Cannot add at group 3 (only 1 groups) [ 128.033099][ T43] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 128.042039][ T43] EXT4-fs error (device loop0): ext4_release_dquot:6976: comm kworker/u4:3: Failed to release dquot type 0 [ 128.114303][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.124742][ T43] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 128.126232][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 128.159731][ T43] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 128.178909][ T43] EXT4-fs error (device loop0): ext4_release_dquot:6976: comm kworker/u4:3: Failed to release dquot type 0 [ 128.230438][ T5790] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 128.271026][ T5790] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 128.282322][ T5790] EXT4-fs error (device loop0): ext4_quota_off:7224: inode #3: comm syz-executor: mark_inode_dirty error [ 128.421876][ T28] audit: type=1326 audit(1756821884.923:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 128.477938][ T28] audit: type=1326 audit(1756821884.953:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 128.542010][ T28] audit: type=1326 audit(1756821884.953:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 128.617834][ T28] audit: type=1326 audit(1756821885.023:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 128.702328][ T28] audit: type=1326 audit(1756821885.023:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 128.751891][ T28] audit: type=1326 audit(1756821885.023:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6947 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f31d79c14a5 code=0x7ffc0000 [ 129.128527][ T6969] netlink: 8 bytes leftover after parsing attributes in process `syz.1.504'. [ 129.148125][ T6969] netlink: 312 bytes leftover after parsing attributes in process `syz.1.504'. [ 129.181559][ T6971] netlink: 372 bytes leftover after parsing attributes in process `syz.0.505'. [ 129.351099][ T6977] xt_CT: You must specify a L4 protocol and not use inversions on it [ 129.404244][ T6979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.508'. [ 130.045880][ T7002] netlink: 28 bytes leftover after parsing attributes in process `syz.1.519'. [ 130.167668][ T7004] loop2: detected capacity change from 0 to 4096 [ 130.175703][ T55] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 130.200067][ T7004] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 130.335744][ T7004] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 130.383657][ T55] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 130.413120][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.427423][ T55] usb 4-1: Product: syz [ 130.431761][ T55] usb 4-1: Manufacturer: syz [ 130.451803][ T55] usb 4-1: SerialNumber: syz [ 130.481723][ T55] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 130.545764][ T5776] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 130.672287][ T5784] ntfs3: loop2: ino=1a, ntfs_sync_fs failed, -22. [ 131.107439][ T8] usb 4-1: USB disconnect, device number 5 [ 131.540238][ T7046] netlink: 'syz.1.540': attribute type 2 has an invalid length. [ 131.660132][ T5776] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 131.690838][ T5776] ath9k_htc: Failed to initialize the device [ 131.731470][ T8] usb 4-1: ath9k_htc: USB layer deinitialized [ 131.786578][ T7055] netlink: 224 bytes leftover after parsing attributes in process `syz.2.543'. [ 132.173125][ T55] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 132.243232][ T5776] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 132.394708][ T55] usb 2-1: config 0 has an invalid interface number: 83 but max is 0 [ 132.403541][ T55] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 132.415988][ T55] usb 2-1: config 0 has no interface number 0 [ 132.422383][ T55] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61 [ 132.443433][ T5776] usb 1-1: Using ep0 maxpacket: 32 [ 132.464855][ T5776] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.481003][ T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.489311][ T5776] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.506761][ T55] usb 2-1: config 0 descriptor?? [ 132.517503][ T55] ttusbir 2-1:0.83: cannot find expected altsetting [ 132.526886][ T5776] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 132.538319][ T5776] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 132.550340][ T5776] usb 1-1: Product: syz [ 132.550397][ T7082] netlink: 8 bytes leftover after parsing attributes in process `syz.3.556'. [ 132.555239][ T5776] usb 1-1: Manufacturer: syz [ 132.587475][ T5776] hub 1-1:4.0: USB hub found [ 132.776440][ T55] usb 2-1: USB disconnect, device number 4 [ 132.820911][ T5776] hub 1-1:4.0: 1 port detected [ 132.945781][ T7092] netlink: 'syz.2.561': attribute type 21 has an invalid length. [ 132.955544][ T7092] netlink: 128 bytes leftover after parsing attributes in process `syz.2.561'. [ 132.965928][ T7092] netlink: 'syz.2.561': attribute type 4 has an invalid length. [ 132.974770][ T7092] netlink: 3 bytes leftover after parsing attributes in process `syz.2.561'. [ 133.030795][ T5776] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 133.053329][ T5776] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 133.109094][ T5776] usb 1-1: USB disconnect, device number 4 [ 133.143216][ T23] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 133.345738][ T23] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 133.361206][ T23] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.382611][ T23] usb 4-1: config 0 has no interface number 0 [ 133.393452][ T23] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 133.411219][ T23] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 133.437358][ T23] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 133.451839][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.481655][ T23] usb 4-1: Product: syz [ 133.486306][ T23] usb 4-1: Manufacturer: syz [ 133.491570][ T23] usb 4-1: SerialNumber: syz [ 133.519210][ T23] usb 4-1: config 0 descriptor?? [ 133.576961][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.583773][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.968342][ T23] usbtouchscreen: probe of 4-1:0.117 failed with error -71 [ 133.997425][ T23] usb 4-1: USB disconnect, device number 6 [ 134.153260][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 134.345049][ T8] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 134.361081][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.390561][ T8] usb 3-1: config 0 descriptor?? [ 134.447663][ T7138] warning: `syz.0.583' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 134.760448][ T7148] netlink: 8 bytes leftover after parsing attributes in process `syz.0.588'. [ 134.858533][ T8] ath6kl: Failed to read usb control message: -71 [ 134.880296][ T8] ath6kl: Unable to read the bmi data from the device: -71 [ 134.906643][ T8] ath6kl: Unable to recv target info: -71 [ 134.931451][ T8] ath6kl: Failed to init ath6kl core: -71 [ 134.949853][ T8] ath6kl_usb: probe of 3-1:0.0 failed with error -71 [ 134.985720][ T8] usb 3-1: USB disconnect, device number 4 [ 135.113782][ T7156] netlink: 20 bytes leftover after parsing attributes in process `syz.0.592'. [ 135.134539][ T7156] netlink: 20 bytes leftover after parsing attributes in process `syz.0.592'. [ 135.380951][ T7143] loop1: detected capacity change from 0 to 40427 [ 135.417793][ T7143] F2FS-fs (loop1): invalid crc value [ 135.436307][ T7143] F2FS-fs (loop1): Found nat_bits in checkpoint [ 135.620197][ T7143] F2FS-fs (loop1): Start checkpoint disabled! [ 135.646524][ T7143] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 135.728399][ T7168] xt_CT: You must specify a L4 protocol and not use inversions on it [ 136.191471][ T7176] usb usb9: usbfs: process 7176 (syz.3.602) did not claim interface 6 before use [ 136.197305][ T7159] loop0: detected capacity change from 0 to 32768 [ 136.267052][ T7159] [ 136.267052][ T7159] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.267052][ T7159] [ 136.500237][ T1072] [ 136.500237][ T1072] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.500237][ T1072] [ 136.551055][ T1072] [ 136.551055][ T1072] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.551055][ T1072] [ 136.603937][ T5790] [ 136.603937][ T5790] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.603937][ T5790] [ 136.636711][ T113] [ 136.636711][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.636711][ T113] [ 136.694002][ T5790] [ 136.694002][ T5790] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.694002][ T5790] [ 136.982747][ T7194] tmpfs: Bad value for 'nr_blocks' [ 137.424411][ T7211] netlink: 24 bytes leftover after parsing attributes in process `syz.0.619'. [ 137.834351][ T7228] loop3: detected capacity change from 0 to 164 [ 138.603778][ T7256] netlink: 'syz.2.641': attribute type 1 has an invalid length. [ 138.611591][ T7256] netlink: 20 bytes leftover after parsing attributes in process `syz.2.641'. [ 138.797356][ T7262] netlink: 'syz.3.644': attribute type 1 has an invalid length. [ 138.832639][ T7262] netlink: 'syz.3.644': attribute type 2 has an invalid length. [ 138.874103][ T7264] netlink: 'syz.0.643': attribute type 16 has an invalid length. [ 139.297058][ T7283] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 139.334231][ T7283] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 139.581826][ T7292] mmap: syz.0.659 (7292) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 140.148771][ T7314] sctp: [Deprecated]: syz.2.667 (pid 7314) Use of int in maxseg socket option. [ 140.148771][ T7314] Use struct sctp_assoc_value instead [ 140.529411][ T7329] netlink: 24 bytes leftover after parsing attributes in process `syz.3.676'. [ 140.559607][ T7331] loop0: detected capacity change from 0 to 256 [ 140.964815][ T7345] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode active-backup(1) [ 141.281893][ T7357] netlink: 8 bytes leftover after parsing attributes in process `syz.2.689'. [ 141.784414][ T7369] ptrace attach of "./syz-executor exec"[7372] was attempted by "./syz-executor exec"[7369] [ 141.918001][ T7376] netlink: 'syz.2.699': attribute type 21 has an invalid length. [ 141.951697][ T7376] netlink: 132 bytes leftover after parsing attributes in process `syz.2.699'. [ 141.977954][ T7378] netlink: 'syz.1.700': attribute type 32 has an invalid length. [ 141.982930][ T7376] netlink: 'syz.2.699': attribute type 1 has an invalid length. [ 142.003189][ T7378] netlink: 12 bytes leftover after parsing attributes in process `syz.1.700'. [ 142.427312][ T7391] netlink: 52 bytes leftover after parsing attributes in process `syz.2.705'. [ 142.805064][ T7408] tc_dump_action: action bad kind [ 142.945906][ T7413] loop3: detected capacity change from 0 to 65 [ 143.014685][ T7413] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway [ 143.449711][ T7427] loop2: detected capacity change from 0 to 1024 [ 143.514922][ T7433] netlink: 'syz.1.726': attribute type 21 has an invalid length. [ 143.547307][ T7433] netlink: 132 bytes leftover after parsing attributes in process `syz.1.726'. [ 143.775151][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 143.775165][ T28] audit: type=1326 audit(1756821900.283:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7438 comm="syz.1.730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 143.803433][ C1] vkms_vblank_simulate: vblank timer overrun [ 143.897529][ T28] audit: type=1326 audit(1756821900.283:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7438 comm="syz.1.730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 143.981192][ T28] audit: type=1326 audit(1756821900.323:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7438 comm="syz.1.730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 144.023092][ T28] audit: type=1326 audit(1756821900.323:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7438 comm="syz.1.730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 144.050570][ T7445] Cannot find set identified by id 65535 to match [ 144.103050][ T28] audit: type=1326 audit(1756821900.323:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7438 comm="syz.1.730" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 144.783519][ T8] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 144.957021][ T28] audit: type=1400 audit(1756821901.453:22): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=7477 comm="syz.0.747" [ 144.974322][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 144.994410][ T8] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 145.012617][ T8] usb 3-1: config 0 has no interface number 0 [ 145.020762][ T8] usb 3-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 145.042050][ T8] usb 3-1: config 0 interface 89 has no altsetting 0 [ 145.073646][ T8] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 145.099484][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 145.123116][ T8] usb 3-1: Product: syz [ 145.134000][ T8] usb 3-1: Manufacturer: syz [ 145.149082][ T8] usb 3-1: SerialNumber: syz [ 145.170756][ T8] usb 3-1: config 0 descriptor?? [ 145.192113][ T8] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 145.226306][ T8] em28xx 3-1:0.89: Video interface 89 found: [ 145.522336][ T7496] ip6t_srh: unknown srh match flags 4000 [ 145.663465][ T8] em28xx 3-1:0.89: unknown em28xx chip ID (0) [ 145.741850][ T8] em28xx 3-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 145.761129][ T8] em28xx 3-1:0.89: board has no eeprom [ 145.858579][ T8] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67) [ 145.883208][ T8] em28xx 3-1:0.89: analog set to bulk mode. [ 145.895466][ T9] em28xx 3-1:0.89: Registering V4L2 extension [ 145.924056][ T8] usb 3-1: USB disconnect, device number 5 [ 145.946366][ T8] em28xx 3-1:0.89: Disconnecting em28xx [ 146.044885][ T9] em28xx 3-1:0.89: Config register raw data: 0xffffffed [ 146.060272][ T9] em28xx 3-1:0.89: AC97 chip type couldn't be determined [ 146.068342][ T9] em28xx 3-1:0.89: No AC97 audio processor [ 146.104747][ T9] usb 3-1: Decoder not found [ 146.109450][ T9] em28xx 3-1:0.89: failed to create media graph [ 146.122267][ T9] em28xx 3-1:0.89: V4L2 device video103 deregistered [ 146.151826][ T9] em28xx 3-1:0.89: Registering snapshot button... [ 146.184476][ T9] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input12 [ 146.198842][ T7515] netlink: 'syz.1.767': attribute type 5 has an invalid length. [ 146.227620][ T9] em28xx 3-1:0.89: Remote control support is not available for this card. [ 146.262510][ T8] em28xx 3-1:0.89: Closing input extension [ 146.311533][ T8] em28xx 3-1:0.89: Deregistering snapshot button [ 146.415928][ T8] em28xx 3-1:0.89: Freeing device [ 146.884223][ T7538] netlink: 28 bytes leftover after parsing attributes in process `syz.1.778'. [ 147.139635][ T7550] netlink: 72 bytes leftover after parsing attributes in process `syz.3.783'. [ 147.152061][ T7550] netlink: 72 bytes leftover after parsing attributes in process `syz.3.783'. [ 147.310085][ T7556] loop3: detected capacity change from 0 to 16 [ 147.353827][ T7556] erofs: (device loop3): mounted with root inode @ nid 36. [ 147.403397][ T7556] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 147.424752][ T7556] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 147.699402][ T8] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 147.834432][ T7572] macsec0: entered promiscuous mode [ 147.840242][ T7572] macsec0: entered allmulticast mode [ 147.863280][ T7572] veth1_macvtap: entered allmulticast mode [ 147.907782][ T8] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 147.936529][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.942560][ T7577] netlink: 12 bytes leftover after parsing attributes in process `syz.0.796'. [ 147.948618][ T8] usb 3-1: Product: syz [ 147.959007][ T8] usb 3-1: Manufacturer: syz [ 147.978606][ T8] usb 3-1: SerialNumber: syz [ 148.011399][ T8] usb 3-1: config 0 descriptor?? [ 148.250144][ T8] hso 3-1:0.0: Failed to find BULK IN ep [ 148.294542][ T8] usb-storage 3-1:0.0: USB Mass Storage device detected [ 148.431834][ T7594] xt_l2tp: v2 sid > 0xffff: 262144 [ 148.472022][ T8] usb 3-1: USB disconnect, device number 6 [ 148.771568][ T7605] nfs4: Unexpected value for 'acl' [ 149.563294][ T23] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 149.810027][ T23] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 149.850664][ T23] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 149.891297][ T23] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 149.933043][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.317479][ T7649] netlink: 'syz.1.825': attribute type 21 has an invalid length. [ 150.335966][ T7649] IPv6: NLM_F_CREATE should be specified when creating new route [ 150.354869][ T7649] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 150.362851][ T7649] IPv6: NLM_F_CREATE should be set when creating new route [ 150.370322][ T7649] IPv6: NLM_F_CREATE should be set when creating new route [ 150.377958][ T7649] IPv6: NLM_F_CREATE should be set when creating new route [ 150.421587][ T23] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 150.445249][ T23] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input13 [ 150.503668][ T23] input: failed to attach handler kbd to device input13, error: -5 [ 150.623286][ T23] usb 1-1: USB disconnect, device number 5 [ 151.973869][ T5793] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 152.192665][ T5793] usb 2-1: config index 0 descriptor too short (expected 69, got 36) [ 152.196467][ T7710] loop3: detected capacity change from 0 to 2048 [ 152.211777][ T5793] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.245191][ T5793] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 152.267630][ T7710] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4294963200, location=4294963200 [ 152.268645][ T5793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.299189][ T5793] usb 2-1: Product: syz [ 152.305831][ T5793] usb 2-1: Manufacturer: syz [ 152.310698][ T5793] usb 2-1: SerialNumber: syz [ 152.329076][ T5793] usb 2-1: config 0 descriptor?? [ 152.335278][ T7710] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 152.351664][ T5793] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 152.426178][ T7716] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 152.563195][ T23] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 152.797951][ T5793] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71 [ 152.805325][ T23] usb 3-1: config 0 has an invalid interface number: 216 but max is 0 [ 152.825660][ T5793] gspca_pac7302: probe of 2-1:0.0 failed with error -71 [ 152.832811][ T23] usb 3-1: config 0 has no interface number 0 [ 152.850488][ T23] usb 3-1: config 0 interface 216 altsetting 4 bulk endpoint 0x8F has invalid maxpacket 64 [ 152.871495][ T5793] usb 2-1: USB disconnect, device number 5 [ 152.891751][ T23] usb 3-1: config 0 interface 216 altsetting 4 endpoint 0x1 has invalid wMaxPacketSize 0 [ 152.912446][ T23] usb 3-1: config 0 interface 216 has no altsetting 0 [ 152.922648][ T23] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.2e [ 152.949990][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.985567][ T23] usb 3-1: config 0 descriptor?? [ 153.002243][ T7714] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 153.017846][ T23] usb 3-1: NFC: intf ffff888018a9d000 id ffffffff8d63c140 [ 153.199210][ T7718] loop0: detected capacity change from 0 to 32768 [ 153.285662][ T5793] usb 3-1: USB disconnect, device number 7 [ 153.517178][ T7732] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 153.713086][ T55] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 153.872031][ T7741] loop1: detected capacity change from 0 to 16 [ 153.889784][ T7741] erofs: (device loop1): mounted with root inode @ nid 36. [ 153.903246][ T7742] netlink: 'syz.0.864': attribute type 21 has an invalid length. [ 153.925806][ T55] usb 4-1: Using ep0 maxpacket: 32 [ 153.944513][ T55] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 153.952186][ T7742] netlink: 'syz.0.864': attribute type 6 has an invalid length. [ 153.962220][ T7742] netlink: 132 bytes leftover after parsing attributes in process `syz.0.864'. [ 153.973404][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.981693][ T55] usb 4-1: Product: syz [ 154.006873][ T55] usb 4-1: Manufacturer: syz [ 154.011999][ T55] usb 4-1: SerialNumber: syz [ 154.030684][ T55] usb 4-1: config 0 descriptor?? [ 154.140633][ T7748] binder: 7747:7748 ioctl c018620c 0 returned -14 [ 154.203097][ T5830] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 154.288624][ T55] snd-usb-6fire 4-1:0.0: unknown device firmware state received from device: [ 154.329256][ T55] eb 9a 47 80 9b f8 7a f0 [ 154.335221][ T55] snd-usb-6fire: probe of 4-1:0.0 failed with error -5 [ 154.406531][ T5830] usb 2-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 154.417825][ T5830] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 154.448071][ T5830] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 154.497836][ T5830] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 154.512438][ T55] usb 4-1: USB disconnect, device number 7 [ 154.517526][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.543382][ T5830] usb 2-1: Product: syz [ 154.558137][ T5830] usb 2-1: Manufacturer: syz [ 154.562905][ T5830] usb 2-1: SerialNumber: syz [ 154.816824][ T5830] cdc_ncm 2-1:1.0: skipping garbage [ 154.822138][ T5830] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 154.860119][ T5830] cdc_ncm 2-1:1.0: bind() failure [ 154.886675][ T7769] netlink: 64 bytes leftover after parsing attributes in process `syz.0.876'. [ 154.893714][ T5830] usb 2-1: USB disconnect, device number 6 [ 154.903396][ T7769] netlink: 64 bytes leftover after parsing attributes in process `syz.0.876'. [ 155.130163][ T7775] loop0: detected capacity change from 0 to 1024 [ 155.315715][ T59] hfsplus: b-tree write err: -5, ino 4 [ 155.709249][ T7791] loop2: detected capacity change from 0 to 256 [ 155.771304][ T7791] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 156.562136][ T7819] gre1: entered allmulticast mode [ 156.639742][ T7823] syz.2.903 (7823): drop_caches: 0 [ 156.826521][ T7826] loop2: detected capacity change from 0 to 256 [ 156.911496][ T7801] loop3: detected capacity change from 0 to 32768 [ 156.988812][ T7826] FAT-fs (loop2): Directory bread(block 64) failed [ 157.013569][ T7826] FAT-fs (loop2): Directory bread(block 65) failed [ 157.048271][ T7826] FAT-fs (loop2): Directory bread(block 66) failed [ 157.075839][ T7826] FAT-fs (loop2): Directory bread(block 67) failed [ 157.082564][ T7826] FAT-fs (loop2): Directory bread(block 68) failed [ 157.133547][ T7826] FAT-fs (loop2): Directory bread(block 69) failed [ 157.141710][ T7826] FAT-fs (loop2): Directory bread(block 70) failed [ 157.162247][ T7826] FAT-fs (loop2): Directory bread(block 71) failed [ 157.170127][ T7826] FAT-fs (loop2): Directory bread(block 72) failed [ 157.182116][ T7826] FAT-fs (loop2): Directory bread(block 73) failed [ 158.139880][ T7861] netlink: 'syz.0.923': attribute type 10 has an invalid length. [ 158.167968][ T7861] netlink: 40 bytes leftover after parsing attributes in process `syz.0.923'. [ 158.192376][ T7861] team0: entered promiscuous mode [ 158.222684][ T7861] team_slave_0: entered promiscuous mode [ 158.238162][ T7861] team_slave_1: entered promiscuous mode [ 158.253293][ T7861] team0: entered allmulticast mode [ 158.267714][ T7861] team_slave_0: entered allmulticast mode [ 158.278997][ T7861] team_slave_1: entered allmulticast mode [ 158.291093][ T7861] bridge0: port 3(team0) entered blocking state [ 158.322364][ T7861] bridge0: port 3(team0) entered disabled state [ 158.344735][ T7861] bridge0: port 3(team0) entered blocking state [ 158.352626][ T7861] bridge0: port 3(team0) entered forwarding state [ 159.356016][ T7906] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.398449][ T7906] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 159.781552][ T7920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.944'. [ 160.066770][ T7927] netlink: 16 bytes leftover after parsing attributes in process `syz.3.947'. [ 160.109278][ T7927] netlink: 4 bytes leftover after parsing attributes in process `syz.3.947'. [ 160.156164][ T7927] netlink: 16 bytes leftover after parsing attributes in process `syz.3.947'. [ 160.173054][ T7927] netlink: 20 bytes leftover after parsing attributes in process `syz.3.947'. [ 161.193809][ T7959] loop0: detected capacity change from 0 to 4096 [ 161.287004][ T7968] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 161.630329][ T7975] netlink: 24 bytes leftover after parsing attributes in process `syz.1.969'. [ 161.683113][ T7975] netlink: 24 bytes leftover after parsing attributes in process `syz.1.969'. [ 162.189524][ T7996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.979'. [ 162.200926][ T7996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.979'. [ 162.399369][ T28] audit: type=1326 audit(1756821918.903:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.0.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7afd8ebe9 code=0x7ffc0000 [ 162.465122][ T28] audit: type=1326 audit(1756821918.903:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.0.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7afd8ebe9 code=0x7ffc0000 [ 162.553198][ T28] audit: type=1326 audit(1756821918.903:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.0.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fe7afd8ebe9 code=0x7ffc0000 [ 162.640273][ T28] audit: type=1326 audit(1756821918.903:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.0.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7afd8ebe9 code=0x7ffc0000 [ 162.724890][ T28] audit: type=1326 audit(1756821918.903:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.0.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7afd8ebe9 code=0x7ffc0000 [ 163.233026][ T28] audit: type=1326 audit(1756821919.733:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8033 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7afd8ebe9 code=0x7ffc0000 [ 163.295326][ T28] audit: type=1326 audit(1756821919.733:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8033 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7afd8ebe9 code=0x7ffc0000 [ 163.395150][ T28] audit: type=1326 audit(1756821919.743:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8033 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe7afd90b07 code=0x7ffc0000 [ 163.474196][ T28] audit: type=1326 audit(1756821919.743:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8033 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fe7afd90a7c code=0x7ffc0000 [ 163.527274][ T28] audit: type=1326 audit(1756821919.743:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8033 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fe7afd909b4 code=0x7ffc0000 [ 163.667398][ T8046] comedi comedi0: pcm3724: I/O port conflict (0x8,16) [ 165.156549][ T8105] syz.3.1032: attempt to access beyond end of device [ 165.156549][ T8105] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 165.174536][ T8105] syz.3.1032: attempt to access beyond end of device [ 165.174536][ T8105] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 165.193378][ T8105] Mount JFS Failure: -5 [ 165.197710][ T8105] jfs_mount failed w/return code = -5 [ 165.279482][ T8107] vlan0: entered promiscuous mode [ 165.809428][ T8127] sctp: [Deprecated]: syz.3.1043 (pid 8127) Use of int in maxseg socket option. [ 165.809428][ T8127] Use struct sctp_assoc_value instead [ 166.029965][ T8131] xt_l2tp: v2 doesn't support IP mode [ 166.309058][ T8115] loop2: detected capacity change from 0 to 32768 [ 166.457061][ T8115] jfs_mkdir: dtInsert returned -EIO [ 166.483102][ T8115] ERROR: (device loop2): jfs_mkdir: [ 166.483102][ T8115] [ 166.513085][ T8115] ERROR: (device loop2): remounting filesystem as read-only [ 167.069992][ T8163] loop1: detected capacity change from 0 to 64 [ 167.193587][ T8163] syz.1.1060: attempt to access beyond end of device [ 167.193587][ T8163] loop1: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 167.243816][ T8163] Buffer I/O error on dev loop1, logical block 134217734, lost async page write [ 167.573529][ T8178] damon-dbgfs: DAMON debugfs interface is deprecated, so users should move to DAMON_SYSFS. If you cannot, please report your usecase to damon@lists.linux.dev and linux-mm@kvack.org. [ 168.019578][ T8196] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 168.055935][ T8198] loop0: detected capacity change from 0 to 256 [ 168.077357][ T8196] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 168.205039][ T8202] netlink: 'syz.2.1080': attribute type 6 has an invalid length. [ 168.259974][ T8198] FAT-fs (loop0): Directory bread(block 64) failed [ 168.283133][ T8198] FAT-fs (loop0): Directory bread(block 65) failed [ 168.290917][ T8198] FAT-fs (loop0): Directory bread(block 66) failed [ 168.340409][ T8198] FAT-fs (loop0): Directory bread(block 67) failed [ 168.374578][ T8198] FAT-fs (loop0): Directory bread(block 68) failed [ 168.395133][ T8198] FAT-fs (loop0): Directory bread(block 69) failed [ 168.402319][ T8198] FAT-fs (loop0): Directory bread(block 70) failed [ 168.443796][ T8198] FAT-fs (loop0): Directory bread(block 71) failed [ 168.465739][ T8198] FAT-fs (loop0): Directory bread(block 72) failed [ 168.472432][ T8198] FAT-fs (loop0): Directory bread(block 73) failed [ 169.008523][ T8225] ieee802154 phy0 wpan0: encryption failed: -22 [ 169.276429][ T8232] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1094'. [ 169.850517][ T8254] netlink: 'syz.1.1105': attribute type 21 has an invalid length. [ 169.874419][ T8254] netlink: 'syz.1.1105': attribute type 1 has an invalid length. [ 170.116185][ T8263] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1110'. [ 170.273307][ T8270] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1113'. [ 170.399005][ T8273] loop2: detected capacity change from 0 to 512 [ 170.489671][ T8270] team0: Port device team_slave_0 removed [ 170.583433][ T8273] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.654811][ T8273] ext4 filesystem being mounted at /270/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 170.878668][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.288302][ T8296] sctp: [Deprecated]: syz.2.1124 (pid 8296) Use of struct sctp_assoc_value in delayed_ack socket option. [ 171.288302][ T8296] Use struct sctp_sack_info instead [ 171.446999][ T8300] netlink: 'syz.3.1126': attribute type 49 has an invalid length. [ 171.503089][ T5830] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 171.711759][ T5830] usb 1-1: config 0 has an invalid interface number: 50 but max is 0 [ 171.728721][ T5830] usb 1-1: config 0 has no interface number 0 [ 171.741657][ T5830] usb 1-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 171.779151][ T5830] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 171.800146][ T5830] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.816347][ T5830] usb 1-1: Product: syz [ 171.823714][ T5830] usb 1-1: Manufacturer: syz [ 171.828497][ T5830] usb 1-1: SerialNumber: syz [ 171.861259][ T5830] usb 1-1: config 0 descriptor?? [ 171.952042][ T5830] yurex 1-1:0.50: USB YUREX device now attached to Yurex #0 [ 171.960335][ T8314] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1133'. [ 172.280968][ T8302] loop1: detected capacity change from 0 to 32768 [ 172.322665][ T8302] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 172.368744][ T5830] usb 1-1: USB disconnect, device number 6 [ 172.418989][ T5830] yurex 1-1:0.50: USB YUREX #0 now disconnected [ 172.482739][ T8302] XFS (loop1): Ending clean mount [ 172.635050][ T8338] netlink: 'syz.2.1142': attribute type 21 has an invalid length. [ 172.643579][ T8338] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1142'. [ 172.654792][ T8338] netlink: 'syz.2.1142': attribute type 5 has an invalid length. [ 172.663185][ T8338] netlink: 'syz.2.1142': attribute type 6 has an invalid length. [ 172.678960][ T8338] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1142'. [ 172.721011][ T5785] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 173.389928][ T8359] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1150'. [ 173.473278][ T8355] loop2: detected capacity change from 0 to 4096 [ 173.656621][ T8368] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1156'. [ 173.792103][ T8355] ntfs3: loop2: try to read out of volume at offset 0x3fffffc7000 [ 174.505965][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 174.505984][ T28] audit: type=1326 audit(1756821931.003:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 174.613182][ T28] audit: type=1326 audit(1756821931.003:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 174.671714][ T28] audit: type=1326 audit(1756821931.053:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 174.737914][ T28] audit: type=1326 audit(1756821931.053:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 174.766237][ T28] audit: type=1326 audit(1756821931.053:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.1.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 175.220727][ T8420] sp0: Synchronizing with TNC [ 175.706690][ T8436] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4) [ 175.881130][ T8444] UBIFS error (pid: 8444): cannot open "./file0", error -22 [ 176.845503][ T8470] loop0: detected capacity change from 0 to 4096 [ 176.887867][ T8470] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 176.930892][ T8470] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 177.030032][ T8480] loop1: detected capacity change from 0 to 764 [ 177.050910][ T8470] ntfs3: loop0: Failed to load $Extend (-22). [ 177.083428][ T8470] ntfs3: loop0: Failed to initialize $Extend. [ 177.197523][ T8484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1214'. [ 177.573470][ T8492] netlink: 'syz.2.1218': attribute type 10 has an invalid length. [ 177.580064][ T8490] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1217'. [ 177.609453][ T8492] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 177.893419][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 177.900938][ T8503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'. [ 177.911059][ T8503] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1223'. [ 178.088413][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 178.109810][ T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 178.145105][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 178.163417][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 178.177086][ T9] usb 4-1: SerialNumber: syz [ 178.225012][ T9] usb 4-1: bad CDC descriptors [ 178.406675][ T8518] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1231'. [ 178.469003][ T9] usb 4-1: USB disconnect, device number 8 [ 179.183563][ T8] usb 3-1: new low-speed USB device number 8 using dummy_hcd [ 179.184823][ T8547] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 179.199190][ T8547] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 179.239169][ T8547] vhci_hcd vhci_hcd.0: Device attached [ 179.252167][ T8552] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(6) [ 179.259128][ T8552] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 179.313091][ T8552] vhci_hcd vhci_hcd.0: Device attached [ 179.359952][ T8553] vhci_hcd: connection closed [ 179.363405][ T8548] vhci_hcd: connection closed [ 179.387723][ T59] vhci_hcd: stop threads [ 179.417772][ T8] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 179.433432][ T59] vhci_hcd: release socket [ 179.441913][ T5776] vhci_hcd: vhci_device speed not set [ 179.451071][ T8] usb 3-1: config 0 has no interface number 0 [ 179.471588][ T59] vhci_hcd: disconnect device [ 179.477708][ T8] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 179.491632][ T8] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 179.503532][ T59] vhci_hcd: stop threads [ 179.509082][ T59] vhci_hcd: release socket [ 179.514540][ T28] audit: type=1326 audit(1756821936.023:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8559 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 179.536337][ T5776] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 179.551569][ T59] vhci_hcd: disconnect device [ 179.558918][ T8] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 179.570985][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.593685][ T5776] usb 33-1: enqueue for inactive port 0 [ 179.607324][ T8] usb 3-1: config 0 descriptor?? [ 179.613647][ T28] audit: type=1326 audit(1756821936.023:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8559 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 179.675514][ T8] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 179.683549][ T5776] vhci_hcd: vhci_device speed not set [ 179.710070][ T28] audit: type=1326 audit(1756821936.033:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8559 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 179.758547][ T28] audit: type=1326 audit(1756821936.033:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8559 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 179.785687][ T28] audit: type=1326 audit(1756821936.033:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8559 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d798ebe9 code=0x7ffc0000 [ 179.956365][ T8537] iowarrior 3-1:0.1: Error -90 while submitting URB [ 179.980610][ T8] usb 3-1: USB disconnect, device number 8 [ 180.253018][ T8578] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1258'. [ 180.324755][ T8580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1259'. [ 180.963652][ T8602] capability: warning: `syz.2.1269' uses 32-bit capabilities (legacy support in use) [ 181.211329][ T8606] xt_CT: No such helper "netbios-ns" [ 181.265967][ T8613] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 181.503845][ T5776] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 181.603116][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 181.703547][ T5776] usb 3-1: Using ep0 maxpacket: 16 [ 181.712644][ T5776] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 181.743140][ T5776] usb 3-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a [ 181.763144][ T5776] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.786135][ T5776] usb 3-1: config 0 descriptor?? [ 181.804156][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 181.828867][ T5776] pegasus_notetaker: probe of 3-1:0.0 failed with error -22 [ 181.834912][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024 [ 181.901042][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 181.913469][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 2269, setting to 1024 [ 181.929073][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 181.949466][ T8] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 181.960484][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.974425][ T8] usb 1-1: Product: syz [ 181.979926][ T8] usb 1-1: Manufacturer: syz [ 181.985758][ T8] usb 1-1: SerialNumber: syz [ 182.009275][ T8] usb 1-1: config 0 descriptor?? [ 182.034126][ T8613] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 182.044140][ T8613] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 182.080825][ T23] usb 3-1: USB disconnect, device number 9 [ 182.121433][ C0] port100 1-1:0.0: NFC: Urb failure (status -71) [ 182.139920][ C0] port100 1-1:0.0: NFC: Urb failure (status -71) [ 182.156522][ T8636] loop3: detected capacity change from 0 to 512 [ 182.157666][ T8] port100 1-1:0.0: NFC: Could not get supported command types [ 182.193476][ T8636] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 182.217184][ T8636] EXT4-fs (loop3): orphan cleanup on readonly fs [ 182.246664][ T8636] EXT4-fs warning (device loop3): ext4_enable_quotas:7175: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 182.288055][ T8636] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 182.318180][ T8636] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #13: comm syz.3.1287: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 182.367062][ T8] usb 1-1: USB disconnect, device number 7 [ 182.397908][ T8636] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.1287: couldn't read orphan inode 13 (err -117) [ 182.442119][ T8636] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 182.501485][ T8636] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 182.526977][ T8636] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 182.549689][ T8636] EXT4-fs warning (device loop3): ext4_enable_quotas:7175: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 182.587142][ T8645] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1290'. [ 182.685614][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.564185][ T8679] binfmt_misc: register: failed to install interpreter file ./bus [ 183.760990][ T8681] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 183.936627][ T8691] netlink: 'syz.3.1313': attribute type 1 has an invalid length. [ 184.892101][ T28] audit: type=1326 audit(1756821941.393:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8724 comm="syz.1.1329" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f31d798ebe9 code=0x0 [ 185.246548][ T8733] loop3: detected capacity change from 0 to 4096 [ 185.276683][ T8733] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 185.307531][ T8733] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 185.342502][ T8733] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 185.387726][ T8733] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 185.472570][ T8733] ntfs: volume version 3.1. [ 185.618271][ T8743] veth3: entered allmulticast mode [ 185.868568][ T8747] netlink: 'syz.2.1342': attribute type 21 has an invalid length. [ 185.895488][ T8747] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1342'. [ 186.116177][ T28] audit: type=1326 audit(1756821942.613:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8754 comm="syz.2.1345" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f26af98ebe9 code=0x0 [ 186.523922][ T8770] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1352'. [ 188.203591][ T5793] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 188.213576][ T8826] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1377'. [ 188.432890][ T5793] usb 3-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64 [ 188.481067][ T5793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.528114][ T5793] usb 3-1: Product: syz [ 188.549866][ T5793] usb 3-1: Manufacturer: syz [ 188.560827][ T5793] usb 3-1: SerialNumber: syz [ 188.594196][ T5793] usb 3-1: config 0 descriptor?? [ 188.625193][ T5793] hub 3-1:0.0: bad descriptor, ignoring hub [ 188.650505][ T5793] hub: probe of 3-1:0.0 failed with error -5 [ 188.660905][ T5793] f81232 3-1:0.0: f81534a converter detected [ 188.770470][ T8833] loop1: detected capacity change from 0 to 4096 [ 188.813100][ T8833] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 188.899803][ T5793] usb 3-1: f81534a converter now attached to ttyUSB0 [ 189.294278][ T5793] usb 3-1: USB disconnect, device number 10 [ 189.329925][ T5793] f81534a ttyUSB0: f81534a converter now disconnected from ttyUSB0 [ 189.356240][ T5793] f81232 3-1:0.0: device disconnected [ 190.173315][ T8867] netlink: 1088 bytes leftover after parsing attributes in process `syz.0.1396'. [ 190.450104][ T8879] xt_NFQUEUE: number of total queues is 0 [ 190.951625][ T8894] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1409'. [ 191.808978][ T8916] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 192.375029][ T8937] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1429'. [ 192.497117][ T8942] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1432'. [ 192.508868][ T8940] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.662314][ T28] audit: type=1326 audit(1756821950.163:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8983 comm="syz.3.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8822f8ebe9 code=0x7ffc0000 [ 193.706607][ T8984] syz.3.1453 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 193.746680][ T28] audit: type=1326 audit(1756821950.163:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8983 comm="syz.3.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8822f8ebe9 code=0x7ffc0000 [ 193.844341][ T28] audit: type=1326 audit(1756821950.213:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8983 comm="syz.3.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f8822f8ebe9 code=0x7ffc0000 [ 193.923833][ T28] audit: type=1326 audit(1756821950.283:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8983 comm="syz.3.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8822f8ebe9 code=0x7ffc0000 [ 194.033968][ T28] audit: type=1326 audit(1756821950.283:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8983 comm="syz.3.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8822f8ebe9 code=0x7ffc0000 [ 194.687823][ T9016] loop3: detected capacity change from 0 to 4096 [ 194.733345][ T9016] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 194.817643][ T9022] netlink: 288 bytes leftover after parsing attributes in process `syz.2.1471'. [ 194.863279][ T5793] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 194.892904][ T9016] ntfs3: loop3: failed to convert "c46c" to cp864 [ 195.020170][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.027309][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.062445][ T9026] team0: entered promiscuous mode [ 195.084873][ T5793] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 195.106330][ T9026] team_slave_0: entered promiscuous mode [ 195.115918][ T5793] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 195.133259][ T9026] team_slave_1: entered promiscuous mode [ 195.154157][ T5793] usb 1-1: config 1 interface 1 has no altsetting 0 [ 195.171211][ T9026] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 195.204440][ T5793] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 195.238073][ T5793] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.253280][ T5793] usb 1-1: Product: syz [ 195.258849][ T5793] usb 1-1: Manufacturer: syz [ 195.270897][ T5793] usb 1-1: SerialNumber: syz [ 195.293730][ T9032] xt_CT: You must specify a L4 protocol and not use inversions on it [ 195.328955][ T5793] usb 1-1: selecting invalid altsetting 1 [ 195.373140][ T5793] usb 1-1: selecting invalid altsetting 0 [ 195.379829][ T5793] usb 1-1: selecting invalid altsetting 0 [ 195.410844][ T5793] cdc_ncm 1-1:1.0: bind() failure [ 195.434721][ T5793] usb 1-1: selecting invalid altsetting 0 [ 195.456437][ T5793] usbtest: probe of 1-1:1.1 failed with error -22 [ 195.578140][ T5793] usb 1-1: USB disconnect, device number 8 [ 195.933234][ T27] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 196.168041][ T27] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 196.204034][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.227724][ T27] usb 4-1: Product: syz [ 196.232213][ T27] usb 4-1: Manufacturer: syz [ 196.254076][ T27] usb 4-1: SerialNumber: syz [ 196.299558][ T27] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 196.327019][ T55] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 196.338649][ T9066] loop2: detected capacity change from 0 to 16 [ 196.373835][ T9066] erofs: (device loop2): mounted with root inode @ nid 36. [ 196.477090][ T9069] loop0: detected capacity change from 0 to 1024 [ 196.649848][ T9071] syz.1.1495 uses old SIOCAX25GETINFO [ 196.954915][ T5793] usb 4-1: USB disconnect, device number 9 [ 196.972736][ T9076] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (2878) [ 196.989523][ T9076] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 197.433325][ T55] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 197.441760][ T55] ath9k_htc: Failed to initialize the device [ 197.474197][ T5793] usb 4-1: ath9k_htc: USB layer deinitialized [ 198.554550][ T9133] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1526'. [ 198.583101][ T9133] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1526'. [ 198.743407][ T5830] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 198.953563][ T5830] usb 1-1: Using ep0 maxpacket: 16 [ 198.968569][ T5830] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 198.985381][ T5830] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.006436][ T5830] usb 1-1: Product: syz [ 199.011517][ T5830] usb 1-1: Manufacturer: syz [ 199.036312][ T5830] usb 1-1: SerialNumber: syz [ 199.063187][ T5830] r8152-cfgselector 1-1: config 0 descriptor?? [ 199.221448][ T9155] loop3: detected capacity change from 0 to 256 [ 199.234737][ T9155] exfat: Deprecated parameter 'namecase' [ 199.246694][ T9157] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1538'. [ 199.297961][ T9158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1537'. [ 199.315797][ T9155] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e0d861, utbl_chksum : 0xe619d30d) [ 199.419514][ T9160] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1539'. [ 199.502140][ T5830] r8152-cfgselector 1-1: Unknown version 0x0000 [ 199.521248][ T5830] r8152-cfgselector 1-1: USB disconnect, device number 9 [ 199.529861][ T9162] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1540'. [ 199.704944][ T9166] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 199.954771][ T9172] netlink: 220 bytes leftover after parsing attributes in process `syz.2.1546'. [ 200.126642][ T1099] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.332700][ T1099] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.339363][ T9178] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1549'. [ 200.476654][ T1099] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.495661][ T9168] syz.1.1544 (9168): drop_caches: 2 [ 200.723772][ T1099] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.994236][ T5102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 202.005678][ T5102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 202.016377][ T5102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 202.048351][ T5102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 202.073350][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 202.081232][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 202.191558][ T9226] netlink: 'syz.0.1570': attribute type 3 has an invalid length. [ 202.830529][ T9248] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1577'. [ 202.863479][ T9248] ================================================================== [ 202.871628][ T9248] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6b2/0x8d0 [ 202.879871][ T9248] Read of size 2 at addr ffff88805d130922 by task syz.0.1577/9248 [ 202.888081][ T9248] [ 202.890469][ T9248] CPU: 0 PID: 9248 Comm: syz.0.1577 Not tainted syzkaller #0 [ 202.897980][ T9248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 202.908177][ T9248] Call Trace: [ 202.911670][ T9248] [ 202.914741][ T9248] dump_stack_lvl+0x16c/0x230 [ 202.919457][ T9248] ? __lock_acquire+0x7c80/0x7c80 [ 202.925069][ T9248] ? show_regs_print_info+0x20/0x20 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 202.930743][ T9248] ? load_image+0x3b0/0x3b0 [ 202.935345][ T9248] ? __virt_addr_valid+0x469/0x540 [ 202.940672][ T9248] print_report+0xac/0x220 [ 202.945517][ T9248] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 202.951126][ T9248] kasan_report+0x117/0x150 [ 202.955951][ T9248] ? netlink_deliver_tap+0x19c/0x1b0 [ 202.961394][ T9248] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 202.967162][ T9248] __xfrm_state_lookup+0x6b2/0x8d0 [ 202.972490][ T9248] ? xfrm_state_lookup+0x1a0/0x1a0 [ 202.978127][ T9248] xfrm_state_lookup+0xef/0x1a0 [ 202.983507][ T9248] ? xfrm_state_lookup+0x36/0x1a0 [ 202.990029][ T9248] xfrm_add_sa_expire+0x19d/0x4b0 [ 202.995892][ T9248] ? apparmor_capable+0x137/0x1a0 [ 203.001869][ T9248] ? xfrm_add_acquire+0xaf0/0xaf0 [ 203.007571][ T9248] ? __nla_parse+0x40/0x50 [ 203.012501][ T9248] xfrm_user_rcv_msg+0x596/0x870 [ 203.017945][ T9248] ? lockdep_hardirqs_on+0x98/0x150 [ 203.023590][ T9248] ? xfrm_netlink_rcv+0x90/0x90 [ 203.029148][ T9248] ? __local_bh_enable_ip+0x12e/0x1c0 [ 203.034770][ T9248] ? __dev_queue_xmit+0x245/0x35a0 [ 203.040300][ T9248] ? __mutex_trylock_common+0x153/0x250 [ 203.046114][ T9248] netlink_rcv_skb+0x216/0x480 [ 203.051722][ T9248] ? xfrm_netlink_rcv+0x90/0x90 [ 203.056840][ T9248] ? netlink_ack+0x1110/0x1110 [ 203.063379][ T9248] ? netlink_deliver_tap+0x2e/0x1b0 [ 203.069313][ T9248] ? __lock_acquire+0x7c80/0x7c80 [ 203.074950][ T9248] xfrm_netlink_rcv+0x79/0x90 [ 203.079795][ T9248] netlink_unicast+0x751/0x8d0 [ 203.084822][ T9248] netlink_sendmsg+0x8c1/0xbe0 [ 203.089833][ T9248] ? netlink_getsockopt+0x580/0x580 [ 203.095179][ T9248] ? aa_sock_msg_perm+0x94/0x150 [ 203.100876][ T9248] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 203.106419][ T9248] ? security_socket_sendmsg+0x80/0xa0 [ 203.112350][ T9248] ? netlink_getsockopt+0x580/0x580 [ 203.117920][ T9248] ____sys_sendmsg+0x5bf/0x950 [ 203.123386][ T9248] ? __asan_memset+0x22/0x40 [ 203.128226][ T9248] ? __sys_sendmsg_sock+0x30/0x30 [ 203.133315][ T9248] ? __import_iovec+0x5f2/0x860 [ 203.138452][ T9248] ? import_iovec+0x73/0xa0 [ 203.143048][ T9248] ___sys_sendmsg+0x220/0x290 [ 203.148141][ T9248] ? __sys_sendmsg+0x270/0x270 [ 203.153181][ T9248] __se_sys_sendmsg+0x1a5/0x270 [ 203.158107][ T9248] ? __x64_sys_sendmsg+0x80/0x80 [ 203.163116][ T9248] ? lockdep_hardirqs_on+0x98/0x150 [ 203.168483][ T9248] do_syscall_64+0x55/0xb0 [ 203.173062][ T9248] ? clear_bhb_loop+0x40/0x90 [ 203.177789][ T9248] ? clear_bhb_loop+0x40/0x90 [ 203.182681][ T9248] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 203.188896][ T9248] RIP: 0033:0x7fe7afd8ebe9 [ 203.193381][ T9248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.213747][ T9248] RSP: 002b:00007fe7b0b55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 203.224128][ T9248] RAX: ffffffffffffffda RBX: 00007fe7affc5fa0 RCX: 00007fe7afd8ebe9 [ 203.233034][ T9248] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 203.241787][ T9248] RBP: 00007fe7afe11e19 R08: 0000000000000000 R09: 0000000000000000 [ 203.250103][ T9248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 203.258732][ T9248] R13: 00007fe7affc6038 R14: 00007fe7affc5fa0 R15: 00007fff4029e5e8 [ 203.267449][ T9248] [ 203.270768][ T9248] [ 203.273204][ T9248] Allocated by task 8808: [ 203.277738][ T9248] kasan_set_track+0x4e/0x70 [ 203.282538][ T9248] __kasan_slab_alloc+0x6c/0x80 [ 203.287584][ T9248] slab_post_alloc_hook+0x6e/0x4d0 [ 203.293002][ T9248] kmem_cache_alloc+0x11e/0x2e0 [ 203.297879][ T9248] xfrm_state_alloc+0x22/0x2a0 [ 203.302693][ T9248] pfkey_add+0x6e1/0x2da0 [ 203.307878][ T9248] pfkey_sendmsg+0xbed/0x1050 [ 203.313126][ T9248] ____sys_sendmsg+0x5bf/0x950 [ 203.318179][ T9248] ___sys_sendmsg+0x220/0x290 [ 203.323714][ T9248] __se_sys_sendmsg+0x1a5/0x270 [ 203.329432][ T9248] do_syscall_64+0x55/0xb0 [ 203.335550][ T9248] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 203.342984][ T9248] [ 203.345867][ T9248] The buggy address belongs to the object at ffff88805d130800 [ 203.345867][ T9248] which belongs to the cache xfrm_state of size 848 [ 203.360411][ T9248] The buggy address is located 290 bytes inside of [ 203.360411][ T9248] freed 848-byte region [ffff88805d130800, ffff88805d130b50) [ 203.375367][ T9248] [ 203.377719][ T9248] The buggy address belongs to the physical page: [ 203.384328][ T9248] page:ffffea0001744c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805d130800 pfn:0x5d130 [ 203.395834][ T9248] head:ffffea0001744c00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 203.405451][ T9248] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 203.413608][ T9248] page_type: 0xffffffff() [ 203.418338][ T9248] raw: 00fff00000000840 ffff8881400faa00 dead000000000122 0000000000000000 [ 203.427440][ T9248] raw: ffff88805d130800 000000008010000e 00000001ffffffff 0000000000000000 [ 203.436202][ T9248] page dumped because: kasan: bad access detected [ 203.442659][ T9248] page_owner tracks the page as allocated [ 203.448477][ T9248] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6512, tgid 6509 (syz.3.289), ts 115012069673, free_ts 114809741715 [ 203.469510][ T9248] post_alloc_hook+0x1cd/0x210 [ 203.474968][ T9248] get_page_from_freelist+0x195c/0x19f0 [ 203.480663][ T9248] __alloc_pages+0x1e3/0x460 [ 203.485834][ T9248] alloc_slab_page+0x5d/0x170 [ 203.490619][ T9248] new_slab+0x87/0x2e0 [ 203.494915][ T9248] ___slab_alloc+0xc6d/0x12f0 [ 203.499728][ T9248] kmem_cache_alloc+0x1b7/0x2e0 [ 203.504619][ T9248] xfrm_state_alloc+0x22/0x2a0 [ 203.509601][ T9248] __find_acq_core+0x7d8/0x19d0 [ 203.514791][ T9248] xfrm_find_acq+0x6a/0x90 [ 203.519398][ T9248] pfkey_getspi+0x64f/0xed0 [ 203.524568][ T9248] pfkey_sendmsg+0xbed/0x1050 [ 203.529644][ T9248] ____sys_sendmsg+0x5bf/0x950 [ 203.534731][ T9248] ___sys_sendmsg+0x220/0x290 [ 203.539690][ T9248] __se_sys_sendmsg+0x1a5/0x270 [ 203.545478][ T9248] do_syscall_64+0x55/0xb0 [ 203.550307][ T9248] page last free stack trace: [ 203.555178][ T9248] free_unref_page_prepare+0x7ce/0x8e0 [ 203.560789][ T9248] free_unref_page+0x32/0x2e0 [ 203.565592][ T9248] free_large_kmalloc+0x101/0x1a0 [ 203.570824][ T9248] bpf_check+0x62c6/0xe970 [ 203.575826][ T9248] bpf_prog_load+0x11cb/0x16d0 [ 203.580906][ T9248] __sys_bpf+0x55a/0x800 [ 203.585435][ T9248] __x64_sys_bpf+0x7c/0x90 [ 203.589961][ T9248] do_syscall_64+0x55/0xb0 [ 203.594472][ T9248] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 203.600583][ T9248] [ 203.602968][ T9248] Memory state around the buggy address: [ 203.608810][ T9248] ffff88805d130800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 203.617410][ T9248] ffff88805d130880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 203.625569][ T9248] >ffff88805d130900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 203.633739][ T9248] ^ [ 203.638887][ T9248] ffff88805d130980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 203.646980][ T9248] ffff88805d130a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 203.655233][ T9248] ================================================================== [ 203.670398][ T9248] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 203.677679][ T9248] CPU: 0 PID: 9248 Comm: syz.0.1577 Not tainted syzkaller #0 [ 203.685219][ T9248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 203.695576][ T9248] Call Trace: [ 203.698985][ T9248] [ 203.702042][ T9248] dump_stack_lvl+0x16c/0x230 [ 203.706960][ T9248] ? show_regs_print_info+0x20/0x20 [ 203.712335][ T9248] ? load_image+0x3b0/0x3b0 [ 203.717242][ T9248] panic+0x2c0/0x710 [ 203.721224][ T9248] ? bpf_jit_dump+0xd0/0xd0 [ 203.725818][ T9248] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 203.732299][ T9248] ? _raw_spin_unlock+0x40/0x40 [ 203.737206][ T9248] ? print_memory_metadata+0x314/0x400 [ 203.742726][ T9248] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 203.748235][ T9248] check_panic_on_warn+0x84/0xa0 [ 203.753561][ T9248] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 203.759077][ T9248] end_report+0x6f/0x140 [ 203.763395][ T9248] kasan_report+0x128/0x150 [ 203.768046][ T9248] ? netlink_deliver_tap+0x19c/0x1b0 [ 203.773656][ T9248] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 203.779267][ T9248] __xfrm_state_lookup+0x6b2/0x8d0 [ 203.784595][ T9248] ? xfrm_state_lookup+0x1a0/0x1a0 [ 203.789931][ T9248] xfrm_state_lookup+0xef/0x1a0 [ 203.794817][ T9248] ? xfrm_state_lookup+0x36/0x1a0 [ 203.799873][ T9248] xfrm_add_sa_expire+0x19d/0x4b0 [ 203.805270][ T9248] ? apparmor_capable+0x137/0x1a0 [ 203.810515][ T9248] ? xfrm_add_acquire+0xaf0/0xaf0 [ 203.815905][ T9248] ? __nla_parse+0x40/0x50 [ 203.820534][ T9248] xfrm_user_rcv_msg+0x596/0x870 [ 203.825635][ T9248] ? lockdep_hardirqs_on+0x98/0x150 [ 203.831430][ T9248] ? xfrm_netlink_rcv+0x90/0x90 [ 203.836429][ T9248] ? __local_bh_enable_ip+0x12e/0x1c0 [ 203.842079][ T9248] ? __dev_queue_xmit+0x245/0x35a0 [ 203.848037][ T9248] ? __mutex_trylock_common+0x153/0x250 [ 203.853712][ T9248] netlink_rcv_skb+0x216/0x480 [ 203.858691][ T9248] ? xfrm_netlink_rcv+0x90/0x90 [ 203.863660][ T9248] ? netlink_ack+0x1110/0x1110 [ 203.868534][ T9248] ? netlink_deliver_tap+0x2e/0x1b0 [ 203.873872][ T9248] ? __lock_acquire+0x7c80/0x7c80 [ 203.879046][ T9248] xfrm_netlink_rcv+0x79/0x90 [ 203.884124][ T9248] netlink_unicast+0x751/0x8d0 [ 203.889219][ T9248] netlink_sendmsg+0x8c1/0xbe0 [ 203.894292][ T9248] ? netlink_getsockopt+0x580/0x580 [ 203.899632][ T9248] ? aa_sock_msg_perm+0x94/0x150 [ 203.904861][ T9248] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 203.910229][ T9248] ? security_socket_sendmsg+0x80/0xa0 [ 203.915796][ T9248] ? netlink_getsockopt+0x580/0x580 [ 203.921382][ T9248] ____sys_sendmsg+0x5bf/0x950 [ 203.926561][ T9248] ? __asan_memset+0x22/0x40 [ 203.932851][ T9248] ? __sys_sendmsg_sock+0x30/0x30 [ 203.938193][ T9248] ? __import_iovec+0x5f2/0x860 [ 203.943187][ T9248] ? import_iovec+0x73/0xa0 [ 203.948081][ T9248] ___sys_sendmsg+0x220/0x290 [ 203.953552][ T9248] ? __sys_sendmsg+0x270/0x270 [ 203.958647][ T9248] __se_sys_sendmsg+0x1a5/0x270 [ 203.963540][ T9248] ? __x64_sys_sendmsg+0x80/0x80 [ 203.968807][ T9248] ? lockdep_hardirqs_on+0x98/0x150 [ 203.974471][ T9248] do_syscall_64+0x55/0xb0 [ 203.979211][ T9248] ? clear_bhb_loop+0x40/0x90 [ 203.984281][ T9248] ? clear_bhb_loop+0x40/0x90 [ 203.989194][ T9248] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 203.996057][ T9248] RIP: 0033:0x7fe7afd8ebe9 [ 204.001097][ T9248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.023452][ T9248] RSP: 002b:00007fe7b0b55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 204.032452][ T9248] RAX: ffffffffffffffda RBX: 00007fe7affc5fa0 RCX: 00007fe7afd8ebe9 [ 204.040910][ T9248] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 204.049573][ T9248] RBP: 00007fe7afe11e19 R08: 0000000000000000 R09: 0000000000000000 [ 204.058015][ T9248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.066810][ T9248] R13: 00007fe7affc6038 R14: 00007fe7affc5fa0 R15: 00007fff4029e5e8 [ 204.075104][ T9248] [ 204.078481][ T9248] Kernel Offset: disabled [ 204.083029][ T9248] Rebooting in 86400 seconds..