last executing test programs: 2m16.343989297s ago: executing program 3 (id=603): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x5, @loopback, 0x5d96}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x52}, 0x1c, &(0x7f0000000d80)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x240480c3) r2 = dup(r1) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='bond_slave_1\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a40)={0x0, @in6={{0xa, 0x4e24, 0x5, @loopback, 0x1}}, 0x4, 0x1, 0xf06, 0x0, 0xac, 0x7d, 0x5}, 0x9c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff6, @empty, 0x7f}}, 0x1000001, 0x31, 0xffff1896, 0x3, 0x6, 0x8, 0x6}, 0x9c) 2m16.343612657s ago: executing program 3 (id=605): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) mbind(&(0x7f00004c2000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x1fc9, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x2, 0x0) 2m16.322832958s ago: executing program 3 (id=606): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002640)=@newtaction={0xe68, 0x30, 0x3f, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0xfffffffc, 0x0, 0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x5943}, {0x0, 0x800000, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x0, 0x0, 0x10}, {}, {}, {0x0, 0xa2}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x1cbe}, {0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x8}, {}, {0x0, 0xfffffffe, 0x400000}, {0x0, 0xfffffffc}, {}, {}, {}, {0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x4, 0xffffff6a}, {0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x800000}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x7fffffff}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x27a}, {0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0xfffffffc, 0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x2}, {}, {}, {}, {0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0xc}, {}, {0x0, 0x0, 0x2b7f}, {0x3ff, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0xcfc, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0xfffffffd, 0x0, 0x0, 0x0, 0xa92}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x40000000, 0x1, 0x0, 0x10001}, {0x0, 0x0, 0x20}, {}, {0x80000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, {0xfffffffc}, {}, {}, {}, {0x0, 0xa, 0xfffffffc}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x40, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1, 0x2}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x2}, {0x5}, {}, {}, {}, {}, {}, {0x7, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) 2m12.629968015s ago: executing program 3 (id=633): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0) 2m12.503620089s ago: executing program 3 (id=634): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x6101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000840)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x0) 2m11.908059348s ago: executing program 3 (id=642): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="01310100000000003800c09d0e00010069703665727370616e000000240002801440050000400000000000000000ffff7f00000104001200"], 0x58}}, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x48, 0x5, 0x73, 0xffe00003}, {0x6, 0x83, 0x6, 0x10400}]}, 0x10) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x40040000) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r7, 0x0, 0x61, 0x0, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0xffffffffffffffff, 0xfffffffc, 0xa}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r8 = socket$kcm(0x11, 0x3, 0x0) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r4) sendmsg$BATADV_CMD_GET_DAT_CACHE(r10, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0x24, r11, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4000080) setsockopt$sock_attach_bpf(r8, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="180100003500010000000000fcdbdf250701f2800c0004000bac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) 2m11.779806168s ago: executing program 32 (id=642): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="01310100000000003800c09d0e00010069703665727370616e000000240002801440050000400000000000000000ffff7f00000104001200"], 0x58}}, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x48, 0x5, 0x73, 0xffe00003}, {0x6, 0x83, 0x6, 0x10400}]}, 0x10) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x40040000) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r7, 0x0, 0x61, 0x0, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0xffffffffffffffff, 0xfffffffc, 0xa}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r8 = socket$kcm(0x11, 0x3, 0x0) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r4) sendmsg$BATADV_CMD_GET_DAT_CACHE(r10, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0x24, r11, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4000080) setsockopt$sock_attach_bpf(r8, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="180100003500010000000000fcdbdf250701f2800c0004000bac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) 6.063427253s ago: executing program 1 (id=2136): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r0, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9000000010000104000000000300000000000000", @ANYRES32=r0, @ANYBLOB="24240400858d0000700012800e00010069703665727370616e0000005c00028014000600fe80000000000000000000000000002e05001600020000000400120014000700fc020000000000000000000000000000050017000000000014000700ff0100000000000000"], 0x90}, 0x1, 0x0, 0x0, 0x4c014}, 0x0) 4.493321874s ago: executing program 1 (id=2137): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 3.60600385s ago: executing program 1 (id=2150): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0) 3.579217112s ago: executing program 1 (id=2151): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r1) socket$inet_udp(0x2, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)={0x0, 0x1, [@multicast]}) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x10040, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @multicast}, 0x14) 3.104452744s ago: executing program 4 (id=2152): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x48}}, 0x400400c0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r6, {0x0, 0x2}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_ADDEND={0x8, 0x5, 0x2}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}]}}]}, 0x4c}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYRES32=0x0], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmmsg$alg(r4, 0x0, 0x0, 0x0) 2.934993281s ago: executing program 1 (id=2158): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 2.879970851s ago: executing program 4 (id=2160): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 2.836643557s ago: executing program 0 (id=2161): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000000480)="ba927abbc9b55400040000db0732a85d86dd32261be41e2d47a0bef7c949e017682d8822522894dacd2c746cf49f8b4e300864ea3b5a0b69b275", 0x3a, 0x0, &(0x7f0000000340)={0x11, 0x88a8, r3, 0x1, 0xd8, 0x6, @random="0e476a04c52a"}, 0x14) 2.778019659s ago: executing program 1 (id=2162): syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) socket$inet6_tcp(0xa, 0x1, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30) 1.355400769s ago: executing program 0 (id=2165): r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x20000080) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 1.354783674s ago: executing program 4 (id=2166): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x3, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x80000, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0x5, 0xb}, {0xffe0, 0x3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x1, 0x406, 0x1, 0xffffffff, 0x9}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="2703020000", 0x5}], 0x1}, 0x5) 1.266748711s ago: executing program 0 (id=2170): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000002440), 0x40, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001040)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000002400)="800000800000210ee7decd7a0000", 0xe, 0x200000c1, &(0x7f00000001c0)={0x11, 0x88a8, r3, 0x1, 0x3}, 0x14) 1.243596085s ago: executing program 2 (id=2171): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4048804}, 0x4008054) read$nci(r0, &(0x7f0000000000), 0x0) 1.035979077s ago: executing program 5 (id=2172): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000002e00010026bdf000fcdbdf"], 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xffbf}], 0x1) 431.22813ms ago: executing program 0 (id=2173): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x30, 0x3a, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x4, '\x00', {0x0, 0x6, "000006", 0xda34, 0x3a, 0xff, @rand_addr=' \x01\x00', @empty}}}}}}}, 0x0) 424.257632ms ago: executing program 4 (id=2174): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x5, 0x0, &(0x7f00000002c0)="00154e0132", &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x71096000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x14) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@enum64={0x6, 0x0, 0x0, 0x13, 0x0, 0x2}]}, {0x0, [0x6f, 0x2e, 0x2e, 0x2e, 0x5f]}}, 0x0, 0x2b, 0x0, 0x1, 0x8000}, 0x28) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) ioctl$COMEDI_UNLOCK(0xffffffffffffffff, 0x6406) 326.882223ms ago: executing program 4 (id=2175): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffb}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x0, @dev={0xfe, 0x80, '\x00', 0x36}}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000080)={0x0, 0x100}, 0x8) 310.799882ms ago: executing program 0 (id=2176): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000000480)="ba927abbc9b55400040000db0732a85d86dd32261be41e2d47a0bef7c949e017682d8822522894dacd2c746cf49f8b4e300864ea3b5a0b69b275", 0x3a, 0x0, &(0x7f0000000340)={0x11, 0x88a8, r3, 0x1, 0xd8, 0x6, @random="0e476a04c52a"}, 0x14) 300.566233ms ago: executing program 4 (id=2177): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 299.733832ms ago: executing program 5 (id=2178): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x20004000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0xffffffffffffff23, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x63, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x4, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 299.512351ms ago: executing program 2 (id=2179): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r1, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9000000010000104000000000300000000000000", @ANYRES32=r1, @ANYBLOB="24240400858d0000700012800e00010069703665727370616e0000005c00028014000600fe80000000000000000000000000002e05001600020000000400120014000700fc020000000000000000000000000000050017000000000014000700ff0100000000000000"], 0x90}, 0x1, 0x0, 0x0, 0x4c014}, 0x0) 280.405431ms ago: executing program 5 (id=2180): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x60, 0x10, 0x439, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r2, 0x21801, 0x1103}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e22}, @IFLA_GRE_TTL={0x5, 0x8, 0x40}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x6}, @IFLA_GRE_PMTUDISC={0x5, 0xa, 0x1}, @IFLA_GRE_LOCAL={0x8, 0x6, @initdev={0xac, 0x1e, 0x0, 0x0}}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x410c0}, 0x4048014) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9, 0x0, 0x0, 0x4000000}, 0x0) 253.578929ms ago: executing program 2 (id=2181): sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x800) read$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000007e40), 0x0, 0x20044894) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xd3f, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x2, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL={0x8, 0x5, {0x20000, 0x0, 0x1}}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) 224.790537ms ago: executing program 5 (id=2182): r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r6, {}, {0xb, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x1, 0x32, 0x5, 0x9, 0x2, 0x9, 0xd, 0x1, 0x1, {0xffff1c72, 0x23, 0x7, 0x8, 0xfffffffe, 0x7583}}}}]}, 0x78}}, 0x8000) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) 216.651009ms ago: executing program 2 (id=2183): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000002440), 0x40, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001040)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000002400)="800000800000210ee7decd7a0000", 0xe, 0x200000c1, &(0x7f00000001c0)={0x11, 0x88a8, r3, 0x1, 0x3}, 0x14) 145.237187ms ago: executing program 0 (id=2184): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x3, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x80000, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0x5, 0xb}, {0xffe0, 0x3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x1, 0x406, 0x1, 0xffffffff, 0x9}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="2703020000", 0x5}], 0x1}, 0x5) 110.546434ms ago: executing program 5 (id=2185): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x5, 0x0, &(0x7f00000002c0)="00154e0132", &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x71096000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x14) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@enum64={0x6, 0x0, 0x0, 0x13, 0x0, 0x2}]}, {0x0, [0x6f, 0x2e, 0x2e, 0x2e, 0x5f]}}, 0x0, 0x2b, 0x0, 0x1, 0x8000}, 0x28) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) ioctl$COMEDI_UNLOCK(0xffffffffffffffff, 0x6406) 56.069869ms ago: executing program 2 (id=2186): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x40) syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x30, 0x3a, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x4, '\x00', {0x0, 0x6, "000006", 0xda34, 0x3a, 0xff, @rand_addr=' \x01\x00', @empty}}}}}}}, 0x0) 14.383098ms ago: executing program 5 (id=2187): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x5, &(0x7f00000007c0)=@framed={{0x18, 0x2}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0xa}]}, &(0x7f00000000c0)='syzkaller\x00', 0x5}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f0000000440), &(0x7f0000000040)=@udp=r0}, 0x20) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b142b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c04594282423424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94) recvfrom$inet(r0, &(0x7f0000000540)=""/137, 0x89, 0x103, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 0s ago: executing program 2 (id=2188): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000002e00010026bdf000fcdbdf"], 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xffbf}], 0x1) kernel console output (not intermixed with test programs): 59604][ T7961] Injecting memory failure for pfn 0x14ab0f at process virtual address 0x20f0f000 [ 139.942297][ T6580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.971266][ T7961] Memory failure: 0x14ab0f: recovery action for dirty LRU page: Recovered [ 140.361616][ T6576] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 140.513831][ T7982] FAULT_INJECTION: forcing a failure. [ 140.513831][ T7982] name failslab, interval 1, probability 0, space 0, times 0 [ 140.513869][ T7982] CPU: 1 UID: 0 PID: 7982 Comm: syz.1.360 Not tainted syzkaller #0 PREEMPT [ 140.513885][ T7982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 140.513891][ T7982] Call trace: [ 140.513894][ T7982] show_stack+0x2c/0x3c (C) [ 140.513911][ T7982] __dump_stack+0x30/0x40 [ 140.513918][ T7982] dump_stack_lvl+0xd8/0x12c [ 140.513923][ T7982] dump_stack+0x1c/0x28 [ 140.513929][ T7982] should_fail_ex+0x41c/0x594 [ 140.513935][ T7982] should_failslab+0xc0/0x128 [ 140.513943][ T7982] kmem_cache_alloc_noprof+0x90/0x680 [ 140.513948][ T7982] security_inode_alloc+0x3c/0x324 [ 140.513955][ T7982] inode_init_always_gfp+0x710/0xb84 [ 140.513963][ T7982] alloc_inode+0x80/0x19c [ 140.513968][ T7982] new_inode+0x2c/0x130 [ 140.513974][ T7982] shmem_get_inode+0x2dc/0xcf8 [ 140.513980][ T7982] __shmem_file_setup+0x150/0x2c4 [ 140.513985][ T7982] shmem_file_setup+0x40/0x54 [ 140.513989][ T7982] __arm64_sys_memfd_create+0x36c/0x814 [ 140.513996][ T7982] invoke_syscall+0x98/0x254 [ 140.514002][ T7982] el0_svc_common+0xe8/0x23c [ 140.514007][ T7982] do_el0_svc+0x48/0x58 [ 140.514012][ T7982] el0_svc+0x5c/0x26c [ 140.514019][ T7982] el0t_64_sync_handler+0x84/0x12c [ 140.514024][ T7982] el0t_64_sync+0x198/0x19c [ 140.580182][ T7972] loop0: detected capacity change from 0 to 32768 [ 140.613975][ T7972] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.354'. [ 140.657652][ T7976] loop3: detected capacity change from 0 to 32768 [ 140.685804][ T7976] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 140.760206][ T7976] XFS (loop3): Ending clean mount [ 141.127762][ T7976] sch_tbf: peakrate 2147483647 is lower than or equals to rate 2831036522994172386 ! [ 141.135567][ T8017] loop2: detected capacity change from 0 to 512 [ 141.160376][ T6580] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 141.445251][ T8031] loop2: detected capacity change from 0 to 32768 [ 141.447564][ T8031] (syz.2.375,8031,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 141.449736][ T8031] (syz.2.375,8031,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 141.466128][ T8031] JBD2: Ignoring recovery information on journal [ 141.474121][ T8031] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 141.529836][ T6576] ocfs2: Unmounting device (7,2) on (node local) [ 141.569684][ T8036] netlink: 12 bytes leftover after parsing attributes in process `syz.3.377'. [ 141.642619][ T8039] (syz.2.378,8039,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 141.643201][ T8039] (syz.2.378,8039,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 141.653533][ T8036] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 141.656473][ T8039] JBD2: Ignoring recovery information on journal [ 141.659068][ T8036] netlink: 4 bytes leftover after parsing attributes in process `syz.3.377'. [ 141.672615][ T4888] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 141.672681][ T4888] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 141.672699][ T4888] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 141.672711][ T4888] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 141.707971][ T8039] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 141.722081][ T8039] FAULT_INJECTION: forcing a failure. [ 141.722081][ T8039] name failslab, interval 1, probability 0, space 0, times 0 [ 141.722190][ T8039] CPU: 1 UID: 0 PID: 8039 Comm: syz.2.378 Not tainted syzkaller #0 PREEMPT [ 141.722202][ T8039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 141.722209][ T8039] Call trace: [ 141.722212][ T8039] show_stack+0x2c/0x3c (C) [ 141.722227][ T8039] __dump_stack+0x30/0x40 [ 141.722237][ T8039] dump_stack_lvl+0xd8/0x12c [ 141.722242][ T8039] dump_stack+0x1c/0x28 [ 141.722247][ T8039] should_fail_ex+0x41c/0x594 [ 141.722256][ T8039] should_failslab+0xc0/0x128 [ 141.722264][ T8039] __kmalloc_cache_noprof+0x8c/0x698 [ 141.722270][ T8039] alloc_pipe_info+0xf0/0x4d8 [ 141.722276][ T8039] splice_direct_to_actor+0x7b8/0x994 [ 141.722283][ T8039] do_splice_direct+0x130/0x210 [ 141.722289][ T8039] vfs_copy_file_range+0x9b8/0x10f8 [ 141.722296][ T8039] __arm64_sys_copy_file_range+0x308/0x5d4 [ 141.722302][ T8039] invoke_syscall+0x98/0x254 [ 141.722308][ T8039] el0_svc_common+0xe8/0x23c [ 141.722313][ T8039] do_el0_svc+0x48/0x58 [ 141.722319][ T8039] el0_svc+0x5c/0x26c [ 141.722326][ T8039] el0t_64_sync_handler+0x84/0x12c [ 141.722332][ T8039] el0t_64_sync+0x198/0x19c [ 141.934420][ T6576] ocfs2: Unmounting device (7,2) on (node local) [ 141.968331][ T8050] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.381 (8050) [ 141.971556][ T8050] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 141.971602][ T8050] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 142.072694][ T8050] BTRFS info (device loop0): enabling ssd optimizations [ 142.072723][ T8050] BTRFS info (device loop0): turning on async discard [ 142.072742][ T8050] BTRFS info (device loop0): enabling free space tree [ 142.185979][ T8058] F2FS-fs (loop3): build fault injection rate: 174 [ 142.187349][ T8058] F2FS-fs (loop3): build fault injection type: 0x3bfe8c [ 142.189208][ T8058] F2FS-fs (loop3): invalid crc value [ 142.214243][ T8058] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 142.216360][ T8058] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 142.231958][ T8058] syz.3.385: attempt to access beyond end of device [ 142.231958][ T8058] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 142.241919][ T8086] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 142.277021][ T6580] syz-executor: attempt to access beyond end of device [ 142.277021][ T6580] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 142.279841][ T6580] CPU: 0 UID: 0 PID: 6580 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 142.279856][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 142.279865][ T6580] Call trace: [ 142.279868][ T6580] show_stack+0x2c/0x3c (C) [ 142.279886][ T6580] __dump_stack+0x30/0x40 [ 142.279894][ T6580] dump_stack_lvl+0xd8/0x12c [ 142.279900][ T6580] dump_stack+0x1c/0x28 [ 142.279905][ T6580] f2fs_handle_critical_error+0x34c/0x4b8 [ 142.279915][ T6580] f2fs_stop_checkpoint+0x5c/0x70 [ 142.279921][ T6580] f2fs_write_end_io+0x770/0xa78 [ 142.279926][ T6580] bio_endio+0x8d4/0x910 [ 142.279933][ T6580] submit_bio_noacct+0xd44/0x186c [ 142.279939][ T6580] submit_bio+0x3b4/0x550 [ 142.279944][ T6580] f2fs_submit_write_bio+0x124/0x324 [ 142.279949][ T6580] __submit_merged_bio+0x224/0x6d4 [ 142.279954][ T6580] __submit_merged_write_cond+0x250/0x4ac [ 142.279959][ T6580] f2fs_write_data_pages+0x1dd4/0x2878 [ 142.279964][ T6580] do_writepages+0x270/0x468 [ 142.279971][ T6580] filemap_fdatawrite+0x14c/0x1f4 [ 142.279978][ T6580] f2fs_sync_dirty_inodes+0x2a0/0x788 [ 142.279984][ T6580] f2fs_write_checkpoint+0x708/0x1c28 [ 142.279991][ T6580] kill_f2fs_super+0x230/0x580 [ 142.279995][ T6580] deactivate_locked_super+0xc4/0x12c [ 142.280002][ T6580] deactivate_super+0xe0/0x100 [ 142.280008][ T6580] cleanup_mnt+0x31c/0x3ac [ 142.280014][ T6580] __cleanup_mnt+0x20/0x30 [ 142.280021][ T6580] task_work_run+0x1dc/0x260 [ 142.280028][ T6580] exit_to_user_mode_loop+0x10c/0x18c [ 142.280034][ T6580] el0_svc+0x17c/0x26c [ 142.280041][ T6580] el0t_64_sync_handler+0x84/0x12c [ 142.280046][ T6580] el0t_64_sync+0x198/0x19c [ 142.286912][ T8090] EXT4-fs: Ignoring removed nobh option [ 142.309365][ T6580] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 142.310164][ T8090] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.387546][ T6581] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.503453][ T7081] Alternate GPT is invalid, using primary GPT. [ 142.503514][ T7081] loop4: p1 p2 p3 [ 142.530032][ T8098] Alternate GPT is invalid, using primary GPT. [ 142.530086][ T8098] loop4: p1 p2 p3 [ 142.619604][ T6582] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 142.631196][ T7145] udevd[7145]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 142.640214][ T8102] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 142.642182][ T8102] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 142.644370][ T8102] F2FS-fs (loop3): invalid crc value [ 142.647517][ T7081] udevd[7081]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 142.656495][ T7193] udevd[7193]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 142.663473][ T8102] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 142.669956][ T8102] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 142.671162][ T8102] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 142.791647][ T7081] udevd[7081]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 142.820192][ T7098] udevd[7098]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 142.832829][ T7193] udevd[7193]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 142.991614][ T8127] netlink: 'syz.4.405': attribute type 10 has an invalid length. [ 142.991821][ T8127] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.992509][ T8127] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.996290][ T8127] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.996326][ T8127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.996420][ T8127] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.996447][ T8127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.997816][ T8127] team0: Port device bridge0 added [ 143.039518][ T8131] netlink: 8 bytes leftover after parsing attributes in process `syz.3.404'. [ 143.039552][ T8131] netlink: 16 bytes leftover after parsing attributes in process `syz.3.404'. [ 143.039575][ T8131] netlink: 540 bytes leftover after parsing attributes in process `syz.3.404'. [ 143.085459][ T8114] set_capacity_and_notify: 10 callbacks suppressed [ 143.086748][ T8114] loop0: detected capacity change from 0 to 32768 [ 143.098363][ T8114] FAULT_INJECTION: forcing a failure. [ 143.098363][ T8114] name failslab, interval 1, probability 0, space 0, times 0 [ 143.101189][ T8114] CPU: 0 UID: 0 PID: 8114 Comm: syz.0.400 Not tainted syzkaller #0 PREEMPT [ 143.101210][ T8114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 143.101216][ T8114] Call trace: [ 143.101219][ T8114] show_stack+0x2c/0x3c (C) [ 143.101238][ T8114] __dump_stack+0x30/0x40 [ 143.101248][ T8114] dump_stack_lvl+0xd8/0x12c [ 143.101255][ T8114] dump_stack+0x1c/0x28 [ 143.101261][ T8114] should_fail_ex+0x41c/0x594 [ 143.101267][ T8114] should_failslab+0xc0/0x128 [ 143.101275][ T8114] kmem_cache_alloc_noprof+0x90/0x680 [ 143.101280][ T8114] alloc_empty_file+0x60/0x1c0 [ 143.101287][ T8114] path_openat+0xcc/0x3114 [ 143.101293][ T8114] do_filp_open+0x18c/0x36c [ 143.101298][ T8114] do_sys_openat2+0x11c/0x1f0 [ 143.101303][ T8114] __arm64_sys_openat+0x120/0x158 [ 143.101308][ T8114] invoke_syscall+0x98/0x254 [ 143.101314][ T8114] el0_svc_common+0xe8/0x23c [ 143.101319][ T8114] do_el0_svc+0x48/0x58 [ 143.101324][ T8114] el0_svc+0x5c/0x26c [ 143.101331][ T8114] el0t_64_sync_handler+0x84/0x12c [ 143.101336][ T8114] el0t_64_sync+0x198/0x19c [ 143.130879][ T6576] minix_free_inode: bit 3 already cleared [ 143.131322][ T6576] minix_free_inode: bit 4 already cleared [ 143.135631][ T6576] minix_free_inode: bit 2 already cleared [ 143.136357][ T6576] minix_free_inode: bit 5 already cleared [ 144.257223][ T8139] process 'syz.0.408' launched './file1' with NULL argv: empty string added [ 144.345660][ T8139] pim6reg: entered allmulticast mode [ 144.440988][ T8148] loop2: detected capacity change from 0 to 512 [ 144.487111][ T8148] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.557415][ T6576] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.577876][ T8161] loop4: detected capacity change from 0 to 64 [ 144.581374][ T8161] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 144.664682][ T8151] loop0: detected capacity change from 0 to 32768 [ 144.667593][ T8151] [ 144.667593][ T8151] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.667593][ T8151] [ 144.670484][ T8151] FAULT_INJECTION: forcing a failure. [ 144.670484][ T8151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 144.670513][ T8151] CPU: 1 UID: 0 PID: 8151 Comm: syz.0.414 Not tainted syzkaller #0 PREEMPT [ 144.670523][ T8151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 144.670528][ T8151] Call trace: [ 144.670532][ T8151] show_stack+0x2c/0x3c (C) [ 144.670548][ T8151] __dump_stack+0x30/0x40 [ 144.670555][ T8151] dump_stack_lvl+0xd8/0x12c [ 144.670561][ T8151] dump_stack+0x1c/0x28 [ 144.670566][ T8151] should_fail_ex+0x41c/0x594 [ 144.670573][ T8151] should_fail+0x14/0x24 [ 144.670577][ T8151] should_fail_usercopy+0x20/0x30 [ 144.670583][ T8151] _inline_copy_from_user+0x3c/0x194 [ 144.670590][ T8151] vmemdup_user+0x6c/0xe4 [ 144.670595][ T8151] path_setxattrat+0x1fc/0x320 [ 144.670601][ T8151] __arm64_sys_setxattr+0xc0/0xdc [ 144.670607][ T8151] invoke_syscall+0x98/0x254 [ 144.670612][ T8151] el0_svc_common+0xe8/0x23c [ 144.670618][ T8151] do_el0_svc+0x48/0x58 [ 144.670623][ T8151] el0_svc+0x5c/0x26c [ 144.670630][ T8151] el0t_64_sync_handler+0x84/0x12c [ 144.670635][ T8151] el0t_64_sync+0x198/0x19c [ 144.698864][ T6582] [ 144.698864][ T6582] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.698864][ T6582] [ 144.700826][ T6582] [ 144.700826][ T6582] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.700826][ T6582] [ 144.778801][ T8170] loop2: detected capacity change from 0 to 40427 [ 144.781007][ T8170] F2FS-fs (loop2): build fault injection rate: 174 [ 144.783283][ T8170] F2FS-fs (loop2): build fault injection type: 0x3bfe8c [ 144.786858][ T8170] F2FS-fs (loop2): invalid crc value [ 144.803808][ T8170] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 144.806389][ T8170] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 144.817156][ T8178] loop1: detected capacity change from 0 to 512 [ 144.817686][ T8178] EXT4-fs: Ignoring removed nobh option [ 144.821002][ T8169] syz.2.421: attempt to access beyond end of device [ 144.821002][ T8169] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 144.825044][ T8178] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.841403][ T8177] loop0: detected capacity change from 0 to 16 [ 144.841566][ T6577] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.849282][ T8170] syz.2.421: attempt to access beyond end of device [ 144.849282][ T8170] loop2: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 144.860665][ T8177] erofs (device loop0): DAX unsupported by block device. Turning off DAX. [ 144.867392][ T8177] erofs (device loop0): mounted with root inode @ nid 36. [ 144.880300][ T6576] syz-executor: attempt to access beyond end of device [ 144.880300][ T6576] loop2: rw=2049, sector=45120, nr_sectors = 16 limit=40427 [ 144.880356][ T6576] CPU: 1 UID: 0 PID: 6576 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 144.880368][ T6576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 144.880374][ T6576] Call trace: [ 144.880378][ T6576] show_stack+0x2c/0x3c (C) [ 144.880395][ T6576] __dump_stack+0x30/0x40 [ 144.880405][ T6576] dump_stack_lvl+0xd8/0x12c [ 144.880411][ T6576] dump_stack+0x1c/0x28 [ 144.880416][ T6576] f2fs_handle_critical_error+0x34c/0x4b8 [ 144.880425][ T6576] f2fs_stop_checkpoint+0x5c/0x70 [ 144.880432][ T6576] f2fs_write_end_io+0x770/0xa78 [ 144.880437][ T6576] bio_endio+0x8d4/0x910 [ 144.880445][ T6576] submit_bio_noacct+0xd44/0x186c [ 144.880450][ T6576] submit_bio+0x3b4/0x550 [ 144.880455][ T6576] f2fs_submit_write_bio+0x124/0x324 [ 144.880460][ T6576] __submit_merged_bio+0x224/0x6d4 [ 144.880465][ T6576] __submit_merged_write_cond+0x250/0x4ac [ 144.880469][ T6576] f2fs_write_data_pages+0x1dd4/0x2878 [ 144.880475][ T6576] do_writepages+0x270/0x468 [ 144.880482][ T6576] filemap_fdatawrite+0x14c/0x1f4 [ 144.880489][ T6576] f2fs_sync_dirty_inodes+0x2a0/0x788 [ 144.880495][ T6576] f2fs_write_checkpoint+0x708/0x1c28 [ 144.880501][ T6576] kill_f2fs_super+0x230/0x580 [ 144.880506][ T6576] deactivate_locked_super+0xc4/0x12c [ 144.880513][ T6576] deactivate_super+0xe0/0x100 [ 144.880519][ T6576] cleanup_mnt+0x31c/0x3ac [ 144.880525][ T6576] __cleanup_mnt+0x20/0x30 [ 144.880532][ T6576] task_work_run+0x1dc/0x260 [ 144.880539][ T6576] exit_to_user_mode_loop+0x10c/0x18c [ 144.880545][ T6576] el0_svc+0x17c/0x26c [ 144.880552][ T6576] el0t_64_sync_handler+0x84/0x12c [ 144.880557][ T6576] el0t_64_sync+0x198/0x19c [ 144.880564][ T6576] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 144.880847][ T6576] CPU: 1 UID: 0 PID: 6576 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 144.880854][ T6576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 144.880857][ T6576] Call trace: [ 144.880859][ T6576] show_stack+0x2c/0x3c (C) [ 144.880865][ T6576] __dump_stack+0x30/0x40 [ 144.880870][ T6576] dump_stack_lvl+0xd8/0x12c [ 144.880881][ T6576] dump_stack+0x1c/0x28 [ 144.880887][ T6576] f2fs_handle_critical_error+0x34c/0x4b8 [ 144.880895][ T6576] f2fs_stop_checkpoint+0x5c/0x70 [ 144.880901][ T6576] f2fs_write_end_io+0x770/0xa78 [ 144.880906][ T6576] bio_endio+0x8d4/0x910 [ 144.880912][ T6576] submit_bio_noacct+0xd44/0x186c [ 144.880918][ T6576] submit_bio+0x3b4/0x550 [ 144.880923][ T6576] f2fs_submit_write_bio+0x124/0x324 [ 144.880927][ T6576] __submit_merged_bio+0x224/0x6d4 [ 144.880932][ T6576] __submit_merged_write_cond+0x250/0x4ac [ 144.880937][ T6576] f2fs_write_data_pages+0x1dd4/0x2878 [ 144.880942][ T6576] do_writepages+0x270/0x468 [ 144.880948][ T6576] filemap_fdatawrite+0x14c/0x1f4 [ 144.880954][ T6576] f2fs_sync_dirty_inodes+0x2a0/0x788 [ 144.880961][ T6576] f2fs_write_checkpoint+0x708/0x1c28 [ 144.880967][ T6576] kill_f2fs_super+0x230/0x580 [ 144.880972][ T6576] deactivate_locked_super+0xc4/0x12c [ 144.880977][ T6576] deactivate_super+0xe0/0x100 [ 144.880983][ T6576] cleanup_mnt+0x31c/0x3ac [ 144.880990][ T6576] __cleanup_mnt+0x20/0x30 [ 144.880996][ T6576] task_work_run+0x1dc/0x260 [ 144.881002][ T6576] exit_to_user_mode_loop+0x10c/0x18c [ 144.881007][ T6576] el0_svc+0x17c/0x26c [ 144.881013][ T6576] el0t_64_sync_handler+0x84/0x12c [ 144.881019][ T6576] el0t_64_sync+0x198/0x19c [ 144.881024][ T6576] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 145.063687][ T8189] loop1: detected capacity change from 0 to 8192 [ 145.226484][ T8193] loop2: detected capacity change from 0 to 32768 [ 145.229899][ T8193] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.426 (8193) [ 145.235215][ T8193] BTRFS info (device loop2): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 145.237053][ T8193] BTRFS info (device loop2): using blake2b (blake2b-256-lib) checksum algorithm [ 145.298631][ T8193] BTRFS info (device loop2): enabling ssd optimizations [ 145.301057][ T8193] BTRFS info (device loop2): turning on async discard [ 145.302503][ T8193] BTRFS info (device loop2): enabling free space tree [ 145.302519][ T8193] BTRFS info (device loop2): use lzo compression, level 1 [ 145.318094][ T8201] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 145.319646][ T8201] FAT-fs (loop1): Filesystem has been set read-only [ 145.359564][ T8222] loop0: detected capacity change from 0 to 1024 [ 145.367609][ T8222] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.394468][ T6576] BTRFS info (device loop2): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 145.410744][ T6582] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.433118][ T6581] minix_free_inode: bit 3 already cleared [ 145.435271][ T6581] minix_free_inode: bit 4 already cleared [ 145.466333][ T6581] minix_free_inode: bit 2 already cleared [ 145.467580][ T6581] minix_free_inode: bit 5 already cleared [ 145.619780][ T8235] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 145.718069][ T8235] ntfs3(loop2): $Secure::$SII is corrupted. [ 145.718131][ T8235] ntfs3(loop2): Failed to initialize $Secure (-22). [ 146.033273][ T8233] loop4: AHDI p1 p3 p4 [ 146.033391][ T8233] loop4: p3 start 3996538112 is beyond EOD, truncated [ 146.033402][ T8233] loop4: p4 start 40969 is beyond EOD, truncated [ 146.105025][ T6215] loop4: AHDI p1 p3 p4 [ 146.106146][ T6215] loop4: p3 start 3996538112 is beyond EOD, truncated [ 146.107875][ T6215] loop4: p4 start 40969 is beyond EOD, truncated [ 148.130000][ T8264] set_capacity_and_notify: 3 callbacks suppressed [ 148.130049][ T8264] loop4: detected capacity change from 0 to 32768 [ 148.130410][ T8264] ocfs2: Unknown parameter 'heaRtbeat' [ 148.187129][ T8266] loop2: detected capacity change from 0 to 64 [ 148.214544][ T8266] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 148.259219][ T8268] loop1: detected capacity change from 0 to 512 [ 148.259587][ T8268] EXT4-fs: Ignoring removed nobh option [ 148.382541][ T6576] minix_free_inode: bit 3 already cleared [ 148.386179][ T6576] minix_free_inode: bit 4 already cleared [ 148.387035][ T6576] minix_free_inode: bit 2 already cleared [ 148.388697][ T6576] minix_free_inode: bit 5 already cleared [ 148.389784][ T8268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.423632][ T8256] loop4: detected capacity change from 0 to 32768 [ 148.424068][ T8256] btrfs: Unknown parameter 'fragment' [ 148.933154][ T8280] loop0: detected capacity change from 0 to 32768 [ 148.941759][ T8280] (syz.0.450,8280,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 148.944367][ T8280] (syz.0.450,8280,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 148.997253][ T8280] JBD2: Ignoring recovery information on journal [ 149.265398][ T6577] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.289130][ T8280] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 150.367521][ T8296] loop1: detected capacity change from 0 to 32768 [ 150.379889][ T8296] (syz.1.455,8296,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 150.860369][ T8296] (syz.1.455,8296,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 151.066919][ T8270] loop3: detected capacity change from 0 to 32768 [ 151.072825][ T8270] btrfs: Unknown parameter 'ref_verify' [ 151.074229][ T8296] debugfs: '9357E9D751824C228242B9B0D0FB6750' already exists in 'ocfs2' [ 151.077892][ T8296] JBD2: Ignoring recovery information on journal [ 151.109325][ T8296] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 151.275630][ T8299] loop4: detected capacity change from 0 to 4096 [ 151.335788][ T6582] ocfs2: Unmounting device (7,0) on (node local) [ 151.345431][ T6577] ocfs2: Unmounting device (7,1) on (node local) [ 151.395975][ T8299] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 152.284503][ T8308] loop1: detected capacity change from 0 to 1764 [ 152.561652][ T8328] loop1: detected capacity change from 0 to 1024 [ 152.573536][ T8327] netlink: 3 bytes leftover after parsing attributes in process `syz.0.466'. [ 152.602951][ T3782] hfsplus: b-tree write err: -5, ino 8 [ 152.648899][ T8299] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 152.699117][ T8331] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 152.741326][ T8339] netlink: 28 bytes leftover after parsing attributes in process `syz.1.471'. [ 152.741676][ T8339] random: crng reseeded on system resumption [ 152.771622][ T8339] hfsplus: Unknown parameter '0x0000000000000000' [ 153.003465][ T8346] IPVS: set_ctl: invalid protocol: 59 100.1.1.0:5 [ 153.378757][ T8351] overlay: ./file0 is not a directory [ 153.646233][ T8353] set_capacity_and_notify: 4 callbacks suppressed [ 153.646280][ T8353] loop0: detected capacity change from 0 to 256 [ 153.646697][ T8353] vfat: Unknown parameter 'nnonumtail' [ 154.778403][ T6168] Bluetooth: hci4: command tx timeout [ 155.866387][ T8375] loop1: detected capacity change from 0 to 32768 [ 155.938666][ T8386] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 155.938794][ T8386] x_tables: ip_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 155.998548][ T8384] loop0: detected capacity change from 0 to 32768 [ 156.000140][ T8384] btrfs: Deprecated parameter 'usebackuproot' [ 156.001512][ T8384] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 156.016661][ T8384] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.484 (8384) [ 156.024671][ T8384] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 156.024731][ T8384] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 156.051246][ T8377] loop4: detected capacity change from 0 to 32768 [ 156.053627][ T8377] btrfs: Unknown parameter 'GPL' [ 156.060919][ T8391] loop3: detected capacity change from 0 to 1024 [ 156.082515][ T8384] BTRFS info (device loop0): rebuilding free space tree [ 156.101296][ T8384] BTRFS info (device loop0): allowing degraded mounts [ 156.101338][ T8384] BTRFS info (device loop0): enabling ssd optimizations [ 156.101538][ T8384] BTRFS info (device loop0): turning on flush-on-commit [ 156.101557][ T8384] BTRFS info (device loop0): turning on sync discard [ 156.101572][ T8384] BTRFS info (device loop0): enabling free space tree [ 156.101582][ T8384] BTRFS info (device loop0): force clearing of disk cache [ 156.101592][ T8384] BTRFS info (device loop0): trying to use backup root at mount time [ 156.101599][ T8384] BTRFS info (device loop0): use lzo compression, level 1 [ 156.101606][ T8384] BTRFS info (device loop0): max_inline set to 0 [ 156.171056][ T8389] 9p: Bad value for 'rfdno' [ 156.185533][ T8391] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.450519][ T6580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.836333][ T8426] loop2: detected capacity change from 0 to 512 [ 157.731788][ T6582] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 158.720094][ T8418] loop1: detected capacity change from 0 to 32768 [ 158.889474][ T8418] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 158.959651][ T8418] XFS (loop1): Ending clean mount [ 158.987146][ T8418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.991950][ T8418] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.060981][ T8445] loop3: detected capacity change from 0 to 40427 [ 159.070322][ T8448] loop0: detected capacity change from 0 to 65536 [ 159.072253][ T8445] F2FS-fs (loop3): Image doesn't support compression [ 159.072285][ T8445] F2FS-fs (loop3): build fault injection rate: 690 [ 159.074920][ T8445] F2FS-fs (loop3): invalid crc value [ 159.109481][ T8445] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 159.113654][ T8445] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 159.122664][ T8448] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 159.133470][ T53] Bluetooth: hci2: command 0x0406 tx timeout [ 159.133511][ T53] Bluetooth: hci1: command 0x0406 tx timeout [ 159.133537][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 159.133565][ T6584] Bluetooth: hci0: command 0x0406 tx timeout [ 159.157476][ T8448] XFS (loop0): Ending clean mount [ 159.166820][ T8448] XFS (loop0): Quotacheck needed: Please wait. [ 159.182689][ T8448] XFS (loop0): Quotacheck: Done. [ 159.236514][ T8430] loop4: detected capacity change from 0 to 131072 [ 159.239840][ T8430] F2FS-fs (loop4): Segment count (31) mismatch with total segments from devices (0) [ 159.241689][ T8430] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 159.243722][ T8430] F2FS-fs (loop4): invalid crc value [ 159.277094][ T8430] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 159.282914][ T8430] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 159.282944][ T8430] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 159.436809][ T6582] XFS (loop0): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 159.517051][ T6577] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 159.789488][ T8490] loop0: detected capacity change from 0 to 512 [ 159.789866][ T8490] EXT4-fs: Ignoring removed nobh option [ 159.798915][ T8460] f2fs_gc-7:3: attempt to access beyond end of device [ 159.798915][ T8460] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 159.802731][ T8460] CPU: 0 UID: 0 PID: 8460 Comm: f2fs_gc-7:3 Not tainted syzkaller #0 PREEMPT [ 159.802746][ T8460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 159.802751][ T8460] Call trace: [ 159.802754][ T8460] show_stack+0x2c/0x3c (C) [ 159.802770][ T8460] __dump_stack+0x30/0x40 [ 159.802779][ T8460] dump_stack_lvl+0xd8/0x12c [ 159.802784][ T8460] dump_stack+0x1c/0x28 [ 159.802789][ T8460] f2fs_handle_critical_error+0x34c/0x4b8 [ 159.802798][ T8460] f2fs_stop_checkpoint+0x5c/0x70 [ 159.802804][ T8460] f2fs_write_end_io+0x770/0xa78 [ 159.802810][ T8460] bio_endio+0x8d4/0x910 [ 159.802817][ T8460] submit_bio_noacct+0xd44/0x186c [ 159.802822][ T8460] submit_bio+0x3b4/0x550 [ 159.802827][ T8460] f2fs_submit_write_bio+0x124/0x324 [ 159.802832][ T8460] __submit_merged_bio+0x224/0x6d4 [ 159.802836][ T8460] __submit_merged_write_cond+0x250/0x4ac [ 159.802841][ T8460] f2fs_write_data_pages+0x1dd4/0x2878 [ 159.802846][ T8460] do_writepages+0x270/0x468 [ 159.802854][ T8460] filemap_fdatawrite+0x14c/0x1f4 [ 159.802860][ T8460] f2fs_sync_dirty_inodes+0x2a0/0x788 [ 159.802874][ T8460] f2fs_write_checkpoint+0x708/0x1c28 [ 159.802881][ T8460] f2fs_gc+0x1898/0x1fdc [ 159.802888][ T8460] gc_thread_func+0xb20/0x2978 [ 159.802895][ T8460] kthread+0x5fc/0x75c [ 159.802901][ T8460] ret_from_fork+0x10/0x20 [ 159.824037][ T8460] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 160.061547][ T8490] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.075929][ T8497] netlink: 'syz.2.504': attribute type 10 has an invalid length. [ 160.076287][ T8497] bridge0: port 3(gretap0) entered disabled state [ 160.076381][ T8497] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.076515][ T8497] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.078129][ T8497] bridge0: port 3(gretap0) entered blocking state [ 160.078160][ T8497] bridge0: port 3(gretap0) entered forwarding state [ 160.078254][ T8497] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.078289][ T8497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.078348][ T8497] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.078387][ T8497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.079474][ T8497] team0: Port device bridge0 added [ 160.136464][ T8499] FAULT_INJECTION: forcing a failure. [ 160.136464][ T8499] name failslab, interval 1, probability 0, space 0, times 0 [ 160.136580][ T8499] CPU: 1 UID: 0 PID: 8499 Comm: syz.2.506 Not tainted syzkaller #0 PREEMPT [ 160.136593][ T8499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 160.136599][ T8499] Call trace: [ 160.136602][ T8499] show_stack+0x2c/0x3c (C) [ 160.136616][ T8499] __dump_stack+0x30/0x40 [ 160.136623][ T8499] dump_stack_lvl+0xd8/0x12c [ 160.136629][ T8499] dump_stack+0x1c/0x28 [ 160.136634][ T8499] should_fail_ex+0x41c/0x594 [ 160.136641][ T8499] should_failslab+0xc0/0x128 [ 160.136648][ T8499] kmem_cache_alloc_noprof+0x90/0x680 [ 160.136653][ T8499] skb_clone+0x1b4/0x328 [ 160.136660][ T8499] __netlink_deliver_tap+0x36c/0x708 [ 160.136668][ T8499] netlink_deliver_tap+0x1ac/0x1b0 [ 160.136674][ T8499] netlink_unicast+0x660/0x8c4 [ 160.136680][ T8499] netlink_sendmsg+0x648/0x930 [ 160.136686][ T8499] ____sys_sendmsg+0x490/0x7c4 [ 160.136691][ T8499] ___sys_sendmsg+0x204/0x278 [ 160.136696][ T8499] __arm64_sys_sendmsg+0x184/0x238 [ 160.136701][ T8499] invoke_syscall+0x98/0x254 [ 160.136707][ T8499] el0_svc_common+0xe8/0x23c [ 160.136712][ T8499] do_el0_svc+0x48/0x58 [ 160.136717][ T8499] el0_svc+0x5c/0x26c [ 160.136724][ T8499] el0t_64_sync_handler+0x84/0x12c [ 160.136729][ T8499] el0t_64_sync+0x198/0x19c [ 160.136744][ T8499] netlink: 32 bytes leftover after parsing attributes in process `syz.2.506'. [ 160.294025][ T8477] loop4: detected capacity change from 0 to 65536 [ 160.305172][ T6582] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.322711][ T8477] XFS (loop4): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 161.368889][ T8477] XFS (loop4): Ending clean mount [ 162.192631][ T8527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.511'. [ 162.248282][ T8530] loop2: detected capacity change from 0 to 1024 [ 162.258266][ T6581] XFS (loop4): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 162.302849][ T8530] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 162.416086][ T8538] loop3: detected capacity change from 0 to 8 [ 162.421275][ T8538] SQUASHFS error: lzo decompression failed, data probably corrupt [ 162.421953][ T8538] SQUASHFS error: Failed to read block 0x91: -5 [ 162.421978][ T8538] SQUASHFS error: Unable to read metadata cache entry [8f] [ 162.421998][ T8538] SQUASHFS error: Unable to read inode 0x11f [ 162.445010][ T6576] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.491551][ T8541] loop3: detected capacity change from 0 to 512 [ 162.491895][ T8541] EXT4-fs: Ignoring removed nobh option [ 163.546593][ T8541] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.547092][ T8541] FAULT_INJECTION: forcing a failure. [ 163.547092][ T8541] name failslab, interval 1, probability 0, space 0, times 0 [ 163.547119][ T8541] CPU: 0 UID: 0 PID: 8541 Comm: syz.3.518 Not tainted syzkaller #0 PREEMPT [ 163.547129][ T8541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 163.547134][ T8541] Call trace: [ 163.547137][ T8541] show_stack+0x2c/0x3c (C) [ 163.547153][ T8541] __dump_stack+0x30/0x40 [ 163.547160][ T8541] dump_stack_lvl+0xd8/0x12c [ 163.547166][ T8541] dump_stack+0x1c/0x28 [ 163.547171][ T8541] should_fail_ex+0x41c/0x594 [ 163.547177][ T8541] should_failslab+0xc0/0x128 [ 163.547185][ T8541] kmem_cache_alloc_noprof+0x90/0x680 [ 163.547190][ T8541] getname_kernel+0x68/0x2b8 [ 163.547196][ T8541] kern_path+0x2c/0x6c [ 163.547201][ T8541] lookup_bdev+0xbc/0x244 [ 163.547208][ T8541] __arm64_sys_quotactl+0x248/0xb34 [ 163.547213][ T8541] invoke_syscall+0x98/0x254 [ 163.547219][ T8541] el0_svc_common+0xe8/0x23c [ 163.547224][ T8541] do_el0_svc+0x48/0x58 [ 163.547229][ T8541] el0_svc+0x5c/0x26c [ 163.547236][ T8541] el0t_64_sync_handler+0x84/0x12c [ 163.547242][ T8541] el0t_64_sync+0x198/0x19c [ 163.582243][ T6580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.627319][ T8555] netlink: 92 bytes leftover after parsing attributes in process `syz.1.519'. [ 163.671430][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.521'. [ 164.800050][ T8577] netlink: 52 bytes leftover after parsing attributes in process `syz.4.527'. [ 165.722039][ T8581] loop4: detected capacity change from 0 to 4096 [ 165.744030][ T8581] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 165.891485][ T8581] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 167.074636][ T8614] loop3: detected capacity change from 0 to 1024 [ 167.526157][ T8606] loop2: detected capacity change from 0 to 32768 [ 167.608383][ T8613] No such timeout policy "syz1" [ 168.083738][ T8606] (syz.2.533,8606,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 168.086643][ T8606] (syz.2.533,8606,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 168.533654][ T8606] JBD2: Ignoring recovery information on journal [ 169.233976][ T8606] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 169.547079][ T8630] loop4: detected capacity change from 0 to 64 [ 169.547969][ T8630] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 169.583050][ T6576] ocfs2: Unmounting device (7,2) on (node local) [ 169.671098][ T8628] loop0: detected capacity change from 0 to 32768 [ 169.707354][ T8628] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 169.711726][ T6581] minix_free_inode: bit 3 already cleared [ 169.714177][ T6581] minix_free_inode: bit 4 already cleared [ 169.715908][ T6581] minix_free_inode: bit 2 already cleared [ 169.721372][ T6581] minix_free_inode: bit 5 already cleared [ 169.733815][ T8628] XFS (loop0): Ending clean mount [ 169.810324][ T8632] loop1: detected capacity change from 0 to 32768 [ 169.840077][ T6582] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 169.882476][ T8632] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 169.911944][ T8632] XFS (loop1): Ending clean mount [ 169.919834][ T8632] XFS (loop1): Quotacheck needed: Please wait. [ 169.949240][ T8661] loop4: detected capacity change from 0 to 1024 [ 169.960949][ T8632] XFS (loop1): Quotacheck: Done. [ 170.081652][ T8661] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 170.087171][ T8666] loop2: detected capacity change from 0 to 4096 [ 170.101737][ T8666] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 170.185520][ T6581] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.533131][ T6646] IPVS: starting estimator thread 0... [ 170.704368][ T8677] IPVS: using max 70 ests per chain, 168000 per kthread [ 170.847844][ T8665] ntfs3(loop2): ino=1e, "file1" attr_set_size [ 170.847884][ T8665] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 170.847918][ T8665] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 171.324296][ T488] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22. [ 172.671200][ T8695] loop2: detected capacity change from 0 to 512 [ 172.671623][ T8695] EXT4-fs: Ignoring removed nobh option [ 172.742926][ T8695] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.807405][ T8702] loop0: detected capacity change from 0 to 512 [ 172.807759][ T8702] EXT4-fs: Ignoring removed nobh option [ 172.835299][ T8702] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.927806][ T8707] loop3: detected capacity change from 0 to 512 [ 173.084827][ T6576] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.174618][ T6582] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.537647][ T8703] loop4: detected capacity change from 0 to 32768 [ 173.542703][ T8714] loop2: detected capacity change from 0 to 512 [ 173.549812][ T8703] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 173.562035][ T8703] XFS (loop4): Ending clean mount [ 173.617573][ T6581] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 174.973622][ T8737] loop2: detected capacity change from 0 to 512 [ 174.975261][ T8737] EXT4-fs: Ignoring removed nobh option [ 175.066148][ T8737] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.114004][ T6576] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.131719][ T8756] loop2: detected capacity change from 0 to 256 [ 176.132415][ T8756] exfat: Deprecated parameter 'utf8' [ 176.132429][ T8756] exfat: Deprecated parameter 'utf8' [ 176.132440][ T8756] exfat: Deprecated parameter 'utf8' [ 176.142439][ T8756] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x18acc8d3, utbl_chksum : 0xe619d30d) [ 176.871439][ T8756] exFAT-fs (loop2): IO charset iso8859ÿ not found [ 177.049650][ T8764] loop2: detected capacity change from 0 to 512 [ 177.285228][ T8772] loop0: detected capacity change from 0 to 512 [ 177.285629][ T8772] EXT4-fs: Ignoring removed nobh option [ 177.308211][ T8772] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.359383][ T8758] loop3: detected capacity change from 0 to 40427 [ 177.371592][ T8758] F2FS-fs (loop3): build fault injection rate: 174 [ 177.373941][ T6582] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.375514][ T8758] F2FS-fs (loop3): build fault injection type: 0x3bfe8c [ 177.377448][ T8758] F2FS-fs (loop3): invalid crc value [ 177.407795][ T8758] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 177.670129][ T8758] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 177.681643][ T8758] syz.3.573: attempt to access beyond end of device [ 177.681643][ T8758] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 177.687697][ T8758] FAULT_INJECTION: forcing a failure. [ 177.687697][ T8758] name failslab, interval 1, probability 0, space 0, times 0 [ 177.692034][ T8758] CPU: 0 UID: 0 PID: 8758 Comm: syz.3.573 Tainted: G L syzkaller #0 PREEMPT [ 177.692070][ T8758] Tainted: [L]=SOFTLOCKUP [ 177.692078][ T8758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 177.692093][ T8758] Call trace: [ 177.692100][ T8758] show_stack+0x2c/0x3c (C) [ 177.692121][ T8758] __dump_stack+0x30/0x40 [ 177.692132][ T8758] dump_stack_lvl+0xd8/0x12c [ 177.692141][ T8758] dump_stack+0x1c/0x28 [ 177.692150][ T8758] should_fail_ex+0x41c/0x594 [ 177.692158][ T8758] should_failslab+0xc0/0x128 [ 177.692166][ T8758] kmem_cache_alloc_lru_noprof+0x94/0x684 [ 177.692172][ T8758] sock_alloc_inode+0x2c/0xcc [ 177.692179][ T8758] alloc_inode+0x68/0x19c [ 177.692186][ T8758] __sock_create+0x138/0x910 [ 177.692190][ T8758] __sys_socketpair+0x2a0/0x62c [ 177.692195][ T8758] __arm64_sys_socketpair+0x9c/0xb8 [ 177.692200][ T8758] invoke_syscall+0x98/0x254 [ 177.692206][ T8758] el0_svc_common+0xe8/0x23c [ 177.692211][ T8758] do_el0_svc+0x48/0x58 [ 177.692216][ T8758] el0_svc+0x5c/0x26c [ 177.692223][ T8758] el0t_64_sync_handler+0x84/0x12c [ 177.692228][ T8758] el0t_64_sync+0x198/0x19c [ 177.712324][ T8758] socket: no more sockets [ 177.735727][ T6580] syz-executor: attempt to access beyond end of device [ 177.735727][ T6580] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 177.735788][ T6580] CPU: 1 UID: 0 PID: 6580 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT [ 177.735808][ T6580] Tainted: [L]=SOFTLOCKUP [ 177.735813][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 177.735818][ T6580] Call trace: [ 177.735821][ T6580] show_stack+0x2c/0x3c (C) [ 177.735840][ T6580] __dump_stack+0x30/0x40 [ 177.735847][ T6580] dump_stack_lvl+0xd8/0x12c [ 177.735853][ T6580] dump_stack+0x1c/0x28 [ 177.735858][ T6580] f2fs_handle_critical_error+0x34c/0x4b8 [ 177.735867][ T6580] f2fs_stop_checkpoint+0x5c/0x70 [ 177.735873][ T6580] f2fs_write_end_io+0x770/0xa78 [ 177.735884][ T6580] bio_endio+0x8d4/0x910 [ 177.735892][ T6580] submit_bio_noacct+0xd44/0x186c [ 177.735899][ T6580] submit_bio+0x3b4/0x550 [ 177.735904][ T6580] f2fs_submit_write_bio+0x124/0x324 [ 177.735909][ T6580] __submit_merged_bio+0x224/0x6d4 [ 177.735914][ T6580] __submit_merged_write_cond+0x250/0x4ac [ 177.735918][ T6580] f2fs_write_data_pages+0x1dd4/0x2878 [ 177.735923][ T6580] do_writepages+0x270/0x468 [ 177.735931][ T6580] filemap_fdatawrite+0x14c/0x1f4 [ 177.735938][ T6580] f2fs_sync_dirty_inodes+0x2a0/0x788 [ 177.735944][ T6580] f2fs_write_checkpoint+0x708/0x1c28 [ 177.735950][ T6580] kill_f2fs_super+0x230/0x580 [ 177.735955][ T6580] deactivate_locked_super+0xc4/0x12c [ 177.735962][ T6580] deactivate_super+0xe0/0x100 [ 177.735967][ T6580] cleanup_mnt+0x31c/0x3ac [ 177.735974][ T6580] __cleanup_mnt+0x20/0x30 [ 177.735980][ T6580] task_work_run+0x1dc/0x260 [ 177.735988][ T6580] exit_to_user_mode_loop+0x10c/0x18c [ 177.735993][ T6580] el0_svc+0x17c/0x26c [ 177.736000][ T6580] el0t_64_sync_handler+0x84/0x12c [ 177.736006][ T6580] el0t_64_sync+0x198/0x19c [ 177.736013][ T6580] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 179.219948][ T8823] FAULT_INJECTION: forcing a failure. [ 179.219948][ T8823] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.219986][ T8823] CPU: 1 UID: 0 PID: 8823 Comm: syz.3.581 Tainted: G L syzkaller #0 PREEMPT [ 179.219997][ T8823] Tainted: [L]=SOFTLOCKUP [ 179.220000][ T8823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 179.220005][ T8823] Call trace: [ 179.220009][ T8823] show_stack+0x2c/0x3c (C) [ 179.220024][ T8823] __dump_stack+0x30/0x40 [ 179.220031][ T8823] dump_stack_lvl+0xd8/0x12c [ 179.220036][ T8823] dump_stack+0x1c/0x28 [ 179.220042][ T8823] should_fail_ex+0x41c/0x594 [ 179.220048][ T8823] should_fail+0x14/0x24 [ 179.220053][ T8823] should_fail_usercopy+0x20/0x30 [ 179.220058][ T8823] _inline_copy_from_user+0x40/0x180 [ 179.220065][ T8823] __sys_bpf+0x188/0x638 [ 179.220069][ T8823] __arm64_sys_bpf+0x80/0x98 [ 179.220074][ T8823] invoke_syscall+0x98/0x254 [ 179.220080][ T8823] el0_svc_common+0xe8/0x23c [ 179.220085][ T8823] do_el0_svc+0x48/0x58 [ 179.220090][ T8823] el0_svc+0x5c/0x26c [ 179.220097][ T8823] el0t_64_sync_handler+0x84/0x12c [ 179.220102][ T8823] el0t_64_sync+0x198/0x19c [ 179.226501][ T8818] syzkaller0: entered promiscuous mode [ 179.226518][ T8818] syzkaller0: entered allmulticast mode [ 179.460797][ T8832] netlink: 4 bytes leftover after parsing attributes in process `syz.4.597'. [ 179.759480][ T6577] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 180.830084][ T8828] vlan2: entered promiscuous mode [ 180.830173][ T8828] vlan2: entered allmulticast mode [ 180.830197][ T8828] hsr_slave_1: entered allmulticast mode [ 181.146378][ T8865] 9pnet_virtio: no channels available for device syz [ 181.282594][ T8871] input: syz1 as /devices/virtual/input/input4 [ 181.445532][ T8874] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 181.450077][ T8874] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 182.603136][ T8893] syzkaller0: entered promiscuous mode [ 182.603174][ T8893] syzkaller0: entered allmulticast mode [ 182.892433][ T8906] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 182.892475][ T8906] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 182.892500][ T8906] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 183.117053][ T8924] faux_driver vkms: [drm] Unknown color mode 1194; guessing buffer size. [ 183.616610][ T8929] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 183.616635][ T8929] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 183.620816][ T8930] random: crng reseeded on system resumption [ 183.637027][ T8929] vhci_hcd vhci_hcd.0: Device attached [ 183.917493][ T24] usb 5-1: SetAddress Request (2) to port 0 [ 183.918806][ T24] usb 5-1: new SuperSpeed USB device number 2 using vhci_hcd [ 184.009339][ T8931] vhci_hcd: connection reset by peer [ 184.034228][ T4122] vhci_hcd vhci_hcd.1: stop threads [ 184.035221][ T4122] vhci_hcd vhci_hcd.1: release socket [ 184.037061][ T4122] vhci_hcd vhci_hcd.1: disconnect device [ 184.641085][ T6586] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 184.648017][ T6586] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 184.648613][ T6586] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 184.649214][ T6586] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 184.650595][ T182] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.650613][ T182] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 184.651380][ T6586] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 184.787459][ T182] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.787501][ T182] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 184.905373][ T182] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.905411][ T182] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 185.006290][ T182] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.006335][ T182] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 185.234980][ T8961] chnl_net:caif_netlink_parms(): no params data found [ 185.285575][ T8987] tipc: Enabled bearer , priority 0 [ 185.285894][ T8987] syzkaller0: entered promiscuous mode [ 185.285906][ T8987] syzkaller0: entered allmulticast mode [ 185.334366][ T182] gretap0: left allmulticast mode [ 185.334401][ T182] gretap0: left promiscuous mode [ 185.335799][ T182] bridge0: port 3(gretap0) entered disabled state [ 185.341618][ T182] bridge_slave_1: left allmulticast mode [ 185.341655][ T182] bridge_slave_1: left promiscuous mode [ 185.341726][ T182] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.353429][ T182] bridge_slave_0: left allmulticast mode [ 185.353459][ T182] bridge_slave_0: left promiscuous mode [ 185.353550][ T182] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.423973][ T9005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.424209][ T9005] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.564352][ T182] bond1 (unregistering): (slave geneve2): Releasing backup interface [ 185.660432][ T182] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 185.674011][ T182] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 185.703602][ T182] bond0 (unregistering): Released all slaves [ 185.706612][ T182] bond1 (unregistering): Released all slaves [ 185.717753][ T8998] tipc: Resetting bearer [ 185.733218][ T8985] tipc: Resetting bearer [ 185.755078][ T8985] tipc: Disabling bearer [ 185.776605][ T8961] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.778015][ T8961] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.779449][ T8961] bridge_slave_0: entered allmulticast mode [ 185.779936][ T8961] bridge_slave_0: entered promiscuous mode [ 185.780759][ T8961] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.780782][ T8961] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.780840][ T8961] bridge_slave_1: entered allmulticast mode [ 185.781238][ T8961] bridge_slave_1: entered promiscuous mode [ 185.824149][ T8961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.831164][ T8961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.833475][ T182] tipc: Left network mode [ 185.848554][ T8961] team0: Port device team_slave_0 added [ 185.851664][ T8961] team0: Port device team_slave_1 added [ 185.882404][ T8961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.883614][ T8961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 185.887883][ T8961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.890405][ T8961] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.891802][ T8961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 185.896196][ T8961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 185.907670][ T8961] hsr_slave_0: entered promiscuous mode [ 185.909080][ T8961] hsr_slave_1: entered promiscuous mode [ 185.910486][ T8961] debugfs: 'hsr0' already exists in 'hsr' [ 185.911577][ T8961] Cannot create hsr debugfs directory [ 186.823220][ T6579] Bluetooth: hci2: command tx timeout [ 187.243662][ T6586] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 187.374208][ T2468] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.374258][ T2468] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.396752][ T8961] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 187.731908][ T8961] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 187.758781][ T8961] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 187.770228][ T8961] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 187.794761][ T182] hsr_slave_0: left promiscuous mode [ 187.795768][ T182] hsr_slave_1: left promiscuous mode [ 187.796760][ T182] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 187.796972][ T182] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 187.798642][ T182] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 187.798653][ T182] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 187.828311][ T182] veth1_macvtap: left promiscuous mode [ 187.829540][ T182] veth0_macvtap: left promiscuous mode [ 187.829620][ T182] veth1_vlan: left promiscuous mode [ 187.829677][ T182] veth0_vlan: left promiscuous mode [ 188.404026][ T9070] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 188.980772][ T6586] Bluetooth: hci2: command tx timeout [ 188.986480][ T24] usb 5-1: device descriptor read/8, error -110 [ 189.166352][ T182] team0 (unregistering): Port device team_slave_1 removed [ 189.218264][ T182] team0 (unregistering): Port device team_slave_0 removed [ 189.373964][ T24] usb usb5-port1: attempt power cycle [ 189.409213][ T9062] syzkaller0: entered promiscuous mode [ 189.409247][ T9062] syzkaller0: entered allmulticast mode [ 189.956448][ T24] usb usb5-port1: unable to enumerate USB device [ 190.068035][ T8961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.124645][ T8961] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.148806][ T6019] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.148861][ T6019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.880734][ T9163] syzkaller0: entered promiscuous mode [ 190.880768][ T9163] syzkaller0: entered allmulticast mode [ 190.888641][ T9169] netlink: 20 bytes leftover after parsing attributes in process `syz.0.692'. [ 190.911366][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.911413][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.941582][ T8961] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 190.943743][ T8961] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.026347][ T8961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.073598][ T6586] Bluetooth: hci2: command tx timeout [ 191.080774][ T9180] netlink: 'syz.4.695': attribute type 12 has an invalid length. [ 191.214100][ T31] audit: type=1326 audit(191.190:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.214148][ T31] audit: type=1326 audit(191.190:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.223958][ T31] audit: type=1326 audit(191.200:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.227616][ T31] audit: type=1326 audit(191.200:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.242917][ T31] audit: type=1326 audit(191.200:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.243101][ T31] audit: type=1326 audit(191.200:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=169 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.243132][ T31] audit: type=1326 audit(191.200:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.243153][ T31] audit: type=1326 audit(191.200:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.243167][ T31] audit: type=1326 audit(191.200:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.243180][ T31] audit: type=1326 audit(191.200:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9200 comm="syz.4.699" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=261 compat=0 ip=0xffffa9575928 code=0x7ffc0000 [ 191.274190][ T8961] veth0_vlan: entered promiscuous mode [ 191.279425][ T8961] veth1_vlan: entered promiscuous mode [ 191.290096][ T8961] veth0_macvtap: entered promiscuous mode [ 191.294828][ T8961] veth1_macvtap: entered promiscuous mode [ 191.299628][ T8961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.308855][ T8961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.320079][ T8432] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.320126][ T8432] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.320143][ T8432] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.320155][ T8432] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.357958][ T9211] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 191.460093][ T8432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.460127][ T8432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.477132][ T5627] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.477169][ T5627] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.424914][ T9268] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 192.498443][ T9276] netlink: 96 bytes leftover after parsing attributes in process `syz.4.723'. [ 192.660821][ T9286] syzkaller0: entered promiscuous mode [ 192.660854][ T9286] syzkaller0: entered allmulticast mode [ 192.753166][ T6698] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 192.912258][ T6698] usb 1-1: Using ep0 maxpacket: 16 [ 192.917847][ T6698] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 192.922590][ T6698] usb 1-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 192.922624][ T6698] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.923892][ T6698] usb 1-1: Product: syz [ 192.923908][ T6698] usb 1-1: Manufacturer: syz [ 192.923923][ T6698] usb 1-1: SerialNumber: syz [ 192.937821][ T6698] usb 1-1: config 0 descriptor?? [ 192.954728][ T6698] hub 1-1:0.0: bad descriptor, ignoring hub [ 192.954769][ T6698] hub 1-1:0.0: probe with driver hub failed with error -5 [ 192.960597][ T6698] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 193.132216][ T6586] Bluetooth: hci2: command tx timeout [ 194.120453][ T9316] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 194.127863][ T9316] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 194.266027][ T6698] usb 1-1: USB disconnect, device number 2 [ 194.368311][ T9328] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 194.368359][ T9328] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 194.422677][ T9332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.422914][ T9332] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.466825][ T9336] netlink: 32 bytes leftover after parsing attributes in process `syz.2.745'. [ 196.059911][ T9353] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 196.065457][ T9355] gretap0: left allmulticast mode [ 196.065484][ T9355] gretap0: left promiscuous mode [ 196.065558][ T9355] bridge0: port 3(gretap0) entered disabled state [ 196.080600][ T9355] bridge_slave_0: left allmulticast mode [ 196.080633][ T9355] bridge_slave_0: left promiscuous mode [ 196.080707][ T9355] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.086212][ T9355] bridge_slave_1: left allmulticast mode [ 196.086234][ T9355] bridge_slave_1: left promiscuous mode [ 196.086297][ T9355] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.093499][ T9355] bond0: (slave bond_slave_0): Releasing backup interface [ 196.134143][ T9355] bond0: (slave bond_slave_1): Releasing backup interface [ 196.181983][ T9355] team0: Port device team_slave_0 removed [ 196.183636][ T9367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.183783][ T9367] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.190522][ T9355] team0: Port device team_slave_1 removed [ 196.190842][ T9355] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.190865][ T9355] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.197517][ T9355] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.197543][ T9355] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.200856][ T9355] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 196.243798][ T9369] syzkaller0: entered promiscuous mode [ 196.243838][ T9369] syzkaller0: entered allmulticast mode [ 196.550037][ T9372] qnx6: unable to read the first superblock [ 196.552643][ T9373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.754'. [ 196.665050][ T6583] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 196.824771][ T6583] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 196.826755][ T6583] usb 1-1: config 0 has no interfaces? [ 196.827968][ T6583] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 196.829894][ T6583] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.834806][ T6583] usb 1-1: config 0 descriptor?? [ 196.986386][ T9402] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.986784][ T9402] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.045609][ T9357] usb 1-1: USB disconnect, device number 3 [ 197.098054][ T9411] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 197.098070][ T9411] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 197.101710][ T9411] vhci_hcd vhci_hcd.0: Device attached [ 197.372799][ T6698] usb 7-1: SetAddress Request (2) to port 0 [ 197.374053][ T6698] usb 7-1: new SuperSpeed USB device number 2 using vhci_hcd [ 197.751472][ T9412] vhci_hcd: connection reset by peer [ 197.754384][ T13] vhci_hcd vhci_hcd.2: stop threads [ 197.755491][ T13] vhci_hcd vhci_hcd.2: release socket [ 197.757070][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 197.874115][ T9437] syzkaller0: entered promiscuous mode [ 197.876522][ T9437] syzkaller0: entered allmulticast mode [ 198.091850][ T9450] netlink: 8 bytes leftover after parsing attributes in process `syz.4.790'. [ 198.183047][ T9450] IPv6: NLM_F_CREATE should be specified when creating new route [ 198.183186][ T9450] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 198.183193][ T9450] IPv6: NLM_F_CREATE should be set when creating new route [ 198.183255][ T9450] IPv6: NLM_F_CREATE should be set when creating new route [ 199.733067][ T9454] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 199.733096][ T9454] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 199.811071][ T31] kauditd_printk_skb: 411 callbacks suppressed [ 199.811296][ T31] audit: type=1326 audit(199.780:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.820120][ T31] audit: type=1326 audit(199.790:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.820598][ T31] audit: type=1326 audit(199.790:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.827461][ T31] audit: type=1326 audit(199.800:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.827757][ T31] audit: type=1326 audit(199.800:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.827919][ T31] audit: type=1326 audit(199.800:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.828581][ T31] audit: type=1326 audit(199.800:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.828750][ T31] audit: type=1326 audit(199.800:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.828829][ T31] audit: type=1326 audit(199.800:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=203 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.828969][ T31] audit: type=1326 audit(199.800:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.5.796" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fd75928 code=0x7ffc0000 [ 199.920127][ T9488] set_capacity_and_notify: 1 callbacks suppressed [ 199.920178][ T9488] loop2: detected capacity change from 0 to 7 [ 199.921199][ T7081] Dev loop2: unable to read RDB block 7 [ 199.921214][ T7081] loop2: unable to read partition table [ 199.921265][ T7081] loop2: partition table beyond EOD, truncated [ 199.927939][ T9488] Dev loop2: unable to read RDB block 7 [ 199.927976][ T9488] loop2: unable to read partition table [ 199.928035][ T9488] loop2: partition table beyond EOD, truncated [ 199.928044][ T9488] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 199.966625][ T9494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.966818][ T9494] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.990650][ T9496] syzkaller0: entered promiscuous mode [ 199.991732][ T9496] syzkaller0: entered allmulticast mode [ 200.193112][ T9503] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 200.193192][ T9503] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 200.878798][ T9504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.880549][ T9504] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.372306][ T6646] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 201.523261][ T6646] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 201.525192][ T6646] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.525223][ T6646] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.525237][ T6646] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 201.530984][ T6646] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 201.531021][ T6646] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 201.531036][ T6646] usb 1-1: Manufacturer: syz [ 201.533516][ T6646] usb 1-1: config 0 descriptor?? [ 202.412347][ T6698] usb 7-1: device descriptor read/8, error -110 [ 202.716607][ T6646] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 202.728124][ T6646] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 202.795660][ T6583] usb 1-1: USB disconnect, device number 4 [ 202.807721][ T9542] fido_id[9542]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:05AC:8243.0001/report_descriptor': No such device [ 202.810737][ T6698] usb usb7-port1: attempt power cycle [ 203.060618][ T9555] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 203.060642][ T9555] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 203.060744][ T9555] vhci_hcd vhci_hcd.0: Device attached [ 203.065336][ T9555] random: crng reseeded on system resumption [ 203.322297][ T6692] usb 11-1: SetAddress Request (2) to port 0 [ 203.323468][ T6692] usb 11-1: new SuperSpeed USB device number 2 using vhci_hcd [ 203.378821][ T9548] syzkaller0: entered promiscuous mode [ 203.378860][ T9548] syzkaller0: entered allmulticast mode [ 203.695472][ T6698] usb usb7-port1: unable to enumerate USB device [ 204.366339][ T9556] vhci_hcd: connection reset by peer [ 204.367621][ T1563] vhci_hcd vhci_hcd.4: stop threads [ 204.368638][ T1563] vhci_hcd vhci_hcd.4: release socket [ 204.369642][ T1563] vhci_hcd vhci_hcd.4: disconnect device [ 205.533374][ T9626] syzkaller0: entered promiscuous mode [ 205.533408][ T9626] syzkaller0: entered allmulticast mode [ 207.222297][ T9678] syzkaller0: entered promiscuous mode [ 207.223197][ T9678] syzkaller0: entered allmulticast mode [ 207.285761][ T9703] syzkaller0: entered promiscuous mode [ 207.285805][ T9703] syzkaller0: entered allmulticast mode [ 207.449045][ T9728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.855'. [ 207.509064][ T9736] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.511336][ T9736] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.559993][ T9739] vlan2: entered promiscuous mode [ 207.561050][ T9739] vlan2: entered allmulticast mode [ 207.561895][ T9739] hsr_slave_1: entered allmulticast mode [ 207.597250][ T9743] netlink: 212924 bytes leftover after parsing attributes in process `syz.2.862'. [ 208.011760][ T9755] syzkaller0: entered promiscuous mode [ 208.013752][ T9755] syzkaller0: entered allmulticast mode [ 208.098407][ T9757] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 208.173345][ T6586] Bluetooth: hci3: unexpected event for opcode 0x0c03 [ 208.326025][ T9779] syzkaller0: entered promiscuous mode [ 208.326067][ T9779] syzkaller0: entered allmulticast mode [ 208.412239][ T6692] usb 11-1: device descriptor read/8, error -110 [ 208.617188][ T9801] netlink: 'syz.2.888': attribute type 11 has an invalid length. [ 208.617223][ T9801] netlink: 224 bytes leftover after parsing attributes in process `syz.2.888'. [ 208.709504][ T9811] syzkaller0: entered promiscuous mode [ 208.709537][ T9811] syzkaller0: entered allmulticast mode [ 208.823413][ T6692] usb usb11-port1: attempt power cycle [ 208.996109][ T9845] netlink: 24 bytes leftover after parsing attributes in process `syz.1.908'. [ 209.068068][ T9853] netlink: 'syz.5.913': attribute type 1 has an invalid length. [ 209.088792][ T9853] 8021q: adding VLAN 0 to HW filter on device bond1 [ 209.117805][ T9853] bond1: (slave gretap1): making interface the new active one [ 209.120174][ T9853] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 210.256146][ T6692] usb usb11-port1: unable to enumerate USB device [ 210.445332][ T9917] syzkaller0: entered promiscuous mode [ 210.446391][ T9917] syzkaller0: entered allmulticast mode [ 210.826921][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.5.951'. [ 211.900336][ T9976] netlink: 8 bytes leftover after parsing attributes in process `syz.2.963'. [ 211.942522][ T9978] syzkaller0: entered promiscuous mode [ 211.942553][ T9978] syzkaller0: entered allmulticast mode [ 212.021394][ T9990] netlink: 'syz.2.969': attribute type 4 has an invalid length. [ 212.046203][ T9990] netlink: 'syz.2.969': attribute type 4 has an invalid length. [ 212.177860][T10010] syzkaller0: entered promiscuous mode [ 212.177901][T10010] syzkaller0: entered allmulticast mode [ 212.226849][T10017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.980'. [ 212.399515][T10038] syzkaller1: entered promiscuous mode [ 212.399552][T10038] syzkaller1: entered allmulticast mode [ 212.473617][T10043] netlink: 'syz.5.994': attribute type 11 has an invalid length. [ 212.476996][T10043] netlink: 224 bytes leftover after parsing attributes in process `syz.5.994'. [ 212.565224][T10055] netlink: 8 bytes leftover after parsing attributes in process `syz.1.998'. [ 212.676952][T10071] syzkaller0: entered promiscuous mode [ 212.676988][T10071] syzkaller0: entered allmulticast mode [ 212.754242][T10078] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 213.434522][T10095] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1017'. [ 213.462318][T10099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.465256][T10099] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.476142][T10098] syzkaller0: entered promiscuous mode [ 213.476179][T10098] syzkaller0: entered allmulticast mode [ 213.677757][T10099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.678014][T10099] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.899868][T10099] netlink: 'syz.1.1019': attribute type 11 has an invalid length. [ 213.902030][T10099] mmap: syz.1.1019 (10099) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 213.941707][T10132] syzkaller0: entered promiscuous mode [ 213.942929][T10132] syzkaller0: entered allmulticast mode [ 213.969528][T10134] syzkaller0: entered promiscuous mode [ 213.969556][T10134] syzkaller0: entered allmulticast mode [ 214.968882][T10166] syzkaller0: entered promiscuous mode [ 214.969912][T10166] syzkaller0: entered allmulticast mode [ 214.979419][T10186] syzkaller0: entered promiscuous mode [ 214.979452][T10186] syzkaller0: entered allmulticast mode [ 215.892458][T10224] syzkaller0: entered promiscuous mode [ 215.893458][T10224] syzkaller0: entered allmulticast mode [ 215.897371][T10224] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1058'. [ 215.905346][T10226] syzkaller0: entered promiscuous mode [ 215.905386][T10226] syzkaller0: entered allmulticast mode [ 215.926101][ T6586] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 216.100322][ T6586] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 216.109972][T10251] syzkaller0: entered promiscuous mode [ 216.109997][T10251] syzkaller0: entered allmulticast mode [ 216.139471][T10256] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1074'. [ 216.850576][T10263] syzkaller0: entered promiscuous mode [ 216.850680][T10263] syzkaller0: entered allmulticast mode [ 216.851543][T10268] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1075'. [ 216.851886][T10274] syzkaller0: entered promiscuous mode [ 216.851897][T10274] syzkaller0: entered allmulticast mode [ 216.944941][T10282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.946739][T10282] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.997187][T10287] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1081'. [ 217.077410][T10295] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1086'. [ 217.901776][T10322] syzkaller0: entered promiscuous mode [ 217.901807][T10322] syzkaller0: entered allmulticast mode [ 218.002644][T10341] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1098'. [ 218.724035][T10366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.730257][T10366] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.388416][T10375] syzkaller0: entered promiscuous mode [ 219.391075][T10375] syzkaller0: entered allmulticast mode [ 219.393750][T10378] syzkaller0: entered promiscuous mode [ 219.394729][T10378] syzkaller0: entered allmulticast mode [ 219.397687][T10385] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1104'. [ 219.583837][T10412] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1112'. [ 220.000602][T10435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.001616][T10435] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.298224][T10439] syzkaller0: entered promiscuous mode [ 220.298254][T10439] syzkaller0: entered allmulticast mode [ 220.328755][T10442] loop2: detected capacity change from 0 to 7 [ 220.330482][T10442] Dev loop2: unable to read RDB block 7 [ 220.333314][T10442] loop2: unable to read partition table [ 220.334760][T10442] loop2: partition table beyond EOD, truncated [ 220.336277][T10442] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 220.403921][T10443] syzkaller0: entered promiscuous mode [ 220.403967][T10443] syzkaller0: entered allmulticast mode [ 220.407035][T10443] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1120'. [ 220.534119][T10463] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1130'. [ 220.597071][T10469] syzkaller0: entered promiscuous mode [ 220.598062][T10469] syzkaller0: entered allmulticast mode [ 220.671597][T10471] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 220.675115][T10471] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.679331][T10471] bond1: (slave batadv_slave_1): Enslaving as a backup interface with an up link [ 220.681454][T10473] syzkaller0: entered promiscuous mode [ 220.681575][T10473] syzkaller0: entered allmulticast mode [ 221.453126][T10507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.453321][T10507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.484208][T10509] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1142'. [ 221.551744][T10517] syzkaller0: entered promiscuous mode [ 221.553467][T10517] syzkaller0: entered allmulticast mode [ 221.607136][T10522] netlink: 'syz.4.1147': attribute type 7 has an invalid length. [ 221.622372][T10522] netlink: 'syz.4.1147': attribute type 7 has an invalid length. [ 221.634388][T10523] syzkaller0: entered promiscuous mode [ 221.634420][T10523] syzkaller0: entered allmulticast mode [ 221.708726][T10532] loop2: detected capacity change from 0 to 7 [ 221.709717][ T7081] Dev loop2: unable to read RDB block 7 [ 221.709736][ T7081] loop2: unable to read partition table [ 221.709784][ T7081] loop2: partition table beyond EOD, truncated [ 221.711852][T10532] Dev loop2: unable to read RDB block 7 [ 221.711874][T10532] loop2: unable to read partition table [ 221.711939][T10532] loop2: partition table beyond EOD, truncated [ 221.711954][T10532] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 221.767027][T10535] syzkaller0: entered promiscuous mode [ 221.767937][T10535] syzkaller0: entered allmulticast mode [ 221.796915][T10537] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1154'. [ 222.564859][T10537] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1154'. [ 222.660067][T10560] syzkaller0: entered promiscuous mode [ 222.660104][T10560] syzkaller0: entered allmulticast mode [ 222.684846][T10564] syzkaller0: entered promiscuous mode [ 222.686050][T10564] syzkaller0: entered allmulticast mode [ 222.707504][T10566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 222.709253][T10566] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 222.820005][T10572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 222.820883][T10572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 222.871195][T10576] loop2: detected capacity change from 0 to 7 [ 222.872445][T10576] Dev loop2: unable to read RDB block 7 [ 222.872461][T10576] loop2: unable to read partition table [ 222.872519][T10576] loop2: partition table beyond EOD, truncated [ 222.872527][T10576] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 223.353938][T10587] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1172'. [ 223.529575][T10594] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1175'. [ 223.536760][T10594] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1175'. [ 223.559277][T10597] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1174'. [ 223.565992][T10597] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1174'. [ 223.568385][ T1563] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 223.568431][ T1563] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 223.568449][ T1563] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 223.568461][ T1563] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 223.615376][T10602] syzkaller0: entered promiscuous mode [ 223.615408][T10602] syzkaller0: entered allmulticast mode [ 223.745484][T10624] loop2: detected capacity change from 0 to 7 [ 223.746367][ T7193] Dev loop2: unable to read RDB block 7 [ 223.746382][ T7193] loop2: unable to read partition table [ 223.746424][ T7193] loop2: partition table beyond EOD, truncated [ 223.749829][T10624] Dev loop2: unable to read RDB block 7 [ 223.750216][T10624] loop2: unable to read partition table [ 223.750302][T10624] loop2: partition table beyond EOD, truncated [ 223.754303][T10624] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 224.563137][T10652] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1196'. [ 224.637178][T10657] loop2: detected capacity change from 0 to 7 [ 224.638430][T10657] Dev loop2: unable to read RDB block 7 [ 224.638695][T10657] loop2: unable to read partition table [ 224.638802][T10657] loop2: partition table beyond EOD, truncated [ 224.639417][T10657] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 224.684319][T10659] syzkaller0: entered promiscuous mode [ 224.684358][T10659] syzkaller0: entered allmulticast mode [ 224.698810][T10663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.698988][T10663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.771792][T10672] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'. [ 227.180583][T10703] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 227.180674][T10703] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 227.267268][T10702] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 227.282904][T10707] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1217'. [ 227.490106][T10713] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1219'. [ 227.530398][T10718] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1222'. [ 227.914305][T10736] syzkaller0: entered promiscuous mode [ 227.914344][T10736] syzkaller0: entered allmulticast mode [ 227.977531][T10744] loop2: detected capacity change from 0 to 7 [ 227.979574][T10744] Dev loop2: unable to read RDB block 7 [ 227.981240][T10744] loop2: unable to read partition table [ 227.982995][T10744] loop2: partition table beyond EOD, truncated [ 227.984813][T10744] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 230.456241][T10762] __nla_validate_parse: 1 callbacks suppressed [ 230.457770][T10762] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1234'. [ 230.458099][T10771] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 230.458108][T10771] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 230.546418][T10777] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1243'. [ 230.601784][T10786] loop2: detected capacity change from 0 to 7 [ 230.603522][T10784] syzkaller0: entered promiscuous mode [ 230.603550][T10784] syzkaller0: entered allmulticast mode [ 230.605757][T10786] Dev loop2: unable to read RDB block 7 [ 230.606830][T10786] loop2: unable to read partition table [ 230.608903][T10786] loop2: partition table beyond EOD, truncated [ 230.609965][T10786] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 230.819082][T10804] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1255'. [ 231.627448][T10805] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 231.627480][T10805] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 231.680184][T10807] syzkaller0: entered promiscuous mode [ 231.681247][T10807] syzkaller0: entered allmulticast mode [ 231.712058][T10811] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1258'. [ 231.841304][T10820] loop2: detected capacity change from 0 to 7 [ 231.843654][ T7081] Dev loop2: unable to read RDB block 7 [ 231.845017][ T7081] loop2: unable to read partition table [ 231.845096][ T7081] loop2: partition table beyond EOD, truncated [ 231.867231][T10820] Dev loop2: unable to read RDB block 7 [ 231.867270][T10820] loop2: unable to read partition table [ 231.867348][T10820] loop2: partition table beyond EOD, truncated [ 231.867377][T10820] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 232.896996][T10844] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1270'. [ 233.497045][T10850] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1269'. [ 233.525974][T10853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 233.526148][T10853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.413169][T10871] siw: device registration error -23 [ 235.902517][T10885] syzkaller0: entered promiscuous mode [ 235.902546][T10885] syzkaller0: entered allmulticast mode [ 235.905871][T10887] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1285'. [ 236.823807][T10909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 236.833936][T10909] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 239.368412][T10949] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1302'. [ 239.428710][T10954] syzkaller0: entered promiscuous mode [ 239.429638][T10954] syzkaller0: entered allmulticast mode [ 239.440435][T10956] loop2: detected capacity change from 0 to 7 [ 239.440756][T10956] Dev loop2: unable to read RDB block 7 [ 239.440770][T10956] loop2: unable to read partition table [ 239.440824][T10956] loop2: partition table beyond EOD, truncated [ 239.440831][T10956] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 241.540675][T10975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 241.540883][T10975] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.151387][T10981] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.151567][T10981] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 243.299101][T11005] loop2: detected capacity change from 0 to 7 [ 243.300102][ T7081] Dev loop2: unable to read RDB block 7 [ 243.300117][ T7081] loop2: unable to read partition table [ 243.300160][ T7081] loop2: partition table beyond EOD, truncated [ 243.316832][T11005] Dev loop2: unable to read RDB block 7 [ 243.317776][T11005] loop2: unable to read partition table [ 243.318801][T11005] loop2: partition table beyond EOD, truncated [ 243.319875][T11005] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 245.004898][T11016] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1318'. [ 245.008420][T11021] syzkaller0: entered promiscuous mode [ 245.008459][T11021] syzkaller0: entered allmulticast mode [ 245.057372][T11037] syzkaller0: entered promiscuous mode [ 245.058451][T11037] syzkaller0: entered allmulticast mode [ 246.154468][T11063] loop2: detected capacity change from 0 to 7 [ 246.156733][T11063] Dev loop2: unable to read RDB block 7 [ 246.157708][T11063] loop2: unable to read partition table [ 246.158719][T11063] loop2: partition table beyond EOD, truncated [ 246.164577][T11063] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 246.165584][T11062] syzkaller0: entered promiscuous mode [ 246.165598][T11062] syzkaller0: entered allmulticast mode [ 246.423359][T11077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 246.425091][T11077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 247.108263][T11080] syzkaller0: entered promiscuous mode [ 247.108292][T11080] syzkaller0: entered allmulticast mode [ 247.111130][T11089] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1340'. [ 247.144255][T11101] syzkaller0: entered promiscuous mode [ 247.145244][T11101] syzkaller0: entered allmulticast mode [ 248.101359][T11141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.103795][T11141] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.138379][T11149] syzkaller0: entered promiscuous mode [ 248.138413][T11149] syzkaller0: entered allmulticast mode [ 248.922795][ T2468] ieee802154 phy0 wpan0: encryption failed: -22 [ 248.922852][ T2468] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.215194][T11172] syzkaller0: entered promiscuous mode [ 249.217320][T11172] syzkaller0: entered allmulticast mode [ 250.061275][T11194] syzkaller0: entered promiscuous mode [ 250.062492][T11194] syzkaller0: entered allmulticast mode [ 250.118244][T11207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.119985][T11207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.165781][T11235] syzkaller0: entered promiscuous mode [ 251.173954][T11235] syzkaller0: entered allmulticast mode [ 252.180140][T11249] syzkaller0: entered promiscuous mode [ 252.181130][T11249] syzkaller0: entered allmulticast mode [ 252.238886][T11261] loop2: detected capacity change from 0 to 7 [ 252.256937][ T7081] Dev loop2: unable to read RDB block 7 [ 252.256975][ T7081] loop2: unable to read partition table [ 252.257050][ T7081] loop2: partition table beyond EOD, truncated [ 252.260088][T11261] Dev loop2: unable to read RDB block 7 [ 252.260481][T11261] loop2: unable to read partition table [ 252.260550][T11261] loop2: partition table beyond EOD, truncated [ 252.260560][T11261] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 252.415097][T11277] netlink: 'syz.1.1400': attribute type 1 has an invalid length. [ 252.421877][T11277] 8021q: adding VLAN 0 to HW filter on device bond2 [ 252.442455][T11277] bond2: (slave gretap1): making interface the new active one [ 252.443044][T11277] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 253.311077][T11287] syzkaller0: entered promiscuous mode [ 253.311115][T11287] syzkaller0: entered allmulticast mode [ 254.373828][T11297] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1406'. [ 254.450240][T11303] loop2: detected capacity change from 0 to 7 [ 254.454430][T11303] Dev loop2: unable to read RDB block 7 [ 254.457688][T11303] loop2: unable to read partition table [ 254.459509][T11303] loop2: partition table beyond EOD, truncated [ 254.460789][T11303] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 255.249547][T11309] syzkaller0: entered promiscuous mode [ 255.249575][T11309] syzkaller0: entered allmulticast mode [ 255.618613][T11349] siw: device registration error -23 [ 256.502184][ T6677] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 257.346924][T11365] syzkaller0: entered promiscuous mode [ 257.346960][T11365] syzkaller0: entered allmulticast mode [ 257.542326][ T6677] usb 1-1: Using ep0 maxpacket: 32 [ 257.543641][ T6677] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 257.545528][ T6677] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 257.547219][ T6677] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 257.548981][ T6677] usb 1-1: Product: syz [ 257.549872][ T6677] usb 1-1: Manufacturer: syz [ 257.550951][ T6677] usb 1-1: SerialNumber: syz [ 257.556848][ T6677] usb 1-1: config 0 descriptor?? [ 257.558183][T11335] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 257.560993][ T6677] hub 1-1:0.0: bad descriptor, ignoring hub [ 257.563235][ T6677] hub 1-1:0.0: probe with driver hub failed with error -5 [ 257.611213][T11382] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1431'. [ 257.676499][T11386] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1432'. [ 257.807478][T11396] siw: device registration error -23 [ 258.622369][ T6751] usb 1-1: USB disconnect, device number 5 [ 258.648697][T11400] loop2: detected capacity change from 0 to 7 [ 258.651755][T11400] Dev loop2: unable to read RDB block 7 [ 258.652208][T11400] loop2: unable to read partition table [ 258.652280][T11400] loop2: partition table beyond EOD, truncated [ 258.652292][T11400] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 258.744298][T11407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 258.746792][T11407] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.907239][T11425] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1443'. [ 260.351562][T11430] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1445'. [ 261.347812][T11474] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.350134][T11474] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.473124][T11487] netlink: 'syz.2.1457': attribute type 1 has an invalid length. [ 261.480777][T11487] 8021q: adding VLAN 0 to HW filter on device bond1 [ 261.491626][T11487] bond1: (slave gretap1): making interface the new active one [ 261.496019][T11487] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 262.442878][T11490] siw: device registration error -23 [ 263.765962][T11510] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1461'. [ 263.899847][T11554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.901612][T11554] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.980086][T11559] syzkaller0: entered promiscuous mode [ 263.980112][T11559] syzkaller0: entered allmulticast mode [ 264.980614][T11570] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1476'. [ 265.770728][T11585] syzkaller0: entered promiscuous mode [ 265.770759][T11585] syzkaller0: entered allmulticast mode [ 266.852173][ T8431] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 266.947083][T11607] syzkaller0: entered promiscuous mode [ 266.947111][T11607] syzkaller0: entered allmulticast mode [ 266.953123][T11617] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1487'. [ 267.009289][ T8431] usb 1-1: Using ep0 maxpacket: 16 [ 267.013105][ T8431] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 267.016509][ T8431] usb 1-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 267.016536][ T8431] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.016545][ T8431] usb 1-1: Product: syz [ 267.016552][ T8431] usb 1-1: Manufacturer: syz [ 267.016558][ T8431] usb 1-1: SerialNumber: syz [ 267.018910][ T8431] usb 1-1: config 0 descriptor?? [ 267.020240][ T8431] hub 1-1:0.0: bad descriptor, ignoring hub [ 267.020254][ T8431] hub 1-1:0.0: probe with driver hub failed with error -5 [ 267.021310][ T8431] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 267.773034][T11653] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1500'. [ 267.993780][T11683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.993960][T11683] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.031131][T11687] syzkaller0: entered promiscuous mode [ 268.031180][T11687] syzkaller0: entered allmulticast mode [ 268.068964][T11689] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1515'. [ 268.549382][T11720] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1526'. [ 268.786832][T11739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.787015][T11739] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.810181][T11742] netlink: 'syz.1.1535': attribute type 1 has an invalid length. [ 268.819871][T11742] 8021q: adding VLAN 0 to HW filter on device bond3 [ 268.980859][T11751] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1539'. [ 269.353902][T11778] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1551'. [ 269.611447][ T8431] usb 1-1: USB disconnect, device number 6 [ 269.667789][T11797] netlink: 'syz.1.1559': attribute type 1 has an invalid length. [ 269.686340][T11797] 8021q: adding VLAN 0 to HW filter on device bond4 [ 269.850637][T11810] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1564'. [ 270.004023][ T8431] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 270.133675][ T8431] usb 1-1: device descriptor read/64, error -71 [ 270.373878][ T8431] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 270.504355][ T8431] usb 1-1: device descriptor read/64, error -71 [ 270.555964][T11828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 270.557707][T11828] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 270.613927][ T8431] usb usb1-port1: attempt power cycle [ 270.854103][T11834] syzkaller0: entered promiscuous mode [ 270.854132][T11834] syzkaller0: entered allmulticast mode [ 270.962643][ T8431] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 270.983986][ T8431] usb 1-1: device descriptor read/8, error -71 [ 271.030366][T11840] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1575'. [ 271.222288][ T8431] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 272.066838][T11863] loop2: detected capacity change from 0 to 7 [ 272.068943][T11863] Dev loop2: unable to read RDB block 7 [ 272.069937][T11863] loop2: AHDI p1 p2 p3 [ 272.070633][T11863] loop2: partition table partially beyond EOD, truncated [ 272.071886][T11863] loop2: p1 start 1601398130 is beyond EOD, truncated [ 272.074716][T11863] loop2: p2 start 1702059890 is beyond EOD, truncated [ 272.114929][ T8431] usb 1-1: device descriptor read/8, error -71 [ 272.229150][ T8431] usb usb1-port1: unable to enumerate USB device [ 272.891792][T11870] syzkaller0: entered promiscuous mode [ 272.894304][T11870] syzkaller0: entered allmulticast mode [ 272.905817][T11886] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1588'. [ 272.917897][T11896] syzkaller0: entered promiscuous mode [ 272.919458][T11896] syzkaller0: entered allmulticast mode [ 272.997671][T11904] netlink: 'syz.2.1593': attribute type 7 has an invalid length. [ 272.997771][T11904] netlink: 'syz.2.1593': attribute type 7 has an invalid length. [ 273.029544][T11907] netlink: 'syz.2.1594': attribute type 1 has an invalid length. [ 273.038206][T11907] 8021q: adding VLAN 0 to HW filter on device bond2 [ 273.083131][T11906] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 273.084816][T11906] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 274.032397][T11924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.034470][T11924] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.209254][T11934] syzkaller0: entered promiscuous mode [ 274.209285][T11934] syzkaller0: entered allmulticast mode [ 274.211222][T11934] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1604'. [ 274.257923][T11936] syzkaller0: entered promiscuous mode [ 274.257950][T11936] syzkaller0: entered allmulticast mode [ 274.377849][T11940] netlink: 'syz.5.1607': attribute type 1 has an invalid length. [ 274.390148][T11940] 8021q: adding VLAN 0 to HW filter on device bond2 [ 275.489013][T11970] syzkaller0: entered promiscuous mode [ 275.490093][T11970] syzkaller0: entered allmulticast mode [ 275.497569][T11970] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1617'. [ 275.552426][T11975] syzkaller0: entered promiscuous mode [ 275.552468][T11975] syzkaller0: entered allmulticast mode [ 275.560585][T11979] netlink: 'syz.4.1621': attribute type 1 has an invalid length. [ 275.566899][T11979] 8021q: adding VLAN 0 to HW filter on device bond1 [ 275.573770][T11979] bond1: (slave gretap1): making interface the new active one [ 275.574232][T11979] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 275.624488][T11987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 275.626790][T11987] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.059794][T12015] syzkaller0: entered promiscuous mode [ 276.059822][T12015] syzkaller0: entered allmulticast mode [ 276.063428][T12015] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1634'. [ 276.165919][T12019] syzkaller0: entered promiscuous mode [ 276.167691][T12019] syzkaller0: entered allmulticast mode [ 276.504407][ T6586] Bluetooth: hci4: command 0x0406 tx timeout [ 276.510345][T12043] syzkaller0: entered promiscuous mode [ 276.511559][T12043] syzkaller0: entered allmulticast mode [ 276.515141][T12043] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1645'. [ 276.516352][T12045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.517011][T12045] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.559833][T12047] syzkaller0: entered promiscuous mode [ 276.559865][T12047] syzkaller0: entered allmulticast mode [ 276.880595][T12080] syzkaller0: entered promiscuous mode [ 276.881749][T12080] syzkaller0: entered allmulticast mode [ 277.141483][T12090] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 277.141511][T12090] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 277.666674][T12104] loop2: detected capacity change from 0 to 7 [ 277.669163][T12104] Dev loop2: unable to read RDB block 7 [ 277.670933][T12104] loop2: unable to read partition table [ 277.672019][T12104] loop2: partition table beyond EOD, truncated [ 277.672033][T12104] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 277.711374][T12106] syzkaller0: entered promiscuous mode [ 277.712726][T12106] syzkaller0: entered allmulticast mode [ 277.759451][T12111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 277.759636][T12111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 277.760109][T12112] netlink: 'syz.5.1675': attribute type 1 has an invalid length. [ 277.769829][T12112] 8021q: adding VLAN 0 to HW filter on device bond3 [ 278.006963][T12129] loop2: detected capacity change from 0 to 7 [ 278.009002][ T7081] Dev loop2: unable to read RDB block 7 [ 278.009028][ T7081] loop2: unable to read partition table [ 278.009082][ T7081] loop2: partition table beyond EOD, truncated [ 278.013582][T12129] Dev loop2: unable to read RDB block 7 [ 278.013614][T12129] loop2: unable to read partition table [ 278.013679][T12129] loop2: partition table beyond EOD, truncated [ 278.013975][T12129] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 278.137984][T12139] netlink: 'syz.5.1687': attribute type 1 has an invalid length. [ 278.146165][T12139] 8021q: adding VLAN 0 to HW filter on device bond4 [ 278.167718][T12142] syzkaller0: entered promiscuous mode [ 278.167751][T12142] syzkaller0: entered allmulticast mode [ 278.471019][T12153] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 278.471051][T12153] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 278.845476][T12159] loop2: detected capacity change from 0 to 7 [ 278.847735][T12159] Dev loop2: unable to read RDB block 7 [ 278.848754][T12159] loop2: unable to read partition table [ 278.849791][T12159] loop2: partition table beyond EOD, truncated [ 278.850918][T12159] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 278.926730][T12165] netlink: 'syz.4.1698': attribute type 1 has an invalid length. [ 279.236602][T12178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.236790][T12178] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.349495][T12165] 8021q: adding VLAN 0 to HW filter on device bond2 [ 279.360936][T12175] syzkaller0: entered promiscuous mode [ 279.361944][T12175] syzkaller0: entered allmulticast mode [ 279.462531][T12193] syzkaller0: entered promiscuous mode [ 279.462559][T12193] syzkaller0: entered allmulticast mode [ 279.678498][T12209] netlink: 'syz.4.1712': attribute type 1 has an invalid length. [ 279.711269][T12209] 8021q: adding VLAN 0 to HW filter on device bond3 [ 280.748805][T12222] syzkaller0: entered promiscuous mode [ 280.750026][T12222] syzkaller0: entered allmulticast mode [ 280.857299][T12256] syzkaller0: entered promiscuous mode [ 280.858559][T12256] syzkaller0: entered allmulticast mode [ 280.879092][T12263] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.881550][T12263] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.922950][T12269] netlink: 'syz.1.1727': attribute type 1 has an invalid length. [ 280.931997][T12269] 8021q: adding VLAN 0 to HW filter on device bond5 [ 280.992052][T12276] syzkaller0: entered promiscuous mode [ 280.992148][T12276] syzkaller0: entered allmulticast mode [ 282.134307][T12314] loop2: detected capacity change from 0 to 7 [ 282.135694][T12314] Dev loop2: unable to read RDB block 7 [ 282.135709][T12314] loop2: unable to read partition table [ 282.135768][T12314] loop2: partition table beyond EOD, truncated [ 282.135777][T12314] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 282.329516][T12328] syzkaller0: entered promiscuous mode [ 282.330580][T12328] syzkaller0: entered allmulticast mode [ 282.497723][T12343] loop2: detected capacity change from 0 to 7 [ 282.501082][ T7081] Dev loop2: unable to read RDB block 7 [ 282.502813][ T7081] loop2: unable to read partition table [ 282.504124][ T7081] loop2: partition table beyond EOD, truncated [ 282.883242][T12343] Dev loop2: unable to read RDB block 7 [ 282.884580][T12343] loop2: unable to read partition table [ 282.885116][T12343] loop2: partition table beyond EOD, truncated [ 282.892289][T12343] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 282.896606][T12363] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1756'. [ 283.750758][T12370] syzkaller0: entered promiscuous mode [ 283.750789][T12370] syzkaller0: entered allmulticast mode [ 283.867405][T12357] siw: device registration error -23 [ 284.103020][T12394] loop2: detected capacity change from 0 to 7 [ 284.103727][T12394] Dev loop2: unable to read RDB block 7 [ 284.103746][T12394] loop2: unable to read partition table [ 284.103814][T12394] loop2: partition table beyond EOD, truncated [ 284.103822][T12394] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 284.106459][ T6215] Dev loop2: unable to read RDB block 7 [ 284.106473][ T6215] loop2: unable to read partition table [ 284.106538][ T6215] loop2: partition table beyond EOD, truncated [ 284.140322][T12399] syzkaller0: entered promiscuous mode [ 284.140360][T12399] syzkaller0: entered allmulticast mode [ 284.164954][T12399] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1775'. [ 284.184792][T12402] syzkaller0: entered promiscuous mode [ 284.185839][T12402] syzkaller0: entered allmulticast mode [ 284.724194][T12438] syzkaller0: entered promiscuous mode [ 284.725434][T12438] syzkaller0: entered allmulticast mode [ 284.836776][T12442] syzkaller0: entered promiscuous mode [ 284.836804][T12442] syzkaller0: entered allmulticast mode [ 284.839683][T12442] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1792'. [ 285.781506][T12490] syzkaller0: entered promiscuous mode [ 285.782181][T12490] syzkaller0: entered allmulticast mode [ 285.840431][T12496] syzkaller0: entered promiscuous mode [ 285.840467][T12496] syzkaller0: entered allmulticast mode [ 285.846995][T12496] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1805'. [ 285.905867][T12498] syzkaller0: entered promiscuous mode [ 285.906889][T12498] syzkaller0: entered allmulticast mode [ 286.906284][T12539] syzkaller0: entered promiscuous mode [ 286.906320][T12539] syzkaller0: entered allmulticast mode [ 286.948948][T12544] syzkaller0: entered promiscuous mode [ 286.948977][T12544] syzkaller0: entered allmulticast mode [ 286.950439][T12544] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1819'. [ 287.010942][T12549] syzkaller0: entered promiscuous mode [ 287.010977][T12549] syzkaller0: entered allmulticast mode [ 287.143698][T12568] syzkaller0: entered promiscuous mode [ 287.143739][T12568] syzkaller0: entered allmulticast mode [ 287.678013][T12576] loop2: detected capacity change from 0 to 7 [ 287.679748][T12576] Dev loop2: unable to read RDB block 7 [ 287.681154][T12576] loop2: unable to read partition table [ 287.682917][T12576] loop2: partition table beyond EOD, truncated [ 287.684327][T12576] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 288.033851][T12586] syzkaller0: entered promiscuous mode [ 288.035832][T12586] syzkaller0: entered allmulticast mode [ 288.060416][T12601] syzkaller0: entered promiscuous mode [ 288.061423][T12601] syzkaller0: entered allmulticast mode [ 288.071999][T12601] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1836'. [ 288.115900][T12604] syzkaller0: entered promiscuous mode [ 288.116964][T12604] syzkaller0: entered allmulticast mode [ 288.163259][T12610] syzkaller0: entered promiscuous mode [ 288.163295][T12610] syzkaller0: entered allmulticast mode [ 288.244532][T12623] loop2: detected capacity change from 0 to 7 [ 288.245020][T12623] Dev loop2: unable to read RDB block 7 [ 288.245034][T12623] loop2: unable to read partition table [ 288.245085][T12623] loop2: partition table beyond EOD, truncated [ 288.245093][T12623] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 288.297672][T12627] syzkaller0: entered promiscuous mode [ 288.298669][T12627] syzkaller0: entered allmulticast mode [ 288.408402][T12632] siw: device registration error -23 [ 289.178067][T12634] netlink: 'syz.0.1849': attribute type 1 has an invalid length. [ 289.205320][T12636] syzkaller0: entered promiscuous mode [ 289.206474][T12636] syzkaller0: entered allmulticast mode [ 289.265468][T12641] syzkaller0: entered promiscuous mode [ 289.266496][T12641] syzkaller0: entered allmulticast mode [ 289.269832][T12641] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1852'. [ 289.327983][T12648] syzkaller0: entered promiscuous mode [ 289.328022][T12648] syzkaller0: entered allmulticast mode [ 289.416959][T12660] syzkaller0: entered promiscuous mode [ 289.417004][T12660] syzkaller0: entered allmulticast mode [ 289.518225][T12674] netlink: 'syz.1.1866': attribute type 1 has an invalid length. [ 289.537675][T12674] 8021q: adding VLAN 0 to HW filter on device bond6 [ 289.575671][T12681] syzkaller0: entered promiscuous mode [ 289.575699][T12681] syzkaller0: entered allmulticast mode [ 289.650888][T12686] syzkaller0: entered promiscuous mode [ 289.650920][T12686] syzkaller0: entered allmulticast mode [ 289.655274][T12689] syzkaller0: entered promiscuous mode [ 289.655314][T12689] syzkaller0: entered allmulticast mode [ 289.706615][T12696] loop2: detected capacity change from 0 to 7 [ 289.707626][ T7081] Dev loop2: unable to read RDB block 7 [ 289.707641][ T7081] loop2: unable to read partition table [ 289.707694][ T7081] loop2: partition table beyond EOD, truncated [ 289.720558][T12696] Dev loop2: unable to read RDB block 7 [ 289.720593][T12696] loop2: unable to read partition table [ 289.720649][T12696] loop2: partition table beyond EOD, truncated [ 289.722173][T12696] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 289.869648][T12717] netlink: 'syz.2.1881': attribute type 1 has an invalid length. [ 289.889343][T12717] 8021q: adding VLAN 0 to HW filter on device bond3 [ 289.913699][T12724] syzkaller0: entered promiscuous mode [ 289.915293][T12724] syzkaller0: entered allmulticast mode [ 289.950065][T12726] syzkaller0: entered promiscuous mode [ 289.950098][T12726] syzkaller0: entered allmulticast mode [ 290.017245][T12734] syzkaller0: entered promiscuous mode [ 290.018332][T12734] syzkaller0: entered allmulticast mode [ 290.061435][T12738] loop2: detected capacity change from 0 to 7 [ 290.064019][T12738] Dev loop2: unable to read RDB block 7 [ 290.064038][T12738] loop2: unable to read partition table [ 290.064108][T12738] loop2: partition table beyond EOD, truncated [ 290.065364][T12738] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 290.167671][T12752] netlink: 'syz.2.1895': attribute type 1 has an invalid length. [ 290.191440][T12752] 8021q: adding VLAN 0 to HW filter on device bond4 [ 290.243732][T12759] syzkaller0: entered promiscuous mode [ 290.244785][T12759] syzkaller0: entered allmulticast mode [ 290.268085][T12764] syzkaller0: entered promiscuous mode [ 290.268122][T12764] syzkaller0: entered allmulticast mode [ 290.319403][T12770] syzkaller0: entered promiscuous mode [ 290.319525][T12770] syzkaller0: entered allmulticast mode [ 290.346074][T12773] loop2: detected capacity change from 0 to 7 [ 290.347627][T12773] Dev loop2: unable to read RDB block 7 [ 290.348070][T12773] loop2: unable to read partition table [ 290.348177][T12773] loop2: partition table beyond EOD, truncated [ 290.349049][T12773] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 290.439693][T12788] netlink: 'syz.0.1910': attribute type 1 has an invalid length. [ 290.502975][T12795] syzkaller0: entered promiscuous mode [ 290.503015][T12795] syzkaller0: entered allmulticast mode [ 290.606825][T12808] loop2: detected capacity change from 0 to 7 [ 290.608371][ T7081] Dev loop2: unable to read RDB block 7 [ 290.608407][ T7081] loop2: unable to read partition table [ 290.608463][ T7081] loop2: partition table beyond EOD, truncated [ 290.614104][T12808] Dev loop2: unable to read RDB block 7 [ 290.614141][T12808] loop2: unable to read partition table [ 290.614201][T12808] loop2: partition table beyond EOD, truncated [ 290.617777][T12808] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 290.653301][T12814] syzkaller0: entered promiscuous mode [ 290.653336][T12814] syzkaller0: entered allmulticast mode [ 290.656909][T12813] syzkaller0: entered promiscuous mode [ 290.657896][T12813] syzkaller0: entered allmulticast mode [ 290.810122][T12827] netlink: 'syz.0.1926': attribute type 1 has an invalid length. [ 290.871490][T12831] syzkaller0: entered promiscuous mode [ 290.871519][T12831] syzkaller0: entered allmulticast mode [ 290.989438][T12845] syzkaller0: entered promiscuous mode [ 290.989474][T12845] syzkaller0: entered allmulticast mode [ 291.300059][T12861] syzkaller0: entered promiscuous mode [ 291.301394][T12861] syzkaller0: entered allmulticast mode [ 291.393240][T12871] syzkaller0: entered promiscuous mode [ 291.394347][T12871] syzkaller0: entered allmulticast mode [ 291.420629][T12875] syzkaller0: entered promiscuous mode [ 291.420664][T12875] syzkaller0: entered allmulticast mode [ 291.710108][T12904] syzkaller0: entered promiscuous mode [ 291.711830][T12904] syzkaller0: entered allmulticast mode [ 291.822669][T12914] syzkaller0: entered promiscuous mode [ 291.823753][T12914] syzkaller0: entered allmulticast mode [ 291.827535][T12916] syzkaller0: entered promiscuous mode [ 291.827575][T12916] syzkaller0: entered allmulticast mode [ 292.138925][T12961] syzkaller0: entered promiscuous mode [ 292.140124][T12961] syzkaller0: entered allmulticast mode [ 292.902272][T12963] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 292.902305][T12963] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 293.245589][T13013] syzkaller0: entered promiscuous mode [ 293.246671][T13013] syzkaller0: entered allmulticast mode [ 293.373566][ T6698] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 293.522746][ T6698] usb 1-1: Using ep0 maxpacket: 16 [ 293.523840][ T6698] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 293.526228][ T6698] usb 1-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 293.527809][ T6698] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.529423][ T6698] usb 1-1: Product: syz [ 293.530121][ T6698] usb 1-1: Manufacturer: syz [ 293.531024][ T6698] usb 1-1: SerialNumber: syz [ 293.534212][ T6698] usb 1-1: config 0 descriptor?? [ 293.538495][ T6698] hub 1-1:0.0: bad descriptor, ignoring hub [ 293.539924][ T6698] hub 1-1:0.0: probe with driver hub failed with error -5 [ 293.544358][ T6698] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 293.552739][ T6698] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 293.565830][ T7081] udevd[7081]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 293.754854][T13049] syzkaller0: entered promiscuous mode [ 293.754889][T13049] syzkaller0: entered allmulticast mode [ 293.795475][T13051] syzkaller0: entered promiscuous mode [ 293.795502][T13051] syzkaller0: entered allmulticast mode [ 293.852894][ T9357] usb 1-1: USB disconnect, device number 11 [ 294.187766][T13074] syzkaller0: entered promiscuous mode [ 294.189040][T13074] syzkaller0: entered allmulticast mode [ 295.147164][T13093] syzkaller0: entered promiscuous mode [ 295.148078][T13093] syzkaller0: entered allmulticast mode [ 295.169356][T13095] syzkaller0: entered promiscuous mode [ 295.169398][T13095] syzkaller0: entered allmulticast mode [ 296.185901][T13146] syzkaller0: entered promiscuous mode [ 296.185944][T13146] syzkaller0: entered allmulticast mode [ 297.676602][T13179] syzkaller0: entered promiscuous mode [ 297.676636][T13179] syzkaller0: entered allmulticast mode [ 297.881727][T13183] syzkaller0: entered promiscuous mode [ 297.881766][T13183] syzkaller0: entered allmulticast mode [ 299.154786][T13188] syzkaller0: entered promiscuous mode [ 299.155915][T13188] syzkaller0: entered allmulticast mode [ 299.286097][T13214] syzkaller0: entered promiscuous mode [ 299.287186][T13214] syzkaller0: entered allmulticast mode [ 299.353065][T13220] syzkaller0: entered promiscuous mode [ 299.354062][T13220] syzkaller0: entered allmulticast mode [ 299.454145][T13229] syzkaller0: entered promiscuous mode [ 299.454186][T13229] syzkaller0: entered allmulticast mode [ 301.116833][T13254] syzkaller0: entered promiscuous mode [ 301.117923][T13254] syzkaller0: entered allmulticast mode [ 301.194470][T13260] syzkaller0: entered promiscuous mode [ 301.194509][T13260] syzkaller0: entered allmulticast mode [ 301.317593][T13268] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 301.317621][T13268] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 301.399783][T13279] syzkaller0: entered promiscuous mode [ 301.399902][T13279] syzkaller0: entered allmulticast mode [ 304.347618][T13345] syzkaller0: entered promiscuous mode [ 304.347662][T13345] syzkaller0: entered allmulticast mode [ 305.391860][T13386] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 305.391893][T13386] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 305.781799][T13424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2103'. [ 305.797389][T13423] syzkaller0: entered promiscuous mode [ 305.797435][T13423] syzkaller0: entered allmulticast mode [ 306.819159][T13427] syzkaller0: entered promiscuous mode [ 306.819204][T13427] syzkaller0: entered allmulticast mode [ 307.214147][ T6586] Bluetooth: hci2: command 0x0406 tx timeout [ 307.819549][T13445] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 307.819579][T13445] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 307.835469][T13447] syzkaller0: entered promiscuous mode [ 307.835501][T13447] syzkaller0: entered allmulticast mode [ 307.903729][T13453] tipc: Started in network mode [ 307.903764][T13453] tipc: Node identity 5ae0683f592c, cluster identity 4711 [ 307.903817][T13453] tipc: Enabled bearer , priority 0 [ 307.914458][T13453] syzkaller0: entered promiscuous mode [ 307.914494][T13453] syzkaller0: entered allmulticast mode [ 307.914975][T13453] tipc: Resetting bearer [ 307.929626][T13452] tipc: Resetting bearer [ 308.893793][T13452] tipc: Disabling bearer [ 308.917640][T13476] syzkaller0: entered promiscuous mode [ 308.917665][T13476] syzkaller0: entered allmulticast mode [ 310.005126][T13531] syzkaller0: entered promiscuous mode [ 310.005159][T13531] syzkaller0: entered allmulticast mode [ 310.206334][T13551] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2136'. [ 310.255130][ T2468] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.255182][ T2468] ieee802154 phy1 wpan1: encryption failed: -22 [ 311.742709][T13552] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 311.742743][T13552] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 312.139065][T13574] syzkaller0: entered promiscuous mode [ 312.139100][T13574] syzkaller0: entered allmulticast mode [ 312.372696][T13582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2148'. [ 312.427933][T13583] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2148'. [ 313.243509][T13592] syzkaller0: entered promiscuous mode [ 313.243551][T13592] syzkaller0: entered allmulticast mode [ 313.449103][T13624] syzkaller0: entered promiscuous mode [ 313.450211][T13624] syzkaller0: entered allmulticast mode [ 313.586680][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2163'. [ 314.894020][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2163'. [ 314.958230][T13635] syzkaller0: entered promiscuous mode [ 314.958267][T13635] syzkaller0: entered allmulticast mode [ 315.985263][T13680] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2179'. [ 315.989421][T13680] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2179'. [ 315.992252][T13678] syzkaller0: entered promiscuous mode [ 315.993728][T13678] syzkaller0: entered allmulticast mode [ 316.069471][T13688] syzkaller0: entered promiscuous mode [ 316.069510][T13688] syzkaller0: entered allmulticast mode [ 316.134403][T13693] syzkaller0: entered promiscuous mode [ 316.134432][T13693] syzkaller0: entered allmulticast mode [ 316.388033][T13701] ------------[ cut here ]------------ [ 316.388047][T13701] WARNING: net/core/skbuff.c:7243 at skb_attempt_defer_free+0x538/0x674, CPU#1: syz.5.2187/13701 [ 316.390566][T13701] Modules linked in: [ 316.391145][T13701] CPU: 1 UID: 0 PID: 13701 Comm: syz.5.2187 Tainted: G L syzkaller #0 PREEMPT [ 316.392744][T13701] Tainted: [L]=SOFTLOCKUP [ 316.393399][T13701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 316.394821][T13701] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 316.395998][T13701] pc : skb_attempt_defer_free+0x538/0x674 [ 316.396848][T13701] lr : skb_attempt_defer_free+0x538/0x674 [ 316.397632][T13701] sp : ffff8000a0787660 [ 316.398239][T13701] x29: ffff8000a07876c0 x28: ffff7000140f0ef8 x27: 0000000000000089 [ 316.399428][T13701] x26: ffff8000a0787660 x25: 1ffff000140f0ecc x24: dfff800000000000 [ 316.400661][T13701] x23: 1fffe0001a7e0f4b x22: 0000000000000000 x21: ffff0000d3f07a60 [ 316.401858][T13701] x20: 0000000000000000 x19: ffff0000d3f07a00 x18: 1fffe00033781890 [ 316.403039][T13701] x17: ffff80008f86e000 x16: ffff80008aeffdc0 x15: 0000000000000001 [ 316.404282][T13701] x14: 1fffe0001a7e0f5c x13: 0000000000000000 x12: 0000000000000000 [ 316.405519][T13701] x11: 0000000000080000 x10: 0000000000036039 x9 : ffff8000a3979000 [ 316.406772][T13701] x8 : 000000000003603a x7 : 0000004d42232428 x6 : 00000000200005c9 [ 316.407997][T13701] x5 : 00000000200005c9 x4 : 0000000000000006 x3 : ffff800089ab4dd4 [ 316.409160][T13701] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000002 [ 316.410363][T13701] Call trace: [ 316.410883][T13701] skb_attempt_defer_free+0x538/0x674 (P) [ 316.411770][T13701] skb_consume_udp+0x98/0x250 [ 316.412465][T13701] udp_recvmsg+0xea8/0x13bc [ 316.413146][T13701] udp_bpf_recvmsg+0xa84/0xca4 [ 316.413879][T13701] inet_recvmsg+0x110/0x1b8 [ 316.414558][T13701] __sys_recvfrom+0x250/0x3a0 [ 316.415291][T13701] __arm64_sys_recvfrom+0xd8/0xf8 [ 316.416047][T13701] invoke_syscall+0x98/0x254 [ 316.416672][T13701] el0_svc_common+0xe8/0x23c [ 316.417310][T13701] do_el0_svc+0x48/0x58 [ 316.417929][T13701] el0_svc+0x5c/0x26c [ 316.418506][T13701] el0t_64_sync_handler+0x84/0x12c [ 316.419223][T13701] el0t_64_sync+0x198/0x19c [ 316.419862][T13701] irq event stamp: 4016 [ 316.420508][T13701] hardirqs last enabled at (4015): [] __local_bh_enable_ip+0x1ec/0x35c [ 316.421942][T13701] hardirqs last disabled at (4016): [] el1_brk64+0x20/0x54 [ 316.423182][T13701] softirqs last enabled at (4014): [] __skb_recv_udp+0x3d4/0x7c8 [ 316.424570][T13701] softirqs last disabled at (4012): [] __skb_recv_udp+0x1cc/0x7c8 [ 316.425985][T13701] ---[ end trace 0000000000000000 ]--- [ 317.086604][T13706] tipc: Enabled bearer , priority 0 [ 317.089767][T13702] tipc: Disabling bearer