last executing test programs: 53.507391462s ago: executing program 0 (id=280): r0 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xf7, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") symlinkat(&(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) r3 = socket$inet(0x2, 0x3, 0x2) unshare(0x2040400) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)="7549bde14e64a818", 0x8}, {&(0x7f0000000080)="58b03f4b", 0x4}, {&(0x7f0000000100)="8f6d56aaa97dac951d3da2e3616c853f3eeba90d405fc74a6b4d19e4237cca1df60b53436b8f4687c18e8678bb660e644c21d1d2d7c22d418e99b82b646f35f1e34a71af2ca204d1894eb8d805e737980c5d16a6eeb78d5017b38dfe9a9dfd08dc67a0ff", 0x64}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg$can_bcm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000680)=""/112, 0x70}], 0x1}, 0x10150) bind$alg(r5, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000140)={0x0, 'pimreg1\x00'}, 0x18) recvmmsg(r2, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYRES16=r5, @ANYRESHEX=r4, @ANYRES32=r5, @ANYRES16=r0, @ANYRES64=r5], 0x10}}, 0x0) 51.349304795s ago: executing program 0 (id=285): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) socket$alg(0x26, 0x5, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000004"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x33, 0x0, 0xc632) 45.840132399s ago: executing program 0 (id=293): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0xc00, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e26, 0x4007, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x1}, 0x1c) r6 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f0000000040)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18) ioctl$NILFS_IOCTL_RESIZE(r1, 0x40086e8b, &(0x7f0000000140)=0x5) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x2c}, 0x5}, 0x1c) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0xfffffffffffffff5, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x34, 0x28, 0x2, 0x4001, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xfff2, 0xfff3}, {0xffff, 0xffff}, {0x2, 0x1}}}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x48015) 43.143495482s ago: executing program 0 (id=298): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x5, 0xa8, 0x20, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000000)=0x6, 0x4) shutdown(r0, 0x1) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000040)=0xdd7, 0x4) recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x2a, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) 41.353597688s ago: executing program 3 (id=313): bpf$PROG_LOAD(0x5, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, 0x0, 0xc8a0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) 35.945576185s ago: executing program 0 (id=318): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) write(r0, 0x0, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000040)=0x3, 0x4) recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) write$bt_hci(r0, 0x0, 0x1d) 35.657123522s ago: executing program 3 (id=319): bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10) 35.439298829s ago: executing program 4 (id=324): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 35.367597135s ago: executing program 3 (id=325): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000000900010073797a30000000000900020073797a32000000002c0004802800018008000100666962001c000280080001400000000c0800024000000002"], 0x80}, 0x1, 0x0, 0x0, 0x20000884}, 0x8800) 35.237851962s ago: executing program 4 (id=326): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x9, 0x3, 0x200, 0x0, 0xffffffff, 0xffffffff, 0x118, 0xffffffff, 0x208, 0xffffffff, 0xffffffff, 0x208, 0xffffffff, 0x3, 0x0, {[{{@ip={@multicast1, @multicast2, 0xffffffff, 0xff000000, 'team_slave_1\x00', 'pim6reg\x00', {}, {}, 0x1d, 0x3}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0xa, 0x2, 0xfffffffe, 0x435, 'netbios-ns\x00', 'syz0\x00', {0x7fff}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010101, 0x0, 0x0, 'ip6tnl0\x00', 'ip_vti0\x00', {0xff}, {0xff}, 0x33, 0x3, 0x8}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x260) 35.090802067s ago: executing program 3 (id=327): r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000001d00)={0x0, 0x0, 0x0}, 0x40000020) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000005700)=""/4075, 0xfeb}, {&(0x7f0000000480)=""/78, 0x4e}, {&(0x7f0000001d40)=""/4083, 0xff3}, {&(0x7f0000000000)=""/27, 0x1b}, {&(0x7f0000002d40)=""/4078, 0xfee}, {&(0x7f00000005c0)=""/161, 0xa1}, {&(0x7f0000000080)=""/31, 0x1f}, {&(0x7f0000000800)=""/156, 0x9c}], 0x8}, 0x32120) 34.883016482s ago: executing program 4 (id=328): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0) sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmmsg(r0, &(0x7f0000004a80)=[{{0x0, 0x0, 0x0}, 0x1f8}, {{0x0, 0x0, 0x0}, 0x4000005}, {{0x0, 0x0, 0x0}, 0x800}, {{0x0, 0x0, &(0x7f0000003280)=[{&(0x7f0000000000)=""/107, 0x6b}, {&(0x7f0000000200)=""/125, 0x7d}, {&(0x7f0000004c00)=""/4105, 0x1009}, {&(0x7f0000001640)=""/252, 0xfc}], 0x4}, 0x81}], 0x4, 0x40010132, 0x0) 34.717996647s ago: executing program 4 (id=329): syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f000000d040)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) r1 = socket(0x10, 0x3, 0x0) write(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200e19}, 0x94) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x8) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="0000000000000000b70800", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200000000df00850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) write$cgroup_devices(0xffffffffffffffff, &(0x7f00000001c0)={'b', ' *:* ', 'wm\x00'}, 0x9) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff7fff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000c400000000328"], 0xa4}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x18, 0x68, 0x1, 0x70bd2c, 0x25dfdbfd, {0x2}}, 0x18}, 0x1, 0x0, 0x0, 0x4402}, 0x100000000000000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c00000002060108000000000000000000000000050005000a000000050001000700000005000400000000000900020073797a310000000015000300686173683a69702c706f72742c6e6574000000000c00078008000640"], 0x5c}}, 0x20084884) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x300, 0x0, 0x10040003}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x24, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x90}}, 0x0) 34.561746058s ago: executing program 4 (id=330): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {0xa}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}}, 0x80) 34.322907768s ago: executing program 4 (id=331): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffe}}}]}, 0x38}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3c000001}, 0x20040) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25ffdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0x4}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0x6}, {0x0, 0x3, 0x0, 0x4, 0x6}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24041090}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000440)=@xdp={0x2c, 0x7, r7, 0x12}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000200)="a6c664e0", 0x4}], 0x1}, 0x8014) 34.099224099s ago: executing program 3 (id=332): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001740), r0) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="230028bd7000fedbdf252300000008000200", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4044810}, 0x0) 33.965873504s ago: executing program 3 (id=333): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)={0x34, r2, 0x1, 0x70bd29, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x200}]]}, 0x34}, 0x1, 0x0, 0x0, 0x8001}, 0x4040000) 32.575456658s ago: executing program 0 (id=334): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000500)={@void, @val={0x0, 0x3, 0x7, 0x9f3, 0xfff, 0xa6f}, @eth={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x9, 0x17a, 0x66, 0x0, 0x21, 0x2f, 0x0, @local, @multicast1}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x86dd, [], "ed696f9d93c020635d7febc11c53d7d9031f479eeb521f8d6e8ff3e08c5dda52e5a8391b157c251de02e041fdac25c15aea5871542fe782636fc2ea8a1b783122dee313f1971e07d426935afba1de1a4d642f65841e34b97d87f7cfa5b34db7f55d34904dfea0cbfb17938eebc6b"}, {0x8, 0x88be, 0x3, {{0x1, 0x1, 0x0, 0x3, 0x0, 0x2, 0x4, 0x8}, 0x1, {0x6}}}, {0x8, 0x22eb, 0x3, {{0x7, 0x2, 0x9, 0x2, 0x1, 0x1, 0x0, 0x9}, 0x2, {0x9, 0x4, 0x2, 0x18, 0x1, 0x1, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x3, "f14935036539ee40ba92a418aae40d1e5c33cb8184e8db733dd3a213060c3c4880be011591b62c2895b6080f15a2373778d9c52881fd51061a95622e88050d563504ab1c5b2a2bb995484c670bc501b5845cdfdbd36648674adfd736b37718c7361433782df0161f81522f3755f17add9839f4eb82959a7f78bf47c595c72cc62aa508194aace4ec5c7c904f228c866b72e390f8d224068ab0b64b92b318f204aee944c529dc3ec246171488508977c661b7714b"}}}}}}}, 0x192) 18.353004716s ago: executing program 32 (id=333): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)={0x34, r2, 0x1, 0x70bd29, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x200}]]}, 0x34}, 0x1, 0x0, 0x0, 0x8001}, 0x4040000) 18.307497958s ago: executing program 33 (id=331): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffe}}}]}, 0x38}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3c000001}, 0x20040) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25ffdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0x4}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0x6}, {0x0, 0x3, 0x0, 0x4, 0x6}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24041090}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000440)=@xdp={0x2c, 0x7, r7, 0x12}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000200)="a6c664e0", 0x4}], 0x1}, 0x8014) 16.84413067s ago: executing program 34 (id=334): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000500)={@void, @val={0x0, 0x3, 0x7, 0x9f3, 0xfff, 0xa6f}, @eth={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x9, 0x17a, 0x66, 0x0, 0x21, 0x2f, 0x0, @local, @multicast1}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x86dd, [], "ed696f9d93c020635d7febc11c53d7d9031f479eeb521f8d6e8ff3e08c5dda52e5a8391b157c251de02e041fdac25c15aea5871542fe782636fc2ea8a1b783122dee313f1971e07d426935afba1de1a4d642f65841e34b97d87f7cfa5b34db7f55d34904dfea0cbfb17938eebc6b"}, {0x8, 0x88be, 0x3, {{0x1, 0x1, 0x0, 0x3, 0x0, 0x2, 0x4, 0x8}, 0x1, {0x6}}}, {0x8, 0x22eb, 0x3, {{0x7, 0x2, 0x9, 0x2, 0x1, 0x1, 0x0, 0x9}, 0x2, {0x9, 0x4, 0x2, 0x18, 0x1, 0x1, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x3, "f14935036539ee40ba92a418aae40d1e5c33cb8184e8db733dd3a213060c3c4880be011591b62c2895b6080f15a2373778d9c52881fd51061a95622e88050d563504ab1c5b2a2bb995484c670bc501b5845cdfdbd36648674adfd736b37718c7361433782df0161f81522f3755f17add9839f4eb82959a7f78bf47c595c72cc62aa508194aace4ec5c7c904f228c866b72e390f8d224068ab0b64b92b318f204aee944c529dc3ec246171488508977c661b7714b"}}}}}}}, 0x192) 3.645804795s ago: executing program 2 (id=354): r0 = socket$kcm(0xa, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000580)={{0x84, @broadcast, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x7b}, {@private=0xa010102, 0x4e22, 0x2, 0xc8, 0x80012d58, 0x12d5c}}, 0x44) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 3.526965113s ago: executing program 2 (id=356): unshare(0x8040480) connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000000)={0x24, @short={0x2, 0x1, 0xaaa0}}, 0xb) 3.412393377s ago: executing program 2 (id=357): r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000980)=[{r0, 0x104}], 0x1, 0x0, 0x0, 0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000040)={0x40002010}) 2.107770089s ago: executing program 2 (id=360): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(0xffffffffffffffff) r1 = socket$kcm(0x29, 0x5, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a) r3 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000b00)="b6bd7e4983a45b31f79d80060400000000000000a33734d88229acf96457ad59d0b87f8659b614043e3d21a7cacecab8bbd26251b93b28b4d83e618673f9c74d0a28a5146c5511549fa617e908352c87d8ddff2ce042a1e58eb7b63759cab3526dd8ae1566ddcfb5fa83e8b2940b3ed1b8", 0x71}, {&(0x7f0000000880)="3aa8", 0x2}, {&(0x7f0000000a40)="746b9120a32aaf78043a9b", 0xb}], 0x3}, 0xc854) setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f0000000180)=0x4c, 0x4) sendfile(r1, r2, 0x0, 0xffffffff000) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x0, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44010}, 0x40000) sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r4, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='bbr', 0x3) recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000009b80)=@newchain={0x24, 0x64, 0x300, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff2}, {0xf}, {0xa, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x600, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="440000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000004001a80180002"], 0x44}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.519494937s ago: executing program 1 (id=362): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="0304000000000000140012800a000100767863616e0000006cf670d508001c00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1.413322895s ago: executing program 1 (id=363): r0 = socket$inet6(0xa, 0x3, 0x4) ioctl$sock_ifreq(r0, 0x89b0, &(0x7f00000000c0)={'gre0\x00', @ifru_mtu=0x8}) 902.213042ms ago: executing program 1 (id=364): unshare(0x8040480) connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000000)={0x24, @short={0x2, 0x1, 0xaaa0}}, 0xb) 715.63104ms ago: executing program 1 (id=365): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000680)="76389e6a65585578f830e9000000", 0x0, 0x10001, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 364.829141ms ago: executing program 2 (id=366): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, 0x2, 0x3, 0xa01, 0x0, 0x0, {0x7}, [@NFQA_CFG_PARAMS={0x9, 0x2, {0x3, 0x2}}]}, 0x20}}, 0x240000c0) 247.845334ms ago: executing program 1 (id=367): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c014}, 0x4000080) 35.281845ms ago: executing program 1 (id=368): bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0a000000030000000400000008"], 0x50) close(0x3) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="59cf00000000010000000800000014000180060001000204000008000500"], 0x28}, 0x1, 0x0, 0x0, 0x400c081}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c00)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010", @ANYRES8=0x0, @ANYBLOB="fe88"], 0x48}}, 0x0) sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0) socket(0x10, 0x803, 0x0) r3 = gettid() r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000046000701fcffffff02000000017c000008000100", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x488c4}, 0xc000) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) r8 = socket(0x2, 0x80805, 0x0) r9 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e22, 0x3, 'lblcr\x00', 0x1, 0x80005, 0x6f}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x2, 0xcd}}, 0x44) sendmsg$sock(r7, &(0x7f00000000c0)={&(0x7f0000000580)=@in6={0x2, 0x4e21, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r9, 0x0, 0x485, 0x0, 0x0) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) r11 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$IP_VS_SO_GET_VERSION(r11, 0x0, 0x480, &(0x7f0000000000), &(0x7f0000001280)=0x40) getsockname$packet(r10, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r12, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@delchain={0x24, 0x2e, 0x501, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff2, 0xffff}, {0x0, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00') 0s ago: executing program 2 (id=369): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, &(0x7f00000003c0)=ANY=[], 0x18) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x42050, &(0x7f00000002c0)={0xa, 0x4e24, 0x5, @local, 0x3b67}, 0x1c) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.153' (ED25519) to the list of known hosts. [ 66.142043][ T5611] cgroup: Unknown subsys name 'net' [ 66.383801][ T5611] cgroup: Unknown subsys name 'cpuset' [ 66.438921][ T5611] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.036501][ T5611] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.370641][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.370709][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.597067][ T5626] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.605328][ T5626] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.616014][ T5626] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.630373][ T5626] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.631031][ T5626] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.758192][ T4941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.771687][ T4941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.774914][ T4941] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.776000][ T4941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.776865][ T4941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.844029][ T4941] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.859666][ T4941] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.860774][ T4941] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.863768][ T4941] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.865188][ T4941] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.982370][ T4941] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.020171][ T4941] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.022300][ T4941] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.030294][ T4941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.032338][ T4941] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.133931][ T5626] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.137682][ T5626] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.140132][ T5626] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.152540][ T5626] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.154288][ T5626] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.689850][ T4941] Bluetooth: hci0: command tx timeout [ 73.838506][ T4941] Bluetooth: hci1: command tx timeout [ 73.919034][ T4941] Bluetooth: hci2: command tx timeout [ 74.078477][ T4941] Bluetooth: hci3: command tx timeout [ 74.139883][ T5632] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.140964][ T5632] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.141114][ T5632] bridge_slave_0: entered allmulticast mode [ 74.143017][ T5632] bridge_slave_0: entered promiscuous mode [ 74.185058][ T5629] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.185208][ T5629] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.185345][ T5629] bridge_slave_0: entered allmulticast mode [ 74.187050][ T5629] bridge_slave_0: entered promiscuous mode [ 74.214961][ T5632] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.215183][ T5632] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.215381][ T5632] bridge_slave_1: entered allmulticast mode [ 74.218188][ T5632] bridge_slave_1: entered promiscuous mode [ 74.239388][ T4941] Bluetooth: hci4: command tx timeout [ 74.263043][ T5629] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.263260][ T5629] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.263617][ T5629] bridge_slave_1: entered allmulticast mode [ 74.265394][ T5629] bridge_slave_1: entered promiscuous mode [ 74.383426][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.383755][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.384389][ T5625] bridge_slave_0: entered allmulticast mode [ 74.386920][ T5625] bridge_slave_0: entered promiscuous mode [ 74.425387][ T5632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.425926][ T5637] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.426211][ T5637] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.426431][ T5637] bridge_slave_0: entered allmulticast mode [ 74.429784][ T5637] bridge_slave_0: entered promiscuous mode [ 74.435752][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.436014][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.436230][ T5625] bridge_slave_1: entered allmulticast mode [ 74.440029][ T5625] bridge_slave_1: entered promiscuous mode [ 74.450502][ T5629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.481921][ T5632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.482309][ T5637] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.482894][ T5637] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.483117][ T5637] bridge_slave_1: entered allmulticast mode [ 74.485962][ T5637] bridge_slave_1: entered promiscuous mode [ 74.515120][ T5629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.716008][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.733355][ T5643] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.733608][ T5643] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.734123][ T5643] bridge_slave_0: entered allmulticast mode [ 74.736641][ T5643] bridge_slave_0: entered promiscuous mode [ 74.744479][ T5632] team0: Port device team_slave_0 added [ 74.755055][ T5637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.764465][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.771683][ T5629] team0: Port device team_slave_0 added [ 74.773540][ T5643] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.773864][ T5643] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.774092][ T5643] bridge_slave_1: entered allmulticast mode [ 74.776951][ T5643] bridge_slave_1: entered promiscuous mode [ 74.783330][ T5632] team0: Port device team_slave_1 added [ 74.788163][ T5637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.816613][ T5629] team0: Port device team_slave_1 added [ 74.932437][ T5625] team0: Port device team_slave_0 added [ 74.952046][ T5643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.953745][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.953754][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.953767][ T5632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.957814][ T5637] team0: Port device team_slave_0 added [ 74.979090][ T5625] team0: Port device team_slave_1 added [ 74.983984][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.983995][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.984014][ T5629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.004075][ T5643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.009414][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.009427][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.009451][ T5632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.017928][ T5637] team0: Port device team_slave_1 added [ 75.046792][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.046807][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.046830][ T5629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.184161][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.184171][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.184184][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.189367][ T5643] team0: Port device team_slave_0 added [ 75.194073][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.194085][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.194107][ T5637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.197085][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.197097][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.197118][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.207204][ T5643] team0: Port device team_slave_1 added [ 75.229526][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.229539][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.229562][ T5637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.395442][ T5632] hsr_slave_0: entered promiscuous mode [ 75.396844][ T5632] hsr_slave_1: entered promiscuous mode [ 75.412640][ T5629] hsr_slave_0: entered promiscuous mode [ 75.413850][ T5629] hsr_slave_1: entered promiscuous mode [ 75.414901][ T5629] debugfs: 'hsr0' already exists in 'hsr' [ 75.414981][ T5629] Cannot create hsr debugfs directory [ 75.416490][ T5643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.416498][ T5643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.416511][ T5643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.449661][ T5643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.449676][ T5643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.449698][ T5643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.538046][ T5625] hsr_slave_0: entered promiscuous mode [ 75.540924][ T5625] hsr_slave_1: entered promiscuous mode [ 75.542352][ T5625] debugfs: 'hsr0' already exists in 'hsr' [ 75.542373][ T5625] Cannot create hsr debugfs directory [ 75.596093][ T5637] hsr_slave_0: entered promiscuous mode [ 75.597341][ T5637] hsr_slave_1: entered promiscuous mode [ 75.598248][ T5637] debugfs: 'hsr0' already exists in 'hsr' [ 75.598270][ T5637] Cannot create hsr debugfs directory [ 75.758828][ T4941] Bluetooth: hci0: command tx timeout [ 75.918692][ T4941] Bluetooth: hci1: command tx timeout [ 75.999137][ T4941] Bluetooth: hci2: command tx timeout [ 76.143629][ T5643] hsr_slave_0: entered promiscuous mode [ 76.145153][ T5643] hsr_slave_1: entered promiscuous mode [ 76.146101][ T5643] debugfs: 'hsr0' already exists in 'hsr' [ 76.146122][ T5643] Cannot create hsr debugfs directory [ 76.158412][ T4941] Bluetooth: hci3: command tx timeout [ 76.318480][ T4941] Bluetooth: hci4: command tx timeout [ 76.754094][ T5632] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 76.802164][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 76.809594][ T5632] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 76.856959][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 76.862501][ T5632] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 76.905897][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 76.928109][ T5632] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.964045][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 77.102496][ T5629] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 77.148297][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 77.153367][ T5629] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 77.181615][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 77.186442][ T5629] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 77.226034][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 77.251838][ T5629] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 77.281782][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 77.419319][ T5625] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.452992][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 77.466174][ T5625] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.491845][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 77.499828][ T5625] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.532510][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 77.567440][ T5625] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.594479][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 77.761736][ T5643] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 77.795004][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 77.810921][ T5643] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 77.844175][ T4941] Bluetooth: hci0: command tx timeout [ 77.854416][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 77.879018][ T5643] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 77.915200][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 77.951167][ T5643] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 77.991603][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 78.001059][ T4941] Bluetooth: hci1: command tx timeout [ 78.043909][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.078649][ T4941] Bluetooth: hci2: command tx timeout [ 78.174300][ T5637] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 78.215602][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 78.231309][ T5637] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 78.238838][ T4941] Bluetooth: hci3: command tx timeout [ 78.272865][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 78.277540][ T5632] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.294457][ T5637] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 78.335232][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 78.346205][ T5637] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 78.371865][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 78.398741][ T4941] Bluetooth: hci4: command tx timeout [ 78.406707][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.407208][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.441814][ T5629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.457063][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.457166][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.558251][ T5629] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.614978][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.615208][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.643282][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.665897][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.665988][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.776947][ T5625] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.910375][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.910888][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.945888][ T5643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.001122][ T3378] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.001356][ T3378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.133692][ T5643] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.185204][ T5637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.253772][ T3510] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.253924][ T3510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.328148][ T3510] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.336815][ T3510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.401791][ T5637] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.485671][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.501952][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.566044][ T3510] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.566210][ T3510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.774756][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.918691][ T4941] Bluetooth: hci0: command tx timeout [ 80.079505][ T4941] Bluetooth: hci1: command tx timeout [ 80.159913][ T4941] Bluetooth: hci2: command tx timeout [ 80.321570][ T4941] Bluetooth: hci3: command tx timeout [ 80.325031][ T5632] veth0_vlan: entered promiscuous mode [ 80.361487][ T5629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.432975][ T5632] veth1_vlan: entered promiscuous mode [ 80.479729][ T4941] Bluetooth: hci4: command tx timeout [ 80.723389][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.767351][ T5632] veth0_macvtap: entered promiscuous mode [ 80.793607][ T5629] veth0_vlan: entered promiscuous mode [ 80.823403][ T5632] veth1_macvtap: entered promiscuous mode [ 80.903792][ T5629] veth1_vlan: entered promiscuous mode [ 80.965523][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.023388][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.103266][ T3504] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.107166][ T5625] veth0_vlan: entered promiscuous mode [ 81.113577][ T3504] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.124958][ T3504] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.128054][ T3504] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.173944][ T5643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.206758][ T5625] veth1_vlan: entered promiscuous mode [ 81.214506][ T5629] veth0_macvtap: entered promiscuous mode [ 81.229955][ T5637] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.330688][ T5629] veth1_macvtap: entered promiscuous mode [ 81.752238][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.816168][ T32] cfg80211: failed to load regulatory.db [ 81.873455][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.020126][ T5625] veth0_macvtap: entered promiscuous mode [ 82.050393][ T3504] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.057395][ T3504] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.091568][ T5643] veth0_vlan: entered promiscuous mode [ 82.092819][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.092834][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.134184][ T3504] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.152149][ T5625] veth1_macvtap: entered promiscuous mode [ 82.158204][ T3504] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.295647][ T5643] veth1_vlan: entered promiscuous mode [ 82.366238][ T3507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.366253][ T3507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.418486][ T5637] veth0_vlan: entered promiscuous mode [ 82.576727][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.680011][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.714252][ T5637] veth1_vlan: entered promiscuous mode [ 82.732575][ T3501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.732593][ T3501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.771735][ T3501] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.808169][ T3501] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.834153][ T3501] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.868591][ T3501] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.973147][ T3378] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.973163][ T3378] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.978244][ T5643] veth0_macvtap: entered promiscuous mode [ 83.102036][ T5643] veth1_macvtap: entered promiscuous mode [ 83.411395][ T5637] veth0_macvtap: entered promiscuous mode [ 83.536627][ T5643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.537519][ T5637] veth1_macvtap: entered promiscuous mode [ 83.680951][ T3501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.680969][ T3501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.203974][ T5643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.344903][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.355949][ T3501] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.355966][ T3501] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.440661][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.635422][ T3501] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.655299][ T3501] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.674376][ T3501] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.674961][ T3501] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.712867][ T3501] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.763255][ T3507] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.783018][ T5832] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6'. [ 85.140690][ T3507] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.191439][ T3507] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.837628][ T5848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 86.272912][ T825] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 86.805150][ T218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.805168][ T218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.106607][ T3501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.106619][ T3501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.466449][ T3507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.466468][ T3507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.534594][ T5849] loop0: detected capacity change from 0 to 32768 [ 87.624805][ T5849] ======================================================= [ 87.624805][ T5849] WARNING: The mand mount option has been deprecated and [ 87.624805][ T5849] and is ignored by this kernel. Remove the mand [ 87.624805][ T5849] option from the mount to silence this warning. [ 87.624805][ T5849] ======================================================= [ 87.624948][ T5849] ocfs2: Bad value for 'localalloc' [ 88.211366][ T5626] Bluetooth: hci0: command 0x2016 tx timeout [ 88.886974][ T5865] syz.0.13 uses obsolete (PF_INET,SOCK_PACKET) [ 88.902289][ T3501] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.902306][ T3501] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.238484][ T5626] Bluetooth: hci0: command 0x2016 tx timeout [ 91.410291][ T5885] FAULT_INJECTION: forcing a failure. [ 91.410291][ T5885] name failslab, interval 1, probability 0, space 0, times 1 [ 91.410339][ T5885] CPU: 1 UID: 0 PID: 5885 Comm: syz.4.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 91.410362][ T5885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 91.410376][ T5885] Call Trace: [ 91.410382][ T5885] [ 91.410389][ T5885] dump_stack_lvl+0xe8/0x150 [ 91.410416][ T5885] should_fail_ex+0x46b/0x600 [ 91.410438][ T5885] should_failslab+0xa8/0x100 [ 91.410458][ T5885] kmem_cache_alloc_lru_noprof+0x8b/0x680 [ 91.410475][ T5885] ? __d_alloc+0x37/0x6f0 [ 91.410494][ T5885] __d_alloc+0x37/0x6f0 [ 91.410514][ T5885] d_alloc+0x4b/0x190 [ 91.410530][ T5885] ? lookup_one_qstr_excl+0xc4/0x360 [ 91.410552][ T5885] lookup_one_qstr_excl+0xd8/0x360 [ 91.410575][ T5885] start_dirop+0x5c/0x90 [ 91.410592][ T5885] simple_start_creating+0xcc/0x110 [ 91.410612][ T5885] ? __pfx_simple_start_creating+0x10/0x10 [ 91.410635][ T5885] ? mntput+0x65/0xc0 [ 91.410660][ T5885] debugfs_start_creating+0xdb/0x1a0 [ 91.410678][ T5885] __debugfs_create_file+0x6f/0x400 [ 91.410699][ T5885] debugfs_create_file_full+0x3f/0x60 [ 91.410718][ T5885] ref_tracker_dir_debugfs+0x19d/0x370 [ 91.410737][ T5885] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 91.410771][ T5885] ? __kvmalloc_node_noprof+0x3df/0x8e0 [ 91.410797][ T5885] alloc_netdev_mqs+0x2be/0x1260 [ 91.410810][ T5885] ? __pfx_l2tp_eth_dev_setup+0x10/0x10 [ 91.410836][ T5885] l2tp_eth_create+0x1c5/0xbf0 [ 91.410858][ T5885] ? l2tp_tunnel_get+0x392/0x420 [ 91.410881][ T5885] ? __pfx_l2tp_eth_create+0x10/0x10 [ 91.410901][ T5885] ? l2tp_nl_cmd_session_create+0x908/0xc60 [ 91.410934][ T5885] l2tp_nl_cmd_session_create+0x76c/0xc60 [ 91.410954][ T5885] ? rcu_is_watching+0x15/0xb0 [ 91.410976][ T5885] ? __pfx_l2tp_nl_cmd_session_create+0x10/0x10 [ 91.411006][ T5885] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 91.411022][ T5885] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 91.411041][ T5885] genl_family_rcv_msg_doit+0x22a/0x330 [ 91.411061][ T5885] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 91.411087][ T5885] ? bpf_lsm_capable+0x9/0x20 [ 91.411102][ T5885] ? security_capable+0x7e/0x2c0 [ 91.411127][ T5885] genl_rcv_msg+0x61c/0x7a0 [ 91.411148][ T5885] ? __pfx_genl_rcv_msg+0x10/0x10 [ 91.411160][ T5885] ? ref_tracker_free+0x673/0x820 [ 91.411176][ T5885] ? __pfx_l2tp_nl_cmd_session_create+0x10/0x10 [ 91.411197][ T5885] ? ____sys_sendmsg+0x55c/0x870 [ 91.411217][ T5885] ? ___sys_sendmsg+0x2a5/0x360 [ 91.411235][ T5885] ? __x64_sys_sendmsg+0x1c3/0x2a0 [ 91.411254][ T5885] ? do_syscall_64+0x15f/0xf80 [ 91.411275][ T5885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.411300][ T5885] netlink_rcv_skb+0x232/0x4b0 [ 91.411324][ T5885] ? __pfx_genl_rcv_msg+0x10/0x10 [ 91.411343][ T5885] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 91.411377][ T5885] ? netlink_deliver_tap+0x2e/0x1b0 [ 91.411394][ T5885] ? netlink_deliver_tap+0x2e/0x1b0 [ 91.411416][ T5885] genl_rcv+0x28/0x40 [ 91.411431][ T5885] netlink_unicast+0x780/0x920 [ 91.411462][ T5885] netlink_sendmsg+0x813/0xb40 [ 91.411491][ T5885] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.411515][ T5885] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 91.411543][ T5885] ? aa_sock_msg_perm+0x122/0x200 [ 91.411565][ T5885] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.411585][ T5885] sock_sendmsg_nosec+0x112/0x150 [ 91.411607][ T5885] ____sys_sendmsg+0x55c/0x870 [ 91.411634][ T5885] ? __pfx_____sys_sendmsg+0x10/0x10 [ 91.411667][ T5885] ? import_iovec+0x73/0xa0 [ 91.411697][ T5885] ___sys_sendmsg+0x2a5/0x360 [ 91.411719][ T5885] ? __lock_acquire+0x6b5/0x2d10 [ 91.411747][ T5885] ? __pfx____sys_sendmsg+0x10/0x10 [ 91.411799][ T5885] ? __fget_files+0x2a/0x420 [ 91.411814][ T5885] ? __fget_files+0x3a6/0x420 [ 91.411838][ T5885] __x64_sys_sendmsg+0x1c3/0x2a0 [ 91.411861][ T5885] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 91.411892][ T5885] ? rcu_is_watching+0x15/0xb0 [ 91.411927][ T5885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.411946][ T5885] do_syscall_64+0x15f/0xf80 [ 91.411970][ T5885] ? clear_bhb_loop+0x40/0x90 [ 91.411990][ T5885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.412007][ T5885] RIP: 0033:0x7f80a07dcdd9 [ 91.412033][ T5885] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 91.412046][ T5885] RSP: 002b:00007f809ea36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.412066][ T5885] RAX: ffffffffffffffda RBX: 00007f80a0a55fa0 RCX: 00007f80a07dcdd9 [ 91.412078][ T5885] RDX: 0000000000000030 RSI: 0000200000000140 RDI: 0000000000000005 [ 91.412089][ T5885] RBP: 00007f809ea36090 R08: 0000000000000000 R09: 0000000000000000 [ 91.412099][ T5885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 91.412109][ T5885] R13: 00007f80a0a56038 R14: 00007f80a0a55fa0 R15: 00007fffd3cf33d8 [ 91.412136][ T5885] [ 91.797798][ T824] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 93.186965][ T5884] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 93.522039][ T824] usb 3-1: config 150 has an invalid interface number: 204 but max is 2 [ 93.522056][ T824] usb 3-1: config 150 has 2 interfaces, different from the descriptor's value: 3 [ 93.522066][ T824] usb 3-1: config 150 has no interface number 0 [ 93.522090][ T824] usb 3-1: config 150 interface 204 has no altsetting 0 [ 94.541278][ T824] usb 3-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 94.541308][ T824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.541326][ T824] usb 3-1: Product: syz [ 94.541339][ T824] usb 3-1: Manufacturer: syz [ 95.073372][ T5909] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 97.845255][ T5918] loop3: detected capacity change from 0 to 2048 [ 99.268369][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.288392][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.298381][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.308376][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.318379][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.328384][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.338376][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.348370][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.358372][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.368387][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.433383][ T5919] loop2: detected capacity change from 0 to 32768 [ 99.650251][ T5918] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 99.898466][ T824] usb 3-1: can't set config #150, error -71 [ 101.395061][ T824] usb 3-1: USB disconnect, device number 2 [ 101.717783][ T5931] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.322752][ T5949] loop3: detected capacity change from 0 to 1024 [ 104.421775][ T5949] EXT4-fs (loop3): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 104.421805][ T5949] EXT4-fs (loop3): can't mount with commit=, fs mounted w/o journal [ 104.708216][ T5950] loop2: detected capacity change from 0 to 1024 [ 104.745347][ T5950] hfsplus: failed to load catalog file [ 106.700664][ T5958] loop2: detected capacity change from 0 to 32768 [ 106.729392][ T5958] (syz.2.28,5958,0):ocfs2_find_entry:1111 ERROR: status = -117 [ 106.731478][ T5958] (syz.2.28,5958,0):ocfs2_init_global_system_inodes:465 ERROR: status = -22 [ 106.731493][ T5958] (syz.2.28,5958,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 106.731504][ T5958] (syz.2.28,5958,0):ocfs2_init_global_system_inodes:476 ERROR: status = -22 [ 106.731521][ T5958] (syz.2.28,5958,0):ocfs2_initialize_super:2198 ERROR: status = -22 [ 106.731585][ T5958] (syz.2.28,5958,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 107.669236][ T5968] loop3: detected capacity change from 0 to 32768 [ 107.788757][ T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 108.417261][ T5979] netlink: 12 bytes leftover after parsing attributes in process `syz.4.41'. [ 108.701884][ T5987] loop4: detected capacity change from 0 to 512 [ 108.782003][ T5988] FAULT_INJECTION: forcing a failure. [ 108.782003][ T5988] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 108.782034][ T5988] CPU: 1 UID: 0 PID: 5988 Comm: syz.0.43 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 108.782053][ T5988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 108.782063][ T5988] Call Trace: [ 108.782069][ T5988] [ 108.782076][ T5988] dump_stack_lvl+0xe8/0x150 [ 108.782102][ T5988] should_fail_ex+0x46b/0x600 [ 108.782125][ T5988] _copy_from_user+0x2d/0xb0 [ 108.782159][ T5988] bpf_test_init+0xd8/0x150 [ 108.782185][ T5988] bpf_prog_test_run_skb+0x392/0x2260 [ 108.782225][ T5988] ? __fget_files+0x3a6/0x420 [ 108.782242][ T5988] ? __fget_files+0x2a/0x420 [ 108.782264][ T5988] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 108.782286][ T5988] bpf_prog_test_run+0x2cd/0x340 [ 108.782317][ T5988] __sys_bpf+0x643/0x950 [ 108.782339][ T5988] ? __pfx___sys_bpf+0x10/0x10 [ 108.782357][ T5988] ? rt_mutex_slowunlock+0x1cb/0x300 [ 108.782392][ T5988] ? ksys_write+0x248/0x270 [ 108.782414][ T5988] ? __pfx_ksys_write+0x10/0x10 [ 108.782438][ T5988] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.782457][ T5988] __x64_sys_bpf+0x7c/0x90 [ 108.782477][ T5988] do_syscall_64+0x15f/0xf80 [ 108.782500][ T5988] ? trace_irq_disable+0x3b/0x140 [ 108.782520][ T5988] ? clear_bhb_loop+0x40/0x90 [ 108.782540][ T5988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.782557][ T5988] RIP: 0033:0x7ff47c64cdd9 [ 108.782573][ T5988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 108.782586][ T5988] RSP: 002b:00007ff47a89e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 108.782604][ T5988] RAX: ffffffffffffffda RBX: 00007ff47c8c5fa0 RCX: 00007ff47c64cdd9 [ 108.782616][ T5988] RDX: 0000000000000050 RSI: 0000200000000240 RDI: 000000000000000a [ 108.782627][ T5988] RBP: 00007ff47a89e090 R08: 0000000000000000 R09: 0000000000000000 [ 108.782637][ T5988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.782647][ T5988] R13: 00007ff47c8c6038 R14: 00007ff47c8c5fa0 R15: 00007ffe719c1668 [ 108.782674][ T5988] [ 109.630689][ T5988] loop0: detected capacity change from 0 to 1024 [ 109.667871][ T5987] EXT4-fs (loop4): Test dummy encryption mode enabled [ 110.258604][ T5987] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 110.378560][ T5988] EXT4-fs (loop0): invalid inodes per group: 1 [ 110.378560][ T5988] [ 110.705537][ T5980] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 110.751263][ T5987] EXT4-fs (loop4): Errors on filesystem, clearing orphan list. [ 110.835726][ T5987] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.933139][ T5999] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 113.274014][ T5929] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 113.640020][ T5637] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.773938][ T5929] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 113.773977][ T5929] usb 1-1: config 16 interface 0 has no altsetting 0 [ 113.774005][ T5929] usb 1-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a [ 113.774024][ T5929] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.734135][ T6014] loop0: detected capacity change from 0 to 64 [ 114.802497][ T5929] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 114.802735][ T5929] imon 1-1:16.0: unable to initialize intf0, err -19 [ 114.802750][ T5929] imon:imon_probe: failed to initialize context! [ 114.802761][ T5929] imon 1-1:16.0: unable to register, err -19 [ 114.886273][ T6014] minix: block size(59136) > page size(4096) not supported by filesystem [ 114.960979][ T6014] MINIX-fs: deleted inode referenced: 1 [ 114.961197][ T6014] MINIX-fs: get root inode failed [ 115.594771][ T6032] loop4: detected capacity change from 0 to 2048 [ 116.125278][ T6025] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 117.094404][ T6032] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 120.190588][ T6051] loop1: detected capacity change from 0 to 64 [ 120.576547][ T6051] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 120.597195][ T825] usb 1-1: USB disconnect, device number 2 [ 122.254983][ T6055] IPv6: addrconf: prefix option has invalid lifetime [ 122.283719][ T6048] could not allocate digest TFM handle hmac(wp256) [ 122.509302][ T825] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 122.669388][ T825] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.669403][ T825] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 122.669413][ T825] usb 1-1: config 1 has no interface number 0 [ 122.669491][ T825] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.669504][ T825] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 122.673513][ T825] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 122.673539][ T825] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.673556][ T825] usb 1-1: Product: syz [ 122.673568][ T825] usb 1-1: Manufacturer: syz [ 122.673575][ T825] usb 1-1: SerialNumber: syz [ 124.494175][ T825] cdc_ncm 1-1:1.1: bind() failure [ 124.512598][ T6086] overlayfs: failed to resolve './bus': -2 [ 124.618053][ T37] usb 1-1: USB disconnect, device number 3 [ 125.698279][ T6087] loop2: detected capacity change from 0 to 32768 [ 127.054738][ T6104] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 128.793994][ T6109] syzkaller0: entered promiscuous mode [ 128.794018][ T6109] syzkaller0: entered allmulticast mode [ 128.942429][ T6109] capability: warning: `syz.0.71' uses deprecated v2 capabilities in a way that may be insecure [ 131.022135][ T6130] loop1: detected capacity change from 0 to 32768 [ 131.592920][ T6133] FAULT_INJECTION: forcing a failure. [ 131.592920][ T6133] name failslab, interval 1, probability 0, space 0, times 0 [ 131.593047][ T6133] CPU: 0 UID: 0 PID: 6133 Comm: syz.0.79 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 131.593069][ T6133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 131.593079][ T6133] Call Trace: [ 131.593087][ T6133] [ 131.593095][ T6133] dump_stack_lvl+0xe8/0x150 [ 131.593122][ T6133] should_fail_ex+0x46b/0x600 [ 131.593141][ T6133] should_failslab+0xa8/0x100 [ 131.593156][ T6133] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 131.593169][ T6133] ? __alloc_skb+0x1d0/0x7d0 [ 131.593181][ T6133] ? __local_bh_enable_ip+0x1c2/0x2b0 [ 131.593195][ T6133] __alloc_skb+0x1d0/0x7d0 [ 131.593207][ T6133] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 131.593224][ T6133] netlink_sendmsg+0x5d4/0xb40 [ 131.593238][ T6133] ? irqentry_exit+0x218/0x730 [ 131.593256][ T6133] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.593274][ T6133] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.593286][ T6133] sock_sendmsg_nosec+0x112/0x150 [ 131.593298][ T6133] ____sys_sendmsg+0x55c/0x870 [ 131.593315][ T6133] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.593332][ T6133] ? import_iovec+0x73/0xa0 [ 131.593346][ T6133] ___sys_sendmsg+0x2a5/0x360 [ 131.593359][ T6133] ? __lock_acquire+0x6b5/0x2d10 [ 131.593375][ T6133] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.593413][ T6133] ? __fget_files+0x2a/0x420 [ 131.593423][ T6133] ? __fget_files+0x3a6/0x420 [ 131.593437][ T6133] __x64_sys_sendmsg+0x1c3/0x2a0 [ 131.593452][ T6133] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 131.593470][ T6133] ? __pfx_ksys_write+0x10/0x10 [ 131.593481][ T6133] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.593494][ T6133] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.593504][ T6133] do_syscall_64+0x15f/0xf80 [ 131.593519][ T6133] ? clear_bhb_loop+0x40/0x90 [ 131.593531][ T6133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.593540][ T6133] RIP: 0033:0x7ff47c64cdd9 [ 131.593555][ T6133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 131.593563][ T6133] RSP: 002b:00007ff47a87d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.593580][ T6133] RAX: ffffffffffffffda RBX: 00007ff47c8c6090 RCX: 00007ff47c64cdd9 [ 131.593587][ T6133] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000005 [ 131.593593][ T6133] RBP: 00007ff47a87d090 R08: 0000000000000000 R09: 0000000000000000 [ 131.593598][ T6133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.593604][ T6133] R13: 00007ff47c8c6128 R14: 00007ff47c8c6090 R15: 00007ffe719c1668 [ 131.593618][ T6133] [ 132.862748][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.862843][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.306018][ T5929] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 134.891427][ T6144] loop4: detected capacity change from 0 to 2048 [ 135.135942][ T6144] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 136.926073][ T6150] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 137.760290][ T5929] usb 3-1: device descriptor read/all, error -71 [ 138.083145][ T6157] loop4: detected capacity change from 0 to 8 [ 139.931725][ T6167] loop1: detected capacity change from 0 to 2048 [ 141.136903][ T6171] netlink: 12 bytes leftover after parsing attributes in process `syz.4.84'. [ 141.143017][ T6171] SQUASHFS error: lzo decompression failed, data probably corrupt [ 141.143051][ T6171] SQUASHFS error: Failed to read block 0x0: -5 [ 141.143274][ T6171] SQUASHFS error: Failed to read block 0xff: -5 [ 141.143432][ T6171] SQUASHFS error: lzo decompression failed, data probably corrupt [ 141.143449][ T6171] SQUASHFS error: Failed to read block 0x0: -5 [ 141.340766][ T38] audit: type=1800 audit(1777812381.817:2): pid=6171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.84" name="file2" dev="loop4" ino=3 res=0 errno=0 [ 141.533984][ T6167] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 143.952925][ T6178] loop2: detected capacity change from 0 to 32768 [ 144.634000][ T5759] IPVS: starting estimator thread 0... [ 145.497700][ T6184] IPVS: using max 10 ests per chain, 24000 per kthread [ 147.314427][ T6199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.98'. [ 147.334920][ T6199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.98'. [ 147.482842][ T5929] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 147.726666][ T6213] loop0: detected capacity change from 0 to 256 [ 147.734963][ T6213] vfat: Unknown parameter 'uni_' [ 147.778228][ T6213] warning: `syz.0.101' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 148.542805][ T5929] usb 5-1: device descriptor read/64, error -71 [ 149.912436][ T5904] IPVS: starting estimator thread 0... [ 150.254452][ T6216] IPVS: using max 11 ests per chain, 26400 per kthread [ 150.853209][ T6224] netlink: 4 bytes leftover after parsing attributes in process `syz.0.103'. [ 150.937469][ T6228] syz.4.105 (6228) used greatest stack depth: 18008 bytes left [ 152.271794][ T6239] capability: warning: `syz.4.109' uses 32-bit capabilities (legacy support in use) [ 152.412455][ T6246] FAULT_INJECTION: forcing a failure. [ 152.412455][ T6246] name failslab, interval 1, probability 0, space 0, times 0 [ 152.412485][ T6246] CPU: 1 UID: 0 PID: 6246 Comm: syz.3.110 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 152.412509][ T6246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 152.412519][ T6246] Call Trace: [ 152.412525][ T6246] [ 152.412533][ T6246] dump_stack_lvl+0xe8/0x150 [ 152.412561][ T6246] should_fail_ex+0x46b/0x600 [ 152.412584][ T6246] should_failslab+0xa8/0x100 [ 152.412608][ T6246] __kmalloc_noprof+0xdf/0x7b0 [ 152.412628][ T6246] ? kfree+0x4d/0x6c0 [ 152.412644][ T6246] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 152.412681][ T6246] tomoyo_realpath_from_path+0xe3/0x5d0 [ 152.412704][ T6246] ? tomoyo_domain+0xd7/0x130 [ 152.412731][ T6246] ? tomoyo_path_number_perm+0x219/0x630 [ 152.412750][ T6246] tomoyo_path_number_perm+0x246/0x630 [ 152.412772][ T6246] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 152.412790][ T6246] ? __lock_acquire+0x6b5/0x2d10 [ 152.412817][ T6246] ? do_raw_spin_lock+0x12b/0x2f0 [ 152.412866][ T6246] ? __fget_files+0x2a/0x420 [ 152.412888][ T6246] ? __fget_files+0x2a/0x420 [ 152.412903][ T6246] ? __fget_files+0x3a6/0x420 [ 152.412919][ T6246] ? __fget_files+0x2a/0x420 [ 152.412940][ T6246] security_file_ioctl+0xc3/0x2a0 [ 152.412961][ T6246] __se_sys_ioctl+0x47/0x170 [ 152.412983][ T6246] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.413002][ T6246] do_syscall_64+0x15f/0xf80 [ 152.413023][ T6246] ? trace_irq_disable+0x3b/0x140 [ 152.413045][ T6246] ? clear_bhb_loop+0x40/0x90 [ 152.413065][ T6246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.413082][ T6246] RIP: 0033:0x7f8f0f55cdd9 [ 152.413098][ T6246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 152.413110][ T6246] RSP: 002b:00007f8f0d7b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 152.413128][ T6246] RAX: ffffffffffffffda RBX: 00007f8f0f7d5fa0 RCX: 00007f8f0f55cdd9 [ 152.413139][ T6246] RDX: 00002000000001c0 RSI: 0000000000005393 RDI: 0000000000000003 [ 152.413148][ T6246] RBP: 00007f8f0d7b6090 R08: 0000000000000000 R09: 0000000000000000 [ 152.413157][ T6246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.413167][ T6246] R13: 00007f8f0f7d6038 R14: 00007f8f0f7d5fa0 R15: 00007ffccd1191f8 [ 152.413194][ T6246] [ 152.413277][ T6246] ERROR: Out of memory at tomoyo_realpath_from_path. [ 152.878867][ T4941] Bluetooth: hci0: command 0x2016 tx timeout [ 153.308898][ T6255] loop4: detected capacity change from 0 to 32768 [ 153.313664][ T5735] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 153.493587][ T5735] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.493617][ T5735] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.493651][ T5735] usb 2-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 153.493671][ T5735] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.605316][ T5735] usb 2-1: config 0 descriptor?? [ 153.865430][ T6255] JBD2: Ignoring recovery information on journal [ 153.983007][ T6255] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 154.024083][ T6256] loop2: detected capacity change from 0 to 131072 [ 154.025026][ T6256] f2fs: Unknown parameter 'ap_files' [ 154.066221][ T5735] usbhid 2-1:0.0: can't add hid device: -71 [ 154.066335][ T5735] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 154.226490][ T6261] overlayfs: overlapping lowerdir path [ 154.488499][ T5904] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 154.559171][ T6266] loop1: detected capacity change from 0 to 64 [ 154.618587][ T5904] usb 5-1: device descriptor read/64, error -71 [ 154.648522][ T5735] usb 2-1: USB disconnect, device number 2 [ 154.655523][ T4941] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 154.928595][ T5904] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 155.089267][ T5904] usb 5-1: device descriptor read/64, error -71 [ 155.112800][ T6264] loop3: detected capacity change from 0 to 32768 [ 155.204674][ T5904] usb usb5-port1: attempt power cycle [ 155.317625][ T6261] loop3: detected capacity change from 0 to 164 [ 155.356415][ T5614] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 155.478430][ T5614] usb 2-1: device descriptor read/64, error -71 [ 155.582857][ T38] audit: type=1326 audit(1777812396.217:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47c64cdd9 code=0x7ffc0000 [ 155.584363][ T38] audit: type=1326 audit(1777812396.257:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47c64cdd9 code=0x7ffc0000 [ 155.983590][ T38] audit: type=1326 audit(1777812396.437:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47c64cdd9 code=0x7ffc0000 [ 156.017886][ T38] audit: type=1326 audit(1777812396.437:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47c64cdd9 code=0x7ffc0000 [ 156.017931][ T38] audit: type=1326 audit(1777812396.437:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff47c64cdd9 code=0x7ffc0000 [ 156.017964][ T38] audit: type=1326 audit(1777812396.537:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47c64cdd9 code=0x7ffc0000 [ 156.017993][ T38] audit: type=1326 audit(1777812396.547:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff47c64cb42 code=0x7ffc0000 [ 156.018021][ T38] audit: type=1326 audit(1777812396.607:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7ff47c64cbd7 code=0x7ffc0000 [ 156.018049][ T38] audit: type=1326 audit(1777812396.607:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47c64cdd9 code=0x7ffc0000 [ 156.018079][ T38] audit: type=1326 audit(1777812396.607:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6274 comm="syz.0.119" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47c64cdd9 code=0x7ffc0000 [ 156.208507][ T5904] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 156.288628][ T5614] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 156.288934][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 156.372954][ T5904] usb 5-1: device descriptor read/8, error -71 [ 156.441678][ T6281] netlink: 12 bytes leftover after parsing attributes in process `syz.3.120'. [ 156.708585][ T6282] loop3: detected capacity change from 0 to 512 [ 156.835721][ T6282] EXT4-fs (loop3): Test dummy encryption mode enabled [ 157.030040][ T37] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 157.059602][ T6282] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 157.334981][ T6282] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 157.339157][ T37] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 157.339179][ T37] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 157.427511][ T6282] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.476950][ T37] usb 1-1: New USB device found, idVendor=17cc, idProduct=0d8d, bcdDevice= 0.40 [ 157.476976][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.476993][ T37] usb 1-1: Product: syz [ 157.477005][ T37] usb 1-1: Manufacturer: syz [ 157.477016][ T37] usb 1-1: SerialNumber: syz [ 157.864012][ T37] usb 1-1: 0:1 : does not exist [ 157.864329][ T37] usb 1-1: unit 1 not found! [ 158.174298][ T6281] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 158.783170][ T6290] loop1: detected capacity change from 0 to 2048 [ 158.967828][ T6290] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 159.577233][ T5629] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.102731][ T37] usb 1-1: USB disconnect, device number 4 [ 160.390481][ T6298] netlink: 220 bytes leftover after parsing attributes in process `syz.0.126'. [ 160.390548][ T6298] netlink: 32 bytes leftover after parsing attributes in process `syz.0.126'. [ 160.455055][ T5637] ocfs2: Unmounting device (7,4) on (node local) [ 160.627195][ T6298] loop0: detected capacity change from 0 to 512 [ 160.654298][ T6298] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 160.654310][ T6298] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 160.714467][ T6305] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 160.714483][ T6305] IPv6: NLM_F_CREATE should be set when creating new route [ 160.790249][ T6298] EXT4-fs (loop0): 1 truncate cleaned up [ 160.793664][ T6298] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.803280][ T38] kauditd_printk_skb: 61 callbacks suppressed [ 160.803294][ T38] audit: type=1800 audit(1777812401.477:74): pid=6298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.126" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 162.314712][ T6315] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 163.078255][ T5625] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.140964][ T6321] netlink: 12 bytes leftover after parsing attributes in process `syz.2.131'. [ 163.326976][ T6325] loop2: detected capacity change from 0 to 512 [ 163.566294][ T6325] EXT4-fs (loop2): Test dummy encryption mode enabled [ 163.772564][ T5815] udevd[5815]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 164.309904][ T6325] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 164.653823][ T6325] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 165.464001][ T6325] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.536850][ T6335] loop4: detected capacity change from 0 to 2048 [ 165.928363][ T6335] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.383766][ T5643] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.440315][ T5904] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 169.029755][ T5904] usb 2-1: device descriptor read/64, error -71 [ 169.645782][ T5904] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 170.017034][ T5904] usb 2-1: device descriptor read/64, error -71 [ 170.377049][ T5904] usb usb2-port1: attempt power cycle [ 171.453245][ T5904] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 171.681221][ T5904] usb 2-1: device descriptor read/8, error -71 [ 171.683087][ T6359] NILFS (nullb0): couldn't find nilfs on the device [ 171.961751][ T6368] FAULT_INJECTION: forcing a failure. [ 171.961751][ T6368] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.961782][ T6368] CPU: 1 UID: 0 PID: 6368 Comm: syz.1.141 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 171.961801][ T6368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 171.961811][ T6368] Call Trace: [ 171.961818][ T6368] [ 171.961825][ T6368] dump_stack_lvl+0xe8/0x150 [ 171.961850][ T6368] should_fail_ex+0x46b/0x600 [ 171.961876][ T6368] _copy_from_user+0x2d/0xb0 [ 171.961896][ T6368] memdup_user+0x5e/0xd0 [ 171.961912][ T6368] strndup_user+0x68/0xd0 [ 171.961928][ T6368] __se_sys_mount+0x9d/0x420 [ 171.961945][ T6368] ? ksys_write+0x248/0x270 [ 171.961966][ T6368] ? __pfx___se_sys_mount+0x10/0x10 [ 171.961988][ T6368] ? __x64_sys_mount+0x20/0xc0 [ 171.962004][ T6368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.962022][ T6368] do_syscall_64+0x15f/0xf80 [ 171.962042][ T6368] ? trace_irq_disable+0x3b/0x140 [ 171.962062][ T6368] ? clear_bhb_loop+0x40/0x90 [ 171.962082][ T6368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.962097][ T6368] RIP: 0033:0x7f8e6793cdd9 [ 171.962113][ T6368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 171.962124][ T6368] RSP: 002b:00007f8e65b8e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 171.962141][ T6368] RAX: ffffffffffffffda RBX: 00007f8e67bb5fa0 RCX: 00007f8e6793cdd9 [ 171.962153][ T6368] RDX: 0000200000000340 RSI: 0000200000000040 RDI: 0000200000000380 [ 171.962163][ T6368] RBP: 00007f8e65b8e090 R08: 0000000000000000 R09: 0000000000000000 [ 171.962173][ T6368] R10: 0000000000800000 R11: 0000000000000246 R12: 0000000000000001 [ 171.962183][ T6368] R13: 00007f8e67bb6038 R14: 00007f8e67bb5fa0 R15: 00007ffff5e60bf8 [ 171.962207][ T6368] [ 173.842565][ T6381] loop0: detected capacity change from 0 to 1024 [ 173.889539][ T6381] EXT4-fs (loop0): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 173.889570][ T6381] EXT4-fs (loop0): can't mount with commit=, fs mounted w/o journal [ 175.890760][ T6401] netlink: 12 bytes leftover after parsing attributes in process `syz.1.148'. [ 177.016371][ T6409] loop4: detected capacity change from 0 to 512 [ 177.077829][ T6409] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 177.511890][ T6422] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 178.158281][ T6409] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=42c028, mo2=0002] [ 178.158636][ T6409] EXT4-fs (loop4): orphan cleanup on readonly fs [ 179.525758][ T6425] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 180.365904][ T6409] Quota error (device loop4): v2_read_file_info: Free block number 10 out of range (1, 6). [ 180.366068][ T6409] EXT4-fs warning (device loop4): ext4_enable_quotas:7269: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 180.366355][ T6409] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 180.575885][ T6409] EXT4-fs error (device loop4): mb_free_blocks:2049: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 180.582069][ C0] EXT4-fs (loop4): initial error at time 1777812421: mb_free_blocks:2049: inode 12: block 14 [ 180.582109][ C0] EXT4-fs (loop4): last error at time 1777812421: mb_free_blocks:2049: inode 12: block 14 [ 180.758001][ T6440] loop0: detected capacity change from 0 to 1024 [ 180.763271][ T6440] EXT4-fs (loop0): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 180.763297][ T6440] EXT4-fs (loop0): can't mount with commit=, fs mounted w/o journal [ 180.851201][ T6409] EXT4-fs (loop4): Remounting filesystem read-only [ 180.851687][ T6409] EXT4-fs (loop4): 1 truncate cleaned up [ 181.492622][ T6409] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 181.619039][ T824] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 182.801137][ T5637] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.508426][ T824] usb 4-1: Using ep0 maxpacket: 8 [ 183.515338][ T824] usb 4-1: unable to get BOS descriptor or descriptor too short [ 183.516505][ T824] usb 4-1: config 1 interface 0 altsetting 8 bulk endpoint 0x3 has invalid maxpacket 64 [ 183.516528][ T824] usb 4-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 183.516551][ T824] usb 4-1: config 1 interface 0 has no altsetting 0 [ 183.822539][ T824] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 183.822567][ T824] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.822964][ T6455] netlink: 12 bytes leftover after parsing attributes in process `syz.2.163'. [ 184.389234][ T824] usb 4-1: can't set config #1, error -71 [ 184.430448][ T6458] loop4: detected capacity change from 0 to 2048 [ 184.430485][ T824] usb 4-1: USB disconnect, device number 3 [ 184.985178][ T6463] loop1: detected capacity change from 0 to 2048 [ 185.297796][ T6463] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.887836][ T6476] loop2: detected capacity change from 0 to 2048 [ 187.007441][ T6476] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 187.896372][ T6458] EXT4-fs: error -4 creating inode table initialization thread [ 187.897093][ T6458] EXT4-fs (loop4): mount failed [ 189.470313][ T6502] loop2: detected capacity change from 0 to 1024 [ 190.050824][ T6502] EXT4-fs (loop2): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 190.050856][ T6502] EXT4-fs (loop2): can't mount with commit=, fs mounted w/o journal [ 190.122333][ T6506] loop1: detected capacity change from 0 to 164 [ 190.156541][ T6507] netlink: 'syz.0.174': attribute type 10 has an invalid length. [ 190.689806][ T6514] loop2: detected capacity change from 0 to 32768 [ 190.769079][ T6511] Zero length message leads to an empty skb [ 192.476996][ T6507] veth1_virt_wifi: entered promiscuous mode [ 192.606891][ T6520] netlink: 12 bytes leftover after parsing attributes in process `syz.4.178'. [ 192.667039][ T6522] netlink: 12 bytes leftover after parsing attributes in process `syz.2.177'. [ 193.590297][ T6528] loop1: detected capacity change from 0 to 2048 [ 194.000360][ T6528] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 194.470922][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.471018][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.157149][ T6559] loop1: detected capacity change from 0 to 1024 [ 197.600406][ T6543] Bluetooth: hci3: command 0x0406 tx timeout [ 197.600443][ T6543] Bluetooth: hci4: command 0x0406 tx timeout [ 197.600465][ T6543] Bluetooth: hci0: command 0x2016 tx timeout [ 197.600486][ T6543] Bluetooth: hci1: command 0x0406 tx timeout [ 197.600507][ T6543] Bluetooth: hci2: command 0x0406 tx timeout [ 197.653311][ T6559] EXT4-fs (loop1): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 197.653342][ T6559] EXT4-fs (loop1): can't mount with commit=, fs mounted w/o journal [ 198.116966][ T6561] loop2: detected capacity change from 0 to 32768 [ 200.020565][ T6563] loop3: detected capacity change from 0 to 131072 [ 201.123482][ T6563] F2FS-fs (loop3): invalid crc value [ 201.133477][ T6563] F2FS-fs (loop3): Failed to start F2FS issue_checkpoint_thread (-4) [ 203.001772][ T6584] loop0: detected capacity change from 0 to 131072 [ 203.627166][ T6595] netlink: 24 bytes leftover after parsing attributes in process `syz.1.198'. [ 203.713890][ T6584] F2FS-fs (loop0): Test dummy encryption mode enabled [ 203.749324][ T6584] F2FS-fs (loop0): invalid crc value [ 204.042256][ T6584] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 204.062156][ T6584] F2FS-fs (loop0): Start checkpoint disabled! [ 204.108042][ T6584] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 206.538501][ T6607] loop4: detected capacity change from 0 to 2048 [ 206.935572][ T6607] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 208.608424][ T5754] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 208.808496][ T5754] usb 1-1: Using ep0 maxpacket: 8 [ 208.812039][ T5754] usb 1-1: New USB device found, idVendor=10d2, idProduct=2865, bcdDevice=a4.c9 [ 208.812064][ T5754] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.130127][ T5754] usb 1-1: config 0 descriptor?? [ 209.506893][ T5754] usblcd 1-1:0.0: USBLCD model not supported. [ 209.873046][ T5759] usb 1-1: USB disconnect, device number 5 [ 210.070486][ T6634] overlayfs: missing 'lowerdir' [ 210.282560][ T6637] loop2: detected capacity change from 0 to 2048 [ 210.358070][ T6637] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c028, mo2=0002] [ 210.358184][ T6637] System zones: 0-7 [ 211.469296][ T6637] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.494541][ T6637] EXT4-fs error (device loop2): ext4_ext_precache:631: inode #2: comm syz.2.209: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 211.966029][ T6637] EXT4-fs (loop2): Remounting filesystem read-only [ 212.860354][ T6655] loop3: detected capacity change from 0 to 32768 [ 213.705128][ T5643] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.333853][ T6676] loop0: detected capacity change from 0 to 32768 [ 218.273760][ T6698] loop2: detected capacity change from 0 to 1024 [ 218.646531][ T6698] EXT4-fs (loop2): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 218.646633][ T6698] EXT4-fs (loop2): can't mount with commit=, fs mounted w/o journal [ 219.533747][ T6702] loop3: detected capacity change from 0 to 128 [ 220.844452][ T6702] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 220.985001][ T6702] ext4 filesystem being mounted at /41/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 221.136536][ T6715] loop4: detected capacity change from 0 to 512 [ 221.813141][ T6718] netlink: 16 bytes leftover after parsing attributes in process `syz.2.227'. [ 222.018038][ T6715] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.018174][ T6715] ext4 filesystem being mounted at /44/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 222.310574][ T6725] loop0: detected capacity change from 0 to 256 [ 222.559106][ T6728] netlink: 32 bytes leftover after parsing attributes in process `syz.4.226'. [ 223.408646][ T6726] loop2: detected capacity change from 0 to 32768 [ 223.657429][ T6732] loop1: detected capacity change from 0 to 32768 [ 224.546066][ T6725] FAT-fs (loop0): Directory bread(block 64) failed [ 224.546101][ T6725] FAT-fs (loop0): Directory bread(block 65) failed [ 224.546203][ T6725] FAT-fs (loop0): Directory bread(block 66) failed [ 224.546222][ T6725] FAT-fs (loop0): Directory bread(block 67) failed [ 224.546312][ T6725] FAT-fs (loop0): Directory bread(block 68) failed [ 224.546332][ T6725] FAT-fs (loop0): Directory bread(block 69) failed [ 224.546421][ T6725] FAT-fs (loop0): Directory bread(block 70) failed [ 224.546440][ T6725] FAT-fs (loop0): Directory bread(block 71) failed [ 224.546544][ T6725] FAT-fs (loop0): Directory bread(block 72) failed [ 224.546579][ T6725] FAT-fs (loop0): Directory bread(block 73) failed [ 224.786360][ T5637] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.997874][ T6736] netlink: 12 bytes leftover after parsing attributes in process `syz.2.231'. [ 225.004974][ T6736] loop2: detected capacity change from 0 to 512 [ 225.047029][ T6736] EXT4-fs (loop2): Test dummy encryption mode enabled [ 225.065013][ T6736] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 225.065509][ T6736] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 225.067052][ T6736] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.153182][ T5629] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 226.059350][ T5643] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.492039][ T6748] loop1: detected capacity change from 0 to 1024 [ 227.403545][ T6748] EXT4-fs (loop1): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 227.403576][ T6748] EXT4-fs (loop1): can't mount with commit=, fs mounted w/o journal [ 227.700785][ T6749] loop3: detected capacity change from 0 to 32768 [ 229.188815][ T6760] 9pnet: p9_errstr2errno: server reported unknown error 0x00000000 [ 229.465603][ T6774] overlayfs: missing 'lowerdir' [ 230.632592][ T6784] loop4: detected capacity change from 0 to 32768 [ 231.158391][ T6786] loop1: detected capacity change from 0 to 32768 [ 232.267944][ T6789] netlink: 12 bytes leftover after parsing attributes in process `syz.0.245'. [ 232.401100][ T6791] loop0: detected capacity change from 0 to 512 [ 232.413973][ T6791] EXT4-fs (loop0): Test dummy encryption mode enabled [ 232.440102][ T6791] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 232.449634][ T6791] EXT4-fs (loop0): Errors on filesystem, clearing orphan list. [ 232.470794][ T6791] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 234.467745][ T6793] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 235.612155][ T5625] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.066750][ T6803] loop0: detected capacity change from 0 to 2048 [ 236.293950][ T6803] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 237.070948][ T6814] netlink: 8 bytes leftover after parsing attributes in process `syz.4.248'. [ 237.317844][ T6821] FAULT_INJECTION: forcing a failure. [ 237.317844][ T6821] name failslab, interval 1, probability 0, space 0, times 0 [ 237.317899][ T6821] CPU: 1 UID: 0 PID: 6821 Comm: syz.3.251 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 237.317919][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 237.317930][ T6821] Call Trace: [ 237.317937][ T6821] [ 237.317944][ T6821] dump_stack_lvl+0xe8/0x150 [ 237.317981][ T6821] should_fail_ex+0x46b/0x600 [ 237.318006][ T6821] should_failslab+0xa8/0x100 [ 237.318031][ T6821] __kmalloc_cache_noprof+0x84/0x690 [ 237.318054][ T6821] ? rfkill_fop_open+0x188/0x570 [ 237.318084][ T6821] rfkill_fop_open+0x188/0x570 [ 237.318117][ T6821] ? __pfx_rfkill_fop_open+0x10/0x10 [ 237.318140][ T6821] misc_open+0x2de/0x350 [ 237.318163][ T6821] chrdev_open+0x4d0/0x5f0 [ 237.318190][ T6821] ? __pfx_chrdev_open+0x10/0x10 [ 237.318214][ T6821] ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0 [ 237.318242][ T6821] ? __pfx_chrdev_open+0x10/0x10 [ 237.318264][ T6821] do_dentry_open+0x83d/0x13e0 [ 237.318294][ T6821] vfs_open+0x3b/0x350 [ 237.318311][ T6821] ? path_openat+0x2e2b/0x38a0 [ 237.318333][ T6821] path_openat+0x2e43/0x38a0 [ 237.318388][ T6821] ? __pfx_path_openat+0x10/0x10 [ 237.318418][ T6821] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 237.318445][ T6821] ? do_raw_spin_lock+0x12b/0x2f0 [ 237.318476][ T6821] do_file_open+0x23e/0x4a0 [ 237.318496][ T6821] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 237.318525][ T6821] ? __pfx_do_file_open+0x10/0x10 [ 237.318543][ T6821] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 237.318587][ T6821] ? alloc_fd+0x64e/0x6c0 [ 237.318616][ T6821] do_sys_openat2+0x113/0x200 [ 237.318633][ T6821] ? lockdep_hardirqs_on+0x7a/0x110 [ 237.318658][ T6821] ? __pfx_do_sys_openat2+0x10/0x10 [ 237.318684][ T6821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.318706][ T6821] __x64_sys_openat+0x138/0x170 [ 237.318727][ T6821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.318745][ T6821] do_syscall_64+0x15f/0xf80 [ 237.318770][ T6821] ? clear_bhb_loop+0x40/0x90 [ 237.318791][ T6821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.318808][ T6821] RIP: 0033:0x7f8f0f55cdd9 [ 237.318825][ T6821] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 237.318839][ T6821] RSP: 002b:00007f8f0d774028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 237.318858][ T6821] RAX: ffffffffffffffda RBX: 00007f8f0f7d6180 RCX: 00007f8f0f55cdd9 [ 237.318870][ T6821] RDX: 0000000000000801 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 237.318882][ T6821] RBP: 00007f8f0d774090 R08: 0000000000000000 R09: 0000000000000000 [ 237.318892][ T6821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 237.318902][ T6821] R13: 00007f8f0f7d6218 R14: 00007f8f0f7d6180 R15: 00007ffccd1191f8 [ 237.318932][ T6821] [ 237.976115][ T6805] Bluetooth: hci2: Opcode 0x0401 failed: -4 [ 237.983574][ T6819] netlink: 8 bytes leftover after parsing attributes in process `syz.2.252'. [ 238.641726][ T6827] loop4: detected capacity change from 0 to 32768 [ 239.612483][ T6835] overlayfs: missing 'lowerdir' [ 239.660473][ T6840] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 241.016449][ T6842] loop2: detected capacity change from 0 to 32768 [ 241.645516][ T4941] Bluetooth: hci2: command 0x0406 tx timeout [ 242.484202][ T6851] loop1: detected capacity change from 0 to 32768 [ 242.965756][ T6854] loop4: detected capacity change from 0 to 64 [ 242.971697][ T6854] MINIX-fs: mounting file system with errors, running fsck is recommended [ 245.020800][ T32] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 245.086745][ T6870] netlink: 12 bytes leftover after parsing attributes in process `syz.2.260'. [ 245.100347][ T6870] loop2: detected capacity change from 0 to 512 [ 245.101950][ T6870] EXT4-fs (loop2): Test dummy encryption mode enabled [ 245.114952][ T6870] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 245.122326][ T6870] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 245.123869][ T6870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 245.180184][ T32] usb 2-1: Using ep0 maxpacket: 32 [ 245.191303][ T32] usb 2-1: config 0 has an invalid interface number: 110 but max is 0 [ 245.191327][ T32] usb 2-1: config 0 has no interface number 0 [ 245.191460][ T32] usb 2-1: config 0 interface 110 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 245.191485][ T32] usb 2-1: config 0 interface 110 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 245.191506][ T32] usb 2-1: config 0 interface 110 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 245.191528][ T32] usb 2-1: config 0 interface 110 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 245.191553][ T32] usb 2-1: config 0 interface 110 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 245.191568][ T32] usb 2-1: config 0 interface 110 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 245.191584][ T32] usb 2-1: config 0 interface 110 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 245.261982][ T32] usb 2-1: New USB device found, idVendor=04fc, idProduct=0231, bcdDevice=6f.a9 [ 245.262008][ T32] usb 2-1: New USB device strings: Mfr=1, Product=237, SerialNumber=2 [ 245.262025][ T32] usb 2-1: Product: syz [ 245.262037][ T32] usb 2-1: Manufacturer: syz [ 245.262048][ T32] usb 2-1: SerialNumber: syz [ 245.517310][ T5643] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 245.557925][ T6876] FAULT_INJECTION: forcing a failure. [ 245.557925][ T6876] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 245.557957][ T6876] CPU: 0 UID: 0 PID: 6876 Comm: syz.4.264 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 245.557984][ T6876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 245.558000][ T6876] Call Trace: [ 245.558007][ T6876] [ 245.558014][ T6876] dump_stack_lvl+0xe8/0x150 [ 245.558042][ T6876] should_fail_ex+0x46b/0x600 [ 245.558066][ T6876] _copy_from_user+0x2d/0xb0 [ 245.558087][ T6876] ___sys_recvmsg+0x175/0x590 [ 245.558116][ T6876] ? __pfx____sys_recvmsg+0x10/0x10 [ 245.558142][ T6876] ? __fget_files+0x2a/0x420 [ 245.558186][ T6876] do_recvmmsg+0x33a/0x800 [ 245.558217][ T6876] ? __pfx_do_recvmmsg+0x10/0x10 [ 245.558253][ T6876] ? rt_mutex_slowunlock+0x1cb/0x300 [ 245.558289][ T6876] __x64_sys_recvmmsg+0x198/0x250 [ 245.558317][ T6876] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 245.558345][ T6876] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.558363][ T6876] do_syscall_64+0x15f/0xf80 [ 245.558390][ T6876] ? trace_irq_disable+0x3b/0x140 [ 245.558410][ T6876] ? clear_bhb_loop+0x40/0x90 [ 245.558428][ T6876] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.558444][ T6876] RIP: 0033:0x7f80a07dcdd9 [ 245.558460][ T6876] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 245.558473][ T6876] RSP: 002b:00007f809ea15028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 245.558491][ T6876] RAX: ffffffffffffffda RBX: 00007f80a0a56090 RCX: 00007f80a07dcdd9 [ 245.558503][ T6876] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 245.558514][ T6876] RBP: 00007f809ea15090 R08: 0000000000000000 R09: 0000000000000000 [ 245.558523][ T6876] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 245.558533][ T6876] R13: 00007f80a0a56128 R14: 00007f80a0a56090 R15: 00007fffd3cf33d8 [ 245.558559][ T6876] [ 245.624524][ T6876] loop4: detected capacity change from 0 to 512 [ 245.697312][ T6876] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 245.697729][ T6876] EXT4-fs (loop4): orphan cleanup on readonly fs [ 245.701353][ T6876] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated! [ 245.701378][ T6876] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota [ 245.701428][ T6876] EXT4-fs error (device loop4): ext4_acquire_dquot:7034: comm syz.4.264: Failed to acquire dquot type 1 [ 245.701614][ T6876] loop4: lost filesystem error report for type 5 error -5 [ 245.714969][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 245.714989][ C0] EXT4-fs (loop4): initial error at time 1777812486: ext4_acquire_dquot:7034 [ 245.715009][ C0] EXT4-fs (loop4): last error at time 1777812486: ext4_acquire_dquot:7034 [ 245.718558][ T6876] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.264: bg 0: block 40: padding at end of block bitmap is not set [ 245.718584][ T6876] loop4: lost filesystem error report for type 5 error -117 [ 245.725458][ T6876] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6679: Corrupt filesystem [ 245.725479][ T6876] loop4: lost filesystem error report for type 5 error -117 [ 245.728845][ T6876] EXT4-fs warning (device loop4): ext4_evict_inode:195: inode #16: comm syz.4.264: data will be lost [ 245.729344][ T6876] EXT4-fs (loop4): 1 truncate cleaned up [ 245.814437][ T6876] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 246.000425][ T32] usb 2-1: config 0 descriptor?? [ 246.018122][ T32] spcp8x5 2-1:0.110: SPCP8x5 converter detected [ 246.098517][ T32] usb 2-1: SPCP8x5 converter now attached to ttyUSB0 [ 246.257708][ T6867] loop1: detected capacity change from 0 to 128 [ 246.351116][ T5637] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.381768][ T5754] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 246.548581][ T5754] usb 3-1: Using ep0 maxpacket: 32 [ 246.796035][ T6893] loop4: detected capacity change from 0 to 32768 [ 246.820691][ T5754] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 246.842671][ T5754] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 246.842698][ T5754] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 246.842715][ T5754] usb 3-1: Product: syz [ 246.842728][ T5754] usb 3-1: Manufacturer: syz [ 246.842740][ T5754] usb 3-1: SerialNumber: syz [ 246.878939][ T5754] usb 3-1: config 0 descriptor?? [ 246.900242][ T6879] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 247.068870][ T6890] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 247.103267][ T6891] loop3: detected capacity change from 0 to 4096 [ 247.162953][ T6890] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 247.248590][ T824] usb 2-1: USB disconnect, device number 9 [ 247.584477][ T6891] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 247.683171][ T6891] ntfs3(loop3): ino=3, mi_enum_attr [ 248.029926][ T824] SPCP8x5 ttyUSB0: SPCP8x5 converter now disconnected from ttyUSB0 [ 248.087957][ T6891] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 248.116611][ T6891] ntfs3(loop3): Failed to load $AttrDef (-22) [ 248.347576][ T5754] usb 3-1: USB disconnect, device number 6 [ 248.621599][ T6901] futex_wake_op: syz.3.269 tries to shift op by 32; fix this program [ 248.995180][ T824] spcp8x5 2-1:0.110: device disconnected [ 249.604447][ T6905] loop0: detected capacity change from 0 to 32768 [ 250.792094][ T6913] loop1: detected capacity change from 0 to 2048 [ 250.985226][ T6913] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 252.290712][ T6924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.276'. [ 252.412906][ T6925] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 253.418688][ T6931] loop3: detected capacity change from 0 to 512 [ 253.968156][ T6936] loop4: detected capacity change from 0 to 64 [ 254.208616][ T38] audit: type=1804 audit(1777812494.697:75): pid=6936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.279" name="/newroot/54/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop4" ino=9 res=1 errno=0 [ 254.208677][ T38] audit: type=1800 audit(1777812494.697:76): pid=6936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.279" name="bus" dev="loop4" ino=9 res=0 errno=0 [ 254.388279][ T6938] Bluetooth: MGMT ver 1.23 [ 255.183253][ T6940] loop0: detected capacity change from 0 to 512 [ 255.270142][ T6940] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.280: inode has both inline data and extents flags [ 255.270343][ T6940] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 255.271578][ T6940] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.280: couldn't read orphan inode 15 (err -117) [ 255.271606][ T6940] loop0: lost filesystem error report for type 5 error -117 [ 255.345709][ T6940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.374847][ T6932] loop1: detected capacity change from 0 to 32768 [ 255.375896][ T6932] btrfs: Deprecated parameter 'usebackuproot' [ 255.376081][ T6932] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 255.670352][ T6932] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.278 (6932) [ 255.696651][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.696709][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.803502][ T6950] loop2: detected capacity change from 0 to 4096 [ 257.550925][ T6956] loop4: detected capacity change from 0 to 32768 [ 258.278132][ T5625] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.838637][ T6932] BTRFS error (device loop1): open_ctree failed: -4 [ 259.011340][ T6963] loop2: detected capacity change from 0 to 40427 [ 259.035862][ T6963] F2FS-fs (loop2): invalid crc value [ 259.101032][ T824] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 259.271682][ T6963] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 259.280195][ T6963] F2FS-fs (loop2): Start checkpoint disabled! [ 259.291019][ T6964] FAULT_INJECTION: forcing a failure. [ 259.291019][ T6964] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 259.291050][ T6964] CPU: 0 UID: 0 PID: 6964 Comm: syz.4.286 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 259.291070][ T6964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 259.291081][ T6964] Call Trace: [ 259.291087][ T6964] [ 259.291095][ T6964] dump_stack_lvl+0xe8/0x150 [ 259.291120][ T6964] should_fail_ex+0x46b/0x600 [ 259.291144][ T6964] _copy_from_iter+0x1d3/0x1670 [ 259.291167][ T6964] ? sock_alloc_send_pskb+0x8a2/0x9a0 [ 259.291197][ T6964] ? __pfx__copy_from_iter+0x10/0x10 [ 259.291224][ T6964] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 259.291252][ T6964] skb_copy_datagram_from_iter+0xf5/0x710 [ 259.291279][ T6964] ? dev_get_by_index+0x22/0x2f0 [ 259.291296][ T6964] ? skb_put+0x11b/0x210 [ 259.291321][ T6964] packet_sendmsg+0x35be/0x4fd0 [ 259.291361][ T6964] ? __lock_acquire+0x6b5/0x2d10 [ 259.291393][ T6964] ? __lock_acquire+0x6b5/0x2d10 [ 259.291429][ T6964] ? __pfx_packet_sendmsg+0x10/0x10 [ 259.291454][ T6964] ? aa_sk_perm+0x703/0x950 [ 259.291482][ T6964] ? __pfx_aa_sk_perm+0x10/0x10 [ 259.291500][ T6964] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 259.291529][ T6964] ? aa_sock_msg_perm+0x122/0x200 [ 259.291551][ T6964] ? __pfx_packet_sendmsg+0x10/0x10 [ 259.291570][ T6964] sock_sendmsg_nosec+0x112/0x150 [ 259.291592][ T6964] __sys_sendto+0x402/0x590 [ 259.291619][ T6964] ? __pfx___sys_sendto+0x10/0x10 [ 259.291663][ T6964] ? ksys_write+0x248/0x270 [ 259.291687][ T6964] ? __pfx_ksys_write+0x10/0x10 [ 259.291712][ T6964] __x64_sys_sendto+0xde/0x100 [ 259.291734][ T6964] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.291754][ T6964] do_syscall_64+0x15f/0xf80 [ 259.291777][ T6964] ? trace_irq_disable+0x3b/0x140 [ 259.291798][ T6964] ? clear_bhb_loop+0x40/0x90 [ 259.291820][ T6964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.291836][ T6964] RIP: 0033:0x7f80a07dcdd9 [ 259.291853][ T6964] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 259.291866][ T6964] RSP: 002b:00007f809ea36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 259.291885][ T6964] RAX: ffffffffffffffda RBX: 00007f80a0a55fa0 RCX: 00007f80a07dcdd9 [ 259.291897][ T6964] RDX: 000000000000e90c RSI: 00002000000000c0 RDI: 0000000000000005 [ 259.291909][ T6964] RBP: 00007f809ea36090 R08: 0000200000000540 R09: 0000000000000014 [ 259.291925][ T6964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 259.291935][ T6964] R13: 00007f80a0a56038 R14: 00007f80a0a55fa0 R15: 00007fffd3cf33d8 [ 259.291963][ T6964] [ 259.681080][ T6963] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 259.689116][ T6963] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 259.714514][ T38] audit: type=1800 audit(1777812500.387:77): pid=6963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.284" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 260.631525][ T6973] loop3: detected capacity change from 0 to 32768 [ 260.744097][ T824] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 261.047001][ T3537] kworker/u8:29: attempt to access beyond end of device [ 261.047001][ T3537] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 261.106103][ T3537] CPU: 1 UID: 0 PID: 3537 Comm: kworker/u8:29 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 261.106128][ T3537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 261.106139][ T3537] Workqueue: writeback wb_workfn (flush-7:2) [ 261.106171][ T3537] Call Trace: [ 261.106178][ T3537] [ 261.106185][ T3537] dump_stack_lvl+0xe8/0x150 [ 261.106210][ T3537] f2fs_stop_checkpoint+0x383/0x540 [ 261.106233][ T3537] f2fs_write_end_io+0x1274/0x1740 [ 261.106266][ T3537] __submit_merged_bio+0x256/0x6a0 [ 261.106287][ T3537] __submit_merged_write_cond+0x3c9/0x4e0 [ 261.106310][ T3537] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 261.106349][ T3537] f2fs_write_data_pages+0x287e/0x34f0 [ 261.106405][ T3537] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 261.106438][ T3537] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 261.106495][ T3537] ? __lock_acquire+0x6b5/0x2d10 [ 261.106556][ T3537] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 261.106579][ T3537] do_writepages+0x32e/0x550 [ 261.106603][ T3537] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 261.106622][ T3537] ? reacquire_held_locks+0x104/0x190 [ 261.106638][ T3537] ? rt_spin_lock+0x1e0/0x400 [ 261.106664][ T3537] __writeback_single_inode+0x133/0x10e0 [ 261.106684][ T3537] ? rt_spin_unlock+0x160/0x200 [ 261.106705][ T3537] writeback_sb_inodes+0x97f/0x1980 [ 261.106738][ T3537] ? lockdep_hardirqs_on+0x7a/0x110 [ 261.106777][ T3537] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 261.106833][ T3537] ? rcu_is_watching+0x15/0xb0 [ 261.106861][ T3537] wb_writeback+0x445/0xb00 [ 261.106883][ T3537] ? queue_io+0x211/0x440 [ 261.106907][ T3537] ? __pfx_wb_writeback+0x10/0x10 [ 261.106941][ T3537] wb_workfn+0x3fd/0xf20 [ 261.106962][ T3537] ? look_up_lock_class+0x57/0x110 [ 261.106987][ T3537] ? lapic_next_event+0x11/0x20 [ 261.107023][ T3537] ? __pfx_wb_workfn+0x10/0x10 [ 261.107048][ T3537] ? do_raw_spin_lock+0x12b/0x2f0 [ 261.107072][ T3537] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 261.107096][ T3537] ? process_one_work+0x8b7/0x1710 [ 261.107118][ T3537] ? process_one_work+0x8b7/0x1710 [ 261.107149][ T3537] ? process_one_work+0x8b7/0x1710 [ 261.107168][ T3537] process_one_work+0x9a3/0x1710 [ 261.107210][ T3537] ? __pfx_process_one_work+0x10/0x10 [ 261.107228][ T3537] ? do_raw_spin_lock+0x12b/0x2f0 [ 261.107266][ T3537] worker_thread+0xba8/0x11e0 [ 261.107312][ T3537] kthread+0x388/0x470 [ 261.107338][ T3537] ? __pfx_worker_thread+0x10/0x10 [ 261.107356][ T3537] ? __pfx_kthread+0x10/0x10 [ 261.107381][ T3537] ret_from_fork+0x514/0xb70 [ 261.107406][ T3537] ? __pfx_ret_from_fork+0x10/0x10 [ 261.107427][ T3537] ? __switch_to+0xc79/0x1410 [ 261.107448][ T3537] ? __pfx_kthread+0x10/0x10 [ 261.107473][ T3537] ret_from_fork_asm+0x1a/0x30 [ 261.107512][ T3537] [ 261.163905][ T3537] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 261.870253][ T6975] fido_id[6975]: Failed to read report descriptor at '/sys/devices/virtual/misc/uhid/0000:0000:0000.0001/report_descriptor': No such device [ 262.121638][ T5929] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 262.287418][ T5929] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 262.287436][ T5929] usb 5-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 262.287446][ T5929] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 262.287468][ T5929] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 262.287479][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.444569][ T5929] usbtmc 5-1:16.0: bulk endpoints not found [ 262.598536][ T6987] loop2: detected capacity change from 0 to 24 [ 263.442594][ T824] usb 5-1: USB disconnect, device number 8 [ 263.657719][ T6992] loop1: detected capacity change from 0 to 32768 [ 265.427277][ T7004] loop2: detected capacity change from 0 to 32768 [ 265.580974][ T7009] loop3: detected capacity change from 0 to 64 [ 266.675959][ T7030] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.895491][ T7038] netlink: 'syz.4.310': attribute type 1 has an invalid length. [ 266.895510][ T7038] netlink: 'syz.4.310': attribute type 8 has an invalid length. [ 273.229242][ T7084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.325'. [ 273.650439][ T7080] syzkaller0: entered promiscuous mode [ 273.650472][ T7080] syzkaller0: entered allmulticast mode [ 287.533437][ T7111] syzkaller0: entered promiscuous mode [ 287.533463][ T7111] syzkaller0: entered allmulticast mode [ 287.756167][ T7133] netlink: 'syz.2.337': attribute type 11 has an invalid length. [ 287.756188][ T7133] netlink: 224 bytes leftover after parsing attributes in process `syz.2.337'. [ 287.817954][ T38] audit: type=1800 audit(1777812528.487:78): pid=7133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.337" name="r" dev="tmpfs" ino=403 res=0 errno=0 [ 290.476112][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 290.564895][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 290.567335][ T6538] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 290.607591][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 290.642821][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 290.655074][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 290.680332][ T6538] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 290.700214][ T6538] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 290.764722][ T6538] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 290.779491][ T6538] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 291.868202][ T6541] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 291.933216][ T6541] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 291.934371][ T6541] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 291.935333][ T6541] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 291.935962][ T6541] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 292.808280][ T4941] Bluetooth: hci5: command tx timeout [ 292.961268][ T4941] Bluetooth: hci6: command tx timeout [ 294.008455][ T4941] Bluetooth: hci7: command tx timeout [ 294.878553][ T4941] Bluetooth: hci5: command tx timeout [ 295.038599][ T4941] Bluetooth: hci6: command tx timeout [ 296.078462][ T4941] Bluetooth: hci7: command tx timeout [ 296.958529][ T4941] Bluetooth: hci5: command tx timeout [ 297.118589][ T4941] Bluetooth: hci6: command tx timeout [ 298.158481][ T4941] Bluetooth: hci7: command tx timeout [ 299.038599][ T4941] Bluetooth: hci5: command tx timeout [ 299.198720][ T4941] Bluetooth: hci6: command tx timeout [ 300.247203][ T4941] Bluetooth: hci7: command tx timeout [ 300.902475][ T7129] netlink: 8 bytes leftover after parsing attributes in process `syz.1.336'. [ 303.903783][ T3510] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.523904][ T7205] netlink: 4 bytes leftover after parsing attributes in process `syz.1.351'. [ 304.562559][ T3510] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.252796][ T3510] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.477750][ T7220] syzkaller0: entered promiscuous mode [ 305.477773][ T7220] syzkaller0: entered allmulticast mode [ 305.661095][ T3510] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.063305][ T7252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.362'. [ 308.125148][ T7243] syz.2.360 (7243) used greatest stack depth: 17336 bytes left [ 308.573219][ T32] IPVS: starting estimator thread 0... [ 308.619876][ T7271] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 308.619897][ T7271] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 7271, name: syz.1.368 [ 308.620889][ T7271] preempt_count: 1, expected: 0 [ 308.620902][ T7271] RCU nest depth: 2, expected: 2 [ 308.620919][ T7271] 4 locks held by syz.1.368/7271: [ 308.620930][ T7271] #0: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: nf_hook+0xa1/0x3a0 [ 308.620985][ T7271] #1: ffffffff8de5f300 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 308.621030][ T7271] #2: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 308.621075][ T7271] #3: ffff88802234c8f0 (&cp->lock#2){+...}-{3:3}, at: ip_vs_conn_new+0x14fe/0x25f0 [ 308.621122][ T7271] Preemption disabled at: [ 308.621127][ T7271] [] hlist_bl_lock+0x18/0x110 [ 308.621162][ T7271] CPU: 1 UID: 0 PID: 7271 Comm: syz.1.368 Not tainted syzkaller #0 PREEMPT_{RT,(full)} SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 308.621182][ T7271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 308.621192][ T7271] Call Trace: [ 308.621199][ T7271] [ 308.621207][ T7271] dump_stack_lvl+0xe8/0x150 [ 308.621232][ T7271] __might_resched+0x329/0x480 [ 308.621256][ T7271] ? hlist_bl_lock+0x18/0x110 [ 308.621283][ T7271] rt_spin_lock+0xc2/0x400 [ 308.621308][ T7271] ? __pfx_rt_spin_lock+0x10/0x10 [ 308.621326][ T7271] ? rcu_is_watching+0x15/0xb0 [ 308.621342][ T7271] ? __local_bh_disable_ip+0x3c/0x420 [ 308.621370][ T7271] ip_vs_conn_new+0x14fe/0x25f0 [ 308.621391][ T7271] ? ip_vs_conn_new+0x1491/0x25f0 [ 308.621423][ T7271] ? __pfx_ip_vs_conn_new+0x10/0x10 [ 308.621441][ T7271] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 308.621460][ T7271] ? lockdep_hardirqs_on+0x7a/0x110 [ 308.621493][ T7271] ? ip_vs_lblcr_schedule+0x2e3/0x1b50 [ 308.621519][ T7271] ip_vs_schedule+0x10fd/0x1d70 [ 308.621556][ T7271] ? __pfx_ip_vs_schedule+0x10/0x10 [ 308.621589][ T7271] ? __ip_vs_svc_fwm_find+0x624/0x6b0 [ 308.621620][ T7271] ? ip_vs_service_find+0xbc/0x3c0 [ 308.621656][ T7271] udp_conn_schedule+0x391/0x7a0 [ 308.621690][ T7271] ? __pfx_udp_conn_schedule+0x10/0x10 [ 308.621729][ T7271] ip_vs_in_hook+0xc50/0x1bf0 [ 308.621760][ T7271] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 308.621799][ T7271] ? nf_hook+0xa1/0x3a0 [ 308.621824][ T7271] ? nf_hook+0xa1/0x3a0 [ 308.621848][ T7271] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 308.621869][ T7271] nf_hook_slow+0xc5/0x220 [ 308.621895][ T7271] ? __pfx_dst_output+0x10/0x10 [ 308.621917][ T7271] nf_hook+0x22a/0x3a0 [ 308.621943][ T7271] ? nf_hook+0xa1/0x3a0 [ 308.621965][ T7271] ? __pfx_nf_hook+0x10/0x10 [ 308.621990][ T7271] ? __pfx_dst_output+0x10/0x10 [ 308.622021][ T7271] ? __ip_local_out+0x152/0x6a0 [ 308.622048][ T7271] __ip_local_out+0x558/0x6a0 [ 308.622069][ T7271] ? __pfx_dst_output+0x10/0x10 [ 308.622098][ T7271] ip_local_out+0x2a/0x190 [ 308.622125][ T7271] ip_send_skb+0x45/0xc0 [ 308.622151][ T7271] udp_send_skb+0x7e4/0xf70 [ 308.622184][ T7271] udp_sendmsg+0x1937/0x21a0 [ 308.622221][ T7271] ? __pfx_udp_sendmsg+0x10/0x10 [ 308.622280][ T7271] ? __lock_acquire+0x6b5/0x2d10 [ 308.622313][ T7271] udpv6_sendmsg+0x996/0x25c0 [ 308.622348][ T7271] ? __lock_acquire+0x6b5/0x2d10 [ 308.622376][ T7271] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 308.622410][ T7271] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 308.622435][ T7271] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 308.622477][ T7271] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 308.622507][ T7271] ? inet_send_prepare+0x1b9/0x270 [ 308.622536][ T7271] ? inet6_sendmsg+0xe4/0x120 [ 308.622560][ T7271] ? __pfx_inet6_sendmsg+0x10/0x10 [ 308.622582][ T7271] sock_sendmsg_nosec+0x90/0x150 [ 308.622605][ T7271] ____sys_sendmsg+0x55c/0x870 [ 308.622643][ T7271] ? __pfx_____sys_sendmsg+0x10/0x10 [ 308.622678][ T7271] ? import_iovec+0x73/0xa0 [ 308.622709][ T7271] ___sys_sendmsg+0x2a5/0x360 [ 308.622732][ T7271] ? __lock_acquire+0x6b5/0x2d10 [ 308.622761][ T7271] ? __pfx____sys_sendmsg+0x10/0x10 [ 308.622794][ T7271] ? futex_wait+0x2a2/0x390 [ 308.622845][ T7271] ? __fget_files+0x2a/0x420 [ 308.622863][ T7271] ? __fget_files+0x3a6/0x420 [ 308.622893][ T7271] __x64_sys_sendmsg+0x1c3/0x2a0 [ 308.622920][ T7271] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 308.622955][ T7271] ? rcu_is_watching+0x15/0xb0 [ 308.622983][ T7271] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.623002][ T7271] do_syscall_64+0x15f/0xf80 [ 308.623026][ T7271] ? trace_irq_disable+0x3b/0x140 [ 308.623049][ T7271] ? clear_bhb_loop+0x40/0x90 [ 308.623071][ T7271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.623088][ T7271] RIP: 0033:0x7f8e6793cdd9 [ 308.623106][ T7271] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 308.623120][ T7271] RSP: 002b:00007f8e65b8e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 308.623138][ T7271] RAX: ffffffffffffffda RBX: 00007f8e67bb5fa0 RCX: 00007f8e6793cdd9 [ 308.623151][ T7271] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000009 [ 308.623163][ T7271] RBP: 00007f8e679d2d69 R08: 0000000000000000 R09: 0000000000000000 [ 308.623175][ T7271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 308.623186][ T7271] R13: 00007f8e67bb6038 R14: 00007f8e67bb5fa0 R15: 00007ffff5e60bf8 [ 308.623217][ T7271] [ 308.802711][ T7271] netlink: 24 bytes leftover after parsing attributes in process `syz.1.368'. [ 308.842941][ T7273] IPVS: using max 9 ests per chain, 21600 per kthread [ 309.529259][ T3510] bridge_slave_1: left allmulticast mode [ 309.529383][ T3510] bridge_slave_1: left promiscuous mode [ 309.536403][ T3510] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.692797][ T3510] bridge_slave_0: left allmulticast mode [ 309.692819][ T3510] bridge_slave_0: left promiscuous mode [ 309.692981][ T3510] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.593194][ T3510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 310.649349][ T3510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 310.692915][ T3510] bond0 (unregistering): Released all slaves [ 313.131092][ T5286] 8021q: adding VLAN 0 to HW filter on device eth1 [ 313.460306][ T3510] hsr_slave_0: left promiscuous mode [ 313.499012][ T3510] hsr_slave_1: left promiscuous mode [ 313.520859][ T3510] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 313.520947][ T3510] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.540483][ T3510] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 313.540507][ T3510] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.663783][ T3510] veth1_macvtap: left promiscuous mode [ 313.663957][ T3510] veth0_macvtap: left promiscuous mode [ 313.664138][ T3510] veth1_vlan: left promiscuous mode [ 313.666965][ T3510] veth0_vlan: left promiscuous mode [ 314.422415][ T3510] team0 (unregistering): Port device team_slave_1 removed [ 314.459329][ T3510] team0 (unregistering): Port device team_slave_0 removed [ 314.677031][ T5286] 8021q: adding VLAN 0 to HW filter on device eth2 [ 315.125428][ T5286] 8021q: adding VLAN 0 to HW filter on device eth3 [ 315.656312][ T5286] 8021q: adding VLAN 0 to HW filter on device eth4 [ 316.257153][ T3510] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.507730][ T3510] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.750389][ T3510] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.963232][ T3510] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.124261][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.124341][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.524212][ T3510] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.834027][ T3510] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.888072][ T5286] 8021q: adding VLAN 0 to HW filter on device eth5 [ 318.187411][ T3510] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.510190][ T3510] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.541789][ T5286] 8021q: adding VLAN 0 to HW filter on device eth6