last executing test programs: 3m0.218501264s ago: executing program 1 (id=735): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x200000000000011, 0x2, 0x407ff8) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) bind$packet(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') r7 = socket(0x40000000015, 0x5, 0x0) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0xb78}}, 0x0) close(r7) 2m16.173545621s ago: executing program 1 (id=735): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x200000000000011, 0x2, 0x407ff8) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) bind$packet(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') r7 = socket(0x40000000015, 0x5, 0x0) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0xb78}}, 0x0) close(r7) 1m43.025377814s ago: executing program 1 (id=735): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x200000000000011, 0x2, 0x407ff8) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) bind$packet(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') r7 = socket(0x40000000015, 0x5, 0x0) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0xb78}}, 0x0) close(r7) 1m5.968076149s ago: executing program 1 (id=735): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x200000000000011, 0x2, 0x407ff8) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) bind$packet(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') r7 = socket(0x40000000015, 0x5, 0x0) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0xb78}}, 0x0) close(r7) 30.422837294s ago: executing program 1 (id=735): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x200000000000011, 0x2, 0x407ff8) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) bind$packet(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') r7 = socket(0x40000000015, 0x5, 0x0) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0xb78}}, 0x0) close(r7) 12.760488523s ago: executing program 0 (id=1939): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x3}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000040)={0x1d, r1, 0x3}, 0x18) sendmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x2, 0x0) 11.601530387s ago: executing program 0 (id=1941): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x400000000000004) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) fsopen(&(0x7f0000000400)='ceph\x00', 0x0) socket$netlink(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.stat\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRES64=0x0, @ANYBLOB="a7"], 0x20) 11.374422878s ago: executing program 3 (id=1944): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="120100006325a640402000498b4d000000010902240001000000000904000002214c6a0009050702000000"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000780)=ANY=[@ANYBLOB="00002e000000d41e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 11.264000601s ago: executing program 0 (id=1945): r0 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x4089, 0x800}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FILES_UPDATE={0x14, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47f6, 0xb277, 0x0, 0x0, 0x0) 10.274052847s ago: executing program 0 (id=1946): setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00') lseek(r3, 0xae7e, 0x0) 7.989132282s ago: executing program 3 (id=1948): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc491"], 0x1c}}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r3) sendmsg$NLBL_MGMT_C_ADDDEF(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x34}}, 0x0) 7.917432118s ago: executing program 2 (id=1950): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r3}, 0x20) sendto$inet(r3, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf408, 0x0, 0xf06) 6.903777049s ago: executing program 2 (id=1951): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x3}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000040)={0x1d, r1, 0x3}, 0x18) sendmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x2, 0x0) 6.903243767s ago: executing program 3 (id=1952): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000280)='cifs.idmap\x00', &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) 6.373986428s ago: executing program 2 (id=1954): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001240)='/proc/partitions\x00', 0x0, 0x0) read$hiddev(r0, &(0x7f00000000c0)=""/4092, 0xffc) read$hiddev(r0, &(0x7f0000001100)=""/234, 0xea) 5.916691794s ago: executing program 2 (id=1956): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) migrate_pages(0xffffffffffffffff, 0x8, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_open_procfs(0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000004240)='/proc/meminfo\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000003c0)=[0x0], 0x1}) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000240)={0xffffff7f, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x2, 0x1, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_spirange={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x50}}, 0x0) 5.916184776s ago: executing program 3 (id=1957): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x1, 0x5, 0x5, 0x10, 0xffffffffffffffff, 0xe, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x2, 0x1, @void, @value, @void, @value}, 0x48) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000001180)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f00000011c0)={&(0x7f00008fc000/0x3000)=nil, 0x3000}) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0) 5.709718287s ago: executing program 0 (id=1959): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="120100006325a640402000498b4d000000010902240001000000000904000002214c6a0009050702000000da0009"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000780)=ANY=[@ANYBLOB="00002e000000d41e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.471782487s ago: executing program 4 (id=1960): sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r3, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000380)={&(0x7f0000000180)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f00000001c0)={0x0, 0x1, &(0x7f0000000340)=[r6], &(0x7f0000000280)=[0x80001], &(0x7f0000000200), &(0x7f0000000380)}) socket$inet6_sctp(0xa, 0x5, 0x84) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) write$char_usb(0xffffffffffffffff, &(0x7f0000000440), 0x0) 4.47630875s ago: executing program 4 (id=1961): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r3}, 0x20) sendto$inet(r3, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf408, 0x0, 0xf06) 3.452110063s ago: executing program 4 (id=1962): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x6}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f0000000280)=""/65, &(0x7f0000000040)=0x41) syz_open_dev$dri(&(0x7f00000005c0), 0x1f, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000000)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_bpf={0x2c, 0x2, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x0, 0x2}}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0) r3 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r4, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x60, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x90}}, 0x0) 3.393902233s ago: executing program 3 (id=1963): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "f93670335b092d31d4f25cc48cb13a383332ea"}) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000800)={[{@delalloc}, {@nouid32}, {@jqfmt_vfsv0}, {@norecovery}, {@norecovery}, {@dioread_lock}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xcadbd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ptrace$ARCH_MAP_VDSO_32(0x1e, r1, 0x7, 0x2002) sendmsg$key(0xffffffffffffffff, 0x0, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000540)='./file1\x00', 0x80000, &(0x7f0000000780)={[{@usrjquota}, {@bsdgroups}, {@nojournal_checksum}, {@noquota}, {@noacl}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@journal_path={'journal_path', 0x3d, './file2'}}], [{@mask={'mask', 0x3d, 'MAY_APPEND'}}]}, 0x1, 0x510, &(0x7f0000001380)="$eJzs3cFvI1cZAPBvJutNNk2bFCoVENBQCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBrdeygGpwArUIHFwNWM7m27sON3N2tr495NGfm/eZL731pr3vN9u/AIYW/MRcRARVyPizYiY7ZxPOke82j6y6z6+e2f16O6d1SRarTf+leTt2bk48TOZJzr3nIqIH34v4ifJ6biNvf3NlWq1stOpl5q17VJjb//mRm1lvbJe2SqXlxaXFl6+9VL5wsb6XO13H31347UfvfeHr3z4l4Nv/yzr1kyn7eQ4LlJ76IXjOJkrEfHaowg2AhOd8VwddUd4IGlEfC4ins+f/9mYyN/N8+nxWAMAj4FWazZasyfrAMBll+Y5sCQtdnIBM5GmxWI7h/dMTKfVeqN543Z9d2utnSubi0J6e6NaWejkCueikGT1xXey8r16OT5dvxURT0fEzyev5fXi6vnzDADAxXrivvX/v5Pt9R8AuOSmBl2wPJx+AADDM3D9BwAuHes/AIwf6z8AjB/rPwCMH+s/AIybD7rr/8SoewIADMUPXn89O1pHne+/Xntrb3ez/tbNtUpjs1jbXS2u1ne2i+v1+nq1Ulyt1wbdr1qvby++GLtvl5qVRrPU2NtfrtV3t5rL+fd6L1cKQxkVAHCWp597/29JRBy8ci0/4sReDtZquNzSUXcAGBk5fxhfvoUbxpe/4wOD9vLs+1+E332AYK13HuCHgIt2/Yvy/zCueuT/pQRgTMj/w/iy2MP4arWSfnv+p8eXAACXihw/MNR//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBLYiY/5k7U07RYjHgyIuaikNzeqFYWIuKpiPjrZGEyqy+OtMcAwMNL/5F09v+6PvvCzP2tV5P/XctfI+Knv3zjF2+vNJs7i9n5f092zzff7Zwvj6L/AMAg3XW6u453fXz3zmr3GGZ/PvpOe3PRLO5R52i3XIkr2cufp6IQEdP/Sdr1juzzysQFxD84jIgv9Bp/kudG5jo7n94fP4v95FDjp5+Kn+Zt7dfsz+Lzp+482TfmoL1eYVy8n80/r/Z6/tKYz1+nem5+PJXPUA+vO/8dnZr/us/7VD7X9Jr/5s8b48U/fr9v22HEl670ip8cx0/6xH/huHb1zPgffPmrz/dra/064nr0jn8yVqlZ2y419vZvbtRW1ivrla1yeWlxaeHlWy+VS3mOutTNVJ/2z1duPNV3/L+NmO4Tf2rA+L9x5qhbxxPwb/7/5o+/1i/+YcS3vt77/X/mjPjZmvjNM+PfszL9+77bd2fx19rjP/ys7/+Nc8b/8O/7a+e8FAAYgsbe/uZKtVrZOV2Y7980qFCIHk2Tn/0+vQrJWX3OC62JXk2FuIjoCo9tIfs8/rD3ebaTMut5zZ9+9d6zWePIR3ohhRFPTMAjd++hH3VPAAAAAAAAAAAAAACAfh75rxOlox4hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAl9knAQAA//+e8MnA") openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x2, 0x100) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x5, &(0x7f0000000040)=@framed={{0xb6, 0xa, 0x0, 0x0, 0x0, 0x63, 0x11, 0x34}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = dup(r0) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) read$FUSE(r4, &(0x7f00000030c0)={0x2020}, 0x2020) 2.602316398s ago: executing program 2 (id=1964): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002880)=@newtfilter={0x404, 0x2c, 0xd27, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x1c, 0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x10, 0x2, [@TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @remote}]}}, @filter_kind_options=@f_fw={{0x7}, {0x39c, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'gretap0\x00'}, @TCA_FW_CLASSID={0x8, 0x1, {0x9, 0x9}}, @TCA_FW_CLASSID={0x8, 0x1, {0xfff3}}, @TCA_FW_CLASSID={0x8, 0x1, {0x9, 0xe}}, @TCA_FW_ACT={0x2f0, 0x4, [@m_skbedit={0xf0, 0x10, 0x0, 0x0, {{0xc}, {0x1c}, {0xa9, 0x6, "f7a0554288139b6a616209de5122bc66928c3cbcd073aa6265f205a1debe43c125679df6fa198c284d4a4c66e5d44d56c4f3c0136e704db6ba4e4c4b98c481b6bfe43804c29fe3755591d754d5472c1b00d959e2025c8fef341267053db863c362215660ee3d3b34facf73b0133254af10168d7075997bf5230acdf46ec5808df6ff339e0f41930479a9bafb8bc3a2ca4a68cc0324abc50124191d3a02b1246e22d4f66b1b"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_tunnel_key={0x0, 0x2, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x0, 0x9, 0x4e21}, @TCA_TUNNEL_KEY_PARMS={0x0, 0x2, {{0xfffffff2, 0x5, 0x6, 0x9, 0xc8}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x0, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x0, 0x6, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x0, 0x3, @multicast1}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x0, 0x5, @remote}]}, {0x0, 0x6, "1de767e80a4d9240e25b022f9595056239a314bdbf369276c85c6aef5706f928bbdd69b035c4163b7849f79fa2667a4bb7f30b44f65db03d9507583a60459fbe3ae4018516638692ce23ee4beb499b58a80385edc885e32bb3589a4a4343c64f922a8ea0ae06a24c8b8b8684ad33093da543a0cf0ec35d3165b5ce6b9658419d9029bbd892daca5c6745e137e89a2a7798b536f912325ec6ec17da20b11716b0abe7774bbbfd8c60faa1d1f945056eaf1d3ec1537b9bd9d52933563a7725cb4295326407d604a1cc943f809fafbca9dab57a5067d4523f585893fccf80e01485c5f167bda7dc484020177f0bd13c16195b5844c236b3d9982fec2f31b40291afccfb15999aa4f6bb4ff9bae18500f9ddb15b6bfec6e4cb1f1b159cdbb408156540072c284a70677097bc99451987fbe6628c1b450f0ee1fbbeb84c3274ba5464a0a332a497d46e0e6a8d6d3707d5625bc6e8b23f545a9c7ee2b61b90a1d19b7840fca59ec14edf953392276cb62b165a9a61f0d6ebc66fce8d41bcc3058654a0589e07d02f7aafe0c7694783d8112d2b1e53fb248aa03229395a63e6cc970e1260ed5482d9757e40b1f9c5e4abfe2f2548ea897ea0ad0c97bb48853620676ecfca69da2ce78ced1c4ffcb72172c685a532d3dfae1323f8244826b155db8d107d233f16f6d890d8e9c4067763588e9e9f06963d248791ffcb7f0793f80c33e32d820c7f3011691a0c95963b03f738d2107d64e1d8c573b3df8b58fad6efdac625abd47a02b74070478f06c0697fe3c92805002ae0666de5b4927a8389ecf892a48872017490a521188f02cbe499e78a461642c359f0840cec6f31558f18729a7f422dd0bc8ce79a7ed9e5e6b125a733d41b54ba65d453c4a8f19e817e73b053d2380312259a0101e71884e05e2a80d20c9463e2fe2ddfb744e720a3a7c877cf671020d812871132014d28a54e2f68efb616e6da1c07bca131984c430928714ec150d78a388442fa982241cd336a2aa414136a38e8ef45bd53d21e674e7ab36315ceeeac7189dd805f6a2a5d99ef0504a8325a3828283656c4009f26287a6e3e49867ee2f82114f2fa6c5001d9fe7be3006c4360fbcceb3e4340ebd1b229c27a6843e26bb8dc6740471e0cf8a99398b47c9ffb3b4f54f799c9db8cd5404a93688e1a6cbdd1bdafae06cb128554c50311edfdcc3438276a3e5005be347fe72b9756412cdc5dfde6405ce62a13db8f124f4cdbae2c96a15807b69476c09aba3a0c73db477d04d63cc45c648be39b066e96b65e544921337cfcbfa065b754197ee572b0c6087ad29cee21d15558ab7c2bd29650c25f2d6c238f14b769b84620cae130b3bc849b6be751d4c3bfb8fa343fcce82340ad75fef31187d9de05d2babecbfcb21b3a67639e2585bc19a13f5fa7df8269ca123612bc07bab9cd102a31fe18659586dc129ea67707bdc683d127a994863410fc82a62dabae43f28721416d4bae6a46704887ba078e40f70d4479af67ad3b22917edcd58c896dcf62d337a316d8bbb6f213df2de05dcf52ef2ecfe8326e2557904563bd7a2e0d5f0a9288a93093f97dfc45a14277d4e640c22bb8b93c14ba2304a2d1b1c6cbb4e00002b65537fa2056b1e4d711a096bc54df407e836212740628e472bcf057d6e814d09399131e2960c8dac754958cc16b49513ca3c4fbb4731ff8fedf885e5327e5701d17aa15c4207fec1506a269f99d1addee549ffc856d2258ef2f8f4373453e2baa881104eb3665487700db2a0cb93c2f538cca5f60951968471be30da560c06ab72f0fefa241dc994744bd54e25f1c3f9221b42f4b70a3e3ce3fd8105401d0ac43756be45dbf4880c4a1c5cdef1026f14ce5815f18a32f5f8d450dd9aca84588f8dcc5369ce7941a5c5c35f6b3ca6951d93c4c4833f4df1a4a36f2e0fcf67b699c0d32b9ec0750b25956b7e77f0e39090d6ca99cd75978c930e085b7c0b8f2ebee33227ff725dbe10911f8e5d8ad89939b6ad2d7f65ca506db70db7b2392942ad3e6127c7f32d8e59321c2bc695c3ddad3a58610eb5d99f04506a59a4af6eb307cd3fa062790d11ddf3e3b6f88670274836d6386c4f0b720441cbc36e0ba38d518fbc87a440272f895b38cf4cf56e0459a403f7059355899c574bf7b8fc30e56ad38ff7a25680fec04363db563fd0b3d9589c55fb2026e48bdd75875be9ba53c09735167ecd00c0eca20149bd00cfb04eb0f5d8f250b354773d6299eacf5e3e0af17e2337a530a92feb3cacaf34ee8a52fd75f2e00ae1ea6d66317efc4c3f49a4ff1a1e2cf0f067dc1c13eb0a780c8a313319466cae88af7df0504fad906307a76591a13e347a2ff83386ec6aecdfc6b9b56e15ea188a4b7b6959b66b53a81c037b1438e8de8708533bcceabce12c06312055538d40f773ba30d4fd01c74eec5830339808ee8a33a32bcda8cdb0d21a4eab8e8b4292c32a2cea60af04f8969b8caba6784dd75d58f32e5b3798ac0fab6587a0d3c816ce6e4b4860b62dce32773dead5f68d121101fee5a0081e7d8144bfa7234b3ee45610ecb8d9490dc486e2854409f897f31ee844f60415213d9789490a870d6d50e29fb3e5a6488e00f38a58dfd1449c58b54ac474e003558e924366d7a7643c894bb52ade1c06f2ab3b89fd43ec6026fdc4866ea93b8f94ee00387bb0421ed5272f3d5bd99d292b1772d0b187f16f22613694f98a5d2f40bfff87c60f7b833b712a72f4491121b6ef455f448608c7d4636a20014eb8b4e311e8c5bfc83fa76826c02babb259dcba1497b5d7144bf423f24c2d0915af4cedf557dfc322da010da06b1d41bb8739b44cef90fd70c38dfda050d3cb4c78be39dd91d05239c915ee0827cb0000d60d60b1feacd9d6bf78c6e59527a05774374be19befa1865be4ac66a12552693f54b77d309911ef4795b44bf63404d06fc1df8dfbcf195b7c6637a375133a00c96210c4bae908f5823b5d94707beafca4f33dfc154d2e6cc6e6d7f1d24192107ca8ff9673fd16e6cf59cabd880bf88ea96246c35f04e289a9e7804de25063d43097694f41c0dfb0d6b0dbd5e81bef5d235a29ead7c181a760f3cfe5b5adc25c2437fe9eee0a894422b3286c1a4a5e30f5b0569569985cba88e8c2c64dc79642bdb501226b8dc4d9e65c98689eac37cfad6444c6aec8f8e06ab892bca1ba1d69655ced50fcff3554d4183587c06340d897e2268413a9466b86ad9687fbdc3d14f2e401e1f9a54b6672a1f465108af6dceb92ee8cc83fcd3f2a3cb9ce594f58754475fe8addf41fe51e54c336aa545110020d0589977f34a07a9a388776132e658f64ca6629887abfd3ca3d94fc68318538521e10602060b9d95a421c02bbc45ba2d2c170634337f46353f8f8f3d13732189b1670db23944a320e3e20de74b4d1c7b736cda5e458ec8241ea9f36275667e951c4f0d88adb66ce4411be75ac0195a5a16b1d75209162ec0d4c75308a22a25f79c680d254d220a86f4c741145287a47e86b922f56ec492aafe6975cac60d1c25293015ae74e16e8cb83c795ea75d4e8c87bb7975050fa5f9d19c9419b446a98b61cecd8c2feb0d80f89500ab4bc620a5ed16be3582f4f236b00f0b80d2af5d9e605eab7a97d8b1dead8c490bc4d50a9a5b776429f5419234e3f05eb626507c2326b566a9126e9e62bf52e43ec0fe849b659e51a94f0082e784a895b416f9723b9426c467bb233d5b1d265500c69078299141cbd49f72032a03fe743a3133882feb46d5004d983d90fbaaa1e563a7696c0085719fd12dbdff65a3454d34524939735228ccf4fc552b9f55fb260381fda0a168fd9e1806d921bd8823a5098a688d39d705a939d6849b40f2ec6c29aaf5b4f104a7df94ba18a632cd47019c3d1ec8eabca9711e08620bafdd8f7b080a1693ba1d4d22a9814d7b4a17bd38547992f12b3437928f7c1ee1f82df7703e768a28744fae752072174006ba3aa68e5a21250e43b044012b837f6215ec84e4fd8aadb0861788c8353e7a6437760d88beab4ee7c564f4b8fbed1c5fad0c008cbda64af9368459fe5fb021bb3b58194c4a7ca604a6d8e60f086b5c4f036659856628b25ab4c0181e234e5da26e2f056d954aa7125ec4c8a89215cec6e99269c2867be817982517fe9f7d89c3654fe7f664c739c599fd64e9d9d76087dc0577348d4896e0d5eaaf78f239f904ee1c7e3f56071e81a86a04aab59b7e437eb3dfebc4b894a43f0c38297f0cc32ad030ffe04b33a61cffb6e12337dafb883fb4934eb9b99134c51aeeffe62d80b5a23f04e1879f32e2c8a6fbd816658e9731717d51afd4a8a2028741a9be3df3a94b36999b636e26908274fc982bf80b0748ce8d2d32d8a8df31391e0893d682e9d7e0b3910123b4dec6348b6936c2f7b6de951e6ad74b330a613a6a035ef5bfb8f3c6c14635480718c6c2b4450ce0a8b7bce7a3df6cef6abdc3dc5bdb023e1c6c5a843809e3048811062f58f1cf01fce9ec7af4db7730a51f7688b90a3bc6f8bf259fb9b93ea9a19d7e4238869c023cdca8a40fe57b002cd816434c656bc05b091c911b71a6c9ddbca43da6d3b54e562059efe20fb88099604c7d0a76addf9e7cb7b8e41373f3a3da7a3f5ad16610076dccb594a649b7332c8d9e880fe1363f9fce8de9e598f32ce45c910feb5512ccd6b0c94286de27419adf66be01b2372316bbd77b08b93c0d7fa7acc0182d5a7de595b860439018602b386108b6b0d22ad84f496aca4cfac36489a257276b9f855f7853e8bda794ddd12be8de0db6b20c0e7416ea98fdc8766742f3cae7213fededb0640537d15dbc57c73ce3275c4ce662f26276fd0192fead6e08dd865e81a13158df68369491b40e298ef78e304966335ff903b287c6176a836a41b5f75726a6cb252c776089a2d722d7419736bebe7835c2f05a622205d3b0fd5255d0c80f5e6f761781995923917dbd5bc92213f0c4505f5d78595f92f72415259c8b7ca6880f207a6b8e5c0b3c00913ef94ef0d46dbdb4abf86e837dcd29f28761e641bd1ca445c2762e2ed302cf0c0901254f16baf22e08998dfda8e905e410739c317aa1ca9bc23fc04ee14c8be0d54024f1854e169598ab7637345fe119854091ac5b6a8ce2982484dd2f897f78a23e54eb54289f7c34705cda76a57726c1f572444a3d7ff268996ca56a78ef849d892514e8382349ff68a6f8ee3fccc3d40e1f67542f307f8fa9d6a97130e68c11715ce06a79120b716a59486f7a43b5f82e50270045c97e64dafebad178a4ee6e9faab7101a6c8c6c62bf67a1699ad61d4d77de767a5fd8a25d4accdfc9af0cd85494ec346ae2a77ffa85226b29c0d6af2acb1efcdd3f443ad5a8fe7e0980de1f6063843bcb27c9dab91430f9897e3818dafc8bcd7d11cd9927f99b5b94107657f321414adaadbfb6683f0beb783f76e0bf4f7b7070aad43ec11a275ef5660f5abe533bae3159afae353264285c8ce5b13c502c5f5203aa3ce263aa63c1fd6a286676d14b29f776c73017b1c28c1a8e63f85020c104f1e20213979d75560c3627742c955b0514fbfb22d679251225b09ccae3a2fa7ef1848d9081062327a0d57a85e14a40a3799b4adba4990efad33eb47c10e240e2ccfac819ff37199a6322c2aee05c35745cb31661a37422136c6fd68fdf98a4c07e72c43dc07cbf68a57efd7a9a5e4068dcd5d6a3ef487a4dd18c9236d6351e8c4a4bdd138b3a3194b8b764df7331515cd642f7c19bc0680274c19417b88a2a06f154403a42b7071c61c0cf4e99ba0302"}, {0x0, 0x7, {0x0, 0x1}}, {0x0, 0x8, {0x0, 0x6}}}}, @m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x30, 0x18, 0x0, 0x0, {{0x8}, {0x8, 0x2, 0x0, 0x1, [@TCA_IFE_METALST={0x4}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_csum={0x4c, 0x7, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0xb, 0x6, 0x374cf522, 0x7ff}, 0x43}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ctinfo={0x58, 0x1a, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x3, 0x0, 0x20000000, 0x8, 0x100}}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0xffff0001}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ctinfo={0x30, 0xc, 0x0, 0x0, {{0xffffffffffffff8b}, {0xffffffffffffffbb}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x6}}}}, @m_nat={0x54, 0x1c, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0x6f0d, 0x8, 0x1d7, 0x1000}, @empty, @loopback, 0xff000000, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}, @TCA_FW_POLICE={0x7c}]}}, @TCA_CHAIN={0x8, 0xb, 0x4}, @TCA_RATE={0x6, 0x5, {0x3f, 0x1}}, @filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x404}}, 0x44050) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.538439786s ago: executing program 1 (id=735): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x200000000000011, 0x2, 0x407ff8) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) bind$packet(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') r7 = socket(0x40000000015, 0x5, 0x0) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0xb78}}, 0x0) close(r7) 2.496075183s ago: executing program 4 (id=1965): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x3}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000040)={0x1d, r1, 0x3}, 0x18) sendmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}}], 0x2, 0x0) 206.085874ms ago: executing program 0 (id=1966): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000001780)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, 0x0, &(0x7f0000000440)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x418}}, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4, 0x4, 0xd, 0x40, 0x8, 0xc, 0xfffe}}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 205.507372ms ago: executing program 2 (id=1967): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffd}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x22, 0x1, 0x0) syz_io_uring_setup(0x360b, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0) r4 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r4, &(0x7f0000001400)=[{{&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)}}], 0x1, 0x0) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x3c0, 0x160, 0x4c, 0x1a, 0x0, 0x25, 0x2f0, 0x258, 0x258, 0x2f0, 0x258, 0x3, 0x0, {[{{@ipv6={@private0, @local, [], [], 'wg2\x00', 'macvlan1\x00'}, 0x0, 0x118, 0x160, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0xd229f37a77d4c83b}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private0, 'team_slave_1\x00'}}}, {{@uncond, 0x0, 0x160, 0x190, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @private1, @mcast1, @remote}}, @common=@icmp6={{0x28}, {0x0, "e1f6"}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x420) 204.973222ms ago: executing program 3 (id=1968): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x10) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7151, 0x0) 204.58876ms ago: executing program 4 (id=1969): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) 0s ago: executing program 4 (id=1970): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x400000000000004) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) syz_io_uring_setup(0x2, &(0x7f00000001c0)={0x0, 0x0, 0x80, 0x40000000}, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) fsopen(&(0x7f0000000400)='ceph\x00', 0x0) socket$netlink(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.stat\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRES64=0x0, @ANYBLOB="a7"], 0x20) kernel console output (not intermixed with test programs): 3 [ 349.948200][ T5846] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 350.023238][ T1100] bridge_slave_1: left allmulticast mode [ 350.028935][ T1100] bridge_slave_1: left promiscuous mode [ 350.045732][ T1100] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.537011][ T1100] bridge_slave_0: left allmulticast mode [ 350.668116][ T1100] bridge_slave_0: left promiscuous mode [ 350.697229][ T1100] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.169194][T10319] loop0: detected capacity change from 0 to 512 [ 351.247270][T10319] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 351.271488][T10319] ext4 filesystem being mounted at /292/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 352.210432][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 352.233196][ T5857] Bluetooth: hci11: command tx timeout [ 352.369509][T10316] loop2: detected capacity change from 0 to 40427 [ 352.370429][T10311] loop3: detected capacity change from 0 to 32768 [ 352.403126][T10316] F2FS-fs (loop2): invalid crc value [ 352.497793][T10316] F2FS-fs (loop2): Found nat_bits in checkpoint [ 352.553358][T10311] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 352.562075][T10311] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 352.590418][T10316] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 352.846820][T10311] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 352.861377][ T25] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 353.728409][ T25] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 354.301029][ T5857] Bluetooth: hci11: command tx timeout [ 354.400864][ T25] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 672ms [ 354.408640][ T25] gfs2: fsid=syz:syz.0: jid=0: Done [ 354.423733][T10311] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 355.188004][T10347] Falling back ldisc for ttyS3. [ 355.226659][T10352] loop0: detected capacity change from 0 to 1024 [ 355.283843][T10352] hfsplus: xattr searching failed [ 355.393649][ T2962] hfsplus: b-tree write err: -5, ino 3 [ 355.527902][ T1100] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 355.782673][ T1100] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 355.999156][ T1100] bond0 (unregistering): Released all slaves [ 356.376579][ T5857] Bluetooth: hci11: command tx timeout [ 356.635409][T10370] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1252'. [ 356.850729][T10381] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 357.226617][T10301] chnl_net:caif_netlink_parms(): no params data found [ 357.252994][ T46] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 357.288703][T10396] loop2: detected capacity change from 0 to 256 [ 357.422131][T10396] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 357.435106][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 357.449988][ T46] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 357.601385][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 357.903842][ T46] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 357.924423][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.954745][ T29] audit: type=1800 audit(1730315203.862:63): pid=10396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1260" name="bus" dev="loop2" ino=1048645 res=0 errno=0 [ 358.004223][ T46] usb 5-1: Product: syz [ 358.012356][ T46] usb 5-1: Manufacturer: syz [ 358.030525][ T46] usb 5-1: SerialNumber: syz [ 358.055833][ T1100] hsr_slave_0: left promiscuous mode [ 358.098803][ T1100] hsr_slave_1: left promiscuous mode [ 358.107918][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 358.122170][ T46] usb 5-1: config 0 descriptor?? [ 358.130820][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 358.150275][ T46] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 358.161467][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 358.195972][ T46] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 358.216699][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 358.305189][T10391] loop0: detected capacity change from 0 to 32768 [ 358.361582][ T1100] veth1_macvtap: left promiscuous mode [ 358.391663][T10391] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 358.400256][T10391] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 358.413881][ T1100] veth0_macvtap: left promiscuous mode [ 358.419575][ T1100] veth1_vlan: left promiscuous mode [ 358.446836][ T1100] veth0_vlan: left promiscuous mode [ 358.453079][ T5857] Bluetooth: hci11: command tx timeout [ 358.554799][T10391] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 358.588100][ T5923] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 358.595044][ T5923] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 358.748399][ T5923] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 153ms [ 358.756297][ T46] em28xx 5-1:0.0: chip ID is em2874 [ 358.766469][ T5923] gfs2: fsid=syz:syz.0: jid=0: Done [ 358.771808][T10391] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 358.974542][ T46] usb 5-1: USB disconnect, device number 32 [ 358.981737][ T46] em28xx 5-1:0.0: Disconnecting em28xx [ 359.010187][ T46] em28xx 5-1:0.0: Freeing device [ 360.046651][T10428] Falling back ldisc for ttyS3. [ 360.139691][ T1100] team0 (unregistering): Port device team_slave_1 removed [ 360.203910][ T1100] team0 (unregistering): Port device team_slave_0 removed [ 360.969495][T10410] batman_adv: batadv0: Adding interface: dummy0 [ 360.981114][T10410] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.020510][T10410] batman_adv: batadv0: Interface activated: dummy0 [ 361.042423][T10415] batadv0: mtu less than device minimum [ 361.052540][T10415] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 361.065554][T10415] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 361.078146][T10415] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 361.090699][T10415] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 361.103291][T10415] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 361.114786][T10415] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 361.126209][T10415] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 361.137903][T10415] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 361.149327][T10415] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 361.539346][T10301] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.557301][T10301] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.574930][T10301] bridge_slave_0: entered allmulticast mode [ 361.612477][T10301] bridge_slave_0: entered promiscuous mode [ 361.637162][T10301] bridge0: port 2(bridge_slave_1) entered blocking state [ 361.665432][T10301] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.672687][T10301] bridge_slave_1: entered allmulticast mode [ 361.688111][T10301] bridge_slave_1: entered promiscuous mode [ 361.894395][T10301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 361.936064][T10301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 362.569537][T10301] team0: Port device team_slave_0 added [ 362.626048][T10301] team0: Port device team_slave_1 added [ 362.957867][T10498] Falling back ldisc for ttyS3. [ 363.050369][T10452] loop4: detected capacity change from 0 to 32768 [ 363.084362][T10452] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 363.092571][T10452] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 363.203212][T10452] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 363.220209][ T5923] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 363.227760][ T5923] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 363.295575][T10301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 363.307839][T10301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.328624][ T5923] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 100ms [ 363.342579][T10301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 363.382056][ T5923] gfs2: fsid=syz:syz.0: jid=0: Done [ 363.612471][T10452] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 364.377144][T10301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 364.396215][T10301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.675765][T10301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.097315][T10301] hsr_slave_0: entered promiscuous mode [ 365.106104][T10301] hsr_slave_1: entered promiscuous mode [ 365.122027][T10301] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 365.132902][T10301] Cannot create hsr debugfs directory [ 365.223555][T10542] mkiss: ax0: crc mode is auto. [ 367.316012][T10581] loop0: detected capacity change from 0 to 256 [ 367.375254][T10560] Bluetooth: hci11: Opcode 0x0c1a failed: -4 [ 367.402222][T10560] Bluetooth: hci11: Opcode 0x0406 failed: -4 [ 367.439126][T10581] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 367.471411][T10560] Bluetooth: hci11: Opcode 0x0406 failed: -4 [ 367.480379][ T29] audit: type=1800 audit(1730315213.432:64): pid=10581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1308" name="bus" dev="loop0" ino=1048646 res=0 errno=0 [ 368.368872][ T3069] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 368.578365][T10598] Falling back ldisc for ttyS3. [ 368.721327][T10301] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 368.757648][T10603] loop3: detected capacity change from 0 to 128 [ 368.766046][T10301] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 368.774958][ T3069] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.831850][T10301] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 369.003358][ T3069] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 369.012459][ T3069] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.055622][ T3069] usb 5-1: config 0 descriptor?? [ 369.860485][ T5857] Bluetooth: hci11: command 0x0c1a tx timeout [ 369.979306][T10301] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 370.073464][T10615] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 370.339090][T10301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 370.386075][T10301] 8021q: adding VLAN 0 to HW filter on device team0 [ 370.490336][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.497541][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 370.548038][ T3069] keytouch 0003:0926:3333.000D: fixing up Keytouch IEC report descriptor [ 370.559762][ T3069] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.000D/input/input14 [ 370.569988][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.578318][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 371.170964][T10301] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 371.249342][T10301] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 371.291490][ T3069] keytouch 0003:0926:3333.000D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 371.300608][T10630] loop3: detected capacity change from 0 to 256 [ 371.422139][ T3069] usb 5-1: USB disconnect, device number 33 [ 371.441772][T10630] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 371.600607][ T29] audit: type=1800 audit(1730315217.542:65): pid=10630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1321" name="bus" dev="loop3" ino=1048647 res=0 errno=0 [ 371.630256][T10637] loop0: detected capacity change from 0 to 512 [ 371.768185][T10637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 371.827559][T10637] ext4 filesystem being mounted at /315/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 371.885125][ T5857] Bluetooth: hci11: command 0x0c1a tx timeout [ 371.916963][T10301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 373.153809][T10301] veth0_vlan: entered promiscuous mode [ 373.200871][T10665] mkiss: ax0: crc mode is auto. [ 373.416031][T10301] veth1_vlan: entered promiscuous mode [ 373.477559][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 373.531391][T10670] loop2: detected capacity change from 0 to 128 [ 373.550207][T10671] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 373.787508][T10301] veth0_macvtap: entered promiscuous mode [ 373.825677][T10301] veth1_macvtap: entered promiscuous mode [ 374.052170][ T5857] Bluetooth: hci11: command 0x0c1a tx timeout [ 374.414650][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.435889][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.446165][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.645248][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.655295][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.665873][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.675968][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.686654][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.697012][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.707627][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.723830][T10301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 376.693843][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.790087][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.831990][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.875821][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.898028][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.908695][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.918587][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.929813][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.939876][T10301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.950464][T10301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.961688][T10301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.993852][T10702] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1334'. [ 377.003561][T10702] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1334'. [ 377.016136][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.027207][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.037149][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.047633][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.057535][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.068029][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.077914][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.088936][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.098878][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.109359][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.119618][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.130454][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.141465][T10703] Zero length message leads to an empty skb [ 377.165341][T10301] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.372018][T10301] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.424863][T10301] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.433874][T10301] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.771465][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 378.607136][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 378.764426][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.770772][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.879583][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 378.897814][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.069957][T10731] loop2: detected capacity change from 0 to 256 [ 379.077635][T10731] exfat: Deprecated parameter 'utf8' [ 379.110505][T10731] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5b52992a, utbl_chksum : 0xe619d30d) [ 379.215304][T10736] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 379.560467][T10745] loop0: detected capacity change from 0 to 128 [ 380.460246][T10761] loop3: detected capacity change from 0 to 512 [ 380.682697][T10761] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 380.700693][T10761] ext4 filesystem being mounted at /293/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 381.852521][ T5843] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 382.790457][T10799] loop2: detected capacity change from 0 to 256 [ 382.803996][T10799] exfat: Deprecated parameter 'utf8' [ 382.843268][ T5897] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 382.874226][T10799] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5b52992a, utbl_chksum : 0xe619d30d) [ 382.995169][ T5897] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 383.013940][ T5897] usb 4-1: config 0 has no interface number 0 [ 383.022594][ T5897] usb 4-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96 [ 383.045584][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.066048][ T5897] usb 4-1: Product: syz [ 383.075838][ T5897] usb 4-1: Manufacturer: syz [ 383.091126][ T5897] usb 4-1: SerialNumber: syz [ 383.129167][ T5897] usb 4-1: config 0 descriptor?? [ 383.171229][ T5897] cx231xx 4-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces [ 383.227081][ T5897] cx231xx 4-1:0.1: Not found matching IAD interface [ 383.340611][T10351] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.388073][ T5903] usb 4-1: USB disconnect, device number 28 [ 383.498271][T10351] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.609936][T10351] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.678034][T10351] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.082514][T10351] bridge_slave_1: left allmulticast mode [ 384.114020][T10351] bridge_slave_1: left promiscuous mode [ 384.119862][T10351] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.199812][T10351] bridge_slave_0: left allmulticast mode [ 384.206943][T10351] bridge_slave_0: left promiscuous mode [ 384.212656][T10351] bridge0: port 1(bridge_slave_0) entered disabled state [ 384.419694][T10837] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 385.771367][ T5846] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 385.781915][ T5846] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 385.797660][ T5846] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 385.823312][ T5846] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 386.661745][ T5846] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 386.673440][ T5846] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 387.344114][ T5878] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 387.981302][T10351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 387.994014][T10351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 388.010139][T10351] bond0 (unregistering): Released all slaves [ 388.035928][T10836] gretap0: entered promiscuous mode [ 388.052457][T10836] macsec1: entered promiscuous mode [ 388.057898][ T5878] usb 3-1: Using ep0 maxpacket: 8 [ 388.070580][ T5878] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 388.097710][T10836] macsec1: entered allmulticast mode [ 388.104715][T10836] gretap0: entered allmulticast mode [ 388.110235][ T5878] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 388.122791][ T5878] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 388.149257][T10836] gretap0: left allmulticast mode [ 388.163486][T10836] gretap0: left promiscuous mode [ 388.210480][T10861] batadv_slave_1: entered promiscuous mode [ 388.216834][T10861] batadv_slave_1: left promiscuous mode [ 388.367218][ T5878] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 388.377728][ T5878] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 388.390855][ T5878] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 388.400489][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.107179][T10890] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 389.249348][ T5857] Bluetooth: hci12: command tx timeout [ 389.344106][ T5878] usb 3-1: usb_control_msg returned -32 [ 389.355726][ T5878] usbtmc 3-1:16.0: can't read capabilities [ 390.724917][ T5897] usb 3-1: USB disconnect, device number 25 [ 391.000460][T10351] hsr_slave_0: left promiscuous mode [ 391.039856][T10351] hsr_slave_1: left promiscuous mode [ 391.453015][ T5857] Bluetooth: hci12: command tx timeout [ 392.055723][T10351] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 392.072995][T10351] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 392.148404][T10351] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 392.198767][T10351] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 392.421525][T10351] veth1_macvtap: left promiscuous mode [ 392.447762][T10351] veth0_macvtap: left promiscuous mode [ 392.488997][T10351] veth1_vlan: left promiscuous mode [ 392.517187][T10351] veth0_vlan: left promiscuous mode [ 393.611936][ T5857] Bluetooth: hci12: command tx timeout [ 394.385125][T10351] team0 (unregistering): Port device team_slave_1 removed [ 394.450025][T10351] team0 (unregistering): Port device team_slave_0 removed [ 395.017229][T10946] Bluetooth: hci12: Opcode 0x0c1a failed: -4 [ 395.039749][T10946] Bluetooth: hci12: Opcode 0x0406 failed: -4 [ 395.074857][T10946] Bluetooth: hci12: Opcode 0x0406 failed: -4 [ 395.118123][T10856] chnl_net:caif_netlink_parms(): no params data found [ 395.383361][ T5897] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 395.642990][ T5897] usb 5-1: Using ep0 maxpacket: 8 [ 395.881203][ T5897] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 395.893309][ T5897] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 395.903152][ T5897] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 395.912986][ T5897] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 395.923012][ T5897] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 395.936622][ T5897] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 395.946356][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.183816][ T5897] usb 5-1: usb_control_msg returned -32 [ 396.253072][ T5897] usbtmc 5-1:16.0: can't read capabilities [ 396.270863][T10856] bridge0: port 1(bridge_slave_0) entered blocking state [ 396.319108][ T5897] usb 5-1: USB disconnect, device number 34 [ 396.333089][T10856] bridge0: port 1(bridge_slave_0) entered disabled state [ 396.341695][T10856] bridge_slave_0: entered allmulticast mode [ 396.350453][T10856] bridge_slave_0: entered promiscuous mode [ 396.742121][T10856] bridge0: port 2(bridge_slave_1) entered blocking state [ 396.752165][T10856] bridge0: port 2(bridge_slave_1) entered disabled state [ 396.764964][T10856] bridge_slave_1: entered allmulticast mode [ 396.802228][T10856] bridge_slave_1: entered promiscuous mode [ 397.573641][ T5857] Bluetooth: hci12: command 0x0c1a tx timeout [ 397.714437][T10856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 397.847407][T11012] syzkaller1: entered promiscuous mode [ 397.863076][T11012] syzkaller1: entered allmulticast mode [ 397.941171][T10856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 398.189252][T10856] team0: Port device team_slave_0 added [ 398.224032][T10856] team0: Port device team_slave_1 added [ 398.233005][ T25] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 398.622420][ T25] usb 1-1: Using ep0 maxpacket: 32 [ 398.631070][ T25] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 398.639690][ T25] usb 1-1: config 0 has no interface number 0 [ 398.655449][T10856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 398.662418][T10856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 398.724266][ T25] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 398.734142][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.759107][ T25] usb 1-1: Product: syz [ 398.768023][ T25] usb 1-1: Manufacturer: syz [ 398.897066][ T25] usb 1-1: SerialNumber: syz [ 398.910703][T10856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 399.598064][ T25] usb 1-1: config 0 descriptor?? [ 399.607131][ T25] smsc95xx v2.0.0 [ 399.653298][ T5857] Bluetooth: hci12: command 0x0c1a tx timeout [ 399.803990][T11037] Bluetooth: hci12: Opcode 0x0c1a failed: -4 [ 399.820389][T10856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 399.843090][T10856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.963077][T10856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 400.033938][ T25] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 400.045138][ T25] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 400.165004][T10856] hsr_slave_0: entered promiscuous mode [ 400.182508][T10856] hsr_slave_1: entered promiscuous mode [ 400.212127][T10856] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 400.250215][T10856] Cannot create hsr debugfs directory [ 400.949728][ T25] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 400.982157][T11052] 9pnet_fd: Insufficient options for proto=fd [ 400.990582][ T25] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61 [ 401.063283][ T5895] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 401.167895][ T25] usb 1-1: USB disconnect, device number 19 [ 401.212985][ T5895] usb 3-1: Using ep0 maxpacket: 8 [ 401.224865][ T5895] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 401.255372][ T5895] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 401.292579][ T5895] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 401.327585][ T5895] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 401.542503][ T5895] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 401.561599][T11068] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1416'. [ 401.883535][ T5857] Bluetooth: hci12: command 0x0c1a tx timeout [ 402.290379][ T5895] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 402.299986][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.401424][T11082] autofs: Unknown parameter '0x0000000000000000' [ 402.436714][T11079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1418'. [ 402.515054][ T5895] usb 3-1: usb_control_msg returned -32 [ 402.520674][ T5895] usbtmc 3-1:16.0: can't read capabilities [ 402.545008][ T5895] usb 3-1: USB disconnect, device number 26 [ 403.706624][T11089] Bluetooth: hci12: Opcode 0x0c1a failed: -4 [ 404.803468][T11106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1427'. [ 405.562943][T11104] 9pnet_fd: Insufficient options for proto=fd [ 405.718676][T11119] autofs: Unknown parameter '0x0000000000000000' [ 405.803002][ T5857] Bluetooth: hci12: command 0x0c1a tx timeout [ 406.301266][T10856] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 407.050176][T11145] mkiss: ax0: crc mode is auto. [ 407.057371][T10856] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 407.563700][T11122] loop0: detected capacity change from 0 to 32768 [ 407.673211][T10856] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 407.696789][T10856] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 407.881165][T11122] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 407.898036][T10856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.970875][T10856] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.984322][T10348] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.991478][T10348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.003167][ T5923] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 408.049050][T11122] XFS (loop0): Ending clean mount [ 408.061111][T10348] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.068299][T10348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.103547][T11122] XFS (loop0): Quotacheck needed: Please wait. [ 408.163213][ T5923] usb 3-1: Using ep0 maxpacket: 8 [ 408.191483][ T5923] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 408.233140][ T5923] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 408.243248][ T5923] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 408.253154][ T5923] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 408.263163][ T5923] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 408.276205][ T5923] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 408.285418][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.378670][T11122] XFS (loop0): Quotacheck: Done. [ 408.444832][T10856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 408.544350][ T5923] usb 3-1: usb_control_msg returned -32 [ 408.550145][ T5923] usbtmc 3-1:16.0: can't read capabilities [ 408.595197][ T5923] usb 3-1: USB disconnect, device number 27 [ 408.607733][T11193] 9pnet_fd: Insufficient options for proto=fd [ 408.654611][T10856] veth0_vlan: entered promiscuous mode [ 408.888888][T10856] veth1_vlan: entered promiscuous mode [ 409.024849][T10856] veth0_macvtap: entered promiscuous mode [ 409.032107][T11200] autofs: Unknown parameter '0x0000000000000000' [ 409.105706][T10856] veth1_macvtap: entered promiscuous mode [ 409.226761][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 409.264595][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.274821][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 409.285319][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.295210][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 409.305754][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.315657][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 409.326272][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.336192][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 409.347367][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.361347][T10856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 409.372109][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 409.383941][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.396903][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 409.405826][ T5847] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 409.407918][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.426252][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 409.436782][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.447455][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 409.458675][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.468608][T10856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 409.479121][T10856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.490249][T10856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 409.547168][T10856] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.556974][T10856] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.573235][T10856] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.591755][T10856] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.762954][ T5923] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 409.973353][ T5923] usb 4-1: Using ep0 maxpacket: 32 [ 410.008610][ T5923] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 410.171652][ T5923] usb 4-1: config 0 has no interface number 0 [ 410.370091][T11217] mkiss: ax0: crc mode is auto. [ 410.395028][ T5923] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 410.436708][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.459496][ T5923] usb 4-1: Product: syz [ 410.471579][ T5923] usb 4-1: Manufacturer: syz [ 410.478431][ T5923] usb 4-1: SerialNumber: syz [ 410.490761][ T5923] usb 4-1: config 0 descriptor?? [ 410.520384][ T5923] smsc95xx v2.0.0 [ 410.555155][ T2134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.638651][ T2134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 410.681375][T11223] loop4: detected capacity change from 0 to 16 [ 411.289011][T11223] erofs: (device loop4): mounted with root inode @ nid 36. [ 411.306600][ T7719] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.443123][ T7719] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.566898][ T5923] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 411.577786][ T5923] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 411.751417][T11235] loop0: detected capacity change from 0 to 512 [ 411.809152][T11236] erofs: (device loop4): erofs_map_blocks_flatmode: inline data across blocks @ nid 36 [ 411.819280][T11236] syz.4.1449: attempt to access beyond end of device [ 411.819280][T11236] loop4: rw=524288, sector=34359738360, nr_sectors = 1976 limit=16 [ 412.261568][T11235] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 412.693110][T11235] ext4 filesystem being mounted at /344/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 412.973685][ T5923] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 412.985052][ T5923] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -61 [ 413.307608][ T25] usb 4-1: USB disconnect, device number 29 [ 413.637281][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 413.937748][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.981032][T11259] loop2: detected capacity change from 0 to 32768 [ 414.141752][T11259] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 414.347982][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.385282][T11259] XFS (loop2): Ending clean mount [ 414.425505][T11259] XFS (loop2): Quotacheck needed: Please wait. [ 414.486078][T11259] XFS (loop2): Quotacheck: Done. [ 414.536224][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.724616][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.358515][ T12] bridge_slave_1: left allmulticast mode [ 415.364303][ T12] bridge_slave_1: left promiscuous mode [ 415.366732][ T5848] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 415.370000][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.436405][ T12] bridge_slave_0: left allmulticast mode [ 415.442098][ T12] bridge_slave_0: left promiscuous mode [ 415.449745][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.245921][T11307] Falling back ldisc for ttyS3. [ 416.665516][ T5846] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 416.695069][ T5846] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 416.712765][ T5846] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 416.753089][ T5846] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 416.763308][ T5846] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 416.770783][ T5846] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 418.791408][T11344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1464'. [ 419.156491][ T5846] Bluetooth: hci13: command tx timeout [ 419.406015][T11349] program syz.2.1466 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 419.987585][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 420.016274][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 420.036212][ T12] bond0 (unregistering): Released all slaves [ 420.163495][T11363] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1469'. [ 420.248780][T11369] loop4: detected capacity change from 0 to 256 [ 420.320371][T11353] loop2: detected capacity change from 0 to 32768 [ 420.381864][T11369] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 420.477655][ T29] audit: type=1800 audit(1730315266.422:66): pid=11369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1470" name="bus" dev="loop4" ino=1048659 res=0 errno=0 [ 420.558330][T11353] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 421.000406][T11353] XFS (loop2): Ending clean mount [ 421.021982][T11353] XFS (loop2): Quotacheck needed: Please wait. [ 421.136856][T11353] XFS (loop2): Quotacheck: Done. [ 421.267881][ T5923] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 421.296799][ T5857] Bluetooth: hci13: command tx timeout [ 421.443384][ T5923] usb 5-1: Using ep0 maxpacket: 16 [ 421.575589][ T5923] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 421.668726][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 421.728788][ T5923] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 421.748570][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.787763][ T5923] usb 5-1: Product: syz [ 421.839797][ T12] hsr_slave_0: left promiscuous mode [ 421.846517][ T5923] usb 5-1: Manufacturer: syz [ 421.870518][ T5923] usb 5-1: SerialNumber: syz [ 421.890555][ T12] hsr_slave_1: left promiscuous mode [ 421.926115][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 421.958724][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 421.971957][ T5923] usb 5-1: config 0 descriptor?? [ 421.989439][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 421.992597][ T5848] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 422.002931][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 422.019062][ T5923] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 422.028668][ T5923] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 422.110725][ T12] veth1_macvtap: left promiscuous mode [ 422.156564][ T12] veth0_macvtap: left promiscuous mode [ 422.162217][ T12] veth1_vlan: left promiscuous mode [ 422.213023][ T12] veth0_vlan: left promiscuous mode [ 422.429220][T11417] loop3: detected capacity change from 0 to 256 [ 422.491128][T11417] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 422.670305][ T29] audit: type=1800 audit(1730315268.612:67): pid=11417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1483" name="bus" dev="loop3" ino=1048661 res=0 errno=0 [ 422.685982][ T5923] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 422.775868][ T5923] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 423.323771][ T5846] Bluetooth: hci13: command tx timeout [ 423.413713][ T5923] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 423.426940][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 2 [ 423.434837][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 423.442092][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 423.692707][ T5923] em28xx 5-1:0.0: AC97 command still being executed: not handled properly! [ 423.718697][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 54 [ 423.856488][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 423.874215][ T5923] usb 5-1: USB disconnect, device number 35 [ 423.907645][ T12] team0 (unregistering): Port device team_slave_1 removed [ 424.028832][ T12] team0 (unregistering): Port device team_slave_0 removed [ 425.232811][T11457] loop0: detected capacity change from 0 to 256 [ 425.415491][ T5846] Bluetooth: hci13: command tx timeout [ 425.642558][T11457] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 425.979416][ T29] audit: type=1800 audit(1730315271.892:68): pid=11457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1496" name="bus" dev="loop0" ino=1048663 res=0 errno=0 [ 427.047624][T11444] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1491'. [ 427.285667][T11320] chnl_net:caif_netlink_parms(): no params data found [ 427.476404][T11493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1507'. [ 427.573211][ T5897] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 427.753138][ T5897] usb 1-1: Using ep0 maxpacket: 16 [ 427.856353][ T5897] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 427.867933][ T5897] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 427.898964][ T5897] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 427.909985][ T5897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.920695][ T5897] usb 1-1: Product: syz [ 427.925208][ T5897] usb 1-1: Manufacturer: syz [ 427.932470][ T5897] usb 1-1: SerialNumber: syz [ 427.975767][ T5897] usb 1-1: config 0 descriptor?? [ 428.076001][ T5897] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 428.170933][ T5897] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 428.567697][T11320] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.599808][T11320] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.633669][T11320] bridge_slave_0: entered allmulticast mode [ 428.658539][T11320] bridge_slave_0: entered promiscuous mode [ 429.395834][T11521] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 429.413404][ T5897] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 429.422715][ T5897] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 429.443110][T11320] bridge0: port 2(bridge_slave_1) entered blocking state [ 429.450258][T11320] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.515865][T11320] bridge_slave_1: entered allmulticast mode [ 429.548958][T11320] bridge_slave_1: entered promiscuous mode [ 429.572147][T11516] syzkaller1: entered promiscuous mode [ 429.607548][T11516] syzkaller1: entered allmulticast mode [ 430.086897][T11320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 430.468876][ T5897] em28xx 1-1:0.0: Unknown AC97 audio processor detected! [ 430.490275][T11320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 430.521248][ T5897] em28xx 1-1:0.0: couldn't setup AC97 register 2 [ 430.540223][ T5897] em28xx 1-1:0.0: couldn't setup AC97 register 4 [ 430.555061][ T5897] em28xx 1-1:0.0: couldn't setup AC97 register 6 [ 430.634935][T11320] team0: Port device team_slave_0 added [ 430.667283][T11320] team0: Port device team_slave_1 added [ 430.763496][ T5897] em28xx 1-1:0.0: couldn't setup AC97 register 54 [ 430.795179][ T5897] em28xx 1-1:0.0: couldn't setup AC97 register 56 [ 430.815612][ T5897] usb 1-1: USB disconnect, device number 20 [ 430.906436][T11320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 430.938953][T11320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.032144][T11320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 432.371356][T11320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 432.430768][T11320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.528651][T11320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 432.797592][T11320] hsr_slave_0: entered promiscuous mode [ 432.822114][T11320] hsr_slave_1: entered promiscuous mode [ 432.830820][T11320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 433.802524][T11320] Cannot create hsr debugfs directory [ 433.846229][T11569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1523'. [ 433.922434][T11569] ipip0: entered promiscuous mode [ 434.028897][T11584] loop2: detected capacity change from 0 to 128 [ 434.093143][ T5923] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 434.253034][ T5923] usb 5-1: Using ep0 maxpacket: 16 [ 434.262148][ T5923] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 434.346653][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 434.377760][ T5923] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 434.397131][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.091587][ T5923] usb 5-1: Product: syz [ 435.095932][ T5923] usb 5-1: Manufacturer: syz [ 435.100647][ T5923] usb 5-1: SerialNumber: syz [ 435.120626][ T5923] usb 5-1: config 0 descriptor?? [ 435.165683][T11603] mkiss: ax0: crc mode is auto. [ 435.760378][ T5923] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 435.771572][ T5923] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 436.725336][ T5923] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 436.813912][ T5923] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 436.821348][ T5923] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 436.828423][ T5923] em28xx 5-1:0.0: No AC97 audio processor [ 436.875000][ T5923] usb 5-1: USB disconnect, device number 36 [ 436.893169][ T5923] em28xx 5-1:0.0: Disconnecting em28xx [ 436.906431][ T5923] em28xx 5-1:0.0: Freeing device [ 439.014905][T11643] loop0: detected capacity change from 0 to 128 [ 440.301061][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.307642][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.623799][T11665] program syz.0.1547 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 440.910820][T11320] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 440.995423][T11320] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 441.043188][T11320] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 441.358614][T11320] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 442.035274][T11320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 442.102728][T11320] 8021q: adding VLAN 0 to HW filter on device team0 [ 442.114654][ T2134] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.121750][ T2134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 442.462473][ T6198] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.469695][ T6198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 442.700094][T11695] loop3: detected capacity change from 0 to 128 [ 443.475937][T11320] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 443.486582][T11320] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 444.535425][T11320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 445.255357][T11320] veth0_vlan: entered promiscuous mode [ 445.433510][T11320] veth1_vlan: entered promiscuous mode [ 445.567746][T11320] veth0_macvtap: entered promiscuous mode [ 446.405636][T11320] veth1_macvtap: entered promiscuous mode [ 446.428396][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.473000][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.491262][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.532974][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.583392][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.606923][T11744] loop0: detected capacity change from 0 to 128 [ 446.639626][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.649733][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.680800][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.908591][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.927076][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.938515][T11320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 447.910889][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 447.921514][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 447.931457][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 447.942060][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.209320][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 448.262889][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.294332][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 448.317629][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.331832][T11320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 448.372908][T11320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.404409][T11320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 448.557413][T11320] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.567091][T11320] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.576536][T11320] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.585291][T11320] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.105684][T11773] loop2: detected capacity change from 0 to 1024 [ 451.000365][T11789] MTD: Attempt to mount non-MTD device "/dev/nbd0" [ 451.032186][T11789] cramfs: wrong magic [ 451.669127][T11773] hfsplus: xattr searching failed [ 451.842009][T10351] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 451.913533][T10351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 451.932704][ T7719] hfsplus: b-tree write err: -5, ino 3 [ 452.015053][T11800] loop3: detected capacity change from 0 to 128 [ 452.034413][ T7719] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.042774][ T7719] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 455.938386][T11842] loop2: detected capacity change from 0 to 1024 [ 456.022254][T11842] hfsplus: xattr searching failed [ 456.144998][ T2134] hfsplus: b-tree write err: -5, ino 3 [ 456.182151][T11855] loop0: detected capacity change from 0 to 512 [ 456.300677][T11855] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 456.579540][T11855] ext4 filesystem being mounted at /385/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 458.745545][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 459.340412][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.381127][T11894] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 459.584032][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.674849][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.774786][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.899669][ T11] bridge_slave_1: left allmulticast mode [ 459.906201][ T11] bridge_slave_1: left promiscuous mode [ 459.911943][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.930016][ T11] bridge_slave_0: left allmulticast mode [ 459.938382][ T11] bridge_slave_0: left promiscuous mode [ 459.948917][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.094657][T11910] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1599'. [ 460.839825][T11927] No such timeout policy "syz0" [ 461.626491][ T5857] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 461.642174][ T5857] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 461.725295][ T5857] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 461.734677][ T5857] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 461.744886][ T5857] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 461.752339][ T5857] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 462.299777][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 462.313034][T11939] loop3: detected capacity change from 0 to 40427 [ 462.323759][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 462.331065][T11939] F2FS-fs (loop3): invalid crc value [ 462.344727][ T11] bond0 (unregistering): Released all slaves [ 462.351414][T11939] F2FS-fs (loop3): Found nat_bits in checkpoint [ 462.483384][T11945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1607'. [ 462.591983][T11939] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 462.657055][T11955] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 462.678615][T11939] syz.3.1606: attempt to access beyond end of device [ 462.678615][T11939] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 462.720202][T11939] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 462.843058][ T5897] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 463.025146][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 463.735264][ T5897] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 463.749655][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 463.762277][ T5897] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 463.779044][ T5897] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 463.788189][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.825631][ T5857] Bluetooth: hci14: command tx timeout [ 463.910010][ T5897] usb 5-1: config 0 descriptor?? [ 464.320499][ T5897] hdpvr 5-1:0.0: firmware version 0x1e dated [ 464.400607][ T11] hsr_slave_0: left promiscuous mode [ 464.448508][ T11] hsr_slave_1: left promiscuous mode [ 464.457017][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 464.465928][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 464.477354][ T5897] hdpvr 5-1:0.0: device init failed [ 464.482732][ T5897] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12 [ 464.522383][ T5897] usb 5-1: USB disconnect, device number 37 [ 464.704060][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 464.714427][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.835624][ T11] veth1_macvtap: left promiscuous mode [ 464.858626][ T11] veth0_macvtap: left promiscuous mode [ 464.893047][ T11] veth1_vlan: left promiscuous mode [ 464.992535][ T11] veth0_vlan: left promiscuous mode [ 465.893760][ T5857] Bluetooth: hci14: command tx timeout [ 466.938527][T12008] overlay: Unknown parameter '//file0' [ 468.841671][ T5857] Bluetooth: hci14: command tx timeout [ 469.077054][T12014] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 470.561638][ T11] team0 (unregistering): Port device team_slave_1 removed [ 470.613950][ T11] team0 (unregistering): Port device team_slave_0 removed [ 470.933475][ T5857] Bluetooth: hci14: command tx timeout [ 471.354603][T11932] chnl_net:caif_netlink_parms(): no params data found [ 472.686636][T11932] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.769719][T11932] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.471333][T11932] bridge_slave_0: entered allmulticast mode [ 473.591699][T11932] bridge_slave_0: entered promiscuous mode [ 473.710403][T11932] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.732270][T11932] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.749254][T11932] bridge_slave_1: entered allmulticast mode [ 473.882685][T11932] bridge_slave_1: entered promiscuous mode [ 474.182240][T11932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 474.230686][T11932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 474.293042][ T5923] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 474.372737][T11932] team0: Port device team_slave_0 added [ 474.392292][T11932] team0: Port device team_slave_1 added [ 474.464835][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 474.510467][ T5923] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 474.573601][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.161653][T11932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 475.169553][T11932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.217752][ T5923] usb 1-1: config 0 descriptor?? [ 475.260218][T12091] loop4: detected capacity change from 0 to 512 [ 475.301852][T12091] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 475.312136][T11932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 475.336801][T12091] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 475.345526][T12091] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 475.354335][T12091] System zones: 0-1, 15-15, 18-18, 34-34 [ 475.360476][T12091] EXT4-fs (loop4): orphan cleanup on readonly fs [ 475.367521][T12091] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 475.377419][T12091] EXT4-fs warning (device loop4): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 475.417762][T11932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 475.439538][T12091] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 475.443174][T11932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.474351][T12091] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1643: bg 0: block 40: padding at end of block bitmap is not set [ 475.496976][T12091] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 475.508288][T12091] EXT4-fs (loop4): 1 truncate cleaned up [ 475.509874][T11932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 475.515010][T12091] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 475.775997][T11932] hsr_slave_0: entered promiscuous mode [ 475.790940][ T5923] keytouch 0003:0926:3333.000E: fixing up Keytouch IEC report descriptor [ 475.802530][T12104] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.1643: bad symlink. [ 475.806966][ T5923] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.000E/input/input16 [ 475.833297][T11932] hsr_slave_1: entered promiscuous mode [ 475.867713][T11932] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 475.876901][T11932] Cannot create hsr debugfs directory [ 475.956007][ T5923] keytouch 0003:0926:3333.000E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 476.099468][ T5852] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.275479][ T5937] usb 1-1: USB disconnect, device number 21 [ 476.647510][T12124] overlay: Unknown parameter '//file0' [ 477.586886][T12106] loop3: detected capacity change from 0 to 32768 [ 478.158883][T12106] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 478.496729][T12106] XFS (loop3): Ending clean mount [ 478.711169][T12106] XFS (loop3): Quotacheck needed: Please wait. [ 479.103283][T12156] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1655'. [ 479.164618][T12106] XFS (loop3): Quotacheck: Done. [ 479.277693][ T5843] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 479.592361][T12164] program syz.2.1657 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 479.819818][T12172] loop2: detected capacity change from 0 to 512 [ 479.880140][T12172] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 479.955931][T12172] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 480.003063][T12172] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 480.041354][T12172] System zones: 0-1, 15-15, 18-18, 34-34 [ 480.096494][T12172] EXT4-fs (loop2): orphan cleanup on readonly fs [ 480.127055][T12172] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 480.233041][T12172] EXT4-fs warning (device loop2): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 480.283319][T11932] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 480.292178][T12172] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 480.303321][T12172] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1659: bg 0: block 40: padding at end of block bitmap is not set [ 480.321323][T11932] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 480.374568][T11932] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 480.446244][T12172] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 480.468282][T12172] EXT4-fs (loop2): 1 truncate cleaned up [ 480.479828][T12172] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 480.763996][T12190] overlay: Unknown parameter '//file0' [ 480.927065][T12191] EXT4-fs error (device loop2): ext4_encrypted_get_link:46: inode #16: comm syz.2.1659: bad symlink. [ 481.112216][T11932] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 481.494239][ T5848] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 482.554769][T11932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 482.789877][T11932] 8021q: adding VLAN 0 to HW filter on device team0 [ 482.826093][T11932] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 482.836539][T11932] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 482.936038][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.943235][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 483.009801][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.016998][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 483.035209][T12221] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 485.012605][T11932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 485.049684][T11932] veth0_vlan: entered promiscuous mode [ 485.118739][T11932] veth1_vlan: entered promiscuous mode [ 485.383048][T11932] veth0_macvtap: entered promiscuous mode [ 485.416512][T11932] veth1_macvtap: entered promiscuous mode [ 485.504149][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.515516][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.525634][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.536719][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.546969][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.557636][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.567803][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.578444][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.588482][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.681566][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.693831][T11932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 485.751674][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.765950][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.794156][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.827377][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.931983][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.961561][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.972544][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.983177][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.993295][T11932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.014178][T11932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.186390][T11932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 486.264227][T12264] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1678'. [ 486.580658][T12264] ipip0: entered promiscuous mode [ 486.658290][T11932] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.703050][T11932] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.781855][T11932] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.837205][T11932] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.119720][T10348] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.148031][T10348] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.229660][T12287] evm: overlay not supported [ 487.865047][T10348] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.882741][T10348] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 492.170458][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.266633][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.384216][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.505788][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.620920][T12340] loop2: detected capacity change from 0 to 65536 [ 492.682580][T12340] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 492.735635][ T11] bridge_slave_1: left allmulticast mode [ 492.741341][ T11] bridge_slave_1: left promiscuous mode [ 492.745643][T12340] XFS (loop2): Ending clean mount [ 492.761568][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.772051][T12340] XFS (loop2): Quotacheck needed: Please wait. [ 492.788170][ T11] bridge_slave_0: left allmulticast mode [ 492.823803][ T11] bridge_slave_0: left promiscuous mode [ 492.832632][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.867816][T12340] XFS (loop2): Quotacheck: Done. [ 492.887294][ T29] audit: type=1800 audit(1730315338.832:69): pid=12340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1694" name="file1" dev="loop2" ino=38 res=0 errno=0 [ 493.027094][ T5848] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 493.912724][T12402] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 493.935197][T12402] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 493.944328][T12402] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 493.954894][T12402] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 493.983363][T12402] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 493.990919][T12402] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 496.167517][T12402] Bluetooth: hci15: command tx timeout [ 496.489218][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 496.522641][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 496.573613][ T11] bond0 (unregistering): Released all slaves [ 496.797424][ T5923] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 497.710509][ T5923] usb 1-1: Using ep0 maxpacket: 8 [ 497.932990][ T5923] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 497.942091][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.950203][ T5923] usb 1-1: Product: syz [ 497.954490][ T5923] usb 1-1: Manufacturer: syz [ 497.959115][ T5923] usb 1-1: SerialNumber: syz [ 497.984330][ T5923] usb 1-1: config 0 descriptor?? [ 498.007405][ T5923] gspca_main: sq930x-2.14.0 probing 2770:930c [ 498.065302][T12441] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1708'. [ 498.184133][T12441] ipip0: entered promiscuous mode [ 498.213217][ T5923] gspca_sq930x: reg_r 001f failed -32 [ 498.218684][ T5923] sq930x 1-1:0.0: probe with driver sq930x failed with error -32 [ 498.235991][T12402] Bluetooth: hci15: command tx timeout [ 498.258314][T12436] loop3: detected capacity change from 0 to 65536 [ 498.314148][T12436] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 498.496950][T12436] XFS (loop3): Ending clean mount [ 498.507457][T12436] XFS (loop3): Quotacheck needed: Please wait. [ 498.712297][T12398] chnl_net:caif_netlink_parms(): no params data found [ 498.747580][T12436] XFS (loop3): Quotacheck: Done. [ 498.811934][T12476] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1715'. [ 498.842047][ T11] hsr_slave_0: left promiscuous mode [ 498.863095][ T29] audit: type=1800 audit(1730315344.802:70): pid=12436 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1707" name="file1" dev="loop3" ino=38 res=0 errno=0 [ 499.183688][ T11] hsr_slave_1: left promiscuous mode [ 499.203291][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 499.293645][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 499.513165][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 499.520606][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 499.582500][ T25] usb 1-1: USB disconnect, device number 22 [ 499.631948][ T5843] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 499.684168][ T11] veth1_macvtap: left promiscuous mode [ 499.699577][ T11] veth0_macvtap: left promiscuous mode [ 499.705358][ T11] veth1_vlan: left promiscuous mode [ 499.710687][ T11] veth0_vlan: left promiscuous mode [ 500.283102][T12402] Bluetooth: hci15: command tx timeout [ 500.729268][ T11] team0 (unregistering): Port device team_slave_1 removed [ 500.798034][ T11] team0 (unregistering): Port device team_slave_0 removed [ 501.361184][T12476] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1715'. [ 501.371768][T12476] netlink: 508 bytes leftover after parsing attributes in process `syz.2.1715'. [ 501.422811][T12513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1723'. [ 501.700384][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.709251][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.283794][T12524] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 502.743199][T12402] Bluetooth: hci15: command tx timeout [ 504.016910][T12524] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 504.415945][ T5923] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 504.670284][T12398] bridge0: port 1(bridge_slave_0) entered blocking state [ 504.683462][ T5923] usb 3-1: Using ep0 maxpacket: 8 [ 504.716692][ T5923] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 504.731603][T12398] bridge0: port 1(bridge_slave_0) entered disabled state [ 504.774982][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.895999][T12398] bridge_slave_0: entered allmulticast mode [ 504.980599][ T5923] usb 3-1: Product: syz [ 505.111474][ T5923] usb 3-1: Manufacturer: syz [ 505.156326][T12398] bridge_slave_0: entered promiscuous mode [ 505.220170][ T5923] usb 3-1: SerialNumber: syz [ 505.335111][T12398] bridge0: port 2(bridge_slave_1) entered blocking state [ 505.374464][ T5923] usb 3-1: config 0 descriptor?? [ 505.416881][T12398] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.431292][ T5923] gspca_main: sq930x-2.14.0 probing 2770:930c [ 505.480647][T12398] bridge_slave_1: entered allmulticast mode [ 505.515735][T12398] bridge_slave_1: entered promiscuous mode [ 505.648414][ T5923] gspca_sq930x: reg_r 001f failed -32 [ 505.672056][ T5923] sq930x 3-1:0.0: probe with driver sq930x failed with error -32 [ 505.777504][T12562] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1735'. [ 505.821332][T12398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 505.872191][T12398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 505.938949][T12575] loop3: detected capacity change from 0 to 512 [ 505.973669][T12575] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 506.003123][T12562] netlink: 124 bytes leftover after parsing attributes in process `syz.0.1735'. [ 506.021546][T12562] netlink: 508 bytes leftover after parsing attributes in process `syz.0.1735'. [ 506.057602][T12575] ext4 filesystem being mounted at /404/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 506.670503][T12398] team0: Port device team_slave_0 added [ 506.794436][ T5878] usb 3-1: USB disconnect, device number 28 [ 506.883061][T12398] team0: Port device team_slave_1 added [ 507.906512][T12600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1741'. [ 508.230681][T12603] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 508.418896][T12398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 508.495855][T12398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 508.777414][T12398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 508.838714][T12398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 508.846055][T12398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 508.896365][T12398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 510.699663][T12398] hsr_slave_0: entered promiscuous mode [ 510.715800][ T5843] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 510.735735][T12398] hsr_slave_1: entered promiscuous mode [ 510.825772][T12398] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 510.834043][T12398] Cannot create hsr debugfs directory [ 510.912277][T12632] gretap0: entered promiscuous mode [ 510.925817][T12632] macsec1: entered promiscuous mode [ 510.931331][T12632] macsec1: entered allmulticast mode [ 510.936935][T12632] gretap0: entered allmulticast mode [ 511.053139][ T5923] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 511.131526][T12639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1754'. [ 511.222735][ T5923] usb 1-1: Using ep0 maxpacket: 8 [ 511.248586][ T5923] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 511.268164][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 511.325128][ T5923] usb 1-1: Product: syz [ 511.382973][ T5923] usb 1-1: Manufacturer: syz [ 511.387629][ T5923] usb 1-1: SerialNumber: syz [ 512.120954][ T5923] usb 1-1: config 0 descriptor?? [ 512.129301][ T5923] gspca_main: sq930x-2.14.0 probing 2770:930c [ 512.399993][T12658] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 513.563006][ T5923] gspca_sq930x: reg_w 0105 0f00 failed -71 [ 513.764591][T12677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1762'. [ 513.784490][ T5923] gspca_sq930x: Sensor ov9630 not yet treated [ 513.804798][ T5923] sq930x 1-1:0.0: probe with driver sq930x failed with error -22 [ 513.836567][ T5923] usb 1-1: USB disconnect, device number 23 [ 514.074855][T12398] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 514.149952][T12398] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 514.185186][T12398] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 514.277802][T12398] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 516.079077][T12398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 517.224828][T12398] 8021q: adding VLAN 0 to HW filter on device team0 [ 517.508929][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.516159][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 517.580116][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 517.587330][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 519.369236][T12398] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 519.545090][T12742] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1775'. [ 519.783487][T12756] overlayfs: failed to resolve './file1': -2 [ 519.902806][T12744] Bluetooth: hci15: Opcode 0x0c1a failed: -4 [ 519.919674][T12744] Bluetooth: hci15: Opcode 0x0406 failed: -4 [ 519.947782][T12744] Bluetooth: hci15: Opcode 0x0406 failed: -4 [ 519.985811][T12398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 520.839226][T12398] veth0_vlan: entered promiscuous mode [ 520.870128][T12398] veth1_vlan: entered promiscuous mode [ 521.105790][T12398] veth0_macvtap: entered promiscuous mode [ 521.763567][ T5857] Bluetooth: hci15: command 0x0c1a tx timeout [ 521.783346][T12398] veth1_macvtap: entered promiscuous mode [ 522.199869][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.291344][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.361941][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.468507][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.478499][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.488977][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.500073][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.530390][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.540672][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.592452][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.805199][T12398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 522.830122][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.840934][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.851378][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.862325][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.872422][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.883197][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.893330][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.904661][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.915286][T12398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 522.925979][T12398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.942249][T12398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 522.971064][T12398] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.980108][T12398] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.989063][T12398] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.998041][T12398] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.863810][ T5857] Bluetooth: hci15: command 0x0c1a tx timeout [ 524.172235][T12801] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1787'. [ 524.215358][ T2134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 524.274962][ T2134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 524.388326][T10790] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 524.431814][T10790] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.596437][T12815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1790'. [ 528.505818][ T6198] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.244981][ T6198] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.378169][ T6198] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.932618][ T6198] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.019742][T12402] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 530.059432][T12402] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 530.117473][T12402] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 530.127941][ T6198] bridge_slave_1: left allmulticast mode [ 530.133767][ T6198] bridge_slave_1: left promiscuous mode [ 530.139505][ T6198] bridge0: port 2(bridge_slave_1) entered disabled state [ 530.150791][ T6198] bridge_slave_0: left allmulticast mode [ 530.156732][ T6198] bridge_slave_0: left promiscuous mode [ 530.162455][ T6198] bridge0: port 1(bridge_slave_0) entered disabled state [ 530.238128][T12402] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 530.248759][T12402] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 530.256545][T12402] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 531.036020][T12874] loop2: detected capacity change from 0 to 32768 [ 531.115912][T12874] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 531.260454][T12874] XFS (loop2): Ending clean mount [ 531.277162][T12874] XFS (loop2): Quotacheck needed: Please wait. [ 531.322231][T12874] XFS (loop2): Quotacheck: Done. [ 532.453221][ T5857] Bluetooth: hci16: command tx timeout [ 532.555116][ T5848] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 532.767645][ T6198] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 532.781753][ T6198] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 532.793874][ T6198] bond0 (unregistering): Released all slaves [ 532.843214][ T5878] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 533.733117][ T5878] usb 4-1: Using ep0 maxpacket: 8 [ 533.791723][ T5878] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 533.809861][ T5878] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 533.860174][ T5878] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 533.938128][ T5878] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 533.964239][ T5878] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 533.987566][ T5878] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 534.012965][ T5878] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 534.022142][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.047720][ T5878] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22 [ 534.380568][ T6198] hsr_slave_0: left promiscuous mode [ 534.401805][ T6198] hsr_slave_1: left promiscuous mode [ 534.432131][ T6198] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 534.463804][ T6198] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 534.482117][ T6198] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 534.500441][ T6198] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 534.523445][ T5857] Bluetooth: hci16: command tx timeout [ 534.545842][ T6198] veth1_macvtap: left promiscuous mode [ 534.571873][ T6198] veth0_macvtap: left promiscuous mode [ 534.592227][ T6198] veth1_vlan: left promiscuous mode [ 534.611469][ T6198] veth0_vlan: left promiscuous mode [ 535.815412][T12962] loop4: detected capacity change from 0 to 32768 [ 535.921135][T12962] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 536.046553][ T1200] usb 4-1: USB disconnect, device number 30 [ 536.328106][T12962] XFS (loop4): Ending clean mount [ 536.358276][T12962] XFS (loop4): Quotacheck needed: Please wait. [ 536.645718][ T5857] Bluetooth: hci16: command tx timeout [ 536.764947][T12962] XFS (loop4): Quotacheck: Done. [ 538.014658][ T5852] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 538.152347][ T6198] team0 (unregistering): Port device team_slave_1 removed [ 538.359148][ T6198] team0 (unregistering): Port device team_slave_0 removed [ 538.815133][ T5857] Bluetooth: hci16: command tx timeout [ 540.043204][ T25] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 540.313190][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 540.329887][ T25] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 540.352185][ T25] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 540.503985][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 540.604323][ T25] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 540.661561][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 540.697720][ T25] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 540.711066][ T25] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 540.720782][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.740122][ T25] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22 [ 540.774006][T13025] loop4: detected capacity change from 0 to 512 [ 540.799763][T13025] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 540.858176][T13025] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 541.003484][T13025] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 541.140049][T13025] System zones: 0-1, 15-15, 18-18, 34-34 [ 541.191592][T13025] EXT4-fs (loop4): orphan cleanup on readonly fs [ 541.239452][T13025] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 541.294055][T13025] EXT4-fs warning (device loop4): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 541.415945][T13025] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 541.451321][T13025] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1837: bg 0: block 40: padding at end of block bitmap is not set [ 541.504707][T13025] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 541.515988][T13025] EXT4-fs (loop4): 1 truncate cleaned up [ 541.523492][T13025] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 541.873701][T13037] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.1837: bad symlink. [ 542.156551][T12985] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 542.388414][ T5852] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 542.499176][T12875] chnl_net:caif_netlink_parms(): no params data found [ 542.741163][T12875] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.813207][T12875] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.880644][T12875] bridge_slave_0: entered allmulticast mode [ 542.896405][ T1200] usb 1-1: USB disconnect, device number 24 [ 542.937174][T12875] bridge_slave_0: entered promiscuous mode [ 542.955834][T12875] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.993708][T12875] bridge0: port 2(bridge_slave_1) entered disabled state [ 543.037069][T12875] bridge_slave_1: entered allmulticast mode [ 543.224203][T12875] bridge_slave_1: entered promiscuous mode [ 543.298389][T13072] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1845'. [ 543.307554][T13072] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1845'. [ 544.526346][T13071] netlink: 'syz.0.1846': attribute type 1 has an invalid length. [ 544.603358][T13071] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 544.693756][T12875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 544.787412][T12875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 544.936395][T13098] loop4: detected capacity change from 0 to 512 [ 544.986369][T12875] team0: Port device team_slave_0 added [ 545.007526][T12875] team0: Port device team_slave_1 added [ 545.033423][T13098] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 545.096869][T13098] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 545.110057][T13098] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 545.705615][T13102] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 545.744241][T12875] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 545.760946][T12875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 545.787270][T12875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 545.793128][T13098] System zones: 0-1, 15-15, 18-18, 34-34 [ 545.827105][T12875] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 545.834460][T12875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 545.886905][T12875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 545.913425][T13098] EXT4-fs (loop4): orphan cleanup on readonly fs [ 545.930226][T13098] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 545.958742][T13098] EXT4-fs warning (device loop4): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 546.063404][T13098] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 546.100031][T13098] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1852: bg 0: block 40: padding at end of block bitmap is not set [ 546.146099][T12875] hsr_slave_0: entered promiscuous mode [ 546.169478][T13098] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 546.182655][T12875] hsr_slave_1: entered promiscuous mode [ 546.200218][T13098] EXT4-fs (loop4): 1 truncate cleaned up [ 546.213702][T12875] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 546.234960][T13098] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 546.260561][T12875] Cannot create hsr debugfs directory [ 546.680513][T13117] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.1852: bad symlink. [ 547.704196][ T5852] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 548.393008][ T1200] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 548.564095][ T1200] usb 1-1: Using ep0 maxpacket: 8 [ 548.579755][ T1200] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 548.610079][ T1200] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 548.645608][ T1200] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 548.679544][ T1200] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 548.741123][ T1200] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 548.794014][ T1200] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 548.880451][ T1200] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 548.895194][ T1200] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.364509][T13144] dlm: no local IP address has been set [ 549.371718][T13144] dlm: cannot start dlm midcomms -107 [ 549.894983][ T1200] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22 [ 550.121377][T12875] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 550.222788][T12875] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 550.685083][T12875] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 550.846317][T12875] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 551.523707][T12875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 552.607287][T13177] loop2: detected capacity change from 0 to 512 [ 552.616480][T12875] 8021q: adding VLAN 0 to HW filter on device team0 [ 552.639052][T13177] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 552.688933][T13171] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 552.735432][T10348] bridge0: port 1(bridge_slave_0) entered blocking state [ 552.750880][T10348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 552.784087][T13177] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 552.836515][T13177] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 552.874256][T12280] usb 1-1: USB disconnect, device number 25 [ 552.894909][T10348] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.902034][T10348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 552.912744][T13177] System zones: 0-1, 15-15, 18-18, 34-34 [ 552.943303][T13177] EXT4-fs (loop2): orphan cleanup on readonly fs [ 552.986180][T13177] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 553.143413][T13177] EXT4-fs warning (device loop2): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 553.159789][T13177] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 553.233753][T13177] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1866: bg 0: block 40: padding at end of block bitmap is not set [ 553.304560][T13177] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 553.344017][T13177] EXT4-fs (loop2): 1 truncate cleaned up [ 553.350789][T13177] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 554.128598][T13202] EXT4-fs error (device loop2): ext4_encrypted_get_link:46: inode #16: comm syz.2.1866: bad symlink. [ 554.275335][T12875] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 554.515051][ T5848] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 554.781964][T12875] veth0_vlan: entered promiscuous mode [ 554.869396][T12875] veth1_vlan: entered promiscuous mode [ 555.047118][T12875] veth0_macvtap: entered promiscuous mode [ 555.082232][T12875] veth1_macvtap: entered promiscuous mode [ 555.198713][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 555.236117][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.272963][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 555.312349][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.338041][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 555.353657][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.379142][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 555.423035][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.453006][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 555.486832][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.508672][T12875] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 555.542485][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 555.571325][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.589412][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 555.598295][T13231] kvm: pic: non byte read [ 555.623258][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.673159][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 555.684925][T13231] kvm: pic: non byte read [ 555.738559][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.773940][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 555.800728][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.823029][T12875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 555.833663][T12875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 555.844783][T12875] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 555.860508][T12875] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.869283][T12875] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.878766][T12875] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.888359][T12875] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.098558][ T7719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.131320][ T7719] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 556.246671][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.298615][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 556.893215][T13260] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 557.631143][T13270] loop4: detected capacity change from 0 to 512 [ 557.706092][T13270] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 557.873143][T13270] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 557.881261][T13270] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 557.912770][T13270] System zones: 0-1, 15-15, 18-18, 34-34 [ 557.918812][T13270] EXT4-fs (loop4): orphan cleanup on readonly fs [ 557.961030][T13270] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 558.004643][T13270] EXT4-fs warning (device loop4): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 558.020961][T13270] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 558.040963][T13270] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1880: bg 0: block 40: padding at end of block bitmap is not set [ 558.163830][T13270] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 558.305713][T13270] EXT4-fs (loop4): 1 truncate cleaned up [ 558.457511][T13270] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 559.079177][T13288] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.1880: bad symlink. [ 559.568826][ T5852] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 559.934868][T13308] loop0: detected capacity change from 0 to 128 [ 561.246706][T13328] 9pnet_fd: Insufficient options for proto=fd [ 561.377377][T13334] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 561.709489][T13334] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 563.147287][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.161938][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.037884][T10348] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.150064][T10348] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.250038][T10348] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.334848][T10348] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.484609][T10348] bridge_slave_1: left allmulticast mode [ 565.490279][T10348] bridge_slave_1: left promiscuous mode [ 565.498390][T10348] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.508388][T10348] bridge_slave_0: left allmulticast mode [ 565.514487][T10348] bridge_slave_0: left promiscuous mode [ 565.520156][T10348] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.913512][T10348] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 565.925396][T10348] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 565.937066][T10348] bond0 (unregistering): Released all slaves [ 566.222371][T10348] hsr_slave_0: left promiscuous mode [ 566.229363][T10348] hsr_slave_1: left promiscuous mode [ 566.236178][T10348] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 566.272996][T10348] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 566.304994][T10348] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 566.312452][T10348] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 566.333666][T13391] loop2: detected capacity change from 0 to 128 [ 566.697822][T10348] veth1_macvtap: left promiscuous mode [ 566.952364][T10348] veth0_macvtap: left promiscuous mode [ 567.050072][T10348] veth1_vlan: left promiscuous mode [ 567.183140][T10348] veth0_vlan: left promiscuous mode [ 567.423422][T13404] 9pnet_fd: Insufficient options for proto=fd [ 567.434784][T12402] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 567.461968][T12402] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 567.556053][T12402] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 567.633270][T12402] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 567.644445][T12402] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 567.660290][T12402] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 568.963468][T13417] Invalid source name [ 568.967496][T13417] UBIFS error (pid: 13417): cannot open "./file0", error -22 [ 569.901749][ T5857] Bluetooth: hci17: command tx timeout [ 571.020510][ T5937] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 571.201101][ T5937] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 571.211577][ T5937] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 571.224059][ T5937] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 571.234202][ T5937] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 571.250369][ T5937] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 571.280685][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 571.303163][ T5937] usb 4-1: Product: syz [ 571.307368][ T5937] usb 4-1: Manufacturer: syz [ 571.312091][ T5937] usb 4-1: SerialNumber: syz [ 571.339139][ T5937] usb 4-1: config 0 descriptor?? [ 571.373726][ T5937] radio-si470x 4-1:0.0: could not find interrupt in endpoint [ 571.381457][ T5937] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5 [ 571.391018][ T5937] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 571.463893][T10348] team0 (unregistering): Port device team_slave_1 removed [ 571.522824][T10348] team0 (unregistering): Port device team_slave_0 removed [ 571.586510][ T5937] usb 4-1: USB disconnect, device number 31 [ 571.973005][ T5857] Bluetooth: hci17: command tx timeout [ 573.654202][T13405] chnl_net:caif_netlink_parms(): no params data found [ 574.098513][ T5857] Bluetooth: hci17: command tx timeout [ 574.747857][T13478] loop2: detected capacity change from 0 to 128 [ 576.133096][ T5857] Bluetooth: hci17: command tx timeout [ 576.446677][T13494] 9pnet_fd: Insufficient options for proto=fd [ 576.460078][T13405] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.493071][T13405] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.533117][T13405] bridge_slave_0: entered allmulticast mode [ 576.563979][T13405] bridge_slave_0: entered promiscuous mode [ 576.614232][T13405] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.621359][T13405] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.682224][T13405] bridge_slave_1: entered allmulticast mode [ 576.712348][T13405] bridge_slave_1: entered promiscuous mode [ 576.907380][T13405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 576.929102][T13405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 577.041841][ T25] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 577.044800][T13405] team0: Port device team_slave_0 added [ 577.061874][T13405] team0: Port device team_slave_1 added [ 577.163032][T13509] input: syz0 as /devices/virtual/input/input17 [ 577.328169][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.491443][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.715189][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 577.827925][ T25] usb 3-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00 [ 577.837058][ T25] usb 3-1: New USB device strings: Mfr=0, Product=30, SerialNumber=0 [ 577.845351][ T25] usb 3-1: Product: syz [ 577.851518][ T25] usb 3-1: config 0 descriptor?? [ 577.899158][T13405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 577.926344][ T5895] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 577.933523][T13405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 577.960251][T13405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 579.287437][T13405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 579.297156][T13405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 579.343236][T13405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 579.378631][ T5895] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 579.617976][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 579.627739][ T5895] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 579.638040][ T5895] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 579.651700][ T5895] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 579.660815][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.376374][ T5895] usb 1-1: config 0 descriptor?? [ 580.427792][ T5895] usb 1-1: can't set config #0, error -71 [ 580.542222][ T25] usbhid 3-1:0.0: can't add hid device: -71 [ 580.549790][ T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 580.571405][ T25] usb 3-1: USB disconnect, device number 29 [ 580.604487][ T5895] usb 1-1: USB disconnect, device number 26 [ 580.750604][T13405] hsr_slave_0: entered promiscuous mode [ 580.978210][T13405] hsr_slave_1: entered promiscuous mode [ 581.073471][T13405] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 581.121248][T13405] Cannot create hsr debugfs directory [ 583.012979][ T25] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 583.179297][ T25] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 583.206397][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 583.296013][ T25] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 583.621679][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 583.794698][ T25] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 583.869952][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.899708][ T25] usb 4-1: config 0 descriptor?? [ 583.926049][ T25] hdpvr 4-1:0.0: Could not find bulk-in endpoint [ 583.945486][ T25] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12 [ 584.356055][T13405] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 584.422974][T13405] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 584.487529][T13405] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 584.545684][T13405] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 584.853928][T13405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 584.888907][T13405] 8021q: adding VLAN 0 to HW filter on device team0 [ 584.915190][T10351] bridge0: port 1(bridge_slave_0) entered blocking state [ 584.922380][T10351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 584.971199][T10348] bridge0: port 2(bridge_slave_1) entered blocking state [ 584.978418][T10348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 586.094146][ T5895] usb 4-1: USB disconnect, device number 32 [ 587.231801][T13405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 587.269019][T13405] veth0_vlan: entered promiscuous mode [ 587.279894][T13405] veth1_vlan: entered promiscuous mode [ 587.304048][T13405] veth0_macvtap: entered promiscuous mode [ 587.314191][T13405] veth1_macvtap: entered promiscuous mode [ 587.329045][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.339616][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.349503][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.360079][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.369992][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.380499][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.390380][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.400878][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.410865][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.421988][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.433969][T13405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 587.443633][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.454142][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.464006][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.474487][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.484421][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.494890][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.504805][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.515275][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.525911][T13405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.536946][T13405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.548007][T13405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 587.601184][T13405] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.643068][T13405] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.709420][T13405] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.787835][T13405] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.420289][ T7719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 588.452751][ T7719] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 588.479577][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 588.518273][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 588.805717][ T5895] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 589.616990][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 589.627037][ T5895] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 589.652657][ T5895] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 589.665636][ T5895] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 589.675609][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.475445][ T5895] usb 1-1: config 0 descriptor?? [ 590.533870][ T5895] hdpvr 1-1:0.0: Could not find bulk-in endpoint [ 590.540280][ T5895] hdpvr 1-1:0.0: probe with driver hdpvr failed with error -12 [ 590.735644][T13671] loop3: detected capacity change from 0 to 512 [ 590.813099][T13671] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 590.860918][T13671] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 590.984659][T13671] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 591.133447][T13671] System zones: 0-1, 15-15, 18-18, 34-34 [ 591.167088][T13671] EXT4-fs (loop3): orphan cleanup on readonly fs [ 591.184631][T13671] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 591.234116][T13671] EXT4-fs warning (device loop3): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 591.373390][T13671] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 591.428363][T13671] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1963: bg 0: block 40: padding at end of block bitmap is not set [ 591.471291][T13671] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 591.481047][T13671] EXT4-fs (loop3): 1 truncate cleaned up [ 591.495711][T13671] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 591.799307][T12280] usb 1-1: USB disconnect, device number 27 [ 591.941687][T13693] EXT4-fs error (device loop3): ext4_encrypted_get_link:46: inode #16: comm syz.3.1963: bad symlink. [ 592.337769][T10351] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.448454][ T5843] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 592.525730][T10351] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.657471][T10351] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.720938][T10351] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.873622][T10351] bridge_slave_1: left allmulticast mode [ 592.879331][T10351] bridge_slave_1: left promiscuous mode [ 592.891690][T10351] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.907262][T10351] bridge_slave_0: left allmulticast mode [ 592.913248][T10351] bridge_slave_0: left promiscuous mode [ 592.921532][T10351] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.341188][T10351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 593.358190][T10351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 593.369462][T10351] bond0 (unregistering): Released all slaves [ 593.702562][T10351] hsr_slave_0: left promiscuous mode [ 593.709147][T10351] hsr_slave_1: left promiscuous mode [ 593.716856][T10351] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 593.725856][T10351] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 593.747523][T10351] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 593.755160][T10351] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 593.780913][T10351] veth1_macvtap: left promiscuous mode [ 593.794011][T10351] veth0_macvtap: left promiscuous mode [ 593.799642][T10351] veth1_vlan: left promiscuous mode [ 593.819441][T10351] veth0_vlan: left promiscuous mode [ 594.115419][T13749] ================================================================== [ 594.123530][T13749] BUG: KASAN: slab-out-of-bounds in skb_copy_and_csum_bits+0x433/0x9c0 [ 594.131793][T13749] Write of size 1144 at addr ffff888066522d24 by task syz.3.1968/13749 [ 594.140054][T13749] [ 594.142416][T13749] CPU: 1 UID: 0 PID: 13749 Comm: syz.3.1968 Not tainted 6.12.0-rc5-next-20241030-syzkaller #0 [ 594.152759][T13749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 594.162840][T13749] Call Trace: [ 594.166134][T13749] [ 594.169092][T13749] dump_stack_lvl+0x241/0x360 [ 594.173799][T13749] ? __pfx_dump_stack_lvl+0x10/0x10 [ 594.179024][T13749] ? __pfx__printk+0x10/0x10 [ 594.183639][T13749] ? _printk+0xd5/0x120 [ 594.187820][T13749] ? __virt_addr_valid+0x183/0x530 [ 594.192952][T13749] ? __virt_addr_valid+0x183/0x530 [ 594.198082][T13749] print_report+0x169/0x550 [ 594.202963][T13749] ? __virt_addr_valid+0x183/0x530 [ 594.208095][T13749] ? __virt_addr_valid+0x183/0x530 [ 594.213237][T13749] ? __virt_addr_valid+0x45f/0x530 [ 594.218363][T13749] ? __phys_addr+0xba/0x170 [ 594.222880][T13749] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 594.228439][T13749] kasan_report+0x143/0x180 [ 594.232960][T13749] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 594.238522][T13749] kasan_check_range+0x282/0x290 [ 594.243471][T13749] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 594.249028][T13749] __asan_memcpy+0x40/0x70 [ 594.253462][T13749] skb_copy_and_csum_bits+0x433/0x9c0 [ 594.258850][T13749] __ip_append_data+0x2fc1/0x40f0 [ 594.263899][T13749] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 594.269467][T13749] ? __pfx___ip_append_data+0x10/0x10 [ 594.274865][T13749] ? lockdep_hardirqs_on+0x99/0x150 [ 594.280084][T13749] ip_append_data+0x14c/0x190 [ 594.284783][T13749] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 594.290349][T13749] udp_sendmsg+0x52c/0x2a50 [ 594.294889][T13749] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 594.300451][T13749] ? __pfx_udp_sendmsg+0x10/0x10 [ 594.305411][T13749] ? __mutex_trylock_common+0x183/0x2e0 [ 594.310971][T13749] ? __pfx_aa_sk_perm+0x10/0x10 [ 594.315845][T13749] ? sock_rps_record_flow+0x1a/0x400 [ 594.321145][T13749] ? inet_sendmsg+0x2ba/0x390 [ 594.325855][T13749] __sock_sendmsg+0x1a6/0x270 [ 594.330538][T13749] sock_sendmsg+0x134/0x200 [ 594.335052][T13749] ? __pfx_sock_sendmsg+0x10/0x10 [ 594.340105][T13749] ? iov_iter_bvec+0x4e/0x180 [ 594.344796][T13749] splice_to_socket+0xa10/0x10b0 [ 594.349758][T13749] ? __pfx_lock_release+0x10/0x10 [ 594.354802][T13749] ? __pfx_splice_to_socket+0x10/0x10 [ 594.360204][T13749] ? __lock_acquire+0x1397/0x2100 [ 594.365261][T13749] ? bpf_lsm_file_permission+0x9/0x10 [ 594.370649][T13749] ? security_file_permission+0x74/0x280 [ 594.376299][T13749] ? rw_verify_area+0x1c3/0x6f0 [ 594.381173][T13749] ? __pfx_splice_to_socket+0x10/0x10 [ 594.386574][T13749] do_splice+0xd68/0x18e0 [ 594.390928][T13749] ? __pfx_lock_release+0x10/0x10 [ 594.395999][T13749] ? __pfx_reacquire_held_locks+0x10/0x10 [ 594.401735][T13749] ? pipe_clear_nowait+0x196/0x220 [ 594.406860][T13749] ? __pfx_do_splice+0x10/0x10 [ 594.411644][T13749] __se_sys_splice+0x331/0x4a0 [ 594.416420][T13749] ? __pfx___se_sys_splice+0x10/0x10 [ 594.421724][T13749] ? exc_page_fault+0x590/0x8c0 [ 594.426591][T13749] ? __x64_sys_splice+0x21/0xf0 [ 594.431458][T13749] do_syscall_64+0xf3/0x230 [ 594.435992][T13749] ? clear_bhb_loop+0x35/0x90 [ 594.440687][T13749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.446613][T13749] RIP: 0033:0x7fdb33b7e719 [ 594.451050][T13749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.470761][T13749] RSP: 002b:00007fdb31ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 594.479214][T13749] RAX: ffffffffffffffda RBX: 00007fdb33d36130 RCX: 00007fdb33b7e719 [ 594.487200][T13749] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 594.495225][T13749] RBP: 00007fdb33bf132e R08: 0000000000007151 R09: 0000000000000000 [ 594.503229][T13749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 594.511218][T13749] R13: 0000000000000001 R14: 00007fdb33d36130 R15: 00007ffc21c63178 [ 594.519218][T13749] [ 594.522249][T13749] [ 594.524576][T13749] Allocated by task 13749: [ 594.527476][T12402] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 594.528978][T13749] kasan_save_track+0x3f/0x80 [ 594.529008][T13749] __kasan_slab_alloc+0x66/0x80 [ 594.545845][T13749] kmem_cache_alloc_node_noprof+0x1d9/0x380 [ 594.549076][T12402] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 594.551737][T13749] kmalloc_reserve+0xa8/0x2a0 [ 594.563421][T13749] __alloc_skb+0x1f3/0x440 [ 594.567712][T12402] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 594.567833][T13749] __ip_append_data+0x2da7/0x40f0 [ 594.579876][T13749] ip_append_data+0x14c/0x190 [ 594.584570][T13749] udp_sendmsg+0x52c/0x2a50 [ 594.585032][T13740] xt_l2tp: unknown flags: 3b [ 594.589073][T13749] __sock_sendmsg+0x1a6/0x270 [ 594.589093][T13749] sock_sendmsg+0x134/0x200 [ 594.589109][T13749] splice_to_socket+0xa10/0x10b0 [ 594.589133][T13749] do_splice+0xd68/0x18e0 [ 594.601252][T12402] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 594.602836][T13749] __se_sys_splice+0x331/0x4a0 [ 594.602857][T13749] do_syscall_64+0xf3/0x230 [ 594.602881][T13749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.602904][T13749] [ 594.602909][T13749] The buggy address belongs to the object at ffff888066522d00 [ 594.602909][T13749] which belongs to the cache skbuff_small_head of size 640 [ 594.602925][T13749] The buggy address is located 36 bytes inside of [ 594.602925][T13749] allocated 640-byte region [ffff888066522d00, ffff888066522f80) [ 594.610761][T12402] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3 [ 594.612158][T13749] [ 594.612167][T13749] The buggy address belongs to the physical page: [ 594.626063][T12402] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 594.628408][T13749] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x66520 [ 594.696765][T13749] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 594.705263][T13749] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 594.713245][T13749] page_type: f5(slab) [ 594.717219][T13749] raw: 00fff00000000040 ffff8881416e8280 0000000000000000 dead000000000001 [ 594.725802][T13749] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 594.734376][T13749] head: 00fff00000000040 ffff8881416e8280 0000000000000000 dead000000000001 [ 594.743040][T13749] head: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 594.751699][T13749] head: 00fff00000000002 ffffea0001994801 ffffffffffffffff 0000000000000000 [ 594.760358][T13749] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 594.769013][T13749] page dumped because: kasan: bad access detected [ 594.775419][T13749] page_owner tracks the page as allocated [ 594.781120][T13749] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5843, tgid 5843 (syz-executor), ts 59608811443, free_ts 15562497774 [ 594.802481][T13749] post_alloc_hook+0x1f3/0x230 [ 594.807250][T13749] get_page_from_freelist+0x3725/0x3870 [ 594.812792][T13749] __alloc_pages_noprof+0x292/0x710 [ 594.817984][T13749] alloc_pages_mpol_noprof+0x3e8/0x680 [ 594.823437][T13749] alloc_slab_page+0x6a/0x140 [ 594.828109][T13749] allocate_slab+0x5a/0x2f0 [ 594.832602][T13749] ___slab_alloc+0xcd1/0x14b0 [ 594.837267][T13749] __slab_alloc+0x58/0xa0 [ 594.841599][T13749] kmem_cache_alloc_node_noprof+0x269/0x380 [ 594.847498][T13749] kmalloc_reserve+0xa8/0x2a0 [ 594.852177][T13749] __alloc_skb+0x1f3/0x440 [ 594.856594][T13749] inet_netconf_notify_devconf+0x15a/0x220 [ 594.862406][T13749] __devinet_sysctl_register+0x23b/0x2a0 [ 594.868033][T13749] devinet_sysctl_register+0x17e/0x1f0 [ 594.873482][T13749] inetdev_init+0x2b4/0x4e0 [ 594.877983][T13749] inetdev_event+0x340/0x1550 [ 594.882650][T13749] page last free pid 1 tgid 1 stack trace: [ 594.888441][T13749] free_unref_page+0xcfb/0xf20 [ 594.893209][T13749] free_contig_range+0x152/0x550 [ 594.898165][T13749] destroy_args+0x92/0x910 [ 594.902574][T13749] debug_vm_pgtable+0x4be/0x550 [ 594.907416][T13749] do_one_initcall+0x248/0x880 [ 594.912175][T13749] do_initcall_level+0x157/0x210 [ 594.917106][T13749] do_initcalls+0x3f/0x80 [ 594.921423][T13749] kernel_init_freeable+0x435/0x5d0 [ 594.926615][T13749] kernel_init+0x1d/0x2b0 [ 594.930942][T13749] ret_from_fork+0x4b/0x80 [ 594.935357][T13749] ret_from_fork_asm+0x1a/0x30 [ 594.940115][T13749] [ 594.942425][T13749] Memory state around the buggy address: [ 594.948047][T13749] ffff888066522e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 594.956095][T13749] ffff888066522f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 594.964141][T13749] >ffff888066522f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 594.972204][T13749] ^ [ 594.976266][T13749] ffff888066523000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 594.984324][T13749] ffff888066523080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 594.992377][T13749] ================================================================== [ 595.001422][T13749] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 595.008646][T13749] CPU: 1 UID: 0 PID: 13749 Comm: syz.3.1968 Not tainted 6.12.0-rc5-next-20241030-syzkaller #0 [ 595.018886][T13749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 595.028936][T13749] Call Trace: [ 595.032225][T13749] [ 595.035174][T13749] dump_stack_lvl+0x241/0x360 [ 595.039861][T13749] ? __pfx_dump_stack_lvl+0x10/0x10 [ 595.045065][T13749] ? __pfx__printk+0x10/0x10 [ 595.049668][T13749] ? vscnprintf+0x5d/0x90 [ 595.053996][T13749] panic+0x349/0x880 [ 595.057900][T13749] ? check_panic_on_warn+0x21/0xb0 [ 595.063012][T13749] ? __pfx_panic+0x10/0x10 [ 595.067430][T13749] ? mark_lock+0x9a/0x360 [ 595.071752][T13749] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 595.077663][T13749] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 595.083555][T13749] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 595.089875][T13749] ? print_report+0x502/0x550 [ 595.094550][T13749] check_panic_on_warn+0x86/0xb0 [ 595.099483][T13749] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 595.105035][T13749] end_report+0x77/0x160 [ 595.109273][T13749] kasan_report+0x154/0x180 [ 595.113768][T13749] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 595.119311][T13749] kasan_check_range+0x282/0x290 [ 595.124243][T13749] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 595.129782][T13749] __asan_memcpy+0x40/0x70 [ 595.134197][T13749] skb_copy_and_csum_bits+0x433/0x9c0 [ 595.139562][T13749] __ip_append_data+0x2fc1/0x40f0 [ 595.144590][T13749] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 595.150131][T13749] ? __pfx___ip_append_data+0x10/0x10 [ 595.155503][T13749] ? lockdep_hardirqs_on+0x99/0x150 [ 595.160736][T13749] ip_append_data+0x14c/0x190 [ 595.165421][T13749] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 595.170967][T13749] udp_sendmsg+0x52c/0x2a50 [ 595.175489][T13749] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 595.181045][T13749] ? __pfx_udp_sendmsg+0x10/0x10 [ 595.186023][T13749] ? __mutex_trylock_common+0x183/0x2e0 [ 595.191574][T13749] ? __pfx_aa_sk_perm+0x10/0x10 [ 595.196435][T13749] ? sock_rps_record_flow+0x1a/0x400 [ 595.201726][T13749] ? inet_sendmsg+0x2ba/0x390 [ 595.206401][T13749] __sock_sendmsg+0x1a6/0x270 [ 595.211075][T13749] sock_sendmsg+0x134/0x200 [ 595.215574][T13749] ? __pfx_sock_sendmsg+0x10/0x10 [ 595.220593][T13749] ? iov_iter_bvec+0x4e/0x180 [ 595.225272][T13749] splice_to_socket+0xa10/0x10b0 [ 595.230208][T13749] ? __pfx_lock_release+0x10/0x10 [ 595.235229][T13749] ? __pfx_splice_to_socket+0x10/0x10 [ 595.240605][T13749] ? __lock_acquire+0x1397/0x2100 [ 595.245629][T13749] ? bpf_lsm_file_permission+0x9/0x10 [ 595.250996][T13749] ? security_file_permission+0x74/0x280 [ 595.256626][T13749] ? rw_verify_area+0x1c3/0x6f0 [ 595.261471][T13749] ? __pfx_splice_to_socket+0x10/0x10 [ 595.266839][T13749] do_splice+0xd68/0x18e0 [ 595.271171][T13749] ? __pfx_lock_release+0x10/0x10 [ 595.276186][T13749] ? __pfx_reacquire_held_locks+0x10/0x10 [ 595.281899][T13749] ? pipe_clear_nowait+0x196/0x220 [ 595.287004][T13749] ? __pfx_do_splice+0x10/0x10 [ 595.291769][T13749] __se_sys_splice+0x331/0x4a0 [ 595.296530][T13749] ? __pfx___se_sys_splice+0x10/0x10 [ 595.301804][T13749] ? exc_page_fault+0x590/0x8c0 [ 595.306654][T13749] ? __x64_sys_splice+0x21/0xf0 [ 595.311511][T13749] do_syscall_64+0xf3/0x230 [ 595.316014][T13749] ? clear_bhb_loop+0x35/0x90 [ 595.320682][T13749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.326572][T13749] RIP: 0033:0x7fdb33b7e719 [ 595.330979][T13749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 595.350576][T13749] RSP: 002b:00007fdb31ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 595.358982][T13749] RAX: ffffffffffffffda RBX: 00007fdb33d36130 RCX: 00007fdb33b7e719 [ 595.366948][T13749] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 595.374910][T13749] RBP: 00007fdb33bf132e R08: 0000000000007151 R09: 0000000000000000 [ 595.382875][T13749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.390835][T13749] R13: 0000000000000001 R14: 00007fdb33d36130 R15: 00007ffc21c63178 [ 595.398803][T13749] [ 595.402066][T13749] Kernel Offset: disabled [ 595.406387][T13749] Rebooting in 86400 seconds..