last executing test programs: 16.466190225s ago: executing program 1 (id=4608): io_uring_setup(0x5a3c, &(0x7f0000000100)={0x0, 0xfffffffd, 0x40, 0x0, 0x2}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$vsock_stream(0x28, 0x1, 0x0) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x3, 0x7, 0x3}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000182000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaab19, 0x4f, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f00003e1000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000340)={[0x3ffffd, 0x4, 0x0, 0x0, 0x0, 0xffffffffff7ffffb, 0x213f8603, 0x63, 0x8, 0x6, 0x0, 0x0, 0xfffffffffffffffd, 0x5, 0x5, 0x100000000], 0x3000, 0x280384}) bind$bt_sco(r3, &(0x7f00000000c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) ioctl$KVM_RUN(r7, 0xae80, 0x0) 14.133545496s ago: executing program 1 (id=4615): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94", 0x79}], 0x3}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 14.029249543s ago: executing program 1 (id=4617): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x2}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83e47f422d0e5bf427c23771a122bd0369cec32bbe791bfc2c0fce202d51df0862c31baa7b80bab6d64c1d5826a7f4c1982e3693e7a0677f2ad388ce872b890394a3ecfd1cec45ba7966945271fc", 0xbd}, {&(0x7f0000000780)="92bdcafd7ac9e21583ea71b9eb5feeb69b7eeb919260393d59069611e6d460fd38481da64e5ad543477ed7b768b1a06c0a5d60edf6c5610c123e3572a7c3bd74b7bd876c6f1c54709ef06cb9187fa5ddecc04cdc8fd3e74782c0aa05", 0x5c}, {&(0x7f0000000580)}], 0x3, &(0x7f0000000b40)=[@timestamping={{0x14, 0x1, 0x25, 0x2d}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0xc}}], 0x60}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000bc0)="e7bc2f4799fe560c31cf5a20a1b22fb77ce7f19e605b6a8d2645af02e63f9a9d7ba31907ccc0f4aa71ec0762b3a8e3332fe3603b4624ac6a578ccd9a27b381a8dad12b3e3de940a99238945935184cd93dd174b70ecb9c3c99d2df9dd0cbef6a9e230f7dd8367384f034a7a011388990e94cd43e9f80ec3358dc596926960604b9f051", 0x83}, {&(0x7f0000000c80)="6c3e28dcd5c7eb9bc39a4bbc398357f3ad842b38a95863911bbd6e6afd9641", 0x1f}, {&(0x7f0000000d00)}, {&(0x7f0000000fc0)="c6eae69212ba50dd664af774c32d34273a3baad9692140de74d9294c555a8c2e0d53acea79b788b5eb1a12ada17eda2b2fb96c439ce16e6266afda66", 0x3c}], 0x4, &(0x7f00000014c0)}}], 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]}) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 12.854448814s ago: executing program 1 (id=4619): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0xa9, 0x8000000000000000, 0x8, 0x7, 0x8000003}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x24044000, 0x0, 0x0) shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/fib_triestat\x00') preadv(r2, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x28182, 0x0) 12.594498962s ago: executing program 0 (id=4622): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00') pread64(r3, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) ioctl$TIOCGPGRP(r3, 0x540f, 0x0) ioctl$I2C_SLAVE_FORCE(r3, 0x706, 0x31) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x40) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 10.377955115s ago: executing program 0 (id=4624): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94", 0x79}], 0x3}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 9.847254461s ago: executing program 2 (id=4625): r0 = socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) rt_tgsigqueueinfo(r1, r1, 0x2a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$9p(&(0x7f0000002740), 0x80080) r4 = fsopen(&(0x7f0000000040)='ceph\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000100)='test_dummy_encryption', &(0x7f0000000240)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000080)='v1\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002280)='/proc/cpuinfo\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000000200)={0x2020}, 0x2020) mount(0x0, 0x0, &(0x7f0000000180)='tmpfs\x00', 0x2204c96, 0x0) r6 = syz_init_net_socket$llc(0x1a, 0x0, 0x0) fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f00000001c0)='\x00', 0x0, r6) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r7, 0xfffd, 0x0) socket$inet6(0xa, 0x2, 0x0) r8 = socket(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x3}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, 0x0, 0x5a}, 0x20) write(r8, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00"/72]}, 0xc0) 8.577294519s ago: executing program 0 (id=4626): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x24, r1, 0x1, 0xffffffff, 0x400000, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x10000000}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x24}, 0x1, 0x620b}, 0x40cd4) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x805, 0x0) ptrace$setregs(0xd, r2, 0x7531, &(0x7f0000000300)) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x24004040) r6 = openat$userio(0xffffffffffffff9c, &(0x7f0000000240), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r6, &(0x7f0000000000)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r6, &(0x7f00000000c0)={0x0, 0xfc}, 0x2) close(r6) 8.576528199s ago: executing program 1 (id=4633): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x88002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x15) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0xc, &(0x7f0000000040)={0x0, 0xc8a1, 0xdb00, 0x8, 0x29}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x1f, 0x0, 0x0) 8.575870169s ago: executing program 2 (id=4634): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 3.166612422s ago: executing program 3 (id=4605): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300080000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a3100000000140003800800014000000000080002400000000038000000160a0101000b000000000000010000000900020073797a3100000000090001"], 0xc0}}, 0x0) 3.165515842s ago: executing program 0 (id=4636): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r1 = fanotify_init(0x200, 0x2) fanotify_mark(r1, 0x201, 0x37, r0, 0x0) r2 = inotify_init() r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$FS_IOC_SETVERSION(r4, 0x40087602, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000004000000000000000000008500000036000000850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r6, r5, 0x25, 0x0, @val=@tracing}, 0x40) syz_init_net_socket$x25(0x9, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r7 = getpid() sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x40001e0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001240)=ANY=[@ANYBLOB="bf16000000000000b707000001009fa35070000000000000280000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3010100bd2321afb56fa54f26fb0b71d0e6adff07f1d8f7faf75e0f226bd99eea7960707142fa2dc79b9723741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988ee99fbfbf9b0a4def23d410f6296b32a834388107200759cda9036b4e369a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967dec6e802f5ab3eea57b09a2ed4048d3b867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837079e468ee207d2f73902fbcfcf49822775985bf31b715f5888b24efa000000000000ffffffdf0000000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b9349e31aa3701c38c527d3237c18e521ab219efdebb7b3de8f67581cf796a1d4223b90b80fcad3f6c962b9f292324b7ab7f7da31cf41ab12012fb1e0a494034127de745409e35a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d307db98ca112874ec309baed0499104dcfe7c0f694bd5fc9e66d058b75fa4c81e5c9f42d9383e41d277b10392a96286744f049c3f128f8f92ef992239eafce5b43b4ec1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b2e00916de48a4e70f03cc415ba77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b638c234bbb55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bf6cf8809c3a0d46ff7f000000000000ad1e1f493354b2822b9837421134c0167d78e6c24ed0a2768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4cc302b52e2101de18a1f1f7c551b3fa00055cc1c46c5fd9c26a54d43fa050645bd6109b113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e97c870800000047546103f123f661c84726e7c7c55eff231a1b033d8f841ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef7be184f5e93ba5c8c2a4c04450b652b8d4c2ff030000000000000007c6bbd6cb2b240ce7d47ae636a5dbe9864a117d27326850a7c3b57086a4482c218b10af13d7be94987005088a83880ccab9c99220002af8c5e13d52c87c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a700a86c814459f3cdaaf99000000000000000000bf2130d1b32c826563c718d0ad23bc83ba3f3757210a057e177615c0683f000000000000006d4e0413ab52f5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fcff030000629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa63966945d93c33b038ce0d890f85f8a6ab8487c383e24d4a8051f80e1811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f207ea3df3d6c0002a41783078e56c70afe8016b3dd9dc7785b36e609f173cc747837d600283b3452c57a5d44cacd363589845637071320921d32c1663964eddec97cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c81eb7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dcb0c42c4d719347f3d16304fa000008ffffffffffffff003049ca923d059c0ab5d886a491adacb7e4b43b1b57586e5fe2aa611f6232a9b71882ce24fce75cf105fa57f000756755b7230e2c0c1fed5487271c4f2981cf8f4351ef5d08641dacaed000080000000000000000000000fa36bbac00bb77c933d3961556f3fe647b05643b0000000000000000000000967aef9c5706e13d5889e77dab80a2548ec31629b7355a2bb8b93e4b6323061f545b26accc4621b568ab0bfaf30aa4f60705532c4a09c0a4a5487c762167edf362be35b9c90ad7e372a66bbb1471aa21000000000000104061c66a7432f25687618e31dcef8c5d4a2457a93f3fc6d3d7131746c75ccf400fc1a7a51826832ef7f5fbc78827d937768443a1c1ca3aba930826fd21aa1201d9225256df8de405d1f12c17cdaff3ad675aa333aa7e919459babd3cc1000000000000000000000000000000000000000000000000000000000000000059fdc6a54a2a8b28fa7d9b92aeb58e78e3b8594a5ef6bb67e52bf43b6145f544273a8f62852706c0abef368bfc72f92fa99a7bf121019cff8001fd7d2f6c2c295a5cab383235fec4c1decbed258ee9df8963c0fc828ad2119ffefe36c78692fffb6942b9da0922b2aa8f6b66c14ee7f42d5951edcc986356b41c0de3549f851ca340d9e425e355c1decb785a1042a72c1c98a084b04b1d9be473e50a15d76b110eda3b7cc1f2501211773cf510a43888422c1328476dd6f42659c61a18618fd28d5cd342c276aa9c4cc035077fa09d672b8dcfb3ac1751628647047d07338a8619037e3449a173ddd697f541a0795a2de7ef1396d70675341ebf004be122de04b5275fe7e53d28ebdc5051cec00759d73ca97229d93b965926060b6f91d01324bd458b425ea51c5d5b69551d599188fc6040370ac9ca7ae9eea9e5ede79bd66bd3d616dd7d7dd4c3a8fd055a3585af6fe7f5046c61154598cd33c33a48ece1072afd04b1fd85eb1655d9f3f813392c9634200d892dc6810b436820a1e0f6b464855e28953eb63cd3d6fc1b7bfb588ce28a51af1658d45d759a8399da55a3ff6597bb9f47167fe55ca240623a001e5fe15d9ddefea06a3750501916163844106c4ce662f418d9fc509e5447f712048d53e7e36ee7de083c5ea1119969d858eb6785395fc5"], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x5b, 0x8a}, 0x50) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000780)=ANY=[], 0x2c2) inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0xe1000d00) r10 = open(&(0x7f0000000200)='./file0\x00', 0x4088043, 0x1) ioctl$BLKTRACESTOP(r10, 0x1275, 0x0) 3.164656952s ago: executing program 1 (id=4637): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$9p(0x0, 0x80080) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4) syz_emit_ethernet(0x6e, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb8000", 0x38, 0x3a, 0xff, @remote, @mcast2, {[], @time_exceed={0x4, 0x1, 0x0, 0x9, '\x00', {0x0, 0x6, "f99063", 0x800, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, [], "af34000000000000"}}}}}}}, 0x0) recvmmsg(r3, &(0x7f0000001740)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x2000, 0x0) 3.161680052s ago: executing program 2 (id=4638): socket$inet6_udp(0xa, 0x2, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_CAP_MEMORY_FAULT_INFO(0xffffffffffffffff, 0x4068aea3, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x25}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x540000, r1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000800)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, 0x0, 0x6, 0x0, 0x100, 0x6, 0x180107, r1}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000240)={@mcast2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @dev={0xfe, 0x80, '\x00', 0x36}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r4}) 2.774442599s ago: executing program 3 (id=4627): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0600000004000000101000008900"], 0x50) ioctl$XFS_IOC_FSGROWFSRT(0xffffffffffffffff, 0x40105870, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x42, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/106, &(0x7f0000000380), &(0x7f0000000000), 0x7f, r0, 0x0, 0x7}, 0x38) 2.772895459s ago: executing program 2 (id=4640): socket$inet6_udp(0xa, 0x2, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_CAP_MEMORY_FAULT_INFO(0xffffffffffffffff, 0x4068aea3, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x25}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x540000, r1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000800)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, 0x0, 0x6, 0x0, 0x100, 0x6, 0x180107, r1}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000240)={@mcast2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @dev={0xfe, 0x80, '\x00', 0x36}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r4}) 2.106196615s ago: executing program 2 (id=4628): socket$inet6(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48) setitimer(0x2, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x27, 0x6, 0x80000000) prlimit64(0x0, 0x0, &(0x7f00000002c0)={0x8000000000000001, 0x40}, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x0, 0x200000000180, 0x2000000001b0, 0x2000000001e0], 0x0, 0x0, &(0x7f0000000180)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x138) socket(0x2, 0x3, 0x67) mkdir(&(0x7f0000000100)='./file0\x00', 0x11c) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040)='vxfs\x00', 0x11, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000040)={0xf0f024}) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50) 2.051207788s ago: executing program 0 (id=4629): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000006}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x32, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffcb0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x1058, 0x0, 0x20, 0x0, 0x0, 0xffffffffffffff52, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x7ffff, 0x0, 0x0, 0x1, 0x11}, @flat=@handle={0x73682a85, 0x1, 0x1}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}, @acquire_done], 0x0, 0x0, 0x0}) 1.276242102s ago: executing program 3 (id=4630): r0 = socket(0x1, 0x2, 0x0) sendmmsg$unix(r0, &(0x7f0000001680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) r1 = socket(0x1, 0x803, 0x0) accept4$vsock_stream(r1, 0x0, 0x0, 0x800) 1.142403082s ago: executing program 3 (id=4631): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000036c0)=ANY=[@ANYBLOB="c0010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000700000000001400020077673000000000000000000000000000900108802c0100801400040002004e207f0000010000000000000000e80009801c000080060001000200000008000200ac14143205000300000000007c000080060001000200000008000200640101020500030003000000060001000a00000014000200ff0200000000000000000000000000010500030003000000060001000200000008000200ac1414810500030003000000060001000a00000014000200ff0200000000000000000000000000010500030003000000f2fd0080060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000a00000014000216fe8000000000000000000000000000bb050003000100000024000100000000000000000000000000000000000000000000000000000000000000000006000500000000005c0000800600050008"], 0x1c0}, 0x1, 0x0, 0x0, 0xc811}, 0x40000) 1.102898344s ago: executing program 2 (id=4632): sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) unshare(0x22020600) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00') pread64(r3, &(0x7f000001a240)=""/102399, 0x18fff, 0x100008) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fcntl$getflags(r4, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@private2, 0x4, 0x2, 0x2, 0x3, 0x3c76, 0x4}, 0x20) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) fsetxattr$security_capability(r2, 0x0, 0x0, 0xfffffe04, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) fcntl$getflags(r5, 0x40a) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f002, 0x6}) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r9, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840) sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x44, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xb, 0x7}, {0x0, 0xfff3}, {0xd, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffe}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001d00070f000000000000000007000000", @ANYRES32=r10, @ANYBLOB="00005200060005000100000008000800", @ANYRES16=r10], 0x2c}}, 0x20008000) 1.01299752s ago: executing program 0 (id=4635): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0xc2240, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) ioctl$TCXONC(r0, 0x540a, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0) read$msr(r1, &(0x7f000001aa40)=""/102392, 0x18ff8) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000001900)=ANY=[@ANYBLOB="640000000306010200000000000000000a0000060500010007000000050001000700000009000200"], 0x64}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008080) timer_create(0x6, &(0x7f0000000340)={0x0, 0x2f, 0x5, @thr={&(0x7f0000000140)="cb8685a13703473039f3a12d86f98179ee61f0b2f0bf03c013657cfa13ab04511173d2c49361e0def2fb1c008f2054e2c05fa5d9b8e457e91d8959ac066b75b607609739cddc8ac81636abc2549d6323140360eb3d7b525c4a4d01250277704047af14442a665c33094d791e84f6a86a813b0daf", &(0x7f0000000240)="954a2ffe65b7f224cf290a4b08196a61847741041f74c1a4170e39f5c1d018219946de4fce1fb2086da0d1591e9842ff74fc2c7b6bc3178265cee27bd682b37788edfb6c70b0111c67a9332885b07cc21494a17f568d2672d44595ee933dba8b36afa949210764d3e9e4f6f4a45b592271031367485c946b92180f4b05555415d15bca2ee2b127fa3b2c9e07922f17e4ec56e2cbd3572b600947aa1bcabacb24459394590c62110d249a2dc25e46ac761c5f742673"}}, &(0x7f0000000380)) socket$key(0xf, 0x3, 0x2) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) recvmmsg$unix(r3, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x60, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r5 = socket(0x10, 0x803, 0x0) getsockname$packet(r5, 0x0, 0x0) syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r6 = socket(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0) 970.921903ms ago: executing program 3 (id=4639): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 0s ago: executing program 3 (id=4641): r0 = socket$packet(0x11, 0x3, 0x300) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000003000/0x3000)=nil, 0x3000, &(0x7f0000000000)='pids.current\x00') ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1_virt_wifi\x00', 0x0}) madvise(&(0x7f00007fa000/0x1000)=nil, 0x1000, 0x10) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000100)={0x3, 0x5, 0x3}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffeab, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffef4, &(0x7f00000002c0)=0x400000bca) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r6 = socket$inet6(0xa, 0x2, 0x3a) sendto$inet6(r6, 0x0, 0x3e, 0x40000, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x0, 0x1fffffd, {0x0, 0x0, 0x0, r1, {0x7, 0xffff}, {0xd, 0xc}, {0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) kernel console output (not intermixed with test programs): 3: loop2: Failed to initialize $Extend. [ 585.892709][T14045] ntfs3: loop2: ino=0, attr_set_size [ 585.903699][T14045] ntfs3: loop2: ino=0, attr_set_size [ 585.924918][T14045] ntfs3: loop2: ino=0, attr_set_size [ 585.946921][T14045] ntfs3: loop2: no free space to extend mft [ 586.328495][T14043] loop0: detected capacity change from 0 to 32768 [ 586.602374][ T5803] IPVS: starting estimator thread 0... [ 586.843324][T14065] IPVS: using max 20 ests per chain, 48000 per kthread [ 587.084334][T14069] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2814'. [ 587.129013][T14069] loop2: detected capacity change from 0 to 512 [ 587.366288][T14069] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 587.414774][T14069] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 587.437970][T14069] EXT4-fs (loop2): Remounting filesystem read-only [ 587.444868][T14069] EXT4-fs (loop2): 1 truncate cleaned up [ 587.455120][T14069] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 587.765073][T12071] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 588.392561][T14079] loop3: detected capacity change from 0 to 32768 [ 588.430984][T14079] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 588.498711][T14079] XFS (loop3): Ending clean mount [ 588.513857][T14079] XFS (loop3): Quotacheck needed: Please wait. [ 588.598699][T14079] XFS (loop3): Quotacheck: Done. [ 589.464554][T12253] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 589.967778][T14075] loop0: detected capacity change from 0 to 262144 [ 589.977495][T14075] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop0 scanned by syz.0.2816 (14075) [ 590.257216][T14099] loop2: detected capacity change from 0 to 32768 [ 590.266520][T14099] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 590.272614][T14075] BTRFS info (device loop0): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 590.289545][T14075] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 590.298837][T14075] BTRFS info (device loop0): using free space tree [ 590.409975][T12593] I/O error, dev loop2, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 590.514240][T14117] trusted_key: encrypted_key: insufficient parameters specified [ 590.643575][T14075] BTRFS error (device loop0): open_ctree failed: -4 [ 590.782894][T14101] x_tables: duplicate entry at hook 2 [ 592.419819][T14137] loop2: detected capacity change from 0 to 4096 [ 592.441143][T14137] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 592.501920][T14137] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 592.522338][T14137] ntfs3: loop2: Failed to load $Extend (-22). [ 592.529887][T14137] ntfs3: loop2: Failed to initialize $Extend. [ 592.563577][T14137] ntfs3: loop2: ino=0, attr_set_size [ 592.574476][T14137] ntfs3: loop2: ino=0, attr_set_size [ 593.656082][ T27] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 593.978828][ T27] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 593.992067][ T27] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 594.002831][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.011438][ T27] usb 3-1: Product: syz [ 594.022603][ T27] usb 3-1: Manufacturer: syz [ 594.037864][ T27] usb 3-1: SerialNumber: syz [ 594.076251][ T27] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 594.756569][ T27] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 595.035378][ T27] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0) [ 595.065984][ T27] usb 3-1: media controller created [ 595.191819][ T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 595.496736][T14171] loop0: detected capacity change from 0 to 32768 [ 595.510565][T14171] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz.0.2844 (14171) [ 595.527707][T14171] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 595.539138][T14171] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 595.548054][T14171] BTRFS info (device loop0): enabling disk space caching [ 595.555202][T14171] BTRFS info (device loop0): force clearing of disk cache [ 595.562696][T14171] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 595.572272][T14171] BTRFS info (device loop0): use zstd compression, level 3 [ 595.579671][T14171] BTRFS info (device loop0): disk space caching is enabled [ 595.691518][T14171] BTRFS info (device loop0): enabling ssd optimizations [ 595.698634][T14171] BTRFS info (device loop0): auto enabling async discard [ 595.708985][T14171] BTRFS info (device loop0): rebuilding free space tree [ 595.735698][T14171] BTRFS info (device loop0): disabling free space tree [ 595.743985][T14171] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 595.753929][T14171] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 595.810734][ T27] usb 3-1: USB disconnect, device number 8 [ 595.960759][T13469] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 597.856670][T14227] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2858'. [ 597.866216][ T27] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 598.052565][ T27] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 598.061631][ T27] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 598.096125][ T27] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 598.105951][ T27] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 598.136134][ T27] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 598.160198][ T27] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 598.176086][ T27] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 598.184145][ T27] usb 4-1: Product: syz [ 598.206047][ T27] usb 4-1: Manufacturer: syz [ 598.217339][ T27] cdc_wdm 4-1:1.0: skipping garbage [ 598.222593][ T27] cdc_wdm 4-1:1.0: skipping garbage [ 598.256220][ T27] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 598.262286][ T27] cdc_wdm 4-1:1.0: Unknown control protocol [ 598.306070][ T2242] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 598.467055][T13606] usb 4-1: USB disconnect, device number 3 [ 598.505971][ T2242] usb 1-1: Using ep0 maxpacket: 8 [ 598.523206][ T2242] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 598.545918][ T2242] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 598.559779][T14230] loop2: detected capacity change from 0 to 32768 [ 598.572267][ T2242] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 598.585555][ T2242] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 598.599240][ T2242] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 598.609525][ T2242] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.635929][T14230] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 598.746340][T14230] XFS (loop2): Ending clean mount [ 598.834405][ T2242] usb 1-1: GET_CAPABILITIES returned 0 [ 598.846627][ T2242] usbtmc 1-1:16.0: can't read capabilities [ 598.883273][T12071] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 599.394526][ T5806] kernel write not supported for file /snd/seq (pid: 5806 comm: kworker/0:4) [ 599.581306][T14290] loop3: detected capacity change from 0 to 8 [ 599.653618][T14290] SQUASHFS error: Unable to read directory block [629:46] [ 600.730772][T14300] loop3: detected capacity change from 0 to 32768 [ 600.738474][T14300] XFS: ikeep mount option is deprecated. [ 600.769077][T14300] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 600.807759][T14300] XFS (loop3): Ending clean mount [ 600.910009][T12253] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 601.045136][ T5806] usb 1-1: USB disconnect, device number 2 [ 601.399345][T14331] ucma_write: process 441 (syz.3.2884) changed security contexts after opening file descriptor, this is not allowed. [ 601.616187][T14335] loop2: detected capacity change from 0 to 128 [ 605.060473][T13606] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 605.277287][T13606] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 605.315222][T13606] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 605.324687][T13606] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.344662][T13606] usb 1-1: Product: syz [ 605.349072][T13606] usb 1-1: Manufacturer: syz [ 605.353688][T13606] usb 1-1: SerialNumber: syz [ 605.364203][T13606] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 605.779853][T13606] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 605.814475][T13606] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0) [ 605.845535][T13606] usb 1-1: media controller created [ 605.988182][T13606] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 606.172294][T14391] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 606.323146][ T5806] usb 1-1: USB disconnect, device number 3 [ 608.141322][T14419] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2917'. [ 608.637176][T14432] loop2: detected capacity change from 0 to 16 [ 608.666211][T14432] erofs: (device loop2): mounted with root inode @ nid 36. [ 609.266422][T14427] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 609.273413][T14427] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 609.321212][T14427] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 609.328095][T14427] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 609.341634][T14427] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 609.350120][T14437] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2924'. [ 609.359839][T14427] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 609.426196][T14427] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 610.213195][T14453] loop2: detected capacity change from 0 to 1024 [ 610.266613][T14453] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 610.551717][T14459] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #2: block 16: comm syz.2.2931: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=2, rec_len=65535, size=1024 fake=0 [ 610.580351][T13653] Bluetooth: hci3: command 0x0406 tx timeout [ 611.220859][T12071] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 611.366020][T13653] Bluetooth: hci4: command 0x0c1a tx timeout [ 611.372312][T13653] Bluetooth: hci1: command 0x0406 tx timeout [ 611.686994][T14464] loop3: detected capacity change from 0 to 32768 [ 611.718131][T14464] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz.3.2935 (14464) [ 611.736010][T14464] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 611.746515][T14464] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 611.755329][T14464] BTRFS info (device loop3): enabling disk space caching [ 611.762531][T14464] BTRFS info (device loop3): force clearing of disk cache [ 611.769775][T14464] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 611.779281][T14464] BTRFS info (device loop3): use zstd compression, level 3 [ 611.786585][T14464] BTRFS info (device loop3): disk space caching is enabled [ 611.952188][T14464] BTRFS info (device loop3): enabling ssd optimizations [ 611.959517][T14464] BTRFS info (device loop3): auto enabling async discard [ 611.972228][T14464] BTRFS info (device loop3): rebuilding free space tree [ 612.008721][T14464] BTRFS info (device loop3): disabling free space tree [ 612.015976][T14464] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 612.026969][T14464] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 612.080586][T14494] loop0: detected capacity change from 0 to 24 [ 612.144891][T14494] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 612.181506][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 612.181520][ T28] audit: type=1326 audit(1775822014.877:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14496 comm="syz.1.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d0679c819 code=0x7ffc0000 [ 612.224110][T14494] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 612.548290][T14500] loop2: detected capacity change from 0 to 2048 [ 612.578099][T14500] UDF-fs: bad mount option "ÿÿÿÿÿÿÿÿ" or missing value [ 612.591075][T12253] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 612.646004][T13653] Bluetooth: hci3: command 0x0406 tx timeout [ 612.649811][ T28] audit: type=1326 audit(1775822015.347:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14496 comm="syz.1.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f5d0679c819 code=0x7ffc0000 [ 612.686064][ T28] audit: type=1326 audit(1775822015.377:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14496 comm="syz.1.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d0679c819 code=0x7ffc0000 [ 612.710688][ T28] audit: type=1326 audit(1775822015.377:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14496 comm="syz.1.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d0679c819 code=0x7ffc0000 [ 612.744093][T14505] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2945'. [ 612.841668][T12593] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 12 /dev/loop3 scanned by udevd (12593) [ 614.016062][T13653] Bluetooth: hci1: command 0x0406 tx timeout [ 614.022118][T13653] Bluetooth: hci4: command 0x0c1a tx timeout [ 616.186410][T13653] Bluetooth: hci4: command 0x0c1a tx timeout [ 617.543471][T14550] loop3: detected capacity change from 0 to 256 [ 618.396700][T14563] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2959'. [ 618.679670][T14567] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2965'. [ 619.376156][ T5806] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 619.596021][ T5806] usb 1-1: Using ep0 maxpacket: 8 [ 619.621655][ T5806] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 619.643971][ T5806] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 619.719721][ T5806] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 619.747698][ T5806] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 619.763801][ T5806] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 619.786710][ T5806] usb 1-1: config 168 interface 0 has no altsetting 0 [ 619.821494][ T5806] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 619.831919][ T5806] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 619.873829][ T5806] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 619.894552][ T5806] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 619.917188][ T5806] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 619.935518][ T5806] usb 1-1: config 168 interface 0 has no altsetting 0 [ 619.944510][ T5806] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 619.958493][ T5806] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 619.972397][ T5806] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 619.988703][ T5806] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 620.012909][ T5806] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 620.032451][ T5806] usb 1-1: config 168 interface 0 has no altsetting 0 [ 620.044689][ T5806] usb 1-1: string descriptor 0 read error: -22 [ 620.086925][ T5806] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 620.105703][ T5806] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.137025][ T5806] adutux 1-1:168.0: interrupt endpoints not found [ 620.203629][T14588] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2974'. [ 620.567848][ T5806] usb 1-1: USB disconnect, device number 4 [ 621.199360][T14599] loop3: detected capacity change from 0 to 32768 [ 621.234010][T14599] (syz.3.2978,14599,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 621.309321][T14599] (syz.3.2978,14599,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 621.531312][T14599] JBD2: Ignoring recovery information on journal [ 621.611590][T14613] netlink: 'syz.0.2982': attribute type 2 has an invalid length. [ 621.619505][T14613] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2982'. [ 622.387114][T14599] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 623.055747][T14599] syz.3.2978 (14599) used greatest stack depth: 18920 bytes left [ 623.101965][T14627] trusted_key: encrypted_key: insufficient parameters specified [ 623.571712][T12253] ocfs2: Unmounting device (7,3) on (node local) [ 624.023744][T14630] loop2: detected capacity change from 0 to 64 [ 624.466434][ T5829] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 624.667342][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.673874][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.499166][ T5829] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 625.515932][ T5829] usb 1-1: config 0 has no interface number 0 [ 625.535011][ T5829] usb 1-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 625.545598][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.561734][ T5829] usb 1-1: Product: syz [ 625.570469][ T5829] usb 1-1: Manufacturer: syz [ 625.575115][ T5829] usb 1-1: SerialNumber: syz [ 625.587377][T14656] loop3: detected capacity change from 0 to 2048 [ 625.596956][ T5829] usb 1-1: config 0 descriptor?? [ 625.609163][ T5829] usb 1-1: selecting invalid altsetting 1 [ 625.636683][ T5829] dvb_ttusb_budget: ttusb_init_controller: error [ 625.653841][ T5829] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 625.664687][T14656] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 625.705102][ T28] audit: type=1800 audit(1775822028.397:219): pid=14656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2999" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 625.736203][ T5829] DVB: Unable to find symbol stv0299_attach() [ 625.771283][T14656] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 625.831351][ T28] audit: type=1800 audit(1775822028.487:220): pid=14663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2999" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 625.835902][T14656] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 242 with error 28 [ 625.861077][T14663] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 625.882347][T14656] EXT4-fs (loop3): This should not happen!! Data will be lost [ 625.882347][T14656] [ 625.883376][ T5829] DVB: Unable to find symbol tda8083_attach() [ 625.897293][T14656] EXT4-fs (loop3): Total free blocks count 0 [ 625.899083][ T5829] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 625.904779][T14656] EXT4-fs (loop3): Free/Dirty block details [ 625.913369][T14663] EXT4-fs (loop3): This should not happen!! Data will be lost [ 625.913369][T14663] [ 625.923974][T14656] EXT4-fs (loop3): free_blocks=66060288 [ 625.939443][T14663] EXT4-fs (loop3): Total free blocks count 0 [ 625.948842][ T5829] usb 1-1: USB disconnect, device number 5 [ 625.967972][T13550] udevd[13550]: setting mode of /dev/dvb/adapter1/demux0 to 020660 failed: No such file or directory [ 625.987244][T14663] EXT4-fs (loop3): Free/Dirty block details [ 626.015170][T13550] udevd[13550]: setting owner of /dev/dvb/adapter1/demux0 to uid=0, gid=28 failed: No such file or directory [ 628.177779][T14692] Bluetooth: hci0: invalid length 0, exp 2 for type 24 [ 629.124284][T14704] netlink: 'syz.2.3016': attribute type 4 has an invalid length. [ 629.447557][T14717] loop0: detected capacity change from 0 to 16 [ 629.619228][T14717] erofs: (device loop0): mounted with root inode @ nid 36. [ 629.768251][T14724] trusted_key: encrypted_key: insufficient parameters specified [ 630.135892][ T28] audit: type=1800 audit(1775822032.827:221): pid=14717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3021" name="file1" dev="loop0" ino=86 res=0 errno=0 [ 630.559831][T14730] loop2: detected capacity change from 0 to 136 [ 631.755949][ T5829] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 631.946022][ T5829] usb 3-1: Using ep0 maxpacket: 8 [ 631.956185][ T5829] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 631.971060][ T5829] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 631.988411][ T5829] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 632.002110][ T5829] usb 3-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 632.013253][ T5829] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 632.027034][ T5829] usb 3-1: config 168 interface 0 has no altsetting 0 [ 632.035499][ T5829] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 632.043241][ T5829] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 632.054842][ T5829] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 632.066719][ T5829] usb 3-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 632.078125][ T5829] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 632.091946][ T5829] usb 3-1: config 168 interface 0 has no altsetting 0 [ 632.105459][ T5829] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 632.113471][ T5829] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 632.126056][ T5829] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 632.138022][ T5829] usb 3-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 632.149339][ T5829] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 632.163275][ T5829] usb 3-1: config 168 interface 0 has no altsetting 0 [ 632.174351][ T5829] usb 3-1: string descriptor 0 read error: -22 [ 632.181039][ T5829] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 632.190605][ T5829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.212161][ T5829] adutux 3-1:168.0: interrupt endpoints not found [ 632.495794][T13474] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 632.523211][T13474] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 632.536170][T13474] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 632.554098][T13474] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 632.566258][T13474] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 632.573713][T13474] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 632.575476][ T5803] usb 3-1: USB disconnect, device number 9 [ 632.737192][T14760] lo speed is unknown, defaulting to 1000 [ 633.181517][T14760] chnl_net:caif_netlink_parms(): no params data found [ 633.247412][T14760] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.254678][T14760] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.262141][T14760] bridge_slave_0: entered allmulticast mode [ 633.270112][T14760] bridge_slave_0: entered promiscuous mode [ 633.279231][T14760] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.287233][T14760] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.294695][T14760] bridge_slave_1: entered allmulticast mode [ 633.302358][T14760] bridge_slave_1: entered promiscuous mode [ 633.330188][T14760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 633.342310][T14760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 633.372028][T14760] team0: Port device team_slave_0 added [ 633.382557][T14760] team0: Port device team_slave_1 added [ 633.417295][T14760] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 633.428142][T14760] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 633.454727][T14760] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 633.470012][T14760] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 633.477241][T14760] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 633.508724][T14760] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 633.595750][T14760] hsr_slave_0: entered promiscuous mode [ 633.631828][T14760] hsr_slave_1: entered promiscuous mode [ 633.642289][T14760] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 633.652393][T14760] Cannot create hsr debugfs directory [ 634.090424][T14760] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 634.134530][T14760] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.646019][T13474] Bluetooth: hci2: command tx timeout [ 634.754370][T14760] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 634.796980][T14760] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.307763][ T5829] kernel write not supported for file task/232/attr/current (pid: 5829 comm: kworker/1:6) [ 635.495252][T14760] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 635.544207][T14760] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.734159][T14819] loop0: detected capacity change from 0 to 512 [ 635.749632][T14819] EXT4-fs: Ignoring removed oldalloc option [ 635.767736][T14819] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 635.813272][T14819] EXT4-fs (loop0): 1 truncate cleaned up [ 635.837416][T14819] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 635.864254][T14760] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 635.939185][T14826] loop3: detected capacity change from 0 to 136 [ 635.947744][T14760] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.726049][T13474] Bluetooth: hci2: command tx timeout [ 637.001594][T13469] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.154121][T14760] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 637.184723][T14760] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 637.220222][T14760] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 637.279336][T14760] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 637.547190][T14760] 8021q: adding VLAN 0 to HW filter on device bond0 [ 637.617895][T14760] 8021q: adding VLAN 0 to HW filter on device team0 [ 637.638795][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.646140][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 637.681028][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.688386][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 637.882521][T14841] loop0: detected capacity change from 0 to 40427 [ 637.904090][T14841] F2FS-fs (loop0): build fault injection attr: rate: 174, type: 0x7ffff [ 638.651300][T14760] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 638.806842][T13474] Bluetooth: hci2: command tx timeout [ 638.930860][T14760] veth0_vlan: entered promiscuous mode [ 639.033850][T14760] veth1_vlan: entered promiscuous mode [ 639.368106][T14861] loop3: detected capacity change from 0 to 131072 [ 639.383641][T14861] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 639.391920][T14861] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 639.406502][T14861] F2FS-fs (loop3): invalid crc value [ 639.468908][T14861] F2FS-fs (loop3): Found nat_bits in checkpoint [ 639.532513][T14861] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 639.539675][T14861] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 640.211942][T14760] veth0_macvtap: entered promiscuous mode [ 640.300774][T14760] veth1_macvtap: entered promiscuous mode [ 640.388866][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.464533][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.506910][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.545929][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.580625][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.617404][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.650845][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.711834][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.724056][T14760] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 640.742669][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 640.756569][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.781728][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 640.861456][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.901247][T13474] Bluetooth: hci2: command tx timeout [ 640.935903][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.037834][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.074069][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.092975][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.365637][T14760] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 641.586963][T14760] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.595798][T14760] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.696453][T14760] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.721946][T14760] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.938480][ T8374] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 641.998119][ T8374] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 642.023868][T14887] loop0: detected capacity change from 0 to 136 [ 642.112958][ T8374] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 642.146136][ T8374] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 643.046870][T14901] siw: device registration error -23 [ 644.286586][ T8] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 644.410919][T14912] loop2: detected capacity change from 0 to 136 [ 644.443424][T14912] iso9660: Corrupted directory entry in block 2 of inode 1472 [ 644.549637][ T8] usb 1-1: config 0 has no interfaces? [ 644.563837][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 644.582882][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.608522][ T8] usb 1-1: Product: syz [ 644.618338][ T8] usb 1-1: Manufacturer: syz [ 644.627773][ T8] usb 1-1: SerialNumber: syz [ 644.662666][ T8] usb 1-1: config 0 descriptor?? [ 644.888024][ T5803] usb 1-1: USB disconnect, device number 6 [ 644.966482][T14918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3089'. [ 646.265924][T13474] Bluetooth: hci4: unexpected event for opcode 0x2042 [ 646.856148][ T5803] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 647.098209][ T5803] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 647.305587][ T5803] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 647.353477][ T5803] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.400222][ T5803] usb 3-1: Product: syz [ 647.413646][ T5803] usb 3-1: Manufacturer: syz [ 647.429106][ T5803] usb 3-1: SerialNumber: syz [ 647.466170][ T5803] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 647.877163][ T5803] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 647.908472][ T5803] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0) [ 647.931853][ T5803] usb 3-1: media controller created [ 647.997274][ T5803] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 648.475346][ T5803] usb 3-1: USB disconnect, device number 10 [ 648.863479][T14968] loop1: detected capacity change from 0 to 32768 [ 648.906499][T14968] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.3109 (14968) [ 649.015244][T14968] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 649.041121][T14968] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 649.076127][T14968] BTRFS info (device loop1): metadata ratio 2 [ 649.082293][T14968] BTRFS info (device loop1): force zlib compression, level 3 [ 649.253718][T14968] BTRFS info (device loop1): use zlib compression, level 3 [ 649.295921][T14968] BTRFS info (device loop1): enabling auto defrag [ 649.303115][T14968] BTRFS info (device loop1): max_inline at 0 [ 649.325900][T14968] BTRFS info (device loop1): using free space tree [ 649.404949][T14968] BTRFS info (device loop1): enabling ssd optimizations [ 649.466133][T14968] BTRFS info (device loop1): auto enabling async discard [ 649.519115][T15007] loop2: detected capacity change from 0 to 512 [ 649.529308][T15007] EXT4-fs: Ignoring removed nomblk_io_submit option [ 649.555771][T15007] EXT4-fs: Ignoring removed mblk_io_submit option [ 649.599094][ T28] audit: type=1800 audit(1775822052.297:222): pid=14968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3109" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 649.638776][T15007] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 649.656716][T15007] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 649.692241][T15007] EXT4-fs (loop2): 1 truncate cleaned up [ 649.717183][T15007] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 649.744005][T14760] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 649.826803][T15007] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 4: comm syz.2.3120: lblock 0 mapped to illegal pblock 4 (length 1) [ 650.011522][T15007] EXT4-fs (loop2): Remounting filesystem read-only [ 650.114548][T12071] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 652.568735][T15023] loop1: detected capacity change from 0 to 32768 [ 652.704606][T15023] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 652.908013][T15023] XFS (loop1): Ending clean mount [ 653.007026][T15023] XFS (loop1): Quotacheck needed: Please wait. [ 653.097081][T15023] XFS (loop1): Quotacheck: Done. [ 653.306557][T14760] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 653.443439][T15046] loop2: detected capacity change from 0 to 32768 [ 653.480238][T15046] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 653.489548][T15046] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 653.541967][T15046] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 653.556839][ T5807] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 653.566154][ T5807] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 653.688849][ T5807] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 122ms [ 653.702738][ T5807] gfs2: fsid=syz:syz.0: jid=0: Done [ 653.711569][T15046] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 653.775515][T15054] loop3: detected capacity change from 0 to 136 [ 655.993799][T15075] loop1: detected capacity change from 0 to 136 [ 658.290905][T15096] loop1: detected capacity change from 0 to 256 [ 658.401409][T15096] FAT-fs (loop1): Directory bread(block 64) failed [ 658.456020][T15096] FAT-fs (loop1): Directory bread(block 65) failed [ 658.483365][T15096] FAT-fs (loop1): Directory bread(block 66) failed [ 658.516001][T15096] FAT-fs (loop1): Directory bread(block 67) failed [ 658.522678][T15096] FAT-fs (loop1): Directory bread(block 68) failed [ 658.565410][T15096] FAT-fs (loop1): Directory bread(block 69) failed [ 658.594328][T15096] FAT-fs (loop1): Directory bread(block 70) failed [ 658.606868][T15096] FAT-fs (loop1): Directory bread(block 71) failed [ 658.613715][T15096] FAT-fs (loop1): Directory bread(block 72) failed [ 658.621377][T15096] FAT-fs (loop1): Directory bread(block 73) failed [ 658.881801][T15104] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3151'. [ 659.325023][T15106] loop0: detected capacity change from 0 to 136 [ 660.837567][T15131] loop0: detected capacity change from 0 to 32768 [ 660.853705][T15131] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.3163 (15131) [ 660.915246][T15131] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 660.944381][T15131] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 660.979746][T15131] BTRFS info (device loop0): metadata ratio 2 [ 660.994498][T15131] BTRFS info (device loop0): force zlib compression, level 3 [ 661.014131][T15131] BTRFS info (device loop0): use zlib compression, level 3 [ 661.024221][T15131] BTRFS info (device loop0): enabling auto defrag [ 661.032778][T15131] BTRFS info (device loop0): max_inline at 0 [ 661.042390][T15131] BTRFS info (device loop0): using free space tree [ 661.071767][T15131] BTRFS info (device loop0): enabling ssd optimizations [ 661.083017][T15131] BTRFS info (device loop0): auto enabling async discard [ 661.136626][ T28] audit: type=1800 audit(1775822063.837:223): pid=15131 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3163" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 661.211816][T13469] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 661.690033][T15127] loop2: detected capacity change from 0 to 32768 [ 662.434361][T15168] loop0: detected capacity change from 0 to 32768 [ 662.455734][T15168] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.3170 (15168) [ 662.971754][T15168] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 662.982082][T15168] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 662.990967][T15168] BTRFS info (device loop0): using free space tree [ 663.056244][T15127] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 663.131452][T15168] BTRFS info (device loop0): enabling ssd optimizations [ 663.138591][T15168] BTRFS info (device loop0): auto enabling async discard [ 663.420046][T13469] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 663.432669][T15127] XFS (loop2): Ending clean mount [ 663.486282][T15127] XFS (loop2): Quotacheck needed: Please wait. [ 663.725777][T15127] XFS (loop2): Quotacheck: Done. [ 663.872239][T12071] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 663.913601][T15161] loop1: detected capacity change from 0 to 32768 [ 663.970246][T15161] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.3171 (15161) [ 664.084446][T15161] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 664.115091][T15161] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 664.125711][T15161] BTRFS info (device loop1): turning on async discard [ 664.178565][T15161] BTRFS info (device loop1): metadata ratio 0 [ 664.219753][T15161] BTRFS info (device loop1): setting nodatasum [ 664.240497][T15161] BTRFS info (device loop1): using free space tree [ 664.397580][T15161] BTRFS info (device loop1): enabling ssd optimizations [ 664.498144][ T28] audit: type=1800 audit(1775822067.197:224): pid=15161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3171" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 664.664848][T14760] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 665.744978][T15224] loop0: detected capacity change from 0 to 32768 [ 665.781349][T15224] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 12 [ 666.327619][T12593] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 12 [ 666.931451][T15241] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3182'. [ 667.323382][T15226] loop2: detected capacity change from 0 to 32768 [ 667.400550][T15226] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.3177 (15226) [ 667.504550][T15226] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 667.571324][T15226] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 667.640857][T15226] BTRFS info (device loop2): metadata ratio 2 [ 667.681983][T15226] BTRFS info (device loop2): force zlib compression, level 3 [ 667.726343][T15226] BTRFS info (device loop2): use zlib compression, level 3 [ 667.791881][T15226] BTRFS info (device loop2): enabling auto defrag [ 667.811375][T15226] BTRFS info (device loop2): max_inline at 0 [ 667.837071][T15226] BTRFS info (device loop2): using free space tree [ 667.838231][T15250] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3187'. [ 667.877431][T15250] loop0: detected capacity change from 0 to 8 [ 668.116942][T15226] BTRFS info (device loop2): enabling ssd optimizations [ 668.183215][T15226] BTRFS info (device loop2): auto enabling async discard [ 668.345334][ T28] audit: type=1800 audit(1775822071.037:225): pid=15226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3177" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 668.483033][T12071] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 668.692717][T12593] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop2 scanned by udevd (12593) [ 668.953260][T15279] loop3: detected capacity change from 0 to 256 [ 669.132165][T15279] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 670.023057][T15281] loop1: detected capacity change from 0 to 131072 [ 670.134599][T15281] F2FS-fs (loop1): Found nat_bits in checkpoint [ 670.376025][T15281] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 670.504232][ T28] audit: type=1804 audit(1775822073.177:226): pid=15281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3194" name="/newroot/26/file1/bus" dev="loop1" ino=10 res=1 errno=0 [ 671.330712][T15300] loop3: detected capacity change from 0 to 32768 [ 671.350020][T15300] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.3199 (15300) [ 671.377295][T15300] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 671.388109][T15300] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 671.397181][T15300] BTRFS info (device loop3): using free space tree [ 671.636116][T15300] BTRFS info (device loop3): enabling ssd optimizations [ 671.643214][T15300] BTRFS info (device loop3): auto enabling async discard [ 672.200382][T12253] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 672.620158][T15291] loop2: detected capacity change from 0 to 32768 [ 672.687336][T15291] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 672.718104][T15291] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 672.776798][T15291] BTRFS info (device loop2): metadata ratio 2 [ 672.782970][T15291] BTRFS info (device loop2): force zlib compression, level 3 [ 672.852215][T15291] BTRFS info (device loop2): use zlib compression, level 3 [ 672.881414][T15291] BTRFS info (device loop2): enabling auto defrag [ 672.903818][T15291] BTRFS info (device loop2): max_inline at 0 [ 672.915913][T15291] BTRFS info (device loop2): using free space tree [ 673.284016][T15291] BTRFS error (device loop2): open_ctree failed: -4 [ 673.636845][T15359] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3210'. [ 673.669690][T15359] loop2: detected capacity change from 0 to 8 [ 675.987573][T15369] loop1: detected capacity change from 0 to 32768 [ 676.128594][T15369] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.3212 (15369) [ 676.182611][T15369] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 676.193749][T15369] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 676.202610][T15369] BTRFS info (device loop1): using free space tree [ 676.735458][T15369] BTRFS info (device loop1): enabling ssd optimizations [ 676.743502][T15369] BTRFS info (device loop1): auto enabling async discard [ 677.243890][T14760] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 680.162927][T15417] loop1: detected capacity change from 0 to 128 [ 680.213278][T15417] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 680.239487][T15417] ext4 filesystem being mounted at /30/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 680.280300][T15417] EXT4-fs error (device loop1): __ext4_new_inode:1081: comm syz.1.3222: reserved inode found cleared - inode=2 [ 680.287842][T15421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3223'. [ 680.359233][T15421] loop3: detected capacity change from 0 to 8 [ 680.383786][T14760] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 682.027945][T15437] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3229'. [ 682.178176][T15440] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 683.119367][T15452] loop1: detected capacity change from 0 to 512 [ 683.450168][T15452] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.3235: bg 0: block 473: padding at end of block bitmap is not set [ 683.469923][T15452] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 683.516673][ T59] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 683.528512][ T59] EXT4-fs error (device loop1): ext4_release_dquot:6989: comm kworker/u4:4: Failed to release dquot type 1 [ 683.722713][T15452] EXT4-fs (loop1): 1 orphan inode deleted [ 683.892493][T15452] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 684.076385][T15452] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 685.536193][ T27] IPVS: starting estimator thread 0... [ 685.649977][T15479] IPVS: using max 22 ests per chain, 52800 per kthread [ 685.886325][T14760] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 686.176465][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.182830][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.074126][T15497] loop1: detected capacity change from 0 to 256 [ 688.151794][T15497] FAT-fs (loop1): Directory bread(block 64) failed [ 688.185895][T15497] FAT-fs (loop1): Directory bread(block 65) failed [ 688.192849][T15497] FAT-fs (loop1): Directory bread(block 66) failed [ 688.217464][T15497] FAT-fs (loop1): Directory bread(block 67) failed [ 688.225604][T15497] FAT-fs (loop1): Directory bread(block 68) failed [ 688.256421][T15497] FAT-fs (loop1): Directory bread(block 69) failed [ 688.271158][T15497] FAT-fs (loop1): Directory bread(block 70) failed [ 688.287775][T15497] FAT-fs (loop1): Directory bread(block 71) failed [ 688.305258][T15497] FAT-fs (loop1): Directory bread(block 72) failed [ 688.349482][T15497] FAT-fs (loop1): Directory bread(block 73) failed [ 688.406177][T15497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3248'. [ 693.144060][T15550] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3270'. [ 693.431563][T15533] loop1: detected capacity change from 0 to 32768 [ 693.449961][T15533] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.3263 (15533) [ 693.486350][T15563] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3274'. [ 694.586961][T15579] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3278'. [ 694.651320][T15582] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3283'. [ 694.971148][T15594] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3288'. [ 695.117358][T15599] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3289'. [ 698.289702][T15634] overlayfs: failed to resolve './cgroup': -2 [ 698.463575][T15637] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3304'. [ 699.115556][T15661] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3314'. [ 700.099700][T15689] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3324'. [ 703.880797][T15744] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3345'. [ 704.412972][T15701] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 707.172554][ T28] audit: type=1326 audit(1775822109.867:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x0 [ 707.304449][T15809] overlayfs: failed to resolve './file1': -2 [ 707.341238][ T28] audit: type=1326 audit(1775822110.017:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 707.477455][T15807] loop1: detected capacity change from 0 to 32768 [ 707.497333][T15807] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 707.509044][T15807] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 707.519865][T15807] BTRFS info (device loop1): metadata ratio 2 [ 707.527865][T15807] BTRFS info (device loop1): force zlib compression, level 3 [ 707.536570][T15807] BTRFS info (device loop1): use zlib compression, level 3 [ 707.545432][T15807] BTRFS info (device loop1): enabling auto defrag [ 707.550954][ T28] audit: type=1326 audit(1775822110.037:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 707.553426][T15807] BTRFS info (device loop1): max_inline at 0 [ 707.584909][T15807] BTRFS info (device loop1): using free space tree [ 707.631090][ T28] audit: type=1326 audit(1775822110.057:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 707.654367][ T28] audit: type=1326 audit(1775822110.057:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 707.678154][ T28] audit: type=1326 audit(1775822110.107:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1d4db5d04e code=0x7ffc0000 [ 707.701664][ T28] audit: type=1326 audit(1775822110.117:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1d4db5d04e code=0x7ffc0000 [ 707.760042][ T28] audit: type=1326 audit(1775822110.117:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1d4db5d04e code=0x7ffc0000 [ 707.854661][ T28] audit: type=1326 audit(1775822110.117:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1d4db5d04e code=0x7ffc0000 [ 707.878381][ T28] audit: type=1326 audit(1775822110.117:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15805 comm="syz.0.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1d4db5d04e code=0x7ffc0000 [ 707.913066][T15807] BTRFS info (device loop1): enabling ssd optimizations [ 707.933527][T15807] BTRFS info (device loop1): auto enabling async discard [ 708.151747][T14760] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 708.710295][T15832] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3375'. [ 708.764104][T15832] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3375'. [ 708.853504][T15832] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3375'. [ 708.865740][T15832] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3375'. [ 713.164360][T15875] sg_write: data in/out 216/10 bytes for SCSI command 0x40-- guessing data in; [ 713.164360][T15875] program syz.1.3381 not setting count and/or reply_len properly [ 714.111549][T15895] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3395'. [ 714.432941][T15897] netlink: 'syz.0.3396': attribute type 3 has an invalid length. [ 716.505948][T15913] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 716.770969][T15925] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3405'. [ 722.348088][T15969] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3422'. [ 723.768639][T15980] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3426'. [ 726.387434][T16017] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3437'. [ 729.166654][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 733.074865][T16075] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3457'. [ 733.442309][T16086] fuse: Bad value for 'fd' [ 734.259687][ T28] kauditd_printk_skb: 93 callbacks suppressed [ 734.259701][ T28] audit: type=1326 audit(1775822136.957:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16101 comm="syz.2.3468" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5d7619c819 code=0x0 [ 735.676594][T16123] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3474'. [ 739.290716][T16145] kAFS: No cell specified [ 739.575375][T16150] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3487'. [ 739.827948][T16156] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3485'. [ 740.317112][T16168] fuse: Bad value for 'fd' [ 742.547325][T16193] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3500'. [ 742.863445][T16169] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 743.261377][T16203] netlink: 'syz.3.3505': attribute type 10 has an invalid length. [ 743.277048][T16203] team0: Device xfrm0 is of different type [ 744.857605][T16219] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3511'. [ 747.348950][ T27] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 747.746721][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.879035][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.437987][ T27] usb 2-1: Using ep0 maxpacket: 16 [ 748.446582][T16259] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3521'. [ 748.461741][ T27] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 748.485110][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 748.501136][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 748.643806][ T27] usb 2-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 748.653059][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 748.896508][ T27] usb 2-1: config 0 descriptor?? [ 749.295419][T16265] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3523'. [ 749.322218][T16265] xt_l2tp: missing protocol rule (udp|l2tpip) [ 750.046198][ T27] hid-picolcd 0003:04D8:F002.0003: No report with id 0xf3 found [ 750.072007][ T27] hid-picolcd 0003:04D8:F002.0003: No report with id 0xf4 found [ 750.183558][ T27] usb 2-1: USB disconnect, device number 2 [ 752.260647][T16292] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3531'. [ 753.381920][T16308] lo speed is unknown, defaulting to 1000 [ 754.739803][T13474] Bluetooth: hci2: command 0x0406 tx timeout [ 755.298553][T16319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 755.859180][T16299] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 756.271331][T16328] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3541'. [ 757.122535][T16349] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3550'. [ 761.055220][ T28] audit: type=1800 audit(1775822163.747:331): pid=16383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3559" name="bus" dev="ramfs" ino=39209 res=0 errno=0 [ 761.305507][T16374] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 762.715013][T16367] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 765.283440][ T51] Bluetooth: hci2: unexpected event for opcode 0x0c03 [ 765.867508][T16445] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 765.874304][T16445] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 765.883056][T16445] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 765.890340][T16445] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 765.897165][T16445] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 767.286190][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 767.935952][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 767.936104][T13653] Bluetooth: hci1: command 0x0406 tx timeout [ 767.944256][T13474] Bluetooth: hci4: command 0x0c1a tx timeout [ 768.756020][ T5899] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 768.952571][T16552] tmpfs: Bad value for 'nr_blocks' [ 768.955929][ T5899] usb 2-1: Using ep0 maxpacket: 16 [ 768.975243][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 114, changing to 7 [ 768.998865][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 25966, setting to 1024 [ 769.024222][ T5899] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 769.049595][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 769.074723][ T5899] usb 2-1: Product: syz [ 769.092570][ T5899] usb 2-1: Manufacturer: syz [ 769.103278][ T5899] usb 2-1: SerialNumber: syz [ 769.121402][ T5899] usb 2-1: config 0 descriptor?? [ 769.135735][ T5899] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 769.151160][ T5899] em28xx 2-1:0.0: DVB interface 0 found: isoc [ 769.416417][ T5899] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 769.524071][ T5899] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 769.534383][T16553] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 769.549990][ T5899] em28xx 2-1:0.0: board has no eeprom [ 769.635865][ T5899] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 769.650907][ T5899] em28xx 2-1:0.0: dvb set to isoc mode. [ 769.657607][ T2242] em28xx 2-1:0.0: Binding DVB extension [ 769.676574][T16529] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 769.694826][ T5899] usb 2-1: USB disconnect, device number 3 [ 769.711127][ T5899] em28xx 2-1:0.0: Disconnecting em28xx [ 769.798675][ T2242] em28xx 2-1:0.0: Registering input extension [ 769.807491][ T5899] em28xx 2-1:0.0: Closing input extension [ 769.853890][ T5899] em28xx 2-1:0.0: Freeing device [ 770.006927][T13474] Bluetooth: hci2: command 0x0406 tx timeout [ 770.461297][ T5899] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 772.485967][ T5899] usb 2-1: Using ep0 maxpacket: 8 [ 772.539196][ T5899] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 772.554459][ T5899] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 772.567660][ T5899] usb 2-1: Product: syz [ 772.572081][ T5899] usb 2-1: Manufacturer: syz [ 772.580487][ T5899] usb 2-1: SerialNumber: syz [ 772.589583][ T5899] usb 2-1: config 0 descriptor?? [ 772.609440][ T5899] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 773.064544][T16559] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3590'. [ 773.336330][ T5899] gspca_zc3xx: reg_r err -110 [ 773.341381][ T5899] gspca_zc3xx: probe of 2-1:0.0 failed with error -110 [ 773.492373][T16559] hsr_slave_1 (unregistering): left promiscuous mode [ 774.464771][ T5803] usb 2-1: USB disconnect, device number 4 [ 775.901212][T16614] block device autoloading is deprecated and will be removed. [ 779.825083][T16655] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 786.456294][T16722] fuse: Bad value for 'fd' [ 786.745889][ T5806] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 786.974820][ T5806] usb 2-1: config index 0 descriptor too short (expected 39, got 27) [ 787.265920][ T5806] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 787.279909][ T5806] usb 2-1: config 0 interface 0 has no altsetting 0 [ 787.555600][ T5806] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 787.585946][ T5806] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 787.594298][ T5806] usb 2-1: Product: syz [ 787.611921][ T5806] usb 2-1: Manufacturer: syz [ 787.616823][ T5806] usb 2-1: SerialNumber: syz [ 787.660709][ T5806] usb 2-1: config 0 descriptor?? [ 787.718607][ T5806] hub 2-1:0.0: bad descriptor, ignoring hub [ 787.733560][ T5806] hub: probe of 2-1:0.0 failed with error -5 [ 787.755097][ T5806] usb 2-1: selecting invalid altsetting 0 [ 788.608248][ T5806] usb 2-1: USB disconnect, device number 5 [ 790.257201][T16772] overlayfs: failed to clone upperpath [ 790.530584][T16769] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3661'. [ 791.238827][T16794] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3670'. [ 794.135907][ T5803] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 794.357758][ T5803] usb 2-1: config 0 has no interfaces? [ 794.366508][ T5803] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 794.385845][ T5803] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 794.394006][ T5803] usb 2-1: Manufacturer: syz [ 794.418761][ T5803] usb 2-1: config 0 descriptor?? [ 794.563880][T16834] @ÿ: renamed from veth0_vlan (while UP) [ 794.589565][T16835] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 4, id = 0 [ 797.695076][ T5803] usb 2-1: USB disconnect, device number 6 [ 803.477497][T16891] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3696'. [ 805.879734][T16909] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3703'. [ 806.525904][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 806.776226][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 806.787131][ T8] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 806.821623][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 806.929477][T16928] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3710'. [ 807.047925][ T8] usb 2-1: config 0 has no interfaces? [ 807.105423][ T8] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 808.597650][T16940] lo speed is unknown, defaulting to 1000 [ 809.461383][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.470754][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.493332][ T8] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 809.516333][ T8] usb 2-1: Product: syz [ 809.520836][ T8] usb 2-1: Manufacturer: syz [ 809.875842][T16939] orangefs_mount: mount request failed with -4 [ 810.307806][ T8] usb 2-1: SerialNumber: syz [ 810.407097][ T8] usb 2-1: config 0 descriptor?? [ 810.430453][ T8] usb 2-1: can't set config #0, error -71 [ 810.457316][ T8] usb 2-1: USB disconnect, device number 7 [ 810.806151][T16950] libceph: resolve '0..' (ret=-3): failed [ 815.836633][ T28] audit: type=1326 audit(1775822218.537:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 815.866068][ T28] audit: type=1326 audit(1775822218.537:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 816.741576][ T28] audit: type=1326 audit(1775822218.537:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 816.909810][ T28] audit: type=1326 audit(1775822218.537:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 817.019091][ T28] audit: type=1326 audit(1775822218.537:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 817.174806][ T28] audit: type=1326 audit(1775822218.537:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 817.360365][ T28] audit: type=1326 audit(1775822218.537:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 817.403567][ T28] audit: type=1326 audit(1775822218.537:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 818.117878][ T28] audit: type=1326 audit(1775822218.537:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 818.175910][ T28] audit: type=1326 audit(1775822218.537:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16988 comm="syz.1.3728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25db9c819 code=0x7ffc0000 [ 819.352958][T17027] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 821.546023][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 821.546037][ T28] audit: type=1326 audit(1775822224.237:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 821.628151][ T28] audit: type=1326 audit(1775822224.247:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 821.711431][ T28] audit: type=1326 audit(1775822224.247:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 821.777319][ T28] audit: type=1326 audit(1775822224.247:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 821.915508][ T28] audit: type=1326 audit(1775822224.247:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 821.939840][ T28] audit: type=1326 audit(1775822224.247:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 821.963883][ T28] audit: type=1326 audit(1775822224.247:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 822.015308][ T28] audit: type=1326 audit(1775822224.247:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 822.077595][ T28] audit: type=1326 audit(1775822224.247:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d4db9c4ab code=0x7ffc0000 [ 822.127736][ T28] audit: type=1326 audit(1775822224.247:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17043 comm="syz.0.3743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d4db9c4ab code=0x7ffc0000 [ 826.132672][T17116] 8021q: adding VLAN 0 to HW filter on device bond1 [ 826.142020][T17116] bond0: (slave bond1): Enslaving as an active interface with an up link [ 826.165768][T17120] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3769'. [ 826.440189][T17120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 826.537024][T17120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 826.753480][T17120] bond0 (unregistering): (slave bond1): Releasing backup interface [ 827.137754][T17120] bond0 (unregistering): Released all slaves [ 829.275585][T17163] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3782'. [ 834.128052][T17233] netlink: 508 bytes leftover after parsing attributes in process `syz.2.3796'. [ 834.464173][T17239] fuse: Bad value for 'fd' [ 834.816991][T17253] 9pnet_fd: Insufficient options for proto=fd [ 837.813723][T17298] 8021q: adding VLAN 0 to HW filter on device bond1 [ 837.837162][T17298] bond0: (slave bond1): Enslaving as an active interface with an up link [ 837.886174][T17304] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3824'. [ 838.110284][T17304] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 838.155667][T17304] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 838.183353][T17304] bond0 (unregistering): (slave bond1): Releasing backup interface [ 838.200250][T17304] bond0 (unregistering): Released all slaves [ 838.206443][ T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 838.579788][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 838.590210][ T8] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 838.605818][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 838.613964][ T8] usb 2-1: Product: syz [ 838.635791][ T8] usb 2-1: Manufacturer: syz [ 838.640581][ T8] usb 2-1: SerialNumber: syz [ 838.792350][ T8] usb 2-1: config 0 descriptor?? [ 839.332651][ T8] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 839.340842][T17319] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 841.000886][ T8] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 841.113116][ T8] usb 2-1: USB disconnect, device number 8 [ 843.027030][T17366] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3847'. [ 843.679125][T17383] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3851'. [ 843.746166][ T28] kauditd_printk_skb: 42 callbacks suppressed [ 843.746178][ T28] audit: type=1326 audit(1775822246.417:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 843.841723][ T28] audit: type=1326 audit(1775822246.417:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 843.918820][ T28] audit: type=1326 audit(1775822246.417:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 843.966131][ T28] audit: type=1326 audit(1775822246.417:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 844.013844][ T28] audit: type=1326 audit(1775822246.417:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 844.201734][ T28] audit: type=1326 audit(1775822246.417:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 844.745974][ T28] audit: type=1326 audit(1775822246.417:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 844.931272][ T28] audit: type=1326 audit(1775822246.417:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 845.455865][ T28] audit: type=1326 audit(1775822246.417:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 845.546023][ T28] audit: type=1326 audit(1775822246.417:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17360 comm="syz.3.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 846.060842][T17412] 9pnet_fd: Insufficient options for proto=fd [ 847.149435][T17429] netlink: 'syz.2.3864': attribute type 10 has an invalid length. [ 847.186821][T17429] bridge0: port 2(bridge_slave_1) entered disabled state [ 847.194619][T17429] bridge0: port 1(bridge_slave_0) entered disabled state [ 847.252976][T17429] bridge0: port 2(bridge_slave_1) entered blocking state [ 847.260436][T17429] bridge0: port 2(bridge_slave_1) entered forwarding state [ 847.269744][T17429] bridge0: port 1(bridge_slave_0) entered blocking state [ 847.277001][T17429] bridge0: port 1(bridge_slave_0) entered forwarding state [ 847.412628][T17429] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 847.648100][T17450] autofs4:pid:17450:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1216.8192), cmd(0xc0189374) [ 847.736863][T17450] autofs4:pid:17450:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374) [ 847.837330][T17452] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3873'. [ 849.978405][T17474] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.3879'. [ 852.204953][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 852.204970][ T28] audit: type=1326 audit(1775822254.887:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 852.235870][T13606] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 852.288456][ T28] audit: type=1326 audit(1775822254.887:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 852.322761][ T28] audit: type=1326 audit(1775822254.887:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 852.351442][ T28] audit: type=1326 audit(1775822254.887:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 852.407671][ T28] audit: type=1326 audit(1775822254.887:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 852.449319][ T28] audit: type=1326 audit(1775822254.907:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1d4db5d04e code=0x7ffc0000 [ 852.476622][T13606] usb 2-1: Using ep0 maxpacket: 8 [ 852.498009][ T28] audit: type=1326 audit(1775822254.907:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 852.524894][T13606] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 852.539106][T13606] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 852.549983][T13606] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 852.578003][ T28] audit: type=1326 audit(1775822254.907:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 852.618173][T13606] usb 2-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 852.629609][T13606] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 852.646560][ T28] audit: type=1326 audit(1775822254.907:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 852.681778][ T28] audit: type=1326 audit(1775822254.907:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17494 comm="syz.0.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d4db9c819 code=0x7ffc0000 [ 852.719708][T13606] usb 2-1: config 0 descriptor?? [ 853.208271][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.236346][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.262436][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.321666][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.342937][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.367385][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.385891][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.401907][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.411072][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.423695][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x1 [ 853.445664][T13606] zydacron 0003:13EC:0006.0004: unknown main item tag 0x0 [ 853.468502][T13606] zydacron 0003:13EC:0006.0004: item fetching failed at offset 14/41 [ 853.516792][T13606] zydacron 0003:13EC:0006.0004: parse failed [ 853.522990][T13606] zydacron: probe of 0003:13EC:0006.0004 failed with error -22 [ 853.666101][T13606] usb 2-1: USB disconnect, device number 9 [ 854.385999][T17515] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3893'. [ 857.710953][T17534] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3898'. [ 859.397737][ T8365] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 859.446145][ T5899] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 859.446249][ T8365] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 859.676007][ T8] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 859.739989][ T28] kauditd_printk_skb: 34 callbacks suppressed [ 859.740009][ T28] audit: type=1326 audit(1775822262.437:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 859.785803][ T5899] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 859.921039][ T28] audit: type=1326 audit(1775822262.467:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 860.156141][ T5899] usb 2-1: Using ep0 maxpacket: 16 [ 860.167106][ T28] audit: type=1326 audit(1775822262.467:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 860.208684][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 860.327127][ T27] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 860.586875][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 860.676439][ T5899] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 860.695567][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.719049][ T5899] usb 2-1: config 0 descriptor?? [ 860.746960][ T28] audit: type=1326 audit(1775822262.477:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 860.856255][ T28] audit: type=1326 audit(1775822262.477:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 860.932566][ T28] audit: type=1326 audit(1775822263.427:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 861.132076][ T28] audit: type=1326 audit(1775822263.427:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 861.172310][ T28] audit: type=1326 audit(1775822263.437:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6f23b5d04e code=0x7ffc0000 [ 861.234716][ T28] audit: type=1326 audit(1775822263.437:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6f23b5d04e code=0x7ffc0000 [ 861.258713][ T28] audit: type=1326 audit(1775822263.437:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17547 comm="syz.3.3903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f23b9c819 code=0x7ffc0000 [ 861.344641][ T5899] corsair 0003:1B1C:1B02.0005: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.1-1/input0 [ 861.521162][ T5899] corsair 0003:1B1C:1B02.0005: Failed to get K90 initial state (error -71). [ 861.618801][ T5899] usb 2-1: USB disconnect, device number 10 [ 863.285949][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 866.879265][T17617] fuse: Bad value for 'fd' [ 869.416057][T17652] netlink: 'syz.2.3935': attribute type 3 has an invalid length. [ 870.411334][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.418505][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.433917][T17663] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3938'. [ 871.045989][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 872.170726][T13653] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 873.288673][T17703] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3948'. [ 877.694729][T17742] netlink: 196 bytes leftover after parsing attributes in process `syz.2.3960'. [ 879.212890][T17769] lo speed is unknown, defaulting to 1000 [ 881.176329][T17783] overlayfs: missing 'lowerdir' [ 882.182503][T17796] comedi comedi3: pcl816: I/O port conflict (0x2,16) [ 884.482935][T17828] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3986'. [ 884.677601][T17830] netlink: 124 bytes leftover after parsing attributes in process `syz.2.3987'. [ 885.481625][T17845] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3994'. [ 886.059662][T17855] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3996'. [ 886.230929][T17858] netlink: 124 bytes leftover after parsing attributes in process `syz.0.3997'. [ 886.415901][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 887.912952][T17879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4003'. [ 889.031965][T17890] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4007'. [ 889.175144][T17892] netlink: 124 bytes leftover after parsing attributes in process `syz.0.4008'. [ 890.926194][T17909] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4013'. [ 892.196058][ T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 892.265868][T17922] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4018'. [ 892.466086][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 892.474257][ T8] usb 2-1: config 2 has an invalid interface number: 31 but max is 0 [ 892.483028][ T8] usb 2-1: config 2 has no interface number 0 [ 892.489477][ T8] usb 2-1: config 2 interface 31 has no altsetting 0 [ 893.984980][ T8] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 893.996082][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 894.004302][ T8] usb 2-1: Product: syz [ 894.028492][ T8] usb 2-1: Manufacturer: syz [ 894.040375][ T8] usb 2-1: SerialNumber: syz [ 894.545749][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 894.819438][ T8] ch9200: probe of 2-1:2.31 failed with error -22 [ 894.846695][ T8] usb 2-1: USB disconnect, device number 11 [ 894.893073][T17944] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4026'. [ 897.805884][ T5899] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 897.847518][T17980] bridge_slave_0: left allmulticast mode [ 897.863453][T17980] bridge_slave_0: left promiscuous mode [ 897.880503][T17980] bridge0: port 1(bridge_slave_0) entered disabled state [ 897.915210][T17980] bridge_slave_1: left allmulticast mode [ 897.940990][T17980] bridge_slave_1: left promiscuous mode [ 897.954857][T17980] bridge0: port 2(bridge_slave_1) entered disabled state [ 897.996960][ T5899] usb 2-1: Using ep0 maxpacket: 8 [ 898.017000][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 898.049786][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x94, skipping [ 898.126789][T17980] team0: Port device team_slave_0 removed [ 898.142603][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 898.281510][T17980] team0: Port device team_slave_1 removed [ 898.313316][T17980] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 898.322177][T17980] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 898.334490][ T5899] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 898.348317][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 898.361864][T17980] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 898.378605][ T5899] usb 2-1: Product: syz [ 898.383047][T17980] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 898.400334][ T5899] usb 2-1: Manufacturer: syz [ 898.417212][ T5899] usb 2-1: SerialNumber: syz [ 898.453096][ T5899] usb 2-1: config 0 descriptor?? [ 898.458620][ T27] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 899.316270][ T27] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 900.669834][T18013] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4041'. [ 900.753644][T18015] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4043'. [ 900.770256][T18015] bridge0: port 2(bridge_slave_1) entered disabled state [ 900.777951][T18015] bridge0: port 1(bridge_slave_0) entered disabled state [ 900.824949][T18016] netlink: 76 bytes leftover after parsing attributes in process `syz.3.4043'. [ 900.847242][T18016] bridge0: port 2(bridge_slave_1) entered blocking state [ 900.854591][T18016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 900.862134][T18016] bridge0: port 1(bridge_slave_0) entered blocking state [ 900.869506][T18016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 900.900428][T18016] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4043'. [ 900.916065][T18016] bridge0: port 2(bridge_slave_1) entered disabled state [ 900.923471][T18016] bridge0: port 1(bridge_slave_0) entered disabled state [ 902.593317][ T27] usb 2-1: USB disconnect, device number 12 [ 905.011470][T18065] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4059'. [ 905.044103][T18067] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4062'. [ 905.825022][T18083] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4067'. [ 907.020507][T18100] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4073'. [ 907.174672][T18108] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4077'. [ 908.353721][T18134] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4085'. [ 908.490786][T18140] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4087'. [ 908.767285][T18145] lo speed is unknown, defaulting to 1000 [ 909.498279][T18156] overlayfs: failed to clone upperpath [ 909.669935][T18164] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4097'. [ 910.552428][T18186] netlink: 188 bytes leftover after parsing attributes in process `syz.1.4105'. [ 911.637298][T18191] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4106'. [ 912.433760][T18194] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4107'. [ 912.480534][T18191] syzkaller1: entered promiscuous mode [ 912.486119][T18191] syzkaller1: entered allmulticast mode [ 913.823709][T18225] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4114'. [ 915.030640][T18237] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4119'. [ 916.516666][T18267] fuse: Bad value for 'fd' [ 917.126025][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 917.215846][ T5899] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 917.335968][T13653] Bluetooth: hci1: unexpected event for opcode 0x0c1b [ 917.397890][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 917.408319][ T5899] usb 2-1: config 0 interface 0 has no altsetting 0 [ 917.419679][ T5899] usb 2-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 917.439578][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 917.453593][ T5899] usb 2-1: Product: syz [ 917.458440][ T5899] usb 2-1: Manufacturer: syz [ 917.463125][ T5899] usb 2-1: SerialNumber: syz [ 917.493597][ T5899] usb 2-1: config 0 descriptor?? [ 917.533973][ T5899] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 917.575085][ T5899] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 917.585764][ T5899] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 917.594855][ T5899] usb 2-1: media controller created [ 917.612428][ T5899] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 917.673596][ T5899] DVB: Unable to find symbol tda10046_attach() [ 917.680178][ T5899] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 917.695797][ T5899] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 918.191993][T18286] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4134'. [ 921.744365][T18324] bridge_slave_0: left allmulticast mode [ 921.750396][T18324] bridge_slave_0: left promiscuous mode [ 921.756963][T18324] bridge0: port 1(bridge_slave_0) entered disabled state [ 921.773230][T18324] bridge_slave_1: left allmulticast mode [ 921.780221][T18324] bridge0: port 2(bridge_slave_1) entered disabled state [ 921.911495][T18324] team0: Port device team_slave_0 removed [ 922.022222][T18324] team0: Port device team_slave_1 removed [ 922.044026][T18324] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 922.080452][T18324] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 922.118794][T18324] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 922.160485][T18324] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 922.727899][ T5899] dvb_usb_m920x: probe of 2-1:0.0 failed with error -110 [ 922.983242][ T5899] usb 2-1: USB disconnect, device number 13 [ 930.919568][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 930.919581][ T28] audit: type=1800 audit(1775822333.617:533): pid=18384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4163" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 930.920086][T18384] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 931.006077][T18384] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 931.016619][T18384] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 931.151142][T18384] syz.3.4163 (18384) used greatest stack depth: 17936 bytes left [ 931.859587][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.866239][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.829157][ T5899] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 935.797337][ T5899] usb 2-1: config index 0 descriptor too short (expected 39, got 27) [ 935.811209][ T5899] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 935.876295][ T5899] usb 2-1: config 0 interface 0 has no altsetting 0 [ 935.954591][ T5899] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 935.991619][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 936.023670][ T5899] usb 2-1: Product: syz [ 936.204372][ T5899] usb 2-1: Manufacturer: syz [ 936.210080][ T5899] usb 2-1: SerialNumber: syz [ 936.222051][ T5899] usb 2-1: config 0 descriptor?? [ 936.247759][ T5899] hub 2-1:0.0: bad descriptor, ignoring hub [ 936.292807][ T5899] hub: probe of 2-1:0.0 failed with error -5 [ 936.331649][ T5899] usb 2-1: selecting invalid altsetting 0 [ 937.056110][T18443] usb 2-1: reset high-speed USB device number 14 using dummy_hcd [ 937.089470][T18468] overlayfs: failed to clone upperpath [ 937.122337][T13653] Bluetooth: hci3: unexpected event for opcode 0x1004 [ 937.292548][T18443] usb 2-1: device firmware changed [ 937.313528][ T5899] usb 2-1: USB disconnect, device number 14 [ 937.493537][T18479] overlayfs: failed to clone upperpath [ 937.565928][ T5899] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 937.614296][T18481] netlink: 'syz.3.4197': attribute type 3 has an invalid length. [ 937.770159][ T5899] usb 2-1: config index 0 descriptor too short (expected 39, got 27) [ 937.816162][ T5899] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 937.879348][ T5899] usb 2-1: config 0 interface 0 has no altsetting 0 [ 937.913415][ T5899] usb 2-1: string descriptor 0 read error: -71 [ 937.953014][ T5899] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 938.015779][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 938.050737][ T5899] usb 2-1: config 0 descriptor?? [ 938.070111][ T5899] usb 2-1: can't set config #0, error -71 [ 938.083186][ T5899] usb 2-1: USB disconnect, device number 15 [ 941.129218][T13653] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 941.144880][T13653] Bluetooth: hci3: Injecting HCI hardware error event [ 941.159187][T13653] Bluetooth: hci3: hardware error 0x00 [ 942.001460][T18550] netlink: 'syz.2.4218': attribute type 10 has an invalid length. [ 942.041219][T18550] team0: Device xfrm0 is of different type [ 942.047624][ T5899] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 942.245876][ T5899] usb 2-1: Using ep0 maxpacket: 8 [ 942.264061][ T5899] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 942.275847][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 942.284099][ T5899] usb 2-1: Product: syz [ 942.288576][ T5899] usb 2-1: Manufacturer: syz [ 942.293298][ T5899] usb 2-1: SerialNumber: syz [ 942.301636][ T5899] usb 2-1: config 0 descriptor?? [ 942.516306][ T5899] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 942.632094][T18560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4223'. [ 942.750282][T13474] Bluetooth: hci4: unexpected event for opcode 0x2011 [ 943.219794][T13653] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 943.949232][ T5899] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 943.981130][ T5899] usb 2-1: USB disconnect, device number 16 [ 944.073791][T18591] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4237'. [ 944.201238][T18598] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 944.336949][ T8] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 944.612534][T18607] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4241'. [ 944.623052][T18607] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 945.155209][ T5828] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 945.280246][T18607] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 945.352271][T18621] dummy0: entered promiscuous mode [ 945.362395][T18621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4246'. [ 945.459688][T18621] dummy0 (unregistering): left promiscuous mode [ 945.475394][T18611] netlink: 'syz.0.4243': attribute type 1 has an invalid length. [ 945.529919][T18614] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address [ 945.542854][T18614] bond0: (slave vxcan3): Error -95 calling set_mac_address [ 945.571876][T18615] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4243'. [ 945.593092][T18615] bond0: (slave bridge1): Enslaving as an active interface with a down link [ 945.643146][T18620] macvlan2: entered promiscuous mode [ 945.648997][T18620] macvlan2: entered allmulticast mode [ 945.789872][T18620] bond0: entered promiscuous mode [ 945.923475][T18620] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 946.138493][T18620] bond0: left promiscuous mode [ 949.472894][T18635] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 949.482569][T18635] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 949.492699][T18635] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 949.502815][T18635] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 952.484223][T18683] overlayfs: failed to resolve './file1': -2 [ 954.073397][T18703] xt_TPROXY: Can be used only with -p tcp or -p udp [ 965.753945][ T28] audit: type=1326 audit(2000000002.420:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18806 comm="syz.2.4305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d7619c819 code=0x7ffc0000 [ 965.792475][ T28] audit: type=1326 audit(2000000002.430:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18806 comm="syz.2.4305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d7619c819 code=0x7ffc0000 [ 965.818141][ T28] audit: type=1326 audit(2000000002.430:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18806 comm="syz.2.4305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f5d7619c819 code=0x7ffc0000 [ 965.859399][ T28] audit: type=1326 audit(2000000002.430:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18806 comm="syz.2.4305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d7619c819 code=0x7ffc0000 [ 969.602907][T18842] overlayfs: failed to clone upperpath [ 970.768013][T18865] xt_ecn: cannot match TCP bits for non-tcp packets [ 972.353386][T18878] xt_TPROXY: Can be used only with -p tcp or -p udp [ 975.320892][T18904] affs: No valid root block on device nullb0 [ 979.068458][T13653] Bluetooth: hci4: unexpected event for opcode 0x1002 [ 980.071553][T13653] Bluetooth: hci4: unexpected event for opcode 0x1804 [ 980.912666][T18970] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4365'. [ 983.613727][T19006] overlayfs: failed to clone upperpath [ 986.863852][T19037] netlink: 'syz.0.4385': attribute type 13 has an invalid length. [ 987.442464][T19048] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4388'. [ 988.657164][T19078] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4402'. [ 990.248547][T19085] netlink: 136 bytes leftover after parsing attributes in process `syz.2.4404'. [ 990.429568][T19085] syz.2.4404 (19085) used greatest stack depth: 17896 bytes left [ 993.294767][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.304591][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.587538][T13653] Bluetooth: hci2: unexpected event 0x06 length: 95 > 3 [ 993.589367][T19147] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 997.006218][T19185] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.4437'. [ 997.787649][T19167] netlink: 'syz.3.4431': attribute type 13 has an invalid length. [ 1000.956092][T19221] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.4447'. [ 1002.600987][T19247] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4456'. [ 1003.092368][T13653] Bluetooth: hci2: unexpected event for opcode 0x1804 [ 1004.393407][T19272] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.4459'. [ 1007.745588][T19316] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.4473'. [ 1009.505788][ T8] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 1009.687781][ T8] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1009.702864][ T8] usb 2-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 1009.718600][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1009.728487][ T8] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 1009.751909][ T8] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1009.766326][ T8] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1009.776758][ T8] usb 2-1: Product: syz [ 1009.781214][ T8] usb 2-1: Manufacturer: syz [ 1009.789303][T19329] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1009.798922][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 1009.814805][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 1009.821073][ T8] cdc_wdm: probe of 2-1:1.0 failed with error -22 [ 1010.013887][ T8] usb 2-1: USB disconnect, device number 17 [ 1012.865857][ T8] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 1013.077659][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1013.098269][ T8] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1013.114036][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1013.139656][T19390] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1013.166792][T19390] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1013.186385][ T8] usb 2-1: config 0 descriptor?? [ 1013.210576][ T8] hub 2-1:0.0: bad descriptor, ignoring hub [ 1013.219296][ T8] hub: probe of 2-1:0.0 failed with error -5 [ 1013.227793][ T8] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1013.734659][T13474] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1013.749175][T13474] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1013.761191][T13474] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1013.770335][T13474] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1013.778699][T13474] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1013.787229][T13474] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1013.808774][T19399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1013.825555][T19399] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1013.956869][T19397] lo speed is unknown, defaulting to 1000 [ 1014.259085][T19397] chnl_net:caif_netlink_parms(): no params data found [ 1015.202276][T19397] bridge0: port 1(bridge_slave_0) entered blocking state [ 1015.234189][T19397] bridge0: port 1(bridge_slave_0) entered disabled state [ 1015.249635][T19397] bridge_slave_0: entered allmulticast mode [ 1015.261052][T19425] afs: Bad value for 'flock' [ 1015.261787][T19397] bridge_slave_0: entered promiscuous mode [ 1015.288931][T19397] bridge0: port 2(bridge_slave_1) entered blocking state [ 1015.307478][T19397] bridge0: port 2(bridge_slave_1) entered disabled state [ 1015.316958][T19397] bridge_slave_1: entered allmulticast mode [ 1015.324379][T19397] bridge_slave_1: entered promiscuous mode [ 1015.364590][T19397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1015.384311][T19397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1015.448802][T19397] team0: Port device team_slave_0 added [ 1015.458831][T19397] team0: Port device team_slave_1 added [ 1015.522636][T19397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1015.529977][T19397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1015.562552][T19397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1015.583312][T19397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1015.590710][T19397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1015.624749][T19397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1015.730107][ T8] usb 2-1: USB disconnect, device number 18 [ 1015.829499][T19397] hsr_slave_0: entered promiscuous mode [ 1016.019430][T13474] Bluetooth: hci0: command tx timeout [ 1016.228682][T19397] hsr_slave_1: entered promiscuous mode [ 1016.245051][T19397] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1016.531551][T19397] Cannot create hsr debugfs directory [ 1016.925512][T13653] Bluetooth: hci3: sending frame failed (-49) [ 1016.937137][T13474] Bluetooth: hci3: Opcode 0x1003 failed: -49 [ 1017.279637][T19397] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1017.393298][T19397] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1017.548498][T19397] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1017.567280][T19451] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4517'. [ 1017.764969][T19397] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1018.093782][T13653] Bluetooth: hci0: command tx timeout [ 1019.163205][T19397] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1020.294350][T13653] Bluetooth: hci0: command tx timeout [ 1020.301334][T19397] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1020.487644][T19397] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1020.515337][T19397] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1022.341548][T13653] Bluetooth: hci0: command tx timeout [ 1022.471184][T19397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1022.499909][T19397] 8021q: adding VLAN 0 to HW filter on device team0 [ 1022.531421][ T8357] bridge0: port 1(bridge_slave_0) entered blocking state [ 1022.538581][ T8357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1022.596344][ T1124] bridge0: port 2(bridge_slave_1) entered blocking state [ 1022.604102][ T1124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1023.291499][T19397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1023.482905][T19397] veth0_vlan: entered promiscuous mode [ 1023.499011][T19397] veth1_vlan: entered promiscuous mode [ 1023.608211][T19397] veth0_macvtap: entered promiscuous mode [ 1023.632590][T19397] veth1_macvtap: entered promiscuous mode [ 1023.668428][T19397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1023.680828][T19397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.691213][T19397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1023.702583][T19397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.718073][T19397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1023.728309][T19397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1023.739550][T19397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.749993][T19397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1023.765077][T19397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.775475][T19397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1023.786809][T19397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.801715][T19397] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1023.815904][T19397] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1023.825197][T19397] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1023.834903][T19397] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1023.850354][T19397] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.072221][ T8357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1024.082094][ T8357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1024.225460][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1024.234206][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1025.478538][T19528] overlayfs: failed to clone upperpath [ 1029.220391][T19533] bridge0: port 2(bridge_slave_1) entered disabled state [ 1029.227816][T19533] bridge0: port 1(bridge_slave_0) entered disabled state [ 1029.874691][T19533] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1030.354159][T19561] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1030.728468][T19533] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1031.976656][T19533] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.985919][T19533] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.994861][T19533] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1032.004278][T19533] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1032.077278][T19556] lo speed is unknown, defaulting to 1000 [ 1032.136961][T19557] netlink: 'syz.2.4543': attribute type 14 has an invalid length. [ 1032.144945][T19557] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4543'. [ 1032.478588][T19577] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4549'. [ 1034.683297][T19610] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4559'. [ 1036.771005][T19655] overlayfs: failed to clone upperpath [ 1037.194909][T19666] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4573'. [ 1037.986332][T13653] Bluetooth: hci1: unexpected event for opcode 0x1002 [ 1037.993474][T13653] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 1038.935486][ T28] audit: type=1326 audit(2000000075.660:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19674 comm="syz.3.4575" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f23b9c819 code=0x0 [ 1040.749583][T19687] tmpfs: Bad value for 'mpol' [ 1043.929422][T19736] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4602'. [ 1046.273662][T19757] "syz.1.4600" (19757) uses obsolete ecb(arc4) skcipher [ 1047.494413][T13474] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1047.512751][T13474] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1047.538906][T13474] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1047.572020][T13474] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1047.581405][T13474] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1047.589444][T13474] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1047.726517][T19774] lo speed is unknown, defaulting to 1000 [ 1049.112044][ T59] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1049.426589][ T59] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1049.498275][T19774] chnl_net:caif_netlink_parms(): no params data found [ 1049.553923][ T59] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1049.689460][ T59] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1049.693602][T13474] Bluetooth: hci3: command tx timeout [ 1049.764927][T19774] bridge0: port 1(bridge_slave_0) entered blocking state [ 1049.792856][T19774] bridge0: port 1(bridge_slave_0) entered disabled state [ 1049.802951][T19774] bridge_slave_0: entered allmulticast mode [ 1049.811306][T19774] bridge_slave_0: entered promiscuous mode [ 1049.823169][T19774] bridge0: port 2(bridge_slave_1) entered blocking state [ 1049.831789][T19774] bridge0: port 2(bridge_slave_1) entered disabled state [ 1049.839470][T19774] bridge_slave_1: entered allmulticast mode [ 1049.847085][T19774] bridge_slave_1: entered promiscuous mode [ 1049.902715][T19774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1049.921770][T19774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1050.007708][T19774] team0: Port device team_slave_0 added [ 1050.061040][T19774] team0: Port device team_slave_1 added [ 1050.248317][T19774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1050.291462][T19774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1050.349984][T19774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1050.392415][T19774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1050.602159][T19774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1051.041249][T19774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1051.190231][ T59] tipc: Left network mode [ 1051.553812][T19774] hsr_slave_0: entered promiscuous mode [ 1051.561142][T19774] hsr_slave_1: entered promiscuous mode [ 1051.580878][T19774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1051.686962][T19774] Cannot create hsr debugfs directory [ 1051.766015][T13474] Bluetooth: hci3: command tx timeout [ 1053.855829][T19858] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1053.870372][T13474] Bluetooth: hci3: command tx timeout [ 1054.729468][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.736970][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.935261][T13474] Bluetooth: hci3: command tx timeout [ 1056.716510][ T59] IPVS: stopping master sync thread 16835 ... [ 1056.841070][T19774] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1056.860245][T19774] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1056.871735][T19774] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1057.204051][T19774] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1057.442956][T19774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1057.475303][T19774] 8021q: adding VLAN 0 to HW filter on device team0 [ 1057.513367][ T1124] bridge0: port 1(bridge_slave_0) entered blocking state [ 1057.520679][ T1124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1057.564071][ T59] hsr_slave_0: left promiscuous mode [ 1057.573848][ T59] hsr_slave_1: left promiscuous mode [ 1057.599351][ T59] veth1_macvtap: left promiscuous mode [ 1057.604951][ T59] veth0_macvtap: left promiscuous mode [ 1057.615966][ T59] veth1_vlan: left promiscuous mode [ 1057.621444][ T59] @ÿ: left promiscuous mode [ 1058.017651][ T59] bond1 (unregistering): Released all slaves [ 1059.569871][ T1124] bridge0: port 2(bridge_slave_1) entered blocking state [ 1059.577083][ T1124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1059.599133][ T5803] lo speed is unknown, defaulting to 1000 [ 1059.986533][ T59] IPVS: stop unused estimator thread 0... [ 1060.178219][T19774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1060.271635][T19774] veth0_vlan: entered promiscuous mode [ 1060.305192][T19774] veth1_vlan: entered promiscuous mode [ 1060.372742][T19774] veth0_macvtap: entered promiscuous mode [ 1060.399192][T19774] veth1_macvtap: entered promiscuous mode [ 1060.439725][T19774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1060.465811][T19774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1060.486564][T19774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1060.497511][T19774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1060.509251][T19774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1060.539638][T19774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1060.566034][T19774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1060.585198][T19774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1060.605765][T19774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1060.634513][T19774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1060.649037][T19774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1060.661089][T19774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1060.679416][T19774] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1060.688447][T19774] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1060.699675][T19774] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1060.708849][T19774] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1060.869628][ T8357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1060.892515][ T8357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1060.931243][ T8372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1060.945022][ T8372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1061.111990][T19949] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4605'. [ 1062.392505][T19967] vxfs: WRONG superblock magic 00000000 at 1 [ 1062.401172][T19967] vxfs: WRONG superblock magic 00000000 at 8 [ 1062.407707][T19967] vxfs: can't find superblock. [ 1063.122952][T19974] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4631'. [ 1063.415935][T19978] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4635'. [ 1064.208031][T19978] veth0_to_hsr: Caught tx_queue_len zero misconfig [ 1064.290449][T19978] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4635'. [ 1064.299627][T19978] ------------[ cut here ]------------ [ 1064.305096][T19978] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16) [ 1064.317889][T19978] WARNING: CPU: 1 PID: 19978 at net/sched/cls_u32.c:855 u32_change+0x1c5a/0x24f0 [ 1064.328319][T19978] Modules linked in: [ 1064.332354][T19978] CPU: 1 PID: 19978 Comm: syz.0.4635 Not tainted syzkaller #0 [ 1064.340450][T19978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1064.350834][T19978] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 1064.356339][T19978] Code: f8 eb 59 e8 c8 a8 d8 f8 c6 05 39 39 c7 05 01 b9 10 00 00 00 48 c7 c7 c0 60 c7 8b 4c 89 f6 48 c7 c2 40 61 c7 8b e8 26 5f a2 f8 <0f> 0b e9 86 f0 ff ff e8 9a a8 d8 f8 eb 24 e8 93 a8 d8 f8 c6 05 db [ 1064.377131][T19978] RSP: 0018:ffffc90003996d40 EFLAGS: 00010246 [ 1064.383209][T19978] RAX: 24f94086ae53a400 RBX: ffff888026ce9800 RCX: 0000000000080000 [ 1064.391678][T19978] RDX: ffffc9000d08a000 RSI: 000000000000a50a RDI: 000000000000a50b [ 1064.400964][T19978] RBP: ffffc90003996ef8 R08: ffffc90003996947 R09: 1ffff92000732d28 [ 1064.410819][T19978] R10: dffffc0000000000 R11: fffff52000732d29 R12: ffff88802e8a1800 [ 1064.419458][T19978] R13: ffff88802e8a18e8 R14: 0000000000000020 R15: ffff88805ea99dc0 [ 1064.428686][T19978] FS: 00007f1d4ea756c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1064.437896][T19978] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1064.444505][T19978] CR2: 000000110c427c26 CR3: 0000000075ac9000 CR4: 00000000003506e0 [ 1064.453091][T19978] Call Trace: [ 1064.456431][T19978] [ 1064.459453][T19978] ? tc_new_tfilter+0x8f7/0x17c0 [ 1064.464759][T19978] ? u32_get+0x370/0x370 [ 1064.469142][T19978] ? u32_get+0x370/0x370 [ 1064.473451][T19978] tc_new_tfilter+0x11f9/0x17c0 [ 1064.478438][T19978] ? tcf_proto_signal_destroying+0x240/0x240 [ 1064.484456][T19978] ? rcu_read_unlock+0x8c/0xa0 [ 1064.489625][T19978] ? tcf_proto_signal_destroying+0x240/0x240 [ 1064.496199][T19978] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 1064.501341][T19978] ? tcf_proto_signal_destroying+0x240/0x240 [ 1064.507596][T19978] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 1064.512739][T19978] ? rtnetlink_bind+0x80/0x80 [ 1064.517510][T19978] ? mark_lock+0x94/0x320 [ 1064.521890][T19978] ? __lock_acquire+0x1273/0x7d40 [ 1064.526998][T19978] ? __kernel_text_address+0xd/0x30 [ 1064.532496][T19978] ? mark_lock+0x94/0x320 [ 1064.536877][T19978] ? mark_lock+0x94/0x320 [ 1064.541209][T19978] ? __lock_acquire+0x1273/0x7d40 [ 1064.546300][T19978] ? kmalloc_reserve+0x95/0x240 [ 1064.551252][T19978] ? verify_lock_unused+0x140/0x140 [ 1064.556858][T19978] ? verify_lock_unused+0x140/0x140 [ 1064.562078][T19978] netlink_rcv_skb+0x241/0x4d0 [ 1064.567653][T19978] ? rtnetlink_bind+0x80/0x80 [ 1064.572444][T19978] ? netlink_ack+0x1180/0x1180 [ 1064.577680][T19978] ? __lock_acquire+0x7d40/0x7d40 [ 1064.582757][T19978] ? net_generic+0x1e/0x240 [ 1064.587392][T19978] ? netlink_deliver_tap+0x2e/0x1b0 [ 1064.593057][T19978] netlink_unicast+0x751/0x8d0 [ 1064.597897][T19978] netlink_sendmsg+0x8d0/0xbf0 [ 1064.602687][T19978] ? netlink_getsockopt+0x590/0x590 [ 1064.608199][T19978] ? aa_sock_msg_perm+0x94/0x150 [ 1064.613305][T19978] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1064.618855][T19978] ? security_socket_sendmsg+0x80/0xa0 [ 1064.624416][T19978] ? netlink_getsockopt+0x590/0x590 [ 1064.629876][T19978] ____sys_sendmsg+0x5ba/0x960 [ 1064.635028][T19978] ? __asan_memset+0x22/0x40 [ 1064.639769][T19978] ? __sys_sendmsg_sock+0x30/0x30 [ 1064.644932][T19978] ? __import_iovec+0x5f2/0x850 [ 1064.649960][T19978] ? import_iovec+0x73/0xa0 [ 1064.654637][T19978] ___sys_sendmsg+0x2a6/0x360 [ 1064.659541][T19978] ? __sys_sendmsg+0x2a0/0x2a0 [ 1064.664612][T19978] __sys_sendmmsg+0x2ca/0x510 [ 1064.669436][T19978] ? __ia32_sys_sendmsg+0x90/0x90 [ 1064.674910][T19978] ? __ia32_sys_get_robust_list+0x110/0x110 [ 1064.680953][T19978] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1064.686994][T19978] ? lock_chain_count+0x20/0x20 [ 1064.691842][T19978] __x64_sys_sendmmsg+0xa0/0xb0 [ 1064.696998][T19978] do_syscall_64+0x55/0xa0 [ 1064.701599][T19978] ? clear_bhb_loop+0x40/0x90 [ 1064.706363][T19978] ? clear_bhb_loop+0x40/0x90 [ 1064.711298][T19978] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1064.717374][T19978] RIP: 0033:0x7f1d4db9c819 [ 1064.722144][T19978] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1064.743666][T19978] RSP: 002b:00007f1d4ea75028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1064.752254][T19978] RAX: ffffffffffffffda RBX: 00007f1d4de15fa0 RCX: 00007f1d4db9c819 [ 1064.760513][T19978] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000008 [ 1064.768748][T19978] RBP: 00007f1d4dc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1064.777142][T19978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1064.786023][T19978] R13: 00007f1d4de16038 R14: 00007f1d4de15fa0 R15: 00007fffe24a94f8 [ 1064.795065][T19978] [ 1064.798420][T19978] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1064.805780][T19978] CPU: 1 PID: 19978 Comm: syz.0.4635 Not tainted syzkaller #0 [ 1064.813417][T19978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1064.823918][T19978] Call Trace: [ 1064.827306][T19978] [ 1064.830227][T19978] dump_stack_lvl+0x18c/0x250 [ 1064.834929][T19978] ? show_regs_print_info+0x20/0x20 [ 1064.840217][T19978] ? load_image+0x420/0x420 [ 1064.844941][T19978] panic+0x2dc/0x730 [ 1064.848866][T19978] ? bpf_jit_dump+0xd0/0xd0 [ 1064.853395][T19978] __warn+0x2e0/0x470 [ 1064.857491][T19978] ? u32_change+0x1c5a/0x24f0 [ 1064.862306][T19978] ? u32_change+0x1c5a/0x24f0 [ 1064.867092][T19978] report_bug+0x2be/0x4f0 [ 1064.872004][T19978] ? u32_change+0x1c5a/0x24f0 [ 1064.877053][T19978] ? u32_change+0x1c5a/0x24f0 [ 1064.882036][T19978] ? u32_change+0x1c5c/0x24f0 [ 1064.887202][T19978] handle_bug+0xcf/0x120 [ 1064.891766][T19978] exc_invalid_op+0x1a/0x50 [ 1064.896345][T19978] asm_exc_invalid_op+0x1a/0x20 [ 1064.901412][T19978] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 1064.907053][T19978] Code: f8 eb 59 e8 c8 a8 d8 f8 c6 05 39 39 c7 05 01 b9 10 00 00 00 48 c7 c7 c0 60 c7 8b 4c 89 f6 48 c7 c2 40 61 c7 8b e8 26 5f a2 f8 <0f> 0b e9 86 f0 ff ff e8 9a a8 d8 f8 eb 24 e8 93 a8 d8 f8 c6 05 db [ 1064.927107][T19978] RSP: 0018:ffffc90003996d40 EFLAGS: 00010246 [ 1064.933254][T19978] RAX: 24f94086ae53a400 RBX: ffff888026ce9800 RCX: 0000000000080000 [ 1064.941216][T19978] RDX: ffffc9000d08a000 RSI: 000000000000a50a RDI: 000000000000a50b [ 1064.949275][T19978] RBP: ffffc90003996ef8 R08: ffffc90003996947 R09: 1ffff92000732d28 [ 1064.957505][T19978] R10: dffffc0000000000 R11: fffff52000732d29 R12: ffff88802e8a1800 [ 1064.965640][T19978] R13: ffff88802e8a18e8 R14: 0000000000000020 R15: ffff88805ea99dc0 [ 1064.973856][T19978] ? tc_new_tfilter+0x8f7/0x17c0 [ 1064.979341][T19978] ? u32_get+0x370/0x370 [ 1064.983808][T19978] ? u32_get+0x370/0x370 [ 1064.988370][T19978] tc_new_tfilter+0x11f9/0x17c0 [ 1064.993461][T19978] ? tcf_proto_signal_destroying+0x240/0x240 [ 1064.999913][T19978] ? rcu_read_unlock+0x8c/0xa0 [ 1065.004792][T19978] ? tcf_proto_signal_destroying+0x240/0x240 [ 1065.011164][T19978] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 1065.016381][T19978] ? tcf_proto_signal_destroying+0x240/0x240 [ 1065.022398][T19978] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 1065.027336][T19978] ? rtnetlink_bind+0x80/0x80 [ 1065.032001][T19978] ? mark_lock+0x94/0x320 [ 1065.036413][T19978] ? __lock_acquire+0x1273/0x7d40 [ 1065.041612][T19978] ? __kernel_text_address+0xd/0x30 [ 1065.047126][T19978] ? mark_lock+0x94/0x320 [ 1065.051478][T19978] ? mark_lock+0x94/0x320 [ 1065.056010][T19978] ? __lock_acquire+0x1273/0x7d40 [ 1065.061083][T19978] ? kmalloc_reserve+0x95/0x240 [ 1065.066079][T19978] ? verify_lock_unused+0x140/0x140 [ 1065.071421][T19978] ? verify_lock_unused+0x140/0x140 [ 1065.077086][T19978] netlink_rcv_skb+0x241/0x4d0 [ 1065.082042][T19978] ? rtnetlink_bind+0x80/0x80 [ 1065.086826][T19978] ? netlink_ack+0x1180/0x1180 [ 1065.091906][T19978] ? __lock_acquire+0x7d40/0x7d40 [ 1065.097410][T19978] ? net_generic+0x1e/0x240 [ 1065.102021][T19978] ? netlink_deliver_tap+0x2e/0x1b0 [ 1065.107225][T19978] netlink_unicast+0x751/0x8d0 [ 1065.112293][T19978] netlink_sendmsg+0x8d0/0xbf0 [ 1065.117063][T19978] ? netlink_getsockopt+0x590/0x590 [ 1065.122778][T19978] ? aa_sock_msg_perm+0x94/0x150 [ 1065.127782][T19978] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1065.133612][T19978] ? security_socket_sendmsg+0x80/0xa0 [ 1065.139074][T19978] ? netlink_getsockopt+0x590/0x590 [ 1065.144295][T19978] ____sys_sendmsg+0x5ba/0x960 [ 1065.149058][T19978] ? __asan_memset+0x22/0x40 [ 1065.153743][T19978] ? __sys_sendmsg_sock+0x30/0x30 [ 1065.158772][T19978] ? __import_iovec+0x5f2/0x850 [ 1065.163624][T19978] ? import_iovec+0x73/0xa0 [ 1065.168225][T19978] ___sys_sendmsg+0x2a6/0x360 [ 1065.172919][T19978] ? __sys_sendmsg+0x2a0/0x2a0 [ 1065.177819][T19978] __sys_sendmmsg+0x2ca/0x510 [ 1065.182837][T19978] ? __ia32_sys_sendmsg+0x90/0x90 [ 1065.187890][T19978] ? __ia32_sys_get_robust_list+0x110/0x110 [ 1065.193810][T19978] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1065.199790][T19978] ? lock_chain_count+0x20/0x20 [ 1065.204759][T19978] __x64_sys_sendmmsg+0xa0/0xb0 [ 1065.209748][T19978] do_syscall_64+0x55/0xa0 [ 1065.214253][T19978] ? clear_bhb_loop+0x40/0x90 [ 1065.218933][T19978] ? clear_bhb_loop+0x40/0x90 [ 1065.223741][T19978] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1065.229850][T19978] RIP: 0033:0x7f1d4db9c819 [ 1065.234285][T19978] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1065.254156][T19978] RSP: 002b:00007f1d4ea75028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1065.262649][T19978] RAX: ffffffffffffffda RBX: 00007f1d4de15fa0 RCX: 00007f1d4db9c819 [ 1065.270608][T19978] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000008 [ 1065.278748][T19978] RBP: 00007f1d4dc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1065.286829][T19978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1065.294827][T19978] R13: 00007f1d4de16038 R14: 00007f1d4de15fa0 R15: 00007fffe24a94f8 [ 1065.303236][T19978] [ 1065.306639][T19978] Kernel Offset: disabled [ 1065.310961][T19978] Rebooting in 86400 seconds..