last executing test programs: 24.69612107s ago: executing program 0 (id=996): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xa4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24ff7", 0xd7}, {&(0x7f00000003c0)="b0f1359e245c5b5f7fea1265424c55176a99512bba0c1fd67873141ea342", 0x1e}], 0x2}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000001bc0)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbdd600fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea42f48006c032b24d9e8d722841b7c7244b1d2cc012fcda1f7472fdbabb673ef862e32b359fad715b3f5cef6ef951abab80a4a0f5f8574395c5820fa25d07a119e23b39a87cb3b763fbfb0493121eec3e05eacbe7835e79e74881d1179013622a2a6421d51c974e6abd48a9882c8fcadbcee369346a9ad948fd5dd8f87496a30a9d888cdbcee8f3592dd69165358c4cd47463", 0x1b4}], 0x1}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/4084, 0xff4, 0x1, 0x0}, &(0x7f0000000180)=0x40) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x16) ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000040)=0x1) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)=0xffffffffffffff7f, 0x12) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 23.327968499s ago: executing program 0 (id=1001): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r3, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000180)='%ps \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r5, 0x18000000000002a0, 0x48, 0x62, &(0x7f0000000600)="b9ff03075fe9008cb89e08e09900", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x28) 21.39698877s ago: executing program 0 (id=1006): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_emit_ethernet(0x86, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbb"], 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000ac0)=0x8) close(0x3) r3 = socket(0x2, 0x80805, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000400)={r5, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x31}}}}, &(0x7f00000002c0)=0x84) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000000c0)={r2, 0xffffffff}, 0x8) 21.260359436s ago: executing program 0 (id=1009): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setresuid(0xee01, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=[@cred={{0x1c}}], 0x20}}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x845, &(0x7f00000005c0)={[{@shortname_winnt}, {@shortname_winnt}, {@shortname_lower}, {@shortname_winnt}, {@shortname_winnt}, {@fat=@discard}, {@fat=@check_strict}, {@shortname_mixed}, {@shortname_winnt}, {@rodir}, {@shortname_win95}, {@fat=@sys_immutable}, {@utf8}]}, 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2100) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x300, 0x0, 0x103ff}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffff000000000000210085000000360000009500070000000000b83f3584230b8f5ec8921327291cf4880dd3a91af830f8a476ba1b51d4eb67103b000000000000000000000000000000640f9922d207e93470686f20ad"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70) 20.897929601s ago: executing program 0 (id=1014): ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) write$sysctl(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x2, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) 16.748599529s ago: executing program 0 (id=1024): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r6, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48050}, 0x0) 15.814034909s ago: executing program 32 (id=1024): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r6, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48050}, 0x0) 13.94017656s ago: executing program 1 (id=1031): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'dummy0\x00', {0x2, 0x4e24, @private=0xa010101}}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2(&(0x7f0000001040)={0xffffffffffffffff}, 0x0) vmsplice(r4, &(0x7f0000000840)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0xb) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=@newtfilter={0xbc, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x90, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0x2, 0x4}}, @TCA_U32_SEL={0x37, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0x3, 0x58f, [{0xebd, 0x1, 0x1, 0x7}, {0x0, 0x8000, 0x4, 0x1}, {0xd7ca, 0x6, 0xcd05, 0x3}, {0x5, 0x9, 0x9, 0xffff}, {0x8001, 0xc295, 0x0, 0xfffffff6}, {0x4, 0x2, 0x81, 0x5}, {0x200, 0x53b0, 0xb04, 0x800}]}}]}}]}, 0xbc}}, 0x24040084) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000440)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c) syz_emit_ethernet(0xc6, &(0x7f00000005c0)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}, @val={@val={0x88a8, 0x3, 0x0, 0x100}, {0x8100, 0x2, 0x0, 0x3}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0xfffe, 0x0, 0xe0, 0x2f, 0x0, @multicast2, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "1ed7329804809bb8505bd5a3ae803d0bf0f0c9e93776a7ce80c12d04d22d769c", "2d6d5930d1640cc68bff24e55cd55e681ea1788b3ea345a6c31ce7c811a0206e93e820a610026800", "04ebcf4f4bfe923d967f2b5dfd7c768907275a30ef5e47086b5d4ba2", {"497bb35dc6924c5a91417419ac45745f", "47bf4a42a4b3996af4cf9193bcbe3864"}}}}}}}, 0x0) 9.420956825s ago: executing program 2 (id=1036): r0 = socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001280)=@mangle={'mangle\x00', 0x2, 0x6, 0x560, 0x0, 0x280, 0xd0, 0x280, 0xd0, 0x490, 0x490, 0x490, 0x490, 0x490, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000010000000}}, @HL={0x28}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0xe}, @dev, [], [], 'veth1_macvtap\x00', 'veth1_vlan\x00', {}, {0xff}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x0, 0x6}, {0x4000}}}}, {{@ipv6={@ipv4, @dev={0xfe, 0x80, '\x00', 0x14}, [], [], '\x00', 'bond_slave_0\x00', {}, {}, 0x8, 0x0, 0x1}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x3a}, @empty, [0xffffffff, 0xff, 0xff], [0xff, 0x0, 0xff000000, 0xffffffff], 'virt_wifi0\x00', 'batadv_slave_0\x00', {0xff}, {}, 0x2c, 0x1, 0x0, 0x42}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@eui64={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv4=@loopback, 0x0, 0x1}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5c0) 9.397805116s ago: executing program 1 (id=1038): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9a860675e5aa2a63, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNADDRESOURCE(r3, 0x89e0, &(0x7f0000000180)=0x5) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x9, 0x0, 0x0) 8.316650923s ago: executing program 1 (id=1039): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200003, 0x40200003, 0x0, 0x6, 0x7}) r1 = syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x2, 0x522, &(0x7f00000006c0)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtlHVC+VUIVQJ0SOHbUicKIodR7FTmrCH7JE7EpU4wYkzByQOSD1xR+IANy7lgFRgBWqQkHDlsZ11/ji2sondjX8/aeQ38zz+3tvRvGd93swLYGLdioj9iLgWEe9GxFzneNLZ4s321nrfJ48eLB88erCcRLP5zj+TrL51LHrOaXmm85n5iPjBWxE/So4F/VNEfXdvY6lSKW93DhUb1a1ifXfv7np1aa28Vt4slRYXFudfv/da6cL6+lL1Nx9fj4jf/+7LH/1x/1s/aTVrtlPX24+L1O76zGGclumI+N5lBBuDqU5/rp3n5HOdxEVKI+JzEfFydv/PxVR2NY86epm+PcLWAQCXodmci+Zc7z4AcNWlWQ4sSQudXMBspGmh0M7hvRA30kqt3rizWtvZXGnnym7GTLq6XinPd3KFN2MmWV2fLi9k5e5+pVxKju7fi4jnI+JnuevZfmG5VlkZ5xcfAJhgzxyb//+Ta8//AMAVl39czI2zHQDA6OTH3QAAYOTM/wAwecz/ADB5zP8AMHnM/wAwecz/ADBRvv/2262tedB5/vXKe7s7G7X37q6U6xuF6s5yYbm2vVVYq9XWsmf2VAd9XqVW21p4NXbeLzbK9Uaxvrt3v1rb2Wzcz57rfb88M5JeAQBnef6lD/+SRMT+G9ezLXqe9z9wrn7xslsHXKZ03A0AxmZq3A0Axubkal/ApJCPh8n1/2azGT1r90bEw8NSz8NA+/4XoQ+GCpNaNxQ+e25/8Qny/8BTTf4fJtf58v++y8NVIP8Pk6vZTKz5DwATRo4fSAbU9/7+P9/s2Rnu938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4kmazLUkLnbXAZyNNC4WIZyPiZswkq+uV8nxEPBcRf87N5Fr7CxFh3SAAeJqlf08663/dnntl9njttdx/c9lrRPz4F+/8/P2lRmN7IeJa8q/D440POsdL42g/ADBId57uzuNdnzx6sNzdRtmej7/TXly0Ffegs7VrpmM6e81nuYYb/046+22t7ytTFxB//2FEfOG0/idZbuRmZ+XT4/FbsZ8dafz0SPw0q2u/tv4tPn8BbYFJ82Fr/HnztPsvjVvZ6+n3fz4boZ5cd/w7ODH+pYfj31Sf8e/WsDFe/cN3TxxszrXrHkZ8aTrioPvhPeNPN37SJ/4rQ8b/64tfeblfXfOXEbfjtP4nR2IVG9WtYn137+56dWmtvFbeLJUWFxbnX7/3WqmY5aiL3Uz1Sf94485z/eK3+n+jT/z8gP5/fcj+/+p/7/7wq2fE/+bXTr/+L5wRvzUnfmPI+Es3fpvvV9eKv9Kn/4Ou/50h43/0t72VEwcHLTgOAFya+u7exlKlUt5+8kL+zPekFxFiiEISsX/JIR4Xcr/+6VuD35wbWXvOWYh+VVOflRZemULuHGflL/Y+HbIw7pEJuGyPb/pxtwQAAAAAAAAAAAAAAOhnFH9ONO4+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHV9GgAA///+udUz") ioctl$F2FS_IOC_START_VOLATILE_WRITE(r1, 0xf503, 0x0) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x130) rename(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000002c0)='./file0/file0\x00') syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0xb, 0x6, "839e46", 0x0, 0x2b, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2}}}}, 0x0) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@any, 0x7fff}}}, 0xd) r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, r2, 0x52b242d) keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x3}) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0904040000000000000002000000240004c0200001800e000100696d6d6564696174650000000c00028008000140000020000900010073797a30000000000900020073797a32000000001400000011000100000000005547025a8c21fa0f4c65b41c644f2b406e574cc48e937c7fc4e5dc4edfd2663f7de2beb84c2e57d7f20193195e4db788e21f2f2fdccca3e248813dea065981932e75144b025781a7ade84121b7f716dedb3aea8f58b2bd1034a1376683b8f016d231eecf0ca3905c1f2c2a2eb0a61215d988cb4c33be2dfb027d3d666e2d2fdcb2c9e45f156955f13e3dedfaadf8902c3b13ac05fc0427849c40e6152e9a1d5a407a6ab3feef62d433972fa3093b256c951f8be88f3d8b2d4a9cb1ec88145a02956b4aa0aa7f5b119a843deec2a71e9b8c8e6f9dfa49fc63319ffc15d9f694341add9e0483e611d2bd"], 0x78}}, 0x0) 8.298412524s ago: executing program 2 (id=1040): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r3, 0x9003000000000000, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x178, 0x178, 0x178, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "d9d9e63590ab5471c46924e95540949f0cd7e2b0a94d71d9d944acb7f0a1297674a95b30cee19db4c1725572ba928385b1635c89b58ae9a0e1ea500b26f006da3fa8a134552f7980e92de5a784cd4f46e799e191835d7d5ea776f04bef524e22f0bb6ed4b00f44ceb936943e13fa1caa6b4b159c673db1efa9a08b1ddc74ce6c", 0x43, 0x3}}, @common=@inet=@socket3={{0x28}, 0x51}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) 8.136232611s ago: executing program 3 (id=1041): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$cont(0x9, r3, 0x33e, 0x3) 6.218643553s ago: executing program 2 (id=1042): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) syz_clone3(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_GET_SERVICE(r2, 0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r1, 0x0) setfsuid(0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) fcntl$notify(r3, 0x402, 0x1a) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000000)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r4, 0x1, r0, 0x4}) 6.217631383s ago: executing program 3 (id=1043): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r0, 0x0, 0x118) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close(r1) r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1) fcntl$setlease(r3, 0x400, 0x1) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) 5.218951286s ago: executing program 1 (id=1044): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) close(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_NAT={0x8, 0xb, 0x1}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0x7f, 0x6, @broadcast}, 0x14) 5.207997797s ago: executing program 3 (id=1045): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket(0xa, 0x3, 0x2) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet6(r0, 0x0, 0x0, 0x4004804) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) syz_mount_image$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x14002, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x4002, 0x0, 0x1, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x804053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) renameat2(r3, &(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0) 5.140120879s ago: executing program 2 (id=1047): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) close(0x3) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz1:', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) 4.956402137s ago: executing program 3 (id=1048): pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) sendto$inet6(r1, &(0x7f0000000240)="c62ee5d6a89f2387cb4093532f7c0a22ce", 0xffffffffffffff69, 0x8040, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r2, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) sendto$inet(r2, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) splice(r2, 0x0, r0, 0x0, 0xfea8, 0xa) 4.947965518s ago: executing program 4 (id=1049): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x30]}}}}]}) 3.777459788s ago: executing program 3 (id=1050): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001340)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004070000000000000500000000000e1ff95000000000000002ba76bb33123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00ba19ce670d25010000020000040000009fc404000000c788b277beee11bf9b0a4def23d410f6accd3641110bec4e90a6341965dac03d04683712a0b09edc9e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e3e8eea3fd8cf49827ca311f5b87e1ca6433a8acd715f5888b2007f0000000000000000010000000000fb00010000000000414027efc84222000000005335001db43a5c000000000000000024000000000000000000e75a812ded5297d531afbf405f1e846c1242000000000000cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617da7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cbc30891f7e5ff7fd6fce424c2200af6c3784a1975fa657de38a3a32a4fd67ce446ac5431d07db79240acaf091231b986e77d05d988d6edc71df48dca02113a3830007462b5543f2c1669557b3819d8c396d2c2361629d1022f722ec23812770d72cd0010000007889b8c7044f563a1f68d4eff895fdbc463f747c08f401058690350000000000000000000000000025902e4a196fb169780000000000000000000000080000003ddf4aa4b1c8baa0ae6feb6737c275dc2740f742b5425f1d581961471cdb0500000000000000d4123f955267fe4a75c114f874e086287547d4099aeec9f1538ee25a365ccf4a9b604e88e12ff25184d4e3c6f7f623559435b26b50fb7113000000f0bc440550ee91302f5a00000000000000000000000000000000e67ccc00148ac4c43021cce9f24f4b2f9492c32e7af05c648978d9980ba49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec2c3f4523110c0acef5383b5a2720caeb68f1e9c05b05d89467ded84da092dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad39e42a7097ddefe0671f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32881dfd15dc84e79d326337e21e041654f06bd7f000000000000000000000000000000282ffe0000000009350cfa3ab109ab4a7d95938c5334a0dd177f1a7389ee570d95e543a27546d3770740f354df6dd6b1bfe4104d2262f33f596d606ccce75a3c3d5f9ad94a7316b0c6ad14f1398a6b39b07121f636da418b34d48677cf8d2d99ee8ac50142bcdcc73dd73cc6ec46896ffb35ac82ac7a9309ea07396d2814dc630ad1a9913934849be25f7b81b59aaa9fa2e9d6ecafcfa1de81b2d3581ab1138537f98d2240b6c2bf40569da4e2bb77532ab9220347d78319617d17e14f7331486e80b95c88ae11b1c6b6ea6c2b2311d6ce6315cc451dd50ac746acd59d075b41f9a747894956b10453ccf6527d8f579256e9849bbaf6c7c84362209d3d2320101d575a83f33e75011ed8b48a2f52a03ec09c277b596d5eb491b6b380533be019894e7fc1a414ae38f1f448a7f6423bb12169d6f41665c5edfa3b47acd4d23b826d15361528d7c5a27e1120ca9537c8c8cccbb3ae86a91894372120488b82ecad3538899e53a36844aa515ebdbb1cd69a33b584f8e1c796827703f3894c93dd5a77607cb6c1191b89b303c1381f3e6016bf6c0e710750b43eb9a8fd0d7d71492ac43baec4994396f0fdfe7cecf248b88ba9406c7b8e5ec4882d52a0cd4b9b1c8327e811e6ba2572ff5a59dc8c5c90464aa3942b4a256e8a513155fae5b3ebcc47d2e1a8768c2da219f47595f83239688ef9f55937c9e3447fb532cabc44bd5b805356cf12b89514"], &(0x7f0000000140)='GPL\x00'}, 0x48) syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000040)='./file1\x00', 0x121c488, &(0x7f00000005c0)=ANY=[], 0x1, 0x2d9, &(0x7f0000000200)="$eJzs3T9vG2UcB/DfOc75gMEemBBST6IDU0U6gVgcoVZCZKLyUBggoq2EYguplSLxR7idWFkYGHgFSEgsvIsuvAMkViQ2ilTp0J3v4nNwEzvEQZDPZ+mvz/N8757n8sSxhzz58OXJwZ087j364pfIsiQ6wxjGkyQG0YnGw1gw/DoAgP+yJ0URvxcz6+SSiMg2Ny0AYINW+/nfnZc/Xsi0AIANunX7vXd29/ZuvJtFFjcnXx2Oyk/25b+z/t178XGM4268Fv14GlG9T6g/+Jf1zaIopt28NIirk+nhqExOPnhcX3/3t4gqvxP9GBzFqncbVf7tvRs7VTzvtfLTch7P1/cflvnr0Y8Xj8IL+euzfN7OxyiNV19pzf9a9OPnj+KTGMedahLz/Jc7ef5W8c0fn79fTq/MJ9PDUa8aN1dsXeTXBQAAAAAAAAAAAAAAAAAAAACA/7dreXP4Tn4lrk7Kpvr8na2naT2mHjKYp8r+WZU0Ta3zgUrTIr6bHSm4fZQaLOS78VK3fbAgAAAAAAAAAAAAAAAAAAAAXF4PI2J/PL57/8Gnnx3846I5DaAbEX/eOvuVh62WK3Hy4F59z/3xuFOXC2Mep+2W2GrGJBEnTqNcxDk9ltOK57Jjc26K738oF7jOBbNWyxvLF7h92rpu14/07OtqdtfBfrL8Xr1oWrJ6k3ybRszHpLHivdJndRULG/u0JadLu/prrz19oSqmzxxTJEu2aKt489dZf92SHP/2TKunuvTu23XRih/bGyvt58hm8b+/ViTVaR29Vsvr5/lSBAAAAAAAAAAAAAAAAAAAl978t3/L//202PnoxGin6G10agAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwYeZ//3+NYlqHVxicxv0H//ISAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAT+CgAA///ZVko8") bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={r3, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000700)={r4}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x703, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 3.777227808s ago: executing program 4 (id=1051): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_rr_get_interval(r0, 0x0) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="020100030e000000000000000400000005000600000000000a00000000000000fc000000000000000000000000000000000004000000000005000500000000000a00000000000000060100000000000000000000000000aa0100000000000000020013"], 0x70}}, 0x0) 3.50063557s ago: executing program 2 (id=1052): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x20, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x4001) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) dup2(r1, r4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) sendto$inet6(r4, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000440)={r3, 0x2, 0x1, "fa"}, 0x9) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r4, 0x84, 0x19, &(0x7f0000000140)={r3, 0x2}, 0x8) 2.716606104s ago: executing program 2 (id=1053): syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r2, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r2, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x42) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040), 0xffc1) 2.573664269s ago: executing program 4 (id=1054): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x26) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4e20, 0x0, 0x4e22, 0x0, 0xa, 0x0, 0x20}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in6=@rand_addr=' \x01\x00', 0x800, 0x33}, 0xa, @in=@multicast1, 0x3506, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) 1.40231164s ago: executing program 4 (id=1055): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r0, 0x0, 0x118) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close(r1) r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1) fcntl$setlease(r3, 0x400, 0x1) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) 410.404303ms ago: executing program 1 (id=1056): ioprio_set$pid(0x2, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x1030002}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff) sendfile(r4, r4, 0x0, 0xfffe80) 136.598164ms ago: executing program 1 (id=1057): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, 0x0, 0x200, 0x70bd2d, 0x25dfdfff}, 0x14}, 0x1, 0x0, 0x0, 0x20004005}, 0x2000c800) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r4, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc000800050006000000140004"], 0x58}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000002c0)={0x1c, r7, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) 136.298375ms ago: executing program 4 (id=1058): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000009000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="66b9800000c00f326635010000000f30bf44000f4af90f30b80e008ed8650f01c4f30fc7b1001066b8d38fffff0f23c80f21f866350000c0000f23f8ba2000b006ee660f380761e2", 0x48}], 0x1, 0x40, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_create(0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, 0x0, 0x0) epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x4) timer_settime(0x0, 0x1, 0x0, 0x0) 40.486899ms ago: executing program 3 (id=1059): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4040000}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r4, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 0s ago: executing program 4 (id=1060): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x400}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001ac0)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="56c355abbfb25656ae8a254adbc339dc171b30490a7ad42beee1cc68f78a8385a4fb8d437f96cb58b8d6a6726c0e7430596065733ec05015e505f57e964a01cab2df588439b0802434212b9f81c24fad954d423a80dda784c4d408490a47e6cfb048f5", 0x63}, {&(0x7f0000000180)="623f4e67cc0c62c634ad8c6a889c76c10b8d261e9635d3b00f03c133f0c990884b180fbc7caeffc198ae6f4f953b7cb5fab2ae4c2618a983ecf70d162e7c626afb1247fa12cab36da696c7bdd4b7839ed417fb7d055cb0da1cfc13b8639d93d0f494b6e54246411c754e50ec7dcf25636a67b582e414376d4b59cf34a8dfca96ef9a5163feec8ddebd25e01d4458ba023b8cccbea8b71219fc7d7738644ac009cea5897d32285128d56e87a2542c15e32c042ed2512f017c5ac805dad39d7295ad65c0d91f0d96d059e738c8d21944a3af3276d20e31914b316088d362719b64ad045f53d76b9d4915405c7ecc83f95fa86e455a52336dc376b6682eec206340f03751ee755138b999d8664535352fe7620407637767889da2cc016651b803a6e8290cd4de8b24de609f0e3dc85bb2c10c76b762d35de22789cd1ee9ff1595d9ed5b221fbb53af0568ebae", 0x14b}], 0x2}}], 0x2, 0x20000040) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c1000003e0007012ebd700004101c000100000004000002041001"], 0x101c}}, 0x0) kernel console output (not intermixed with test programs): [ 72.734981][ T4269] Bluetooth: hci1: command 0x041b tx timeout [ 72.747836][ T4269] Bluetooth: hci3: command 0x041b tx timeout [ 72.768799][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.780006][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.792240][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.802052][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.813886][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.825031][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.836147][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.845212][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.855525][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.884488][ T4183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.896140][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.906190][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.914635][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.924879][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.934740][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.944383][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.955838][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.965362][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.974819][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.984400][ T4186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.997990][ T4185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.019022][ T4184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.041546][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.059029][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.084794][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.094357][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.124122][ T4183] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.152481][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.166475][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.193742][ T4187] device veth0_vlan entered promiscuous mode [ 73.215174][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.226374][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.265973][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.279500][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.290523][ T1214] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.298123][ T1214] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.306349][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.316056][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.325414][ T1214] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.333244][ T1214] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.341994][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.366722][ T4187] device veth1_vlan entered promiscuous mode [ 73.390519][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.400096][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.408574][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.419132][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.427249][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.435619][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.447624][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.456833][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.465883][ T4185] device veth0_vlan entered promiscuous mode [ 73.480562][ T4185] device veth1_vlan entered promiscuous mode [ 73.504525][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.515859][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.528786][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.538291][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.547142][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.555559][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.569790][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.582486][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.591260][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.601037][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.637722][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.647175][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.658104][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.671856][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.684981][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.698803][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.711332][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.745123][ T4186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.759878][ T4183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.785115][ T4184] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.800109][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.810350][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.823394][ T4185] device veth0_macvtap entered promiscuous mode [ 73.848195][ T4187] device veth0_macvtap entered promiscuous mode [ 73.861864][ T4187] device veth1_macvtap entered promiscuous mode [ 73.895954][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.911654][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.925692][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.940179][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.951590][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.970698][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.980622][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.992808][ T4185] device veth1_macvtap entered promiscuous mode [ 74.036370][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.062245][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.072846][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.083792][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.092830][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.102519][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.115037][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.133921][ T4184] device veth0_vlan entered promiscuous mode [ 74.145841][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.155427][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.165241][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 74.174530][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.185067][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.193617][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.203897][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.215549][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.228134][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.255349][ T4184] device veth1_vlan entered promiscuous mode [ 74.264654][ T4187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.273687][ T4187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.283318][ T4187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.292405][ T4187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.304352][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.313992][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.323584][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.335425][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.346276][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.359191][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.387656][ T4186] device veth0_vlan entered promiscuous mode [ 74.394418][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.405678][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.414610][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.425528][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 74.434021][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.445595][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.454834][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.470710][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.478483][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.492510][ T4186] device veth1_vlan entered promiscuous mode [ 74.543483][ T4185] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.553302][ T4185] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.564078][ T4185] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.573137][ T4185] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.621598][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.636145][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.644453][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.653760][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.665927][ T4184] device veth0_macvtap entered promiscuous mode [ 74.680300][ T4186] device veth0_macvtap entered promiscuous mode [ 74.691591][ T4183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.720130][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.730185][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.739178][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.751852][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.766326][ T4186] device veth1_macvtap entered promiscuous mode [ 74.785976][ T4184] device veth1_macvtap entered promiscuous mode [ 74.797508][ T13] Bluetooth: hci3: command 0x040f tx timeout [ 74.804053][ T13] Bluetooth: hci1: command 0x040f tx timeout [ 74.811050][ T13] Bluetooth: hci2: command 0x040f tx timeout [ 74.837777][ T1452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.845917][ T1452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.862109][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.867215][ T13] Bluetooth: hci4: command 0x040f tx timeout [ 74.876318][ T13] Bluetooth: hci0: command 0x040f tx timeout [ 74.878842][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.892614][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.901642][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.911584][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.926796][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.937665][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.948684][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.959357][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.970899][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.993555][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.007425][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.017548][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.028551][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.038922][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.049653][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.061172][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.075104][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.084926][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.093893][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.103244][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.123521][ T1184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.128671][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.142763][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.149775][ T1184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.153655][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.171994][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.183696][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.200118][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.211949][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.222795][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.233762][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.244021][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.255094][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.266657][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.299581][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.308413][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.318584][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.328348][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.340855][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.350992][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.360173][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.369689][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.378073][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.388046][ T4186] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.396799][ T4186] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.407370][ T4186] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.416105][ T4186] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.438085][ T4183] device veth0_vlan entered promiscuous mode [ 75.452779][ T1184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.481350][ T4184] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.491387][ T4184] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.502427][ T1184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.512519][ T4184] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.522494][ T4184] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.545646][ T4183] device veth1_vlan entered promiscuous mode [ 75.565394][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.577667][ T1184] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.660630][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.667593][ T1214] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.672129][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.685751][ T1214] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.700582][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.713019][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.733141][ T4302] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5'. [ 75.762081][ T4183] device veth0_macvtap entered promiscuous mode [ 75.814481][ T4301] Zero length message leads to an empty skb [ 75.836130][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.858400][ T1452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.866727][ T1452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.885456][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.897120][ T4183] device veth1_macvtap entered promiscuous mode [ 75.911769][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.935544][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 75.972446][ T4304] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 75.979602][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.998448][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.214963][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.238603][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.246635][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.246664][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.264486][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.474919][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.614536][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.672715][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.727690][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.786733][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.979310][ T4292] Bluetooth: hci2: command 0x0419 tx timeout [ 76.986188][ T4292] Bluetooth: hci1: command 0x0419 tx timeout [ 76.992828][ T4292] Bluetooth: hci3: command 0x0419 tx timeout [ 77.001433][ T4292] Bluetooth: hci0: command 0x0419 tx timeout [ 77.007649][ T4292] Bluetooth: hci4: command 0x0419 tx timeout [ 77.031965][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.049282][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.072356][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.120318][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.156521][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.179751][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.194391][ T1214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.207309][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.218785][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.231014][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.248128][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.258280][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.269918][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.279985][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.290462][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.304574][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.349261][ T4315] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8'. [ 77.408244][ T4317] device erspan0 entered promiscuous mode [ 77.432380][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.470285][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.497661][ T4318] device macvlan2 entered promiscuous mode [ 78.263343][ T4183] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.287916][ T4183] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.354159][ T4183] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.369757][ T4183] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.383165][ T4314] device erspan0 left promiscuous mode [ 78.421799][ T4332] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 79.434657][ T4340] netlink: 24 bytes leftover after parsing attributes in process `syz.1.14'. [ 81.739721][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.749813][ T1184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.918588][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.926875][ T1184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.380118][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 82.398150][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.009958][ T4366] loop1: detected capacity change from 0 to 32768 [ 85.010119][ T4366] JFS: continu is an invalid error handler [ 85.079501][ T4396] device syzkaller0 entered promiscuous mode [ 85.435530][ T4406] loop2: detected capacity change from 0 to 64 [ 87.675004][ T1110] cfg80211: failed to load regulatory.db [ 87.781703][ T4414] device syzkaller0 entered promiscuous mode [ 88.857004][ T4421] netlink: 24 bytes leftover after parsing attributes in process `syz.3.35'. [ 88.887086][ T4432] netlink: 24 bytes leftover after parsing attributes in process `syz.0.38'. [ 90.236812][ T1107] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 90.308209][ T1107] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 90.343462][ T4447] loop2: detected capacity change from 0 to 32768 [ 90.393032][ T4447] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.41 (4447) [ 90.486168][ T4447] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 90.495562][ T4447] BTRFS info (device loop2): using free space tree [ 90.502204][ T4447] BTRFS info (device loop2): has skinny extents [ 90.676716][ T4455] loop1: detected capacity change from 0 to 4096 [ 90.870505][ T4447] BTRFS info (device loop2): enabling ssd optimizations [ 91.586319][ T4489] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 92.108903][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 92.150719][ T4515] process 'syz.4.55' launched './file0' with NULL argv: empty string added [ 92.211260][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 92.313672][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 92.723018][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 92.825677][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 93.006904][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 93.015908][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 93.711283][ T4529] netlink: 'syz.1.61': attribute type 27 has an invalid length. [ 93.719254][ T4529] netlink: 'syz.1.61': attribute type 4 has an invalid length. [ 93.728280][ T4529] netlink: 144 bytes leftover after parsing attributes in process `syz.1.61'. [ 94.178393][ T4537] netlink: 12 bytes leftover after parsing attributes in process `syz.2.63'. [ 95.705979][ T4547] loop2: detected capacity change from 0 to 4096 [ 96.575482][ T4585] sch_fq: defrate 53322 ignored. [ 98.809592][ T4602] netlink: 24 bytes leftover after parsing attributes in process `syz.1.83'. [ 98.978362][ T4606] netlink: 'syz.2.85': attribute type 1 has an invalid length. [ 99.142221][ T4614] batman_adv: batadv0: Adding interface: dummy0 [ 99.153001][ T4614] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.222441][ T4614] batman_adv: batadv0: Interface activated: dummy0 [ 99.337285][ T4616] loop1: detected capacity change from 0 to 512 [ 99.403083][ T4620] loop4: detected capacity change from 0 to 4096 [ 102.356934][ C1] sched: RT throttling activated [ 102.374721][ T4616] EXT4-fs (loop1): inline encryption not supported [ 102.399914][ T4616] EXT4-fs: failed to create workqueue [ 102.405898][ T4616] EXT4-fs (loop1): mount failed [ 102.862010][ T4648] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0) [ 105.383408][ T4684] loop2: detected capacity change from 0 to 128 [ 105.861798][ T4692] loop4: detected capacity change from 0 to 1024 [ 106.646285][ T4691] loop0: detected capacity change from 0 to 512 [ 106.903457][ T4692] netlink: 12 bytes leftover after parsing attributes in process `syz.4.111'. [ 107.016030][ T4691] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 107.148579][ T4701] loop2: detected capacity change from 0 to 1024 [ 107.231644][ T4701] EXT4-fs (loop2): INFO: recovery required on readonly filesystem [ 107.239636][ T4701] EXT4-fs (loop2): write access will be enabled during recovery [ 107.253842][ T4701] JBD2: no valid journal superblock found [ 107.259910][ T4701] EXT4-fs (loop2): error loading journal [ 107.467897][ T4691] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.872044][ T4705] input: syz0 as /devices/virtual/input/input5 [ 109.668946][ T4719] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 110.713930][ T4723] netlink: 12 bytes leftover after parsing attributes in process `syz.3.121'. [ 112.116161][ T4733] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 112.141905][ T4733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 112.191782][ T4733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 112.220654][ T4733] device bridge_slave_0 left promiscuous mode [ 112.232198][ T4733] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.269642][ T4733] device bridge_slave_1 left promiscuous mode [ 112.286287][ T4733] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.306879][ T4733] bond0: (slave bond_slave_0): Releasing backup interface [ 112.343796][ T4733] bond0: (slave bond_slave_1): Releasing backup interface [ 112.420580][ T4733] team0: Port device team_slave_0 removed [ 112.476409][ T4733] team0: Port device team_slave_1 removed [ 112.489987][ T4733] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.498159][ T4733] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 112.508273][ T4733] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 112.516017][ T4733] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 112.535707][ T4736] netlink: 'syz.2.124': attribute type 10 has an invalid length. [ 112.569341][ T4736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.588324][ T4736] team0: Port device bond0 added [ 112.627430][ T4740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.124'. [ 112.711272][ T4740] team0 (unregistering): Port device bond0 removed [ 112.764966][ T4744] netlink: 'syz.3.126': attribute type 39 has an invalid length. [ 112.855364][ T4747] netlink: 168 bytes leftover after parsing attributes in process `syz.4.127'. [ 113.239738][ T4760] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.376460][ T4733] syz.2.124 (4733) used greatest stack depth: 21184 bytes left [ 113.617899][ T4771] pit: kvm: requested 72914 ns i8254 timer period limited to 200000 ns [ 113.646430][ T4771] pit: kvm: requested 43580 ns i8254 timer period limited to 200000 ns [ 113.674810][ T4771] pit: kvm: requested 43580 ns i8254 timer period limited to 200000 ns [ 113.694947][ T4771] pit: kvm: requested 191923 ns i8254 timer period limited to 200000 ns [ 113.715270][ T4771] pit: kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 113.735485][ T4771] pit: kvm: requested 74590 ns i8254 timer period limited to 200000 ns [ 113.759398][ T4771] pit: kvm: requested 74590 ns i8254 timer period limited to 200000 ns [ 113.786154][ T4771] pit: kvm: requested 82133 ns i8254 timer period limited to 200000 ns [ 113.810899][ T4771] pit: kvm: requested 128228 ns i8254 timer period limited to 200000 ns [ 113.844073][ T4771] pit: kvm: requested 81295 ns i8254 timer period limited to 200000 ns [ 114.123414][ T4781] netlink: 12 bytes leftover after parsing attributes in process `syz.2.139'. [ 114.154315][ T4781] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 114.164117][ T4781] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 114.172943][ T4781] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 114.181736][ T4781] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 114.212001][ T4781] netlink: 12 bytes leftover after parsing attributes in process `syz.2.139'. [ 120.357397][ T4811] netlink: 'syz.4.148': attribute type 1 has an invalid length. [ 120.496306][ T4817] overlayfs: failed to resolve './bus': -2 [ 120.579081][ T4811] device bond1 entered promiscuous mode [ 120.613184][ T4811] 8021q: adding VLAN 0 to HW filter on device bond1 [ 120.802751][ T4815] netlink: 28 bytes leftover after parsing attributes in process `syz.4.148'. [ 120.864634][ T4819] bond1: (slave bridge1): making interface the new active one [ 120.872474][ T4819] device bridge1 entered promiscuous mode [ 120.882123][ T4819] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 121.638995][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 121.957282][ T1110] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 122.267190][ T1110] usb 3-1: Using ep0 maxpacket: 8 [ 122.567289][ T1110] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 122.576806][ T1110] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.609834][ T1110] usb 3-1: Product: syz [ 122.614072][ T1110] usb 3-1: Manufacturer: syz [ 122.643887][ T1110] usb 3-1: SerialNumber: syz [ 122.671459][ T1110] usb 3-1: config 0 descriptor?? [ 122.745560][ T1110] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 122.774939][ T1110] usb 3-1: setting power ON [ 122.797601][ T1110] dvb-usb: bulk message failed: -22 (2/0) [ 122.854662][ T1110] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 122.917875][ T1110] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 122.926699][ T1110] usb 3-1: media controller created [ 122.951828][ T4835] dvb-usb: bulk message failed: -22 (3/0) [ 122.987085][ T4835] cxusb: i2c rd: len=219 is too big! [ 122.987085][ T4835] [ 123.018666][ T4835] dvb-usb: bulk message failed: -22 (3/0) [ 123.026101][ T1110] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 123.105230][ T1110] usb 3-1: selecting invalid altsetting 6 [ 123.128258][ T1110] usb 3-1: digital interface selection failed (-22) [ 123.134920][ T1110] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 123.222246][ T1110] usb 3-1: setting power OFF [ 123.228354][ T1110] dvb-usb: bulk message failed: -22 (2/0) [ 123.234410][ T1110] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 123.267881][ T1110] (NULL device *): no alternate interface [ 123.312387][ T4864] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.325849][ T4864] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.351877][ T1110] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 123.437126][ T1110] usb 3-1: USB disconnect, device number 2 [ 126.267411][ T1107] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 126.323782][ T4910] netlink: 'syz.0.178': attribute type 11 has an invalid length. [ 126.632880][ T4864] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.657396][ T1107] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 126.679797][ T1107] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 126.695234][ T1107] usb 3-1: config 220 interface 0 has no altsetting 0 [ 126.762806][ T4864] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.857314][ T1107] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 126.866430][ T1107] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.880919][ T1107] usb 3-1: Product: syz [ 126.885140][ T1107] usb 3-1: Manufacturer: syz [ 126.890171][ T1107] usb 3-1: SerialNumber: syz [ 127.407186][ T1107] usb 3-1: Found UVC 0.00 device syz (8086:0b07) [ 127.413607][ T1107] usb 3-1: No valid video chain found. [ 127.424599][ T1107] usb 3-1: USB disconnect, device number 3 [ 127.591973][ T4864] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.601165][ T4864] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.611494][ T4864] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.620610][ T4864] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.773092][ T4894] netlink: 24 bytes leftover after parsing attributes in process `syz.1.172'. [ 127.815834][ T4864] syz.4.164 (4864) used greatest stack depth: 19360 bytes left [ 127.977457][ T4918] device veth0_to_bridge entered promiscuous mode [ 129.587401][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 129.616956][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 129.626148][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 129.963290][ T4938] netlink: 44 bytes leftover after parsing attributes in process `syz.1.188'. [ 130.010282][ T4938] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.018038][ T4938] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.091169][ T4949] loop0: detected capacity change from 0 to 128 [ 131.201464][ T4951] netlink: 'syz.4.192': attribute type 10 has an invalid length. [ 131.298786][ T4951] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 131.487416][ T13] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 131.579697][ T4953] loop3: detected capacity change from 0 to 4096 [ 131.656540][ T4957] binder: 4956:4957 ioctl c0306201 200000000680 returned -14 [ 131.786798][ T4953] ntfs3: loop3: ntfs_set_state r=3 failed, -22. [ 131.847236][ T13] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 131.900178][ T13] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.926373][ T26] audit: type=1326 audit(1764051535.128:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 131.970417][ T154] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22. [ 131.986724][ T13] usb 2-1: config 0 descriptor?? [ 132.003153][ T4183] ntfs3: loop3: ntfs_set_state r=3 failed, -22. [ 132.014689][ T4183] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 132.054357][ T4183] ntfs3: loop3: ntfs_set_state r=3 failed, -22. [ 132.088883][ T26] audit: type=1326 audit(1764051535.128:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 132.143892][ T1452] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22. [ 132.172767][ T4183] ntfs3: loop3: ntfs_evict_inode r=3 failed, -22. [ 132.189117][ T26] audit: type=1326 audit(1764051535.128:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 132.397318][ T13] [drm] vendor descriptor length:6 data:06 5f 61 6e 00 00 00 00 00 00 00 [ 132.410272][ T26] audit: type=1326 audit(1764051535.128:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 132.990001][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.005011][ T13] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 133.381309][ T26] audit: type=1326 audit(1764051535.128:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 133.449033][ T13] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 133.631039][ T4955] ======================================================= [ 133.631039][ T4955] WARNING: The mand mount option has been deprecated and [ 133.631039][ T4955] and is ignored by this kernel. Remove the mand [ 133.631039][ T4955] option from the mount to silence this warning. [ 133.631039][ T4955] ======================================================= [ 133.669182][ T4955] zonefs (nullb0) ERROR: Not a zoned block device [ 133.773102][ T13] [drm] Initialized udl on minor 2 [ 134.422160][ T26] audit: type=1326 audit(1764051535.168:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 134.627220][ T13] [drm:udl_get_edid_block] *ERROR* Read EDID byte 1 failed err ffffffb9 [ 134.667731][ T13] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 135.502786][ T13] usb 2-1: USB disconnect, device number 2 [ 135.528712][ T4240] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed [ 135.541368][ T4240] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed [ 135.559652][ T4240] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 135.566157][ T4988] netlink: 44 bytes leftover after parsing attributes in process `syz.3.204'. [ 135.576243][ T26] audit: type=1326 audit(1764051535.178:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 135.745745][ T4987] loop0: detected capacity change from 0 to 32768 [ 135.806435][ T4988] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.850484][ T4987] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.205 (4987) [ 135.879949][ T26] audit: type=1326 audit(1764051535.178:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 135.932412][ T4987] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 135.941980][ T4987] BTRFS info (device loop0): setting nodatacow, compression disabled [ 135.950190][ T4987] BTRFS info (device loop0): enabling auto defrag [ 135.956691][ T4987] BTRFS info (device loop0): max_inline at 0 [ 135.962842][ T4987] BTRFS info (device loop0): using free space tree [ 135.969519][ T4987] BTRFS info (device loop0): has skinny extents [ 135.976726][ T26] audit: type=1326 audit(1764051535.188:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 136.001541][ T26] audit: type=1326 audit(1764051535.188:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4958 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 137.357018][ T13] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 137.617075][ T13] usb 4-1: Using ep0 maxpacket: 16 [ 137.747153][ T13] usb 4-1: config 222 has an invalid interface number: 31 but max is 0 [ 137.774868][ T13] usb 4-1: config 222 has no interface number 0 [ 137.805058][ T13] usb 4-1: config 222 interface 31 altsetting 11 endpoint 0xE has an invalid bInterval 255, changing to 11 [ 137.867727][ T13] usb 4-1: config 222 interface 31 altsetting 11 endpoint 0xE has invalid maxpacket 59391, setting to 1024 [ 137.923096][ T13] usb 4-1: config 222 interface 31 has no altsetting 0 [ 138.010493][ T5049] loop4: detected capacity change from 0 to 764 [ 138.147380][ T13] usb 4-1: New USB device found, idVendor=0f11, idProduct=2030, bcdDevice=a9.fd [ 138.165221][ T13] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.217099][ T13] usb 4-1: Product: syz [ 138.221325][ T13] usb 4-1: Manufacturer: syz [ 138.225933][ T13] usb 4-1: SerialNumber: syz [ 138.318461][ T5011] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 138.624912][ T13] ldusb 4-1:222.31: LD USB Device #0 now attached to major 180 minor 0 [ 138.643673][ T13] usb 4-1: USB disconnect, device number 2 [ 138.652739][ T13] ldusb 4-1:222.31: LD USB Device #0 now disconnected [ 138.839905][ T5065] overlayfs: overlapping lowerdir path [ 140.007676][ T5070] tipc: Started in network mode [ 140.047097][ T5070] tipc: Node identity 76b67626f5d4, cluster identity 4711 [ 140.118825][ T5070] tipc: Enabled bearer , priority 0 [ 140.128297][ T5076] tipc: Resetting bearer [ 140.210045][ T5069] tipc: Disabling bearer [ 140.422770][ T5086] device syzkaller0 entered promiscuous mode [ 143.453289][ T5122] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 143.461253][ T5055] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 143.548995][ T5124] device syzkaller0 entered promiscuous mode [ 143.743150][ T5055] usb 4-1: Using ep0 maxpacket: 8 [ 143.882914][ T5055] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 143.900000][ T5055] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.993748][ T5055] pvrusb2: Hardware description: Terratec Grabster AV400 [ 144.009072][ T5055] pvrusb2: ********** [ 144.023438][ T5055] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 144.046220][ T5055] pvrusb2: Important functionality might not be entirely working. [ 144.070500][ T5055] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 144.105236][ T5055] pvrusb2: ********** [ 144.206207][ T2427] pvrusb2: Invalid write control endpoint [ 144.371078][ T2427] pvrusb2: Invalid write control endpoint [ 144.457045][ T2427] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 144.487293][ T2427] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 144.523738][ T2427] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 144.589851][ T2427] pvrusb2: Device being rendered inoperable [ 144.637614][ T5109] pvrusb2: Attempted to execute control transfer when device not ok [ 144.664724][ T23] usb 4-1: USB disconnect, device number 3 [ 144.667966][ T2427] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 144.692469][ T2427] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 144.737123][ T2427] pvrusb2: Attached sub-driver cx25840 [ 144.747273][ T5134] capability: warning: `syz.4.232' uses deprecated v2 capabilities in a way that may be insecure [ 144.766955][ T2427] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 144.806703][ T2427] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 144.959097][ T5139] lo speed is unknown, defaulting to 1000 [ 145.017322][ T5139] lo speed is unknown, defaulting to 1000 [ 145.061451][ T5139] lo speed is unknown, defaulting to 1000 [ 145.923528][ T5139] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 146.145527][ T5139] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 146.352889][ T5139] lo speed is unknown, defaulting to 1000 [ 146.402554][ T5139] lo speed is unknown, defaulting to 1000 [ 146.441159][ T5139] lo speed is unknown, defaulting to 1000 [ 146.465466][ T5139] lo speed is unknown, defaulting to 1000 [ 146.503414][ T5139] lo speed is unknown, defaulting to 1000 [ 146.523880][ T5139] lo speed is unknown, defaulting to 1000 [ 148.715469][ T5162] loop0: detected capacity change from 0 to 32768 [ 149.761985][ T5162] XFS (loop0): Mounting V5 Filesystem [ 149.969828][ T5162] XFS (loop0): log mount failed [ 150.191131][ T5188] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 150.877204][ T2288] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 151.147026][ T2288] usb 5-1: Using ep0 maxpacket: 8 [ 151.267153][ T2288] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 151.283091][ T2288] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.359555][ T2288] pvrusb2: Hardware description: Terratec Grabster AV400 [ 151.366642][ T2288] pvrusb2: ********** [ 151.386138][ T2288] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 151.397404][ T2288] pvrusb2: Important functionality might not be entirely working. [ 151.406639][ T2288] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 151.419414][ T2288] pvrusb2: ********** [ 151.473104][ T5204] siw: device registration error -23 [ 151.582740][ T2427] pvrusb2: Invalid write control endpoint [ 151.805715][ T5194] pvrusb2: Invalid write control endpoint [ 151.877629][ T2427] pvrusb2: Invalid write control endpoint [ 151.883432][ T2427] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 151.893581][ T2427] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 151.901636][ T2427] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 151.912979][ T2427] pvrusb2: Device being rendered inoperable [ 151.919664][ T2427] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 151.927413][ T2427] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 151.936055][ T2427] pvrusb2: Attached sub-driver cx25840 [ 151.942102][ T2427] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 151.954735][ T2427] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 152.122307][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 152.122323][ T26] audit: type=1326 audit(1764051555.328:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 152.167728][ T5214] netlink: 'syz.1.254': attribute type 4 has an invalid length. [ 152.170252][ T26] audit: type=1326 audit(1764051555.328:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 152.194703][ T5214] netlink: 'syz.1.254': attribute type 3 has an invalid length. [ 152.222239][ T5214] netlink: 132 bytes leftover after parsing attributes in process `syz.1.254'. [ 152.229778][ T26] audit: type=1326 audit(1764051555.368:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 152.294311][ T26] audit: type=1326 audit(1764051555.368:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 152.367866][ T26] audit: type=1326 audit(1764051555.368:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 152.417248][ T26] audit: type=1326 audit(1764051555.368:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 152.541720][ T5219] loop1: detected capacity change from 0 to 1024 [ 152.790064][ T26] audit: type=1326 audit(1764051555.368:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 153.043201][ T26] audit: type=1326 audit(1764051555.368:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 153.247743][ T26] audit: type=1326 audit(1764051555.368:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 153.451835][ T26] audit: type=1326 audit(1764051555.368:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.1.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 154.383390][ T5219] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.255: Invalid block bitmap block 0 in block_group 0 [ 154.403407][ T5219] EXT4-fs error (device loop1): ext4_acquire_dquot:6209: comm syz.1.255: Failed to acquire dquot type 0 [ 154.422139][ T5219] EXT4-fs error (device loop1): ext4_free_blocks:6218: comm syz.1.255: Freeing blocks not in datazone - block = 0, count = 4096 [ 154.450079][ T5219] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.255: Invalid inode bitmap blk 0 in block_group 0 [ 154.468993][ T5219] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 154.482653][ T5219] EXT4-fs (loop1): 1 orphan inode deleted [ 154.488576][ T5219] EXT4-fs (loop1): mounted filesystem without journal. Opts: ; max_batch_time=0x0000000000000006,i_version,,errors=continue. Quota mode: writeback. [ 154.669140][ T9] EXT4-fs error (device loop1): ext4_release_dquot:6245: comm kworker/u4:0: Failed to release dquot type 0 [ 156.925235][ T5171] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.934826][ T5171] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.944776][ T5171] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.954390][ T5171] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.881860][ T5171] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 157.891028][ T5171] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 157.899999][ T5171] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 157.909085][ T5171] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 157.940120][ T5219] device lo entered promiscuous mode [ 157.946274][ T5219] device tunl0 entered promiscuous mode [ 157.953072][ T5219] device gre0 entered promiscuous mode [ 157.959821][ T5219] device gretap0 entered promiscuous mode [ 157.966247][ T5219] device erspan0 entered promiscuous mode [ 157.968206][ T2288] usb 5-1: USB disconnect, device number 2 [ 157.972907][ T5219] device ip_vti0 entered promiscuous mode [ 157.984568][ T5219] device ip6_vti0 entered promiscuous mode [ 157.991542][ T5219] device sit0 entered promiscuous mode [ 157.998064][ T5219] device ip6tnl0 entered promiscuous mode [ 158.004619][ T5219] device ip6gre0 entered promiscuous mode [ 158.011373][ T5219] device syz_tun entered promiscuous mode [ 158.019520][ T5219] device ip6gretap0 entered promiscuous mode [ 158.026664][ T5219] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.033882][ T5219] bridge0: port 2(bridge_slave_1) entered listening state [ 158.041300][ T5219] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.048543][ T5219] bridge0: port 1(bridge_slave_0) entered listening state [ 158.057359][ T5219] device bridge0 entered promiscuous mode [ 158.064647][ T5219] device vcan0 entered promiscuous mode [ 158.070588][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 158.078143][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 158.085571][ T5219] device bond0 entered promiscuous mode [ 158.091537][ T5219] device bond_slave_0 entered promiscuous mode [ 158.098124][ T5219] device bond_slave_1 entered promiscuous mode [ 158.105620][ T5219] device team0 entered promiscuous mode [ 158.111377][ T5219] device team_slave_0 entered promiscuous mode [ 158.117881][ T5219] device team_slave_1 entered promiscuous mode [ 158.125369][ T5219] device dummy0 entered promiscuous mode [ 158.131945][ T5219] device nlmon0 entered promiscuous mode [ 158.147368][ T5219] device caif0 entered promiscuous mode [ 158.153196][ T5219] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 158.533955][ T5244] Illegal XDP return value 4294967294, expect packet loss! [ 159.239031][ T5248] binder: BINDER_SET_CONTEXT_MGR already set [ 159.268800][ T5248] binder: 5243:5248 ioctl 4018620d 200000000040 returned -16 [ 159.442759][ T5252] loop0: detected capacity change from 0 to 128 [ 159.478188][ T5253] kvm: emulating exchange as write [ 159.543619][ T5256] loop3: detected capacity change from 0 to 2048 [ 159.769479][ T5256] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 159.786695][ T5252] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrquota,nodelalloc,,errors=continue. Quota mode: writeback. [ 160.012519][ T5252] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.246386][ T5256] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 160.565075][ T5237] loop1: detected capacity change from 0 to 32768 [ 160.591485][ T5264] device syzkaller0 entered promiscuous mode [ 162.158869][ T5276] lo speed is unknown, defaulting to 1000 [ 162.170343][ T5278] netlink: 60 bytes leftover after parsing attributes in process `syz.1.273'. [ 163.178046][ T5293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.277'. [ 166.418394][ T5325] loop3: detected capacity change from 0 to 128 [ 166.430309][ T5324] netlink: 4 bytes leftover after parsing attributes in process `syz.4.286'. [ 166.527951][ T5325] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,nodelalloc,,errors=continue. Quota mode: writeback. [ 166.627194][ T5325] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.633368][ T5309] loop2: detected capacity change from 0 to 40427 [ 166.731137][ T5309] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 166.767920][ T5309] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 166.795351][ T5309] F2FS-fs (loop2): invalid crc value [ 166.864570][ T5309] F2FS-fs (loop2): Found nat_bits in checkpoint [ 168.155480][ T5309] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 168.332573][ T5330] befs: (nullb0): invalid magic header [ 168.377957][ T5309] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 171.469893][ T5380] sg_write: data in/out 16514940/1 bytes for SCSI command 0x1c-- guessing data in; [ 171.469893][ T5380] program syz.1.299 not setting count and/or reply_len properly [ 172.017698][ T5382] netlink: 40 bytes leftover after parsing attributes in process `syz.0.300'. [ 172.071486][ T5382] netlink: 40 bytes leftover after parsing attributes in process `syz.0.300'. [ 172.101539][ T5382] netlink: 40 bytes leftover after parsing attributes in process `syz.0.300'. [ 172.680575][ T5382] A link change request failed with some changes committed already. Interface ip6gre0 may have been left with an inconsistent configuration, please check. [ 173.187959][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 173.196414][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 174.315596][ T5418] loop2: detected capacity change from 0 to 128 [ 175.385086][ T5428] netlink: 28 bytes leftover after parsing attributes in process `syz.0.310'. [ 175.395226][ T5418] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,nodelalloc,,errors=continue. Quota mode: writeback. [ 175.487191][ T5418] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.498604][ T5428] netlink: 28 bytes leftover after parsing attributes in process `syz.0.310'. [ 175.516171][ T5428] device ip6gretap0 entered promiscuous mode [ 175.536859][ T5428] device syz_tun entered promiscuous mode [ 175.565465][ T5415] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 176.580617][ T5439] loop3: detected capacity change from 0 to 8192 [ 176.830764][ T5449] syz.2.317 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 179.118564][ T5457] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.126091][ T5457] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.667729][ T5475] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 182.488497][ T5457] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.543624][ T5490] netlink: 3672 bytes leftover after parsing attributes in process `syz.3.330'. [ 182.555441][ T5457] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 183.254280][ T5457] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.263513][ T5457] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.274432][ T5457] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.283625][ T5457] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.441423][ T5460] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4 [ 183.452069][ T5460] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4 [ 183.461806][ T5460] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 183.477769][ T26] kauditd_printk_skb: 13 callbacks suppressed [ 183.477794][ T26] audit: type=1800 audit(1764051586.648:40): pid=5460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.318" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 183.587401][ T5056] lo speed is unknown, defaulting to 1000 [ 183.636719][ T5503] lo speed is unknown, defaulting to 1000 [ 183.887736][ T5516] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 183.925364][ T5515] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 184.155228][ T5512] loop3: detected capacity change from 0 to 8192 [ 184.194479][ T5523] loop4: detected capacity change from 0 to 512 [ 184.242857][ T5523] EXT4-fs (loop4): Ignoring removed bh option [ 184.256487][ T4826] loop3: p1 p2 [ 184.265651][ T4826] loop3: partition table partially beyond EOD, truncated [ 184.285180][ T4826] loop3: p1 start 16777216 is beyond EOD, truncated [ 184.300989][ T4826] loop3: p2 size 515840 extends beyond EOD, truncated [ 184.363121][ T5512] loop3: p1 p2 [ 184.376811][ T5523] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback. [ 184.381346][ T5512] loop3: partition table partially beyond EOD, [ 184.390947][ T5523] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 184.431333][ T5512] truncated [ 184.461534][ T5512] loop3: p1 start 16777216 is beyond EOD, truncated [ 184.470337][ T5512] loop3: p2 size 515840 extends beyond EOD, truncated [ 184.808388][ T4826] udevd[4826]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 184.837097][ T4826] udevd[4826]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 185.622835][ T5537] netlink: 'syz.3.345': attribute type 16 has an invalid length. [ 185.643336][ T5537] netlink: 'syz.3.345': attribute type 17 has an invalid length. [ 185.659056][ T5537] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 185.666491][ T5537] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 185.692296][ T5537] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.723839][ T5537] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.732068][ T5537] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 185.740590][ T5537] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 187.174152][ T5568] loop2: detected capacity change from 0 to 764 [ 188.412147][ T5547] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.419383][ T5547] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.571353][ T5547] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.611349][ T5547] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.722853][ T5547] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.733149][ T5547] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.750206][ T5547] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.765249][ T5547] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.820081][ T5566] lo speed is unknown, defaulting to 1000 [ 188.834762][ T5582] device syzkaller0 entered promiscuous mode [ 189.013458][ T5596] device syzkaller0 entered promiscuous mode [ 191.463038][ T4299] Bluetooth: hci0: command 0x0406 tx timeout [ 191.545650][ T4299] Bluetooth: hci4: command 0x0406 tx timeout [ 191.568185][ T4299] Bluetooth: hci1: command 0x0406 tx timeout [ 191.591298][ T4299] Bluetooth: hci3: command 0x0406 tx timeout [ 191.620622][ T5613] device syzkaller0 entered promiscuous mode [ 191.633053][ T4299] Bluetooth: hci2: command 0x0406 tx timeout [ 192.974629][ T5623] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 193.115744][ T5625] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 193.757236][ T4292] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 194.377966][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.767030][ T4292] usb 5-1: Using ep0 maxpacket: 32 [ 194.897406][ T4292] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 195.120844][ T4292] usb 5-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5 [ 195.161786][ T4292] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.191718][ T4292] usb 5-1: Product: syz [ 195.217566][ T4292] usb 5-1: Manufacturer: syz [ 195.242684][ T4292] usb 5-1: SerialNumber: syz [ 195.294093][ T4292] usb 5-1: config 0 descriptor?? [ 195.327796][ T5630] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 196.090967][ T4292] usb 5-1: USB disconnect, device number 3 [ 196.401782][ T5630] input: syz0 as /devices/virtual/input/input6 [ 196.410611][ T5653] loop2: detected capacity change from 0 to 256 [ 196.625276][ T5653] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 196.775597][ T5653] exFAT-fs (loop2): invalid start cluster (12296) [ 196.964187][ T5653] exFAT-fs (loop2): hint_cluster is invalid (17) [ 197.018674][ T5653] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff) [ 197.046988][ T5653] exFAT-fs (loop2): Filesystem has been set read-only [ 197.272280][ T26] audit: type=1804 audit(1764051600.478:41): pid=5660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.381" name="/newroot/90/file0" dev="fuse" ino=1 res=1 errno=0 [ 197.333101][ T26] audit: type=1804 audit(1764051600.528:42): pid=5660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.381" name="/newroot/90/file0" dev="fuse" ino=1 res=1 errno=0 [ 197.646991][ T4292] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 197.969416][ T5674] loop2: detected capacity change from 0 to 2048 [ 198.161206][ T5674] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 199.338019][ T5680] syz.4.388 uses obsolete (PF_INET,SOCK_PACKET) [ 199.565661][ T5686] loop0: detected capacity change from 0 to 512 [ 199.621098][ T5686] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 199.701530][ T5686] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 199.862798][ T5686] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.390: invalid indirect mapped block 4294967295 (level 0) [ 199.953917][ T5686] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.390: invalid indirect mapped block 4294967295 (level 1) [ 200.036385][ T5686] EXT4-fs (loop0): 1 orphan inode deleted [ 200.097103][ T5686] EXT4-fs (loop0): 1 truncate cleaned up [ 200.102813][ T5686] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 200.167595][ T4292] usb 2-1: Using ep0 maxpacket: 16 [ 200.183761][ T4495] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 200.238613][ T4495] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 200.254833][ T5693] loop4: detected capacity change from 0 to 1024 [ 200.287235][ T4292] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 200.302413][ T4292] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 200.387179][ T4292] usb 2-1: string descriptor 0 read error: -71 [ 200.393530][ T4292] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 200.393811][ T5698] loop1: detected capacity change from 0 to 2048 [ 200.448375][ T4292] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.456494][ T5698] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 200.525132][ T4292] usb 2-1: can't set config #1, error -71 [ 200.534849][ T4292] usb 2-1: USB disconnect, device number 3 [ 200.563400][ T5698] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 200.834913][ T5399] hfsplus: b-tree write err: -5, ino 4 [ 201.126445][ T5710] loop2: detected capacity change from 0 to 4096 [ 202.326153][ T5724] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 202.431159][ T4186] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 202.441703][ T4186] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 203.317175][ T5735] loop3: detected capacity change from 0 to 2048 [ 204.686198][ T5737] loop0: detected capacity change from 0 to 256 [ 205.347899][ T5735] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 206.255305][ T5737] FAT-fs (loop0): Directory bread(block 64) failed [ 206.274252][ T5737] FAT-fs (loop0): Directory bread(block 65) failed [ 206.354494][ T5737] FAT-fs (loop0): Directory bread(block 66) failed [ 206.373582][ T5744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.403'. [ 206.407138][ T5737] FAT-fs (loop0): Directory bread(block 67) failed [ 206.447323][ T5737] FAT-fs (loop0): Directory bread(block 68) failed [ 206.454013][ T5737] FAT-fs (loop0): Directory bread(block 69) failed [ 206.527575][ T5737] FAT-fs (loop0): Directory bread(block 70) failed [ 206.568040][ T5737] FAT-fs (loop0): Directory bread(block 71) failed [ 206.574711][ T5737] FAT-fs (loop0): Directory bread(block 72) failed [ 206.614071][ T5737] FAT-fs (loop0): Directory bread(block 73) failed [ 206.968632][ T5747] netlink: 'syz.1.410': attribute type 12 has an invalid length. [ 207.083030][ T5751] loop3: detected capacity change from 0 to 128 [ 207.248886][ T5757] loop1: detected capacity change from 0 to 256 [ 207.310631][ T5751] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 207.587844][ T5751] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 208.171488][ T5764] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 208.281266][ T5764] FAT-fs (loop3): Filesystem has been set read-only [ 209.272223][ T5757] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 210.036991][ T5757] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 210.086141][ T5757] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 212.413856][ T5783] loop3: detected capacity change from 0 to 2048 [ 212.479605][ T5783] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 212.882968][ T5783] UDF-fs: warning (device loop3): udf_truncate_tail_extent: Too long extent after EOF in inode 1436: i_size: 159744 lbcount: 163840 extent 129+162816 [ 213.624071][ T5817] loop2: detected capacity change from 0 to 128 [ 213.688276][ T5817] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 213.712337][ T5817] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 213.729722][ T5819] loop4: detected capacity change from 0 to 512 [ 213.876385][ T5404] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 213.925803][ T26] audit: type=1804 audit(1764051617.128:43): pid=5821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.430" name="/newroot/78/file0" dev="fuse" ino=1 res=1 errno=0 [ 214.001531][ T5819] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 214.025876][ T26] audit: type=1804 audit(1764051617.138:44): pid=5821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.430" name="/newroot/78/file0" dev="fuse" ino=1 res=1 errno=0 [ 214.097232][ T5819] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 214.356422][ T5834] netlink: 'syz.2.434': attribute type 6 has an invalid length. [ 216.430934][ T5863] loop4: detected capacity change from 0 to 128 [ 218.160187][ T5863] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 218.540926][ T5863] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 219.854938][ T9] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 223.432163][ T5924] netlink: 'syz.1.464': attribute type 21 has an invalid length. [ 223.441254][ T5924] netlink: 132 bytes leftover after parsing attributes in process `syz.1.464'. [ 223.451123][ T5924] netlink: 'syz.1.464': attribute type 1 has an invalid length. [ 223.466400][ T5924] netlink: 12 bytes leftover after parsing attributes in process `syz.1.464'. [ 223.511441][ T5924] bridge: RTM_NEWNEIGH with unconfigured vlan 1 on bridge_slave_0 [ 226.393505][ T5952] ODEBUG: Out of memory. ODEBUG disabled [ 226.485957][ T5952] syz.0.473 (5952): drop_caches: 2 [ 226.605276][ T5965] netlink: 32 bytes leftover after parsing attributes in process `syz.0.477'. [ 226.670165][ T5965] netlink: 32 bytes leftover after parsing attributes in process `syz.0.477'. [ 226.784551][ T5968] sch_tbf: burst 2 is lower than device lo mtu (65550) ! [ 226.798892][ T5968] sch_tbf: burst 2 is lower than device lo mtu (65550) ! [ 226.816814][ T5968] sch_tbf: burst 2 is lower than device lo mtu (65550) ! [ 226.874788][ T5971] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 229.523070][ T5988] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 229.820205][ T5997] loop2: detected capacity change from 0 to 512 [ 229.889895][ T6004] device syzkaller0 entered promiscuous mode [ 230.048103][ T6008] loop1: detected capacity change from 0 to 2048 [ 230.098207][ T6015] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 231.111456][ T6027] netlink: 12 bytes leftover after parsing attributes in process `syz.2.499'. [ 231.198083][ T6008] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 231.225034][ T6033] loop0: detected capacity change from 0 to 512 [ 231.231753][ T6008] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 232.126558][ T6008] fs-verity: sha512 using implementation "sha512-avx2" [ 232.204331][ T6011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.496'. [ 232.251888][ T6033] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 232.290563][ T6033] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 232.536426][ T6049] loop0: detected capacity change from 0 to 1024 [ 232.885567][ T6049] EXT4-fs (loop0): Ignoring removed orlov option [ 233.659235][ T6049] EXT4-fs (loop0): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000009,journal_dev=0x0000000000000003,errors=continue,noquota,data_err=ignore,noblock_validity,delalloc,nolazytime,orlov,user_xattr,nodioread_nolock,nolazytime,,errors=continue. Quota mode: none. [ 234.461070][ T6085] xt_CT: You must specify a L4 protocol and not use inversions on it [ 234.810511][ T6098] loop1: detected capacity change from 0 to 764 [ 234.895334][ T6098] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 237.409850][ T6115] loop2: detected capacity change from 0 to 512 [ 237.536848][ T6115] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 237.557335][ T6115] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 238.066186][ T6128] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 238.172552][ T6132] netlink: 24 bytes leftover after parsing attributes in process `syz.4.528'. [ 238.442732][ T6138] sctp: [Deprecated]: syz.4.530 (pid 6138) Use of int in max_burst socket option. [ 238.442732][ T6138] Use struct sctp_assoc_value instead [ 239.805631][ T6175] loop1: detected capacity change from 0 to 128 [ 240.064118][ T6181] netlink: 4 bytes leftover after parsing attributes in process `syz.3.543'. [ 240.093645][ T6181] batman_adv: batadv0: Interface deactivated: dummy0 [ 240.106656][ T6181] batman_adv: batadv0: Removing interface: dummy0 [ 240.117571][ T6181] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 240.126590][ T6181] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 240.140927][ T6181] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 240.149119][ T6181] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 240.806062][ T6190] loop4: detected capacity change from 0 to 2048 [ 241.031788][ T6190] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 242.267704][ T5404] attempt to access beyond end of device [ 242.267704][ T5404] loop1: rw=1, want=1041, limit=128 [ 244.478206][ T6190] NILFS (loop4): error -4 creating segctord thread [ 245.397229][ T4826] udevd[4826]: incorrect nilfs2 checksum on /dev/loop4 [ 246.641254][ T6203] loop3: detected capacity change from 0 to 512 [ 246.790867][ T6203] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 246.881421][ T6203] EXT4-fs (loop3): 1 truncate cleaned up [ 246.887481][ T6203] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,init_itable=0x000000007fffffff,dioread_lock,lazytime,nombcache,noload,,errors=continue. Quota mode: none. [ 247.015906][ T6203] overlayfs: conflicting lowerdir path [ 247.764457][ T26] audit: type=1800 audit(1764051650.968:45): pid=6217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.553" name="bus" dev="ramfs" ino=39744 res=0 errno=0 [ 249.342634][ T26] audit: type=1326 audit(1764051652.548:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb59763e749 code=0x7ffc0000 [ 249.527025][ T26] audit: type=1326 audit(1764051652.588:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb59763e749 code=0x7ffc0000 [ 249.584576][ T26] audit: type=1326 audit(1764051652.588:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb59763e749 code=0x7ffc0000 [ 249.658929][ T26] audit: type=1326 audit(1764051652.588:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb59763e749 code=0x7ffc0000 [ 249.688446][ T6246] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 249.725327][ T6246] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 249.735222][ T6246] pit: kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 249.744746][ T26] audit: type=1326 audit(1764051652.588:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb59763e749 code=0x7ffc0000 [ 249.774525][ T6246] pit: kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 249.800765][ T26] audit: type=1326 audit(1764051652.588:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb59763e749 code=0x7ffc0000 [ 249.823684][ T26] audit: type=1326 audit(1764051652.588:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb59763e749 code=0x7ffc0000 [ 249.846303][ T26] audit: type=1326 audit(1764051652.588:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb59763e749 code=0x7ffc0000 [ 249.868816][ T26] audit: type=1326 audit(1764051652.588:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6236 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb59763e749 code=0x7ffc0000 [ 251.023570][ T6270] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 251.126543][ T6278] netlink: 'syz.3.570': attribute type 1 has an invalid length. [ 251.294766][ T6283] pit: kvm: requested 25142 ns i8254 timer period limited to 200000 ns [ 251.304669][ T6283] pit: kvm: requested 77104 ns i8254 timer period limited to 200000 ns [ 251.336162][ T6278] device bond1 entered promiscuous mode [ 251.342589][ T6283] pit: kvm: requested 93866 ns i8254 timer period limited to 200000 ns [ 251.358213][ T6283] pit: kvm: requested 124038 ns i8254 timer period limited to 200000 ns [ 251.372798][ T6285] bond1: (slave ip6gretap1): making interface the new active one [ 251.385792][ T6285] device ip6gretap1 entered promiscuous mode [ 251.394168][ T6285] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 252.309145][ T6278] netlink: 28 bytes leftover after parsing attributes in process `syz.3.570'. [ 252.337755][ T6278] device bond1 left promiscuous mode [ 252.376038][ T6278] device ip6gretap1 left promiscuous mode [ 252.383683][ T6278] 8021q: adding VLAN 0 to HW filter on device bond1 [ 254.859780][ T26] kauditd_printk_skb: 21 callbacks suppressed [ 254.859796][ T26] audit: type=1326 audit(1764051658.068:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 254.972961][ T26] audit: type=1326 audit(1764051658.098:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 255.037398][ T26] audit: type=1326 audit(1764051658.098:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 255.213594][ T26] audit: type=1326 audit(1764051658.098:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 255.299133][ T26] audit: type=1326 audit(1764051658.098:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 255.340053][ T26] audit: type=1326 audit(1764051658.098:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 255.679589][ T26] audit: type=1326 audit(1764051658.098:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 255.759558][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.114051][ T6383] syz.0.587[6383] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 257.114155][ T6383] syz.0.587[6383] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 257.143013][ T26] audit: type=1326 audit(1764051658.098:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 257.281876][ T26] audit: type=1326 audit(1764051658.098:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 257.338765][ T26] audit: type=1326 audit(1764051658.098:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 258.961578][ T4292] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 259.387835][ T4292] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 259.504990][ T4292] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 259.857385][ T4292] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 259.896618][ T4292] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 259.897324][ T6417] netlink: 'syz.1.597': attribute type 4 has an invalid length. [ 259.926420][ T4292] usb 4-1: SerialNumber: syz [ 259.944349][ T6419] device vlan0 entered promiscuous mode [ 259.962435][ T6419] device bond0 entered promiscuous mode [ 259.979707][ T4292] usb 4-1: 0:2 : does not exist [ 260.342128][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 260.342144][ T26] audit: type=1326 audit(1764051663.548:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 260.469954][ T26] audit: type=1326 audit(1764051663.588:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 260.550151][ T26] audit: type=1326 audit(1764051663.588:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 260.754492][ T26] audit: type=1326 audit(1764051663.588:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 260.843237][ T26] audit: type=1326 audit(1764051663.588:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 261.533190][ T26] audit: type=1326 audit(1764051663.588:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 261.642728][ T26] audit: type=1326 audit(1764051663.588:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 261.803834][ T4292] usb 4-1: USB disconnect, device number 4 [ 261.816370][ T26] audit: type=1326 audit(1764051663.588:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 261.838835][ T26] audit: type=1326 audit(1764051663.588:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 261.885149][ T6456] netlink: 'syz.2.611': attribute type 4 has an invalid length. [ 261.890058][ T26] audit: type=1326 audit(1764051663.588:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.0.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a8f1e6749 code=0x7ffc0000 [ 262.863677][ T4826] udevd[4826]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 262.934486][ T6452] loop4: detected capacity change from 0 to 4096 [ 264.022442][ T6446] netlink: 12 bytes leftover after parsing attributes in process `syz.4.608'. [ 266.042809][ T6503] loop3: detected capacity change from 0 to 128 [ 266.872663][ T6503] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 268.141932][ T6515] loop0: detected capacity change from 0 to 4096 [ 271.173037][ T6515] netlink: 12 bytes leftover after parsing attributes in process `syz.0.629'. [ 271.269104][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 271.269121][ T26] audit: type=1326 audit(1764051674.478:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 271.351437][ T26] audit: type=1326 audit(1764051674.478:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 272.114707][ T26] audit: type=1326 audit(1764051674.508:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 272.115504][ T26] audit: type=1326 audit(1764051674.508:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 272.121591][ T26] audit: type=1326 audit(1764051674.508:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 272.122986][ T26] audit: type=1326 audit(1764051674.508:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 272.123856][ T26] audit: type=1326 audit(1764051674.508:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 272.177835][ C1] vkms_vblank_simulate: vblank timer overrun [ 272.193657][ T26] audit: type=1326 audit(1764051674.508:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 274.287360][ T6567] netlink: 'syz.1.644': attribute type 1 has an invalid length. [ 274.298694][ T26] audit: type=1326 audit(1764051674.508:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 274.791797][ T26] audit: type=1326 audit(1764051674.508:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.1.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 275.216794][ T6574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.646'. [ 275.307023][ T6578] netlink: 12 bytes leftover after parsing attributes in process `syz.4.646'. [ 276.860153][ T6586] netlink: 8 bytes leftover after parsing attributes in process `syz.3.648'. [ 277.040968][ T6595] binder_alloc: 6594: pid 6594 spamming oneway? 2 buffers allocated for a total size of 5120 [ 279.093836][ T6617] netlink: 'syz.1.657': attribute type 12 has an invalid length. [ 280.053218][ T6627] Set syz0 is full, maxelem 0 reached [ 282.167356][ T6634] netlink: 4 bytes leftover after parsing attributes in process `syz.1.663'. [ 282.223726][ T6636] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 282.425573][ T6647] netlink: 24 bytes leftover after parsing attributes in process `syz.2.668'. [ 285.361473][ T6676] syz.4.677 (6676): drop_caches: 2 [ 285.370299][ T6676] syz.4.677 (6676): drop_caches: 2 [ 286.209395][ T6680] netlink: 24 bytes leftover after parsing attributes in process `syz.1.678'. [ 286.396756][ T6672] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 286.404026][ T6672] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 286.411755][ T6681] loop3: detected capacity change from 0 to 64 [ 286.601027][ T6672] vhci_hcd vhci_hcd.0: Device attached [ 287.468120][ T6677] vhci_hcd: connection closed [ 287.470601][ T6353] vhci_hcd: stop threads [ 287.504615][ T6353] vhci_hcd: release socket [ 287.524081][ T6353] vhci_hcd: disconnect device [ 290.280079][ T6738] loop4: detected capacity change from 0 to 64 [ 291.280642][ T6750] loop1: detected capacity change from 0 to 128 [ 293.434421][ T6778] overlayfs: failed to resolve './file0': -2 [ 294.748204][ T6796] loop2: detected capacity change from 0 to 64 [ 297.738451][ T6813] netlink: 24 bytes leftover after parsing attributes in process `syz.3.720'. [ 297.853795][ T6819] netlink: 24 bytes leftover after parsing attributes in process `syz.4.723'. [ 297.930011][ T6813] netlink: 4 bytes leftover after parsing attributes in process `syz.3.720'. [ 299.134542][ T6829] loop0: detected capacity change from 0 to 4096 [ 299.220954][ T6829] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 299.242847][ T6835] netlink: 'syz.2.728': attribute type 3 has an invalid length. [ 299.272087][ T6835] netlink: 'syz.2.728': attribute type 3 has an invalid length. [ 300.227281][ T26] kauditd_printk_skb: 25 callbacks suppressed [ 300.227302][ T26] audit: type=1800 audit(1764051703.418:166): pid=6829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.726" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 300.252444][ T6838] loop3: detected capacity change from 0 to 4096 [ 300.319317][ T6838] EXT4-fs (loop3): Ignoring removed nobh option [ 300.327510][ T6844] device syzkaller0 entered promiscuous mode [ 300.401777][ T6848] loop2: detected capacity change from 0 to 8 [ 300.716109][ T6848] SQUASHFS error: zlib decompression failed, data probably corrupt [ 300.809254][ T6848] SQUASHFS error: Failed to read block 0x13e: -5 [ 300.980107][ T6856] SQUASHFS error: Unable to read metadata cache entry [13c] [ 301.070571][ T6838] EXT4-fs (loop3): Test dummy encryption mode enabled [ 301.202645][ T6848] SQUASHFS error: Unable to read metadata cache entry [13c] [ 301.316574][ T6838] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002] [ 301.367904][ T6856] SQUASHFS error: Unable to read directory block [13c:26] [ 301.376738][ T6848] SQUASHFS error: Unable to read directory block [13c:26] [ 301.386423][ T6838] System zones: 0-5 [ 301.430357][ T6838] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,nobh,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,nodiscard,lazytime,,errors=continue. Quota mode: writeback. [ 301.458095][ T26] audit: type=1804 audit(1764051704.658:167): pid=6861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.735" name="bus" dev="ramfs" ino=42082 res=1 errno=0 [ 301.512389][ T26] audit: type=1804 audit(1764051704.688:168): pid=6861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.735" name="bus" dev="ramfs" ino=42082 res=1 errno=0 [ 301.880404][ T6873] netlink: 12 bytes leftover after parsing attributes in process `syz.0.739'. [ 301.926681][ T6873] tipc: Enabling of bearer rejected, failed to enable media [ 302.754056][ T26] audit: type=1326 audit(1764051705.958:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.2.745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da7977749 code=0x7ffc0000 [ 302.795495][ T26] audit: type=1326 audit(1764051705.988:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.2.745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7f7da7977749 code=0x7ffc0000 [ 302.845920][ T6887] netlink: 68 bytes leftover after parsing attributes in process `syz.3.744'. [ 302.875170][ T26] audit: type=1326 audit(1764051705.988:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.2.745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da7977749 code=0x7ffc0000 [ 302.954746][ T26] audit: type=1326 audit(1764051705.988:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.2.745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7da7975f90 code=0x7ffc0000 [ 302.987472][ T26] audit: type=1326 audit(1764051705.988:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.2.745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7da7975f90 code=0x7ffc0000 [ 303.073846][ T26] audit: type=1326 audit(1764051705.988:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.2.745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da7977749 code=0x7ffc0000 [ 303.138973][ T26] audit: type=1326 audit(1764051705.988:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.2.745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f7da7977749 code=0x7ffc0000 [ 304.379577][ T6922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.753'. [ 304.618422][ T6922] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.627507][ T6922] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.636267][ T6922] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.645071][ T6922] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.151006][ T6922] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 305.160161][ T6922] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 305.169272][ T6922] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 305.180518][ T6922] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 306.267852][ T6922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.753'. [ 306.733519][ T6922] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 306.742736][ T6922] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 306.751547][ T6922] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 306.760326][ T6922] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 307.022502][ T6922] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 307.031906][ T6922] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 307.041462][ T6922] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 307.050427][ T6922] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 307.057171][ T6946] loop4: detected capacity change from 0 to 2048 [ 307.133401][ T6946] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 307.161496][ T6951] loop1: detected capacity change from 0 to 1024 [ 307.198715][ T6946] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 307.217018][ T6946] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 307.233537][ T6951] EXT4-fs (loop1): Ignoring removed bh option [ 307.267041][ T6951] EXT4-fs (loop1): Ignoring removed nobh option [ 307.303931][ T6946] UDF-fs: Scanning with blocksize 512 failed [ 307.334232][ T6951] EXT4-fs (loop1): Ignoring removed bh option [ 307.395325][ T6946] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 307.407074][ T6951] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 307.759520][ T6951] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,bh,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 311.249176][ T6991] device veth2 entered promiscuous mode [ 311.487289][ T5054] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 311.940542][ T6997] netlink: 24 bytes leftover after parsing attributes in process `syz.4.773'. [ 311.997075][ T5054] usb 1-1: unable to get BOS descriptor or descriptor too short [ 312.087290][ T5054] usb 1-1: config 63 has an invalid interface number: 66 but max is 0 [ 312.095590][ T5054] usb 1-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config [ 312.161513][ T5054] usb 1-1: config 63 has no interface number 0 [ 312.176031][ T5054] usb 1-1: config 63 interface 66 has no altsetting 0 [ 312.347927][ T5054] usb 1-1: New USB device found, idVendor=174f, idProduct=8a31, bcdDevice=39.f4 [ 312.440624][ T5054] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.461126][ T5054] usb 1-1: Product: syz [ 312.465484][ T5054] usb 1-1: Manufacturer: syz [ 312.473042][ T5054] usb 1-1: SerialNumber: syz [ 313.095979][ T7025] device syzkaller0 entered promiscuous mode [ 313.192126][ T7028] loop1: detected capacity change from 0 to 1024 [ 313.255563][ T6993] udc-core: couldn't find an available UDC or it's busy [ 313.262758][ T6993] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 313.418878][ T5054] usb 1-1: USB disconnect, device number 2 [ 313.674070][ T7044] tipc: Enabling of bearer rejected, failed to enable media [ 315.249269][ T5054] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 315.667951][ T5054] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 315.714152][ T5054] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 316.037181][ T5054] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 316.090790][ T5054] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.114668][ T7081] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000000 [ 316.131630][ T5054] usb 2-1: Product: syz [ 316.136038][ T5054] usb 2-1: Manufacturer: syz [ 316.162026][ T5054] usb 2-1: SerialNumber: syz [ 316.205835][ T26] kauditd_printk_skb: 13 callbacks suppressed [ 316.205851][ T26] audit: type=1326 audit(1764051719.408:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7078 comm="syz.4.803" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f499d067749 code=0x0 [ 316.283469][ T5054] usb 2-1: config 0 descriptor?? [ 316.432138][ T5054] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 316.725564][ T5054] scsi host1: usb-storage 2-1:0.0 [ 316.967105][ T5054] usb 2-1: USB disconnect, device number 4 [ 317.140178][ T7097] netlink: 12 bytes leftover after parsing attributes in process `syz.4.808'. [ 317.194574][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.004772][ T7125] device macsec0 entered promiscuous mode [ 320.847890][ T7135] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 320.967950][ T7142] loop0: detected capacity change from 0 to 128 [ 321.022224][ T7135] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 321.686501][ T7151] attempt to access beyond end of device [ 321.686501][ T7151] loop0: rw=2049, want=193, limit=128 [ 321.924118][ T7135] 8021q: adding VLAN 0 to HW filter on device bond0 [ 321.927552][ T7135] 8021q: adding VLAN 0 to HW filter on device team0 [ 321.934419][ T7135] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 322.028864][ T7154] loop3: detected capacity change from 0 to 512 [ 322.047302][ T5275] attempt to access beyond end of device [ 322.047302][ T5275] loop0: rw=1, want=233, limit=128 [ 322.075150][ T7154] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 322.100584][ T7156] netlink: 'syz.1.823': attribute type 13 has an invalid length. [ 322.123668][ T7160] loop4: detected capacity change from 0 to 128 [ 322.142510][ T7156] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 322.156794][ T7154] EXT4-fs (loop3): orphan cleanup on readonly fs [ 322.167668][ T7156] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 322.188279][ T7156] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 322.282671][ T7154] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 322.321742][ T7154] Quota error (device loop3): write_blk: dquota write failed [ 322.367398][ T7154] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 322.395966][ T7154] EXT4-fs error (device loop3): ext4_acquire_dquot:6209: comm syz.3.822: Failed to acquire dquot type 0 [ 322.449283][ T7160] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 323.023144][ T7160] ext4 filesystem being mounted at /184/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 323.089145][ T7154] EXT4-fs (loop3): 1 truncate cleaned up [ 323.113099][ T7154] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,noblock_validity,inode_readahead_blks=0x0000000000000080,barrier=0x0000000000000000,nogrpid,resgid=0x000000000000ee01,noinit_itable,noinit_itable,journal_dev=0x00000000000000072,errors=continue. Quota mode: writeback. [ 327.000522][ T26] audit: type=1804 audit(1764051730.208:190): pid=7191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.831" name="/newroot/147/file0" dev="fuse" ino=1 res=1 errno=0 [ 333.515667][ T7222] loop1: detected capacity change from 0 to 40427 [ 333.708151][ T7222] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288) [ 333.747404][ T7222] F2FS-fs (loop1): invalid crc value [ 333.812721][ T7222] F2FS-fs (loop1): Found nat_bits in checkpoint [ 333.912661][ T7222] F2FS-fs (loop1): recover fsync data on readonly fs [ 333.928218][ T7222] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 333.937192][ T7222] F2FS-fs (loop1): Cannot turn on quotas: -2 on 2 [ 333.950602][ T7222] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 336.504522][ T7235] lo speed is unknown, defaulting to 1000 [ 337.487137][ T7257] netlink: 'syz.1.851': attribute type 1 has an invalid length. [ 338.433435][ T7261] bond2: (slave gretap1): making interface the new active one [ 338.557327][ T7261] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 339.606288][ T7281] loop1: detected capacity change from 0 to 2048 [ 340.158840][ T7281] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 340.777271][ T7292] loop3: detected capacity change from 0 to 2048 [ 341.438130][ T7292] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 341.816644][ T7303] netlink: 'syz.2.864': attribute type 10 has an invalid length. [ 341.841741][ T7303] device wlan1 entered promiscuous mode [ 341.853920][ T7303] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 342.040985][ T4267] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 342.310791][ T7314] lo speed is unknown, defaulting to 1000 [ 343.337044][ T4267] usb 1-1: config 0 has an invalid interface number: 183 but max is 0 [ 343.345275][ T4267] usb 1-1: config 0 has no interface number 0 [ 343.355791][ T7326] fuse: Bad value for 'fd' [ 343.387337][ T4267] usb 1-1: config 0 interface 183 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 343.416941][ T4267] usb 1-1: New USB device found, idVendor=067b, idProduct=331a, bcdDevice=9d.94 [ 343.446481][ T4267] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.479595][ T4267] usb 1-1: config 0 descriptor?? [ 343.500613][ T7306] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 343.632454][ T7331] netlink: 12 bytes leftover after parsing attributes in process `syz.3.872'. [ 343.702787][ T4267] pl2303 1-1:0.183: required endpoints missing [ 344.497466][ T7306] udc-core: couldn't find an available UDC or it's busy [ 344.504580][ T7306] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 344.576639][ T7336] netlink: 24 bytes leftover after parsing attributes in process `syz.3.874'. [ 345.888551][ T5054] usb 1-1: USB disconnect, device number 3 [ 346.949992][ T7350] loop1: detected capacity change from 0 to 2048 [ 348.893231][ T7350] NILFS (loop1): error -4 creating segctord thread [ 351.257362][ T7398] syz.2.891[7398] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 351.257458][ T7398] syz.2.891[7398] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 353.344007][ T7421] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 354.634714][ T7436] tipc: Started in network mode [ 354.639871][ T7436] tipc: Node identity 4, cluster identity 4711 [ 354.646050][ T7436] tipc: Node number set to 4 [ 355.064970][ T7444] overlayfs: failed to clone upperpath [ 356.611976][ T7468] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 359.583984][ T7492] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 359.665283][ T7491] loop7: detected capacity change from 0 to 7 [ 359.715136][ T7496] syz.0.919 sent an empty control message without MSG_MORE. [ 359.996651][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 360.008048][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 360.884212][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 360.895438][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 360.957049][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 360.968184][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 361.187742][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 361.198994][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 361.235834][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 361.246962][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 361.257346][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 361.268431][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 361.281829][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 361.292852][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 361.301121][ T4826] ldm_validate_partition_table(): Disk read failed. [ 361.307207][ T5054] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 361.308304][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 361.326225][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 361.334632][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 361.345593][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 361.354772][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 361.365781][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 361.417691][ T4826] Dev loop7: unable to read RDB block 0 [ 361.446601][ T4826] loop7: unable to read partition table [ 361.470566][ T4826] loop7: partition table beyond EOD, truncated [ 361.516059][ T7525] loop4: detected capacity change from 0 to 256 [ 361.531805][ T7491] ldm_validate_partition_table(): Disk read failed. [ 361.552775][ T7491] Dev loop7: unable to read RDB block 0 [ 361.572012][ T7491] loop7: unable to read partition table [ 361.579985][ T7525] FAT-fs (loop4): Unrecognized mount option "smackfsroot=shortname=mixed" or missing value [ 361.600487][ T7491] loop7: partition table beyond EOD, truncated [ 361.610536][ T7491] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 361.698308][ T7532] xt_TCPMSS: Only works on TCP SYN packets [ 362.561459][ T26] audit: type=1326 audit(1764051765.768:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 362.588503][ T5054] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 362.611788][ T7535] [ 362.614353][ T5054] usb 4-1: config 0 interface 0 has no altsetting 0 [ 362.624148][ T5054] usb 4-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 362.634295][ T26] audit: type=1326 audit(1764051765.818:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f05ec9875e7 code=0x7ffc0000 [ 362.665625][ T5054] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.722374][ T5054] usb 4-1: config 0 descriptor?? [ 362.944255][ T26] audit: type=1326 audit(1764051765.818:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f05ec92c829 code=0x7ffc0000 [ 364.836210][ T26] audit: type=1326 audit(1764051765.818:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 364.922448][ T26] audit: type=1326 audit(1764051765.818:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 364.997229][ T5054] usb 4-1: can't set config #0, error -71 [ 365.007230][ T5054] usb 4-1: USB disconnect, device number 5 [ 365.046958][ T26] audit: type=1326 audit(1764051765.818:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 365.450451][ T4299] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 365.582965][ T26] audit: type=1326 audit(1764051765.818:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 365.852194][ T26] audit: type=1326 audit(1764051765.818:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f05ec9875e7 code=0x7ffc0000 [ 365.871141][ T7561] loop3: detected capacity change from 0 to 1024 [ 365.918077][ T26] audit: type=1326 audit(1764051765.818:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f05ec92c829 code=0x7ffc0000 [ 365.930081][ T4299] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 366.042218][ T26] audit: type=1326 audit(1764051765.818:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f05ec990749 code=0x7ffc0000 [ 366.136088][ T7561] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 366.193902][ T7561] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 366.257171][ T7561] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 366.720037][ T7554] fuse: Bad value for 'fd' [ 366.783021][ T7561] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,nolazytime,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,nobarrier,,errors=continue. Quota mode: writeback. [ 366.955801][ T7575] netlink: 12 bytes leftover after parsing attributes in process `syz.1.945'. [ 367.210268][ T7581] bridge0: port 1(macsec0) entered blocking state [ 367.275933][ T7581] bridge0: port 1(macsec0) entered disabled state [ 367.307082][ T7581] device macsec0 entered promiscuous mode [ 367.407054][ T5054] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 367.444996][ T7596] netlink: 4 bytes leftover after parsing attributes in process `syz.3.953'. [ 367.461807][ T7599] netlink: 12 bytes leftover after parsing attributes in process `syz.1.955'. [ 367.496188][ T7596] netlink: 12 bytes leftover after parsing attributes in process `syz.3.953'. [ 367.506716][ T7599] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 367.515228][ T7602] capability: warning: `syz.2.954' uses 32-bit capabilities (legacy support in use) [ 367.516073][ T7599] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 367.539251][ T7599] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 367.561859][ T7599] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 367.612799][ T7599] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 367.637367][ T7604] netlink: 4 bytes leftover after parsing attributes in process `syz.1.955'. [ 367.657253][ T7604] bond3 (unregistering): (slave geneve2): Releasing backup interface [ 367.666947][ T5054] usb 1-1: Using ep0 maxpacket: 16 [ 367.673431][ T7604] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 367.681297][ T7607] overlayfs: failed to clone upperpath [ 367.683072][ T7604] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 367.698110][ T7604] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 367.707864][ T7604] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 367.763577][ T7604] bond3 (unregistering): Released all slaves [ 367.799550][ T5054] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 367.810583][ T5054] usb 1-1: config 0 has no interface number 0 [ 367.830897][ T5054] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 367.853310][ T5054] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 367.924734][ T7611] loop4: detected capacity change from 0 to 4096 [ 368.022121][ T7611] EXT4-fs (loop4): Ignoring removed nobh option [ 368.054492][ T7611] EXT4-fs (loop4): Test dummy encryption mode enabled [ 368.137048][ T5054] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 368.162518][ T7611] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002] [ 368.177836][ T5054] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 368.186191][ T5054] usb 1-1: Product: syz [ 368.223121][ T7611] System zones: 0-5 [ 368.587119][ T5054] usb 1-1: SerialNumber: syz [ 368.616429][ T5054] usb 1-1: config 0 descriptor?? [ 368.687090][ T7611] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,nobh,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,nodiscard,lazytime,,errors=continue. Quota mode: writeback. [ 369.002138][ T5054] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 369.019457][ T7584] udc-core: couldn't find an available UDC or it's busy [ 369.026459][ T7584] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 369.061881][ T5054] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input7 [ 369.347288][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 371.261636][ T5054] usb 1-1: USB disconnect, device number 4 [ 372.006340][ T5054] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 373.235102][ T7654] netlink: 27 bytes leftover after parsing attributes in process `syz.2.970'. [ 373.591495][ T7666] netlink: 24 bytes leftover after parsing attributes in process `syz.2.974'. [ 375.490455][ T7686] gfs2: gfs2 mount does not exist [ 376.023104][ T7689] netlink: 'syz.4.980': attribute type 11 has an invalid length. [ 376.125803][ T7665] netlink: 8 bytes leftover after parsing attributes in process `syz.0.975'. [ 378.026575][ T7708] loop0: detected capacity change from 0 to 256 [ 381.651440][ T7749] xt_l2tp: missing protocol rule (udp|l2tpip) [ 385.093442][ T7793] loop0: detected capacity change from 0 to 128 [ 385.739955][ T7806] xt_socket: unknown flags 0x50 [ 386.118434][ T4184] device syz_tun left promiscuous mode [ 386.674676][ T7812] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1018'. [ 389.044955][ T4292] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 389.127410][ T1184] tipc: Left network mode [ 389.197590][ T1184] device ip6gretap0 left promiscuous mode [ 389.857245][ T4292] usb 2-1: config 0 has no interfaces? [ 389.915483][ T4292] usb 2-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 389.987198][ T4292] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.318299][ T4292] usb 2-1: config 0 descriptor?? [ 390.595411][ T4240] usb 2-1: USB disconnect, device number 5 [ 390.953631][ T7854] loop4: detected capacity change from 0 to 256 [ 391.096369][ T7856] xt_socket: unknown flags 0x50 [ 393.614694][ T7861] lo speed is unknown, defaulting to 1000 [ 393.821826][ T7867] team_slave_1: Caught tx_queue_len zero misconfig [ 393.852035][ T7872] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1031'. [ 393.882839][ T7867] af_packet: tpacket_rcv: packet too big, clamped from 194 to 4294967286. macoff=82 [ 396.698473][ T7] Bluetooth: hci1: command 0x0409 tx timeout [ 398.144345][ T7902] loop1: detected capacity change from 0 to 512 [ 398.477151][ T7908] xt_socket: unknown flags 0x50 [ 400.022720][ T7] Bluetooth: hci1: command 0x041b tx timeout [ 400.139008][ T7902] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 400.183285][ T7902] ext4 filesystem being mounted at /203/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 400.295811][ T7902] __quota_error: 17 callbacks suppressed [ 400.295832][ T7902] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 400.319311][ T7902] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 400.333636][ T7902] EXT4-fs error (device loop1): ext4_acquire_dquot:6209: comm syz.1.1039: Failed to acquire dquot type 0 [ 401.016899][ T1184] device hsr_slave_0 left promiscuous mode [ 401.063667][ T1184] device hsr_slave_1 left promiscuous mode [ 401.113567][ T1184] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 401.318749][ T1184] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 402.297831][ T4240] Bluetooth: hci1: command 0x040f tx timeout [ 402.357169][ T1184] device bridge_slave_1 left promiscuous mode [ 402.363876][ T1184] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.752191][ T1184] device bridge_slave_0 left promiscuous mode [ 402.783807][ T1184] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.767885][ T4240] Bluetooth: hci1: command 0x0419 tx timeout [ 404.999455][ T1184] team0 (unregistering): Port device team_slave_1 removed [ 405.045671][ T1184] team0 (unregistering): Port device team_slave_0 removed [ 405.103082][ T1184] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 405.152288][ T1184] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 405.441952][ T1184] bond0 (unregistering): Released all slaves [ 405.627996][ T7942] device syzkaller0 entered promiscuous mode [ 405.788738][ T7861] chnl_net:caif_netlink_parms(): no params data found [ 405.976412][ T26] audit: type=1804 audit(1764051809.178:218): pid=7970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1056" name="/newroot/205/file1" dev="fuse" ino=1 res=1 errno=0 [ 406.037149][ T26] audit: type=1800 audit(1764051809.218:219): pid=7970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1056" name="/" dev="fuse" ino=1 res=0 errno=0 [ 406.125430][ T7861] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.143049][ T7977] netlink: 'syz.1.1057': attribute type 11 has an invalid length. [ 406.166950][ T7861] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.208210][ T7861] device bridge_slave_0 entered promiscuous mode [ 406.227713][ T7861] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.332023][ T7861] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.343640][ T7985] netlink: zone id is out of range [ 406.355638][ T7861] device bridge_slave_1 entered promiscuous mode [ 406.363491][ T7985] netlink: zone id is out of range [ 406.377163][ T7985] netlink: zone id is out of range [ 406.382845][ T7985] netlink: zone id is out of range [ 406.393428][ T7977] ------------[ cut here ]------------ [ 406.410938][ T7977] wlan0: Failed check-sdata-in-driver check, flags: 0x4 [ 406.418933][ T7985] netlink: zone id is out of range [ 406.432088][ T7985] netlink: zone id is out of range [ 406.443287][ T7977] WARNING: CPU: 1 PID: 7977 at net/mac80211/driver-ops.h:172 ieee80211_bss_info_change_notify+0x37b/0x550 [ 406.480928][ T7985] netlink: zone id is out of range [ 406.529026][ T7985] netlink: zone id is out of range [ 406.556967][ T7977] Modules linked in: [ 406.564642][ T7977] CPU: 0 PID: 7977 Comm: syz.1.1057 Not tainted syzkaller #0 [ 406.573528][ T7977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 406.579653][ T7985] netlink: zone id is out of range [ 406.589771][ T7977] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550 [ 406.597472][ T7977] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15 [ 406.618248][ T7977] RSP: 0018:ffffc900035ff248 EFLAGS: 00010246 [ 406.624793][ T7977] RAX: 85afcb0cf0231800 RBX: 0000000000400000 RCX: 0000000000080000 [ 406.633454][ T7977] RDX: ffffc90005679000 RSI: 0000000000003b33 RDI: 0000000000003b34 [ 406.642130][ T7977] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172267b0 [ 406.650730][ T7977] R10: ffffed10172267b0 R11: 1ffff110172267af R12: ffff88805fb9c000 [ 406.657427][ T7985] netlink: zone id is out of range [ 406.664434][ T7977] R13: ffff88805fb9d290 R14: ffff8880770c0da0 R15: ffff88805fb9e298 [ 406.673377][ T7977] FS: 00007f05eabf76c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 406.682946][ T7977] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 406.693651][ T7977] CR2: 0000200000364030 CR3: 000000004480c000 CR4: 00000000003506f0 [ 406.706997][ T7977] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 406.732413][ T7977] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 406.762396][ T7977] Call Trace: [ 406.765987][ T7977] [ 406.774466][ T7977] ? netif_carrier_off+0x1/0xc0 [ 406.779758][ T7977] ieee80211_ocb_leave+0x26f/0x320 [ 406.785909][ T7977] __cfg80211_leave_ocb+0x219/0x3f0 [ 406.798515][ T7977] cfg80211_leave_ocb+0x53/0x70 [ 406.804079][ T7977] cfg80211_change_iface+0x4f1/0xeb0 [ 406.812726][ T7977] nl80211_set_interface+0x598/0x7d0 [ 406.821099][ T7977] ? nl80211_dump_interface+0x5c0/0x5c0 [ 406.827015][ T7977] ? mutex_lock_nested+0x17/0x20 [ 406.832237][ T7977] genl_rcv_msg+0xbc6/0xf40 [ 406.842060][ T7977] ? genl_bind+0x370/0x370 [ 406.847035][ T7977] ? verify_lock_unused+0x140/0x140 [ 406.852596][ T7977] ? __dev_queue_xmit+0x1bc5/0x2ed0 [ 406.865111][ T7977] ? dev_queue_xmit+0x20/0x20 [ 406.874978][ T7977] ? nl80211_dump_interface+0x5c0/0x5c0 [ 406.886133][ T7977] netlink_rcv_skb+0x1e0/0x430 [ 406.891554][ T7977] ? genl_bind+0x370/0x370 [ 406.902194][ T7977] ? netlink_ack+0xb60/0xb60 [ 406.907249][ T7977] ? __lock_acquire+0x7c60/0x7c60 [ 406.913655][ T7977] ? preempt_count_add+0x8d/0x190 [ 406.925255][ T7977] ? down_read+0x1aa/0x2e0 [ 406.930253][ T7977] genl_rcv+0x24/0x40 [ 406.935427][ T7977] netlink_unicast+0x774/0x920 [ 406.945623][ T7977] netlink_sendmsg+0x8ab/0xbc0 [ 406.962549][ T7977] ? netlink_getsockopt+0x560/0x560 [ 406.977015][ T7977] ? aa_sock_msg_perm+0x94/0x150 [ 406.984018][ T7977] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 406.990221][ T7977] ? security_socket_sendmsg+0x7c/0xa0 [ 406.996025][ T7977] ? netlink_getsockopt+0x560/0x560 [ 407.002197][ T7977] ____sys_sendmsg+0x5a2/0x8c0 [ 407.007406][ T7977] ? memset+0x1e/0x40 [ 407.011657][ T7977] ? __sys_sendmsg_sock+0x30/0x30 [ 407.017212][ T7977] ? import_iovec+0x6f/0xa0 [ 407.022151][ T7977] ___sys_sendmsg+0x1f0/0x260 [ 407.028419][ T7977] ? __sys_sendmsg+0x250/0x250 [ 407.038264][ T7977] ? sock_do_ioctl+0x27c/0x2f0 [ 407.045446][ T7977] ? __fdget+0x18b/0x210 [ 407.050679][ T7977] __se_sys_sendmsg+0x190/0x250 [ 407.055729][ T7977] ? __x64_sys_sendmsg+0x80/0x80 [ 407.062220][ T7977] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 407.068743][ T7977] ? lockdep_hardirqs_on+0x94/0x140 [ 407.074334][ T7977] do_syscall_64+0x4c/0xa0 [ 407.079112][ T7977] ? clear_bhb_loop+0x30/0x80 [ 407.083861][ T7977] ? clear_bhb_loop+0x30/0x80 [ 407.088829][ T7977] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 407.094778][ T7977] RIP: 0033:0x7f05ec990749 [ 407.099641][ T7977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.126510][ T7977] RSP: 002b:00007f05eabf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 407.135171][ T7977] RAX: ffffffffffffffda RBX: 00007f05ecbe6fa0 RCX: 00007f05ec990749 [ 407.143425][ T7977] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 407.151612][ T7977] RBP: 00007f05eca14f91 R08: 0000000000000000 R09: 0000000000000000 [ 407.159742][ T7977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.167835][ T7977] R13: 00007f05ecbe7038 R14: 00007f05ecbe6fa0 R15: 00007fff430af808 [ 407.175856][ T7977] [ 407.179140][ T7977] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 407.186615][ T7977] CPU: 0 PID: 7977 Comm: syz.1.1057 Not tainted syzkaller #0 [ 407.193993][ T7977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 407.204357][ T7977] Call Trace: [ 407.207653][ T7977] [ 407.210688][ T7977] dump_stack_lvl+0x168/0x230 [ 407.215399][ T7977] ? show_regs_print_info+0x20/0x20 [ 407.220966][ T7977] ? load_image+0x3b0/0x3b0 [ 407.225523][ T7977] panic+0x2c9/0x7f0 [ 407.229434][ T7977] ? bpf_jit_dump+0xd0/0xd0 [ 407.234172][ T7977] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 407.240623][ T7977] __warn+0x248/0x2b0 [ 407.244638][ T7977] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 407.251288][ T7977] report_bug+0x1b7/0x2e0 [ 407.255664][ T7977] handle_bug+0x3a/0x70 [ 407.259838][ T7977] exc_invalid_op+0x16/0x40 [ 407.264380][ T7977] asm_exc_invalid_op+0x16/0x20 [ 407.269245][ T7977] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550 [ 407.276441][ T7977] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15 [ 407.296263][ T7977] RSP: 0018:ffffc900035ff248 EFLAGS: 00010246 [ 407.302447][ T7977] RAX: 85afcb0cf0231800 RBX: 0000000000400000 RCX: 0000000000080000 [ 407.310519][ T7977] RDX: ffffc90005679000 RSI: 0000000000003b33 RDI: 0000000000003b34 [ 407.318507][ T7977] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172267b0 [ 407.326511][ T7977] R10: ffffed10172267b0 R11: 1ffff110172267af R12: ffff88805fb9c000 [ 407.334587][ T7977] R13: ffff88805fb9d290 R14: ffff8880770c0da0 R15: ffff88805fb9e298 [ 407.342590][ T7977] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 407.349051][ T7977] ? netif_carrier_off+0x1/0xc0 [ 407.353918][ T7977] ieee80211_ocb_leave+0x26f/0x320 [ 407.359217][ T7977] __cfg80211_leave_ocb+0x219/0x3f0 [ 407.364466][ T7977] cfg80211_leave_ocb+0x53/0x70 [ 407.369425][ T7977] cfg80211_change_iface+0x4f1/0xeb0 [ 407.374733][ T7977] nl80211_set_interface+0x598/0x7d0 [ 407.380059][ T7977] ? nl80211_dump_interface+0x5c0/0x5c0 [ 407.385648][ T7977] ? mutex_lock_nested+0x17/0x20 [ 407.390874][ T7977] genl_rcv_msg+0xbc6/0xf40 [ 407.395490][ T7977] ? genl_bind+0x370/0x370 [ 407.399937][ T7977] ? verify_lock_unused+0x140/0x140 [ 407.405166][ T7977] ? __dev_queue_xmit+0x1bc5/0x2ed0 [ 407.410487][ T7977] ? dev_queue_xmit+0x20/0x20 [ 407.415189][ T7977] ? nl80211_dump_interface+0x5c0/0x5c0 [ 407.420768][ T7977] netlink_rcv_skb+0x1e0/0x430 [ 407.425562][ T7977] ? genl_bind+0x370/0x370 [ 407.430032][ T7977] ? netlink_ack+0xb60/0xb60 [ 407.434630][ T7977] ? __lock_acquire+0x7c60/0x7c60 [ 407.439673][ T7977] ? preempt_count_add+0x8d/0x190 [ 407.444725][ T7977] ? down_read+0x1aa/0x2e0 [ 407.449157][ T7977] genl_rcv+0x24/0x40 [ 407.453307][ T7977] netlink_unicast+0x774/0x920 [ 407.458106][ T7977] netlink_sendmsg+0x8ab/0xbc0 [ 407.462909][ T7977] ? netlink_getsockopt+0x560/0x560 [ 407.468290][ T7977] ? aa_sock_msg_perm+0x94/0x150 [ 407.473260][ T7977] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 407.478701][ T7977] ? security_socket_sendmsg+0x7c/0xa0 [ 407.484196][ T7977] ? netlink_getsockopt+0x560/0x560 [ 407.489739][ T7977] ____sys_sendmsg+0x5a2/0x8c0 [ 407.494665][ T7977] ? memset+0x1e/0x40 [ 407.498680][ T7977] ? __sys_sendmsg_sock+0x30/0x30 [ 407.503866][ T7977] ? import_iovec+0x6f/0xa0 [ 407.508403][ T7977] ___sys_sendmsg+0x1f0/0x260 [ 407.513100][ T7977] ? __sys_sendmsg+0x250/0x250 [ 407.518027][ T7977] ? sock_do_ioctl+0x27c/0x2f0 [ 407.524794][ T7977] ? __fdget+0x18b/0x210 [ 407.529060][ T7977] __se_sys_sendmsg+0x190/0x250 [ 407.534542][ T7977] ? __x64_sys_sendmsg+0x80/0x80 [ 407.539684][ T7977] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 407.545718][ T7977] ? lockdep_hardirqs_on+0x94/0x140 [ 407.551152][ T7977] do_syscall_64+0x4c/0xa0 [ 407.555597][ T7977] ? clear_bhb_loop+0x30/0x80 [ 407.560601][ T7977] ? clear_bhb_loop+0x30/0x80 [ 407.565313][ T7977] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 407.571224][ T7977] RIP: 0033:0x7f05ec990749 [ 407.575652][ T7977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.595853][ T7977] RSP: 002b:00007f05eabf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 407.604463][ T7977] RAX: ffffffffffffffda RBX: 00007f05ecbe6fa0 RCX: 00007f05ec990749 [ 407.612675][ T7977] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 407.620668][ T7977] RBP: 00007f05eca14f91 R08: 0000000000000000 R09: 0000000000000000 [ 407.628983][ T7977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.637074][ T7977] R13: 00007f05ecbe7038 R14: 00007f05ecbe6fa0 R15: 00007fff430af808 [ 407.645090][ T7977] [ 407.648226][ T7977] Kernel Offset: disabled [ 407.652876][ T7977] Rebooting in 86400 seconds..