last executing test programs: 6.341659688s ago: executing program 1 (id=16): munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8}) 6.162713798s ago: executing program 1 (id=18): bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB='-0'], 0x9) syz_clone(0x4001000, 0x0, 0x408, &(0x7f0000000140), 0x0, 0x0) 6.064366124s ago: executing program 1 (id=20): add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x7fff, 0x0) 3.873199412s ago: executing program 1 (id=80): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB="1802000000000000000000000000000085100000010000009500000000000000180000000001000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000028850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0xa}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='mm_page_free_batched\x00', r2}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) 1.423996695s ago: executing program 2 (id=145): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 625.524864ms ago: executing program 0 (id=154): r0 = io_uring_setup(0x2e15, &(0x7f00000002c0)={0x0, 0x1, 0x1, 0x1, 0x1be}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r1, &(0x7f0000000000)="fa", 0xfffffdef) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c) close_range(r0, 0xffffffffffffffff, 0x0) 572.393337ms ago: executing program 2 (id=155): syz_emit_ethernet(0x6e, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @remote, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x5dc, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @loopback={0x4000000}, @local, [@srh={0x2b, 0x0, 0x4, 0x0, 0x0, 0x10}]}}}}}}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x2, 0x0, 0x9, 0xe, 0x0, 0x0, 0x0, [@sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x5, 0x2, 0xa0000000}, @sadb_address={0x5, 0x6, 0x3c, 0x0, 0x0, @in6={0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x800}}, @sadb_address={0x5, 0x5, 0x32, 0x0, 0x0, @in6={0xa, 0x4e24, 0xe, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xb28}}]}, 0x70}, 0x1, 0x7}, 0x0) 514.182768ms ago: executing program 2 (id=157): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) unshare(0x400) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) 466.350594ms ago: executing program 0 (id=158): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext2\x00', &(0x7f0000000140)='./file0\x00', 0x11, &(0x7f0000000600)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@noload}, {@bsdgroups}], [{@audit}, {@hash}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@measure}, {@dont_appraise}, {@pcr={'pcr', 0x3d, 0x3f}}]}, 0x0, 0x63c, &(0x7f0000000c40)="$eJzs3c1vVFUbAPDn3k6/3/edQt6ouJBGYyBRWlrAEGMC3bgiBD92riotBBkooTVaJLFNcGNi3LgwceVC/C+UxK0Lty7cuDIkxBgWYlDG3Jk7ZTrt9Hs6pf39kmnvnTNzz7lNn3nOnDnnTgB71mD2I404EBHXkohiXVkh8sLB6uPu/3HzfHZLolx+6/ckbn6czNUfK8l/9+dP/qcYyU9pxP6OpfVOz964PF4qTV7P94dnrlwbnp69ceTSlfGLkxcnr46+MnryxPETJ0eObur88qr/zn6cufXeB8VPz77zzVcPk5FvfzmbxOl4lD8gO6/G53ZvqubsbzYY5aoHiwrSiJObPPZO8Wex9n9S0Z39QySFdraI9Ugj4lREdEbE01GMjngcrMX45I22Ng5oqXISlRw1WAb2niSaFl3qyV8kluppaZuA7VDrB9Te2y/3PniptJVdEmCb3BurjtVVY78zImrxX6iODUZPZWyg735SP85TGevb3MhcVVbHjz+cvZXdosk4HNAac/O1Ue7G/J9UYnMgqu8B+u6niz4bGMt7AWn+OcGbjQde4+D5YMO++IftMzcfEc/k+b8rVoz/+vyfRrWgFv/vbrB+8Q8AAAAAAABb585YRLy83Py/dGH+T9cy83/6I+L0FtS/+ud/6d18I9mC6oA698YiXlt2/u/CHN+Bjnzvv5X5AJ3JhUulyaMR8b+IOByd3dn+SMNx62cIH/ls/5fN6q+f/5fdsvprcwHzI90tNMwlmhifGd/seQMR9+Yjnq3M/z2Y37N4/k+W/5Nl8n8W39fWWMf+F2+fa1a2evwDrVL+OuLQsvn/cXc7Wfn6HMOV/sBwrVew1HMfff5ds/rFP7RPlv/7Vo7/7qT+ej3T6zt+V0Qcmy2Um5VvtP/flbzdUTt+5sPxmZnrIxFdyZml94+ur82wW9XioRYvWfwffmHl8b+F/n9dHPZGxNwa63zqUf+vzcrkf2ifLP4nVs7/xcX5f/0bo7cHvm9W/7k15f/jlZx+OL/H+B/UW3o9jrUGaFuaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPuDQi/hNJOrSwnaZDQxH9EfH/6EtLU9MzL12Yev/qRFZW+f7/NOaq3/RbrO4nte//H6jbH23YPxYR+yLii47eyv7Q+anSRLtPHgAAAAAAAAAAAAAAAAAAAHaI/sqa/3J34/r/zG8d7W4d0HKF/Ld4h72nsOFnlru3tCHAttt4/ANPsvl1xX9nS9sCbL/m8f/gYbmi4e7Xn295m4Dtof8Pe9cG49/HBbALyP+wV61xTK+n1e0A2kH+BwAAAACAXWXfwTs/JxEx92pv5Zbpyst629oyoNXSdjcAaBtzeGHvKky1uwVAu1jQDyQLW381LvavaD77P2lNgwAAAAAAAAAAAACAJQ4daL7+39oA2N1WXv9vbj/sZius/18u+F0uAHaR5l/9IffDbuc9PrBatrf+HwAAAAAAAAAAAAB2gJ4bl8dLpcnr07NP3sapndGM9W3MjW/uOOXunXAWizcetebInRGxM05wCzayYCuVJsvliNUfXLsEx1bVXpukv45nte8lCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWOzfAAAA//+ZsRxf") r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0xc80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x7) 412.290142ms ago: executing program 2 (id=159): r0 = socket(0x11, 0x3, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) bind$packet(r0, &(0x7f00000000c0)={0x11, 0x16, 0x0, 0x1, 0x80, 0x6, @remote}, 0x14) 385.219832ms ago: executing program 2 (id=162): syz_mount_image$fuse(0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000019000), 0x40241, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xffffe000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x20000003}) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, &(0x7f0000000180)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, 0x0) 336.284777ms ago: executing program 4 (id=163): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x2c) 336.03445ms ago: executing program 0 (id=165): syz_emit_ethernet(0x3a, &(0x7f00000004c0)={@local, @random="6cf6566994c6", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2d, 0x28, 0x0, 0x0, 0xa3, 0x6, 0x0, @remote, @local}, {{0x4e22, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="70000000120003", @ANYRES16=r0], 0x70}}, 0x0) 329.380408ms ago: executing program 3 (id=166): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newtaction={0x48, 0x32, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9, 0x3}, {0xfffffd91}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x4, 0x1}}}}]}]}, 0x48}}, 0x0) 272.130492ms ago: executing program 0 (id=167): bpf$PROG_LOAD(0x5, 0x0, 0x0) close(0x3) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r0) close(0x3) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x40000, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 224.151668ms ago: executing program 4 (id=168): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000003380), 0xffffffffffffffff) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e03fb0520"], 0x7) mremap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x1000, 0x4, &(0x7f0000003000/0x1000)=nil) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, &(0x7f00000005c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x25}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/220, 0xdc, 0xfffffffffffffffd, 0x29}, @fda={0x66642a85, 0x5, 0x1, 0xc8}}, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 224.039473ms ago: executing program 1 (id=80): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB="1802000000000000000000000000000085100000010000009500000000000000180000000001000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000028850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0xa}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='mm_page_free_batched\x00', r2}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) 223.961013ms ago: executing program 3 (id=169): syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0xff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x143042, 0x80) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfe}], 0x1, 0x5405, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x7a680000) 223.892712ms ago: executing program 0 (id=170): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x810) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 207.521104ms ago: executing program 3 (id=171): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x11e, 0x13, 0x0, 0x0) 187.665596ms ago: executing program 4 (id=172): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x1000}) 112.264944ms ago: executing program 0 (id=173): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) exit(0x0) dup3(r0, r1, 0x0) 112.124579ms ago: executing program 4 (id=174): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r0, &(0x7f0000000780)=ANY=[@ANYBLOB="c20200007d00000005fa0000006a0000004000000000000000000000000000000010000000020000000000000000000000001f00046e6f6465767b6376666f7825ffffff8102000000000000000000000000003800704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500003b595fcb14034354b9fd9ef196a51cd5157adc8106b494e11200fbe161e900000000000000000000f313f6005e00f8f67efb716dcf315ecaf385409ac65b9408679d"], 0x2c2) 112.068301ms ago: executing program 3 (id=175): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r0, 0x400, 0x0) setxattr$security_ima(&(0x7f0000000180)='./file1\x00', &(0x7f0000000380), &(0x7f00000003c0)=@sha1={0x1, "4525f685a6ffff00000000000000000000000023"}, 0x15, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380), &(0x7f0000000f40), 0x1, 0x2) 93.94125ms ago: executing program 3 (id=176): syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x200000, &(0x7f0000000240)={[{@dir_umask={'dir_umask', 0x3d, 0x7ff}}, {@dir_umask={'dir_umask', 0x3d, 0x7}}, {@gid}, {@type={'type', 0x3d, "9d119198"}}, {}, {}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@umask={'umask', 0x3d, 0x6}}]}, 0x4, 0x337, &(0x7f0000001980)="$eJzs3U1r1EAYB/D/ZN9tqbGtVDxWC55KWw+KCIr05hfwIMXabqE0VrAVrChWzyLeBMGjN8+iX0Ev4hfQUw/Fk16KSCMzmWRntzPZTV82u/T/g+7rPJlnkkwysxIDIjq2bsz+eH9xS/6JEoACgCuAB6AKFAGcxlj14er68npQX0xbUEFFyD+BKFLsKbOwWreFyjgVofnyXRGD5md0NMIwDH+2LfW7K7lQfkTU9/fwgIruner7atcz25fNDgpUupNKDzG2sNjBDh5hKM90iIgof/r87+mzxKAev3seMKHH4f10/o+ZM4im8c0O8ORk9/PpGcn534veh0KuH7VGRGO+p6Zwch168SzRtizrPhE2VncZ0Z7VtAFEu1mlysWrLS0H9clNtYAXuKYZxUbV4yLihiiubMvR07hlbpoire3pBlQbSrINJUf+I5lr/LyNN/bq5r52kJP4Ir6JOeHjLRaT8V8xFHLlqPXjAzUzIMp/yr1E1Uo/KtXUykbvO6UqORtvgU8fGq2sudZrFQWZi41cimgdv/txnq/L7igMNx8UdOum3a1TUSPWqJnk/V9r1GhrVG2pFNQnF+4HqT+lHBrrjE68ErfEOH7hI2aN8b8nS0/A3TOberlQJfWekdqeoirp2I5NVAe+l6lnEvAvjGQMe4m7uIyhtY3HK/NBUH+Q/4u4q/RIPtGOqHdH+Yl8NsqgKl+UABxapbthGFq/KuIQqijHqbpyLqmmXnqXNFkdZvVPKQerHZvROjS+uu4u3Dhsyk/iI0LGSlX4syRKni2yhP/Rta9t2HdIYWRYPtodMq5qPgjOJBuugEpHPaW2j0pvPl2ZD/ZzLKJ+Y/SXsdvbV/NOh7pPjrtENP8z5itT6qgjH/yU2UjbUYexxGnHDGhYPZ7obAaXLNY5ThyIXwT1mbQ517kLwPmWGj3ENT5vXayv80Qv/qtkxZZWLS1CzOI77vD3fyIiIiIiIiIiIiIiIiIiIiIiIiKifpP1agT35QS7+jok+5UYDVvH8D/eICIiIiIiIiIiIiIiIiIiIiIiIiIiIiI6GOP+v0BB3TGmnPv9fwsd3P9XtL3FJxG18T8AAP//uTRlfg==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) 76.108255ms ago: executing program 2 (id=177): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000000c0)={0x2, [0x1, 0x0]}, 0x8) 75.972452ms ago: executing program 1 (id=178): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000120a09000000000000000000020000000900020073797a3100000000080003"], 0x50}}, 0x0) 75.898713ms ago: executing program 4 (id=179): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'fo\x00', 0x14, 0x0, 0x807f}, 0x2c) 188.936µs ago: executing program 3 (id=180): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x60}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}]}, 0x34}, 0x1, 0xd, 0x0, 0x480c5}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000580)={0x0, 0x1, 0x6, @local}, 0x10) 0s ago: executing program 4 (id=181): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000001c00)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x84}, {0x6}]}, 0x10) syz_emit_ethernet(0x66, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x4, 0x58, 0x64, 0x0, 0x9, 0x2f, 0x0, @local, @local}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {0x1}, {0x1, 0x0, 0x1}, {0x8, 0x88be, 0x1, {{0x2, 0x1, 0x10, 0x3, 0x1, 0x2, 0x0, 0x6}, 0x1, {0x5f71}}}, {0x8, 0x22eb, 0x4, {{0x5, 0x2, 0x1, 0x2, 0x0, 0x0, 0x7}, 0x2, {0x6a2b, 0x8, 0x2, 0x18, 0x1, 0x0, 0x3, 0x0, 0x1}}}}}}}}, 0x0) 0s ago: executing program 2 (id=182): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000800)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff030768441a8cb89e14f00800", 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.234' (ED25519) to the list of known hosts. [ 23.594176][ T6514] cgroup: Unknown subsys name 'net' [ 23.731222][ T6514] cgroup: Unknown subsys name 'cpuset' [ 23.732930][ T6514] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 23.898545][ T6514] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 24.973284][ T6537] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 24.975093][ T6537] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 24.976502][ T6537] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 24.978034][ T6537] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 24.980770][ T6535] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 24.980952][ T6535] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 24.982237][ T6538] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 24.982482][ T6538] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 24.985903][ T6121] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 24.986002][ T6121] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 24.988583][ T6535] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 24.989288][ T6121] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 24.992006][ T6541] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 24.995249][ T6535] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 24.996680][ T6121] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 24.997364][ T6535] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 24.997750][ T6535] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 24.998230][ T6535] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 24.998465][ T6535] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 24.998814][ T6535] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 24.999020][ T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 24.999723][ T6535] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 25.001646][ T6535] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 25.003152][ T6535] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 25.009867][ T6530] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 25.171195][ T6536] chnl_net:caif_netlink_parms(): no params data found [ 25.176837][ T6527] chnl_net:caif_netlink_parms(): no params data found [ 25.191277][ T6539] chnl_net:caif_netlink_parms(): no params data found [ 25.196647][ T6528] chnl_net:caif_netlink_parms(): no params data found [ 25.230970][ T6536] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.232575][ T6536] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.234041][ T6536] bridge_slave_0: entered allmulticast mode [ 25.235658][ T6536] bridge_slave_0: entered promiscuous mode [ 25.247782][ T6536] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.247830][ T6536] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.247909][ T6536] bridge_slave_1: entered allmulticast mode [ 25.248365][ T6536] bridge_slave_1: entered promiscuous mode [ 25.272084][ T6536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 25.272907][ T6536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 25.293204][ T6528] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.293310][ T6528] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.293362][ T6528] bridge_slave_0: entered allmulticast mode [ 25.293777][ T6528] bridge_slave_0: entered promiscuous mode [ 25.300465][ T6536] team0: Port device team_slave_0 added [ 25.300908][ T6539] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.300929][ T6539] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.300999][ T6539] bridge_slave_0: entered allmulticast mode [ 25.301456][ T6539] bridge_slave_0: entered promiscuous mode [ 25.302143][ T6539] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.302161][ T6539] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.302218][ T6539] bridge_slave_1: entered allmulticast mode [ 25.302666][ T6539] bridge_slave_1: entered promiscuous mode [ 25.312446][ T6528] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.312524][ T6528] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.312574][ T6528] bridge_slave_1: entered allmulticast mode [ 25.313610][ T6528] bridge_slave_1: entered promiscuous mode [ 25.320788][ T6536] team0: Port device team_slave_1 added [ 25.332452][ T6527] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.332541][ T6527] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.332618][ T6527] bridge_slave_0: entered allmulticast mode [ 25.333074][ T6527] bridge_slave_0: entered promiscuous mode [ 25.334225][ T6527] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.334244][ T6527] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.334299][ T6527] bridge_slave_1: entered allmulticast mode [ 25.334744][ T6527] bridge_slave_1: entered promiscuous mode [ 25.341300][ T6528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 25.342980][ T6533] chnl_net:caif_netlink_parms(): no params data found [ 25.349457][ T6539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 25.355345][ T6528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 25.362781][ T6536] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.363989][ T6536] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.368648][ T6536] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.372053][ T6539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 25.379403][ T6527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 25.383761][ T6528] team0: Port device team_slave_0 added [ 25.387008][ T6536] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.387031][ T6536] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.392631][ T6536] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.398266][ T6527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 25.404296][ T6528] team0: Port device team_slave_1 added [ 25.412343][ T6539] team0: Port device team_slave_0 added [ 25.413104][ T6539] team0: Port device team_slave_1 added [ 25.434121][ T6527] team0: Port device team_slave_0 added [ 25.434926][ T6527] team0: Port device team_slave_1 added [ 25.438452][ T6528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.438492][ T6528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.438505][ T6528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.439076][ T6528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.439083][ T6528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.439095][ T6528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.453935][ T6528] hsr_slave_0: entered promiscuous mode [ 25.454595][ T6528] hsr_slave_1: entered promiscuous mode [ 25.465131][ T6539] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.466361][ T6539] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.469821][ T6539] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.470496][ T6539] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.470502][ T6539] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.470515][ T6539] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.487735][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.487760][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.487774][ T6527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.501909][ T6536] hsr_slave_0: entered promiscuous mode [ 25.502205][ T6536] hsr_slave_1: entered promiscuous mode [ 25.502393][ T6536] debugfs: 'hsr0' already exists in 'hsr' [ 25.502432][ T6536] Cannot create hsr debugfs directory [ 25.503695][ T6539] hsr_slave_0: entered promiscuous mode [ 25.503945][ T6539] hsr_slave_1: entered promiscuous mode [ 25.504097][ T6539] debugfs: 'hsr0' already exists in 'hsr' [ 25.504106][ T6539] Cannot create hsr debugfs directory [ 25.509593][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.509623][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.509643][ T6527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.518776][ T6533] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.520301][ T6533] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.521531][ T6533] bridge_slave_0: entered allmulticast mode [ 25.522959][ T6533] bridge_slave_0: entered promiscuous mode [ 25.524808][ T6533] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.526074][ T6533] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.527350][ T6533] bridge_slave_1: entered allmulticast mode [ 25.528698][ T6533] bridge_slave_1: entered promiscuous mode [ 25.557026][ T6533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 25.557988][ T6533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 25.572550][ T6527] hsr_slave_0: entered promiscuous mode [ 25.573934][ T6527] hsr_slave_1: entered promiscuous mode [ 25.575323][ T6527] debugfs: 'hsr0' already exists in 'hsr' [ 25.576403][ T6527] Cannot create hsr debugfs directory [ 25.589341][ T6533] team0: Port device team_slave_0 added [ 25.590880][ T6533] team0: Port device team_slave_1 added [ 25.624992][ T6533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.626266][ T6533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.626293][ T6533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.633298][ T6533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.634474][ T6533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.635264][ T6533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.684342][ T6533] hsr_slave_0: entered promiscuous mode [ 25.685953][ T6533] hsr_slave_1: entered promiscuous mode [ 25.687180][ T6533] debugfs: 'hsr0' already exists in 'hsr' [ 25.688200][ T6533] Cannot create hsr debugfs directory [ 25.695383][ T6528] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 25.702542][ T6528] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 25.705733][ T6528] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 25.714213][ T6528] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 25.740754][ T6527] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 25.744134][ T6527] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 25.748322][ T6527] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 25.751822][ T6527] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 25.760933][ T6528] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.760985][ T6528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.761133][ T6528] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.761156][ T6528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.778517][ T6536] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 25.792569][ T6536] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 25.797110][ T6536] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 25.799593][ T6536] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 25.815744][ T6536] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.815788][ T6536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.815869][ T6536] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.815949][ T6536] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.824396][ T6527] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.824436][ T6527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.824511][ T6527] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.824537][ T6527] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.831689][ T6539] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 25.852302][ T6528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.852450][ T6539] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 25.854506][ T6539] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 25.855959][ T6539] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 25.874746][ T6528] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.881113][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.883373][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.885871][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.887731][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.889312][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.893536][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.903945][ T6527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.919545][ T6536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.925919][ T6527] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.930424][ T649] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.930564][ T649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.930896][ T649] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.930915][ T649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.931737][ T649] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.931752][ T649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.932833][ T6533] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 25.935351][ T6533] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 25.945482][ T649] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.945536][ T649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.948376][ T6533] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 25.953085][ T6533] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 25.955661][ T6536] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.976452][ T6528] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 25.976498][ T6528] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 25.984953][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.984991][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.987949][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.987981][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.035619][ T6539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.047075][ T6539] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.065160][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.065201][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.067622][ T4826] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.067656][ T4826] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.085230][ T6533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.092609][ T6533] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.111849][ T6528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.113714][ T4179] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.113737][ T4179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.114127][ T4179] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.114143][ T4179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.153763][ T6527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.159335][ T6536] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.167152][ T6528] veth0_vlan: entered promiscuous mode [ 26.173452][ T6528] veth1_vlan: entered promiscuous mode [ 26.182708][ T6528] veth0_macvtap: entered promiscuous mode [ 26.184951][ T6528] veth1_macvtap: entered promiscuous mode [ 26.197314][ T6527] veth0_vlan: entered promiscuous mode [ 26.204776][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.206699][ T6539] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.216972][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.217794][ T6527] veth1_vlan: entered promiscuous mode [ 26.233156][ T4826] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.233425][ T4826] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.233441][ T4826] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.233454][ T4826] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.249746][ T6536] veth0_vlan: entered promiscuous mode [ 26.256564][ T6536] veth1_vlan: entered promiscuous mode [ 26.273761][ T6533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.290714][ T6539] veth0_vlan: entered promiscuous mode [ 26.292207][ T6539] veth1_vlan: entered promiscuous mode [ 26.294998][ T6527] veth0_macvtap: entered promiscuous mode [ 26.303412][ T6536] veth0_macvtap: entered promiscuous mode [ 26.304737][ T6536] veth1_macvtap: entered promiscuous mode [ 26.309358][ T6527] veth1_macvtap: entered promiscuous mode [ 26.317435][ T6539] veth0_macvtap: entered promiscuous mode [ 26.327269][ T6539] veth1_macvtap: entered promiscuous mode [ 26.337671][ T4826] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.337702][ T4826] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.346283][ T6536] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.347203][ T6536] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.352254][ T14] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.353032][ T14] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.353446][ T14] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.353871][ T14] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.373905][ T6539] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.374843][ T6539] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.377275][ T4826] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.384127][ T4826] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.385676][ T4826] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.393652][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.395289][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.402151][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.404140][ T4826] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.428347][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.428906][ T649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.428915][ T649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.432058][ T6533] veth0_vlan: entered promiscuous mode [ 26.445757][ T41] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.445976][ T41] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.445996][ T41] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.446012][ T41] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.458656][ T6528] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 26.467118][ T6533] veth1_vlan: entered promiscuous mode [ 26.469320][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.469350][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.510314][ T4888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.510347][ T4888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.515068][ T6533] veth0_macvtap: entered promiscuous mode [ 26.534065][ T6533] veth1_macvtap: entered promiscuous mode [ 26.536325][ T4826] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.536555][ T4826] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.544902][ T6533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.566114][ T6533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.578457][ T649] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.578528][ T649] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.578549][ T649] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.578566][ T649] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.581118][ T4826] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.581129][ T4826] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.591773][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.591807][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.659692][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.659714][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.752554][ T4826] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 26.752591][ T4826] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 26.779647][ T6650] loop1: detected capacity change from 0 to 4096 [ 26.877160][ T6657] loop0: detected capacity change from 0 to 512 [ 26.880063][ T6657] EXT4-fs: Ignoring removed nobh option [ 27.150120][ T6537] Bluetooth: hci0: command tx timeout [ 27.151337][ T6537] Bluetooth: hci4: command tx timeout [ 27.152527][ T6537] Bluetooth: hci2: command tx timeout [ 27.153659][ T6537] Bluetooth: hci3: command tx timeout [ 27.154794][ T6537] Bluetooth: hci1: command tx timeout [ 27.371030][ T6657] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 27.373237][ T6660] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 27.395992][ T6657] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.1: iget: bad i_size value: 38620345925642 [ 27.396731][ T6657] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1: couldn't read orphan inode 15 (err -117) [ 27.397620][ T6657] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 27.418579][ T6656] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.1: invalid indirect mapped block 3973251072 (level 0) [ 27.421773][ T6660] loop4: detected capacity change from 0 to 1024 [ 27.454698][ T6650] ntfs3(loop1): ino=18, mi_enum_attr [ 27.457081][ T6650] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 27.509494][ T6650] ntfs3(loop1): ino=1a, mi_enum_attr [ 27.588112][ T6654] loop3: detected capacity change from 0 to 32768 [ 27.590221][ T6664] loop2: detected capacity change from 0 to 32768 [ 27.590633][ T6664] ======================================================= [ 27.590633][ T6664] WARNING: The mand mount option has been deprecated and [ 27.590633][ T6664] and is ignored by this kernel. Remove the mand [ 27.590633][ T6664] option from the mount to silence this warning. [ 27.590633][ T6664] ======================================================= [ 27.600813][ T4179] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm kworker/u8:7: bg 0: block 5: invalid block bitmap [ 27.618979][ T4179] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 9 with max blocks 3 with error 28 [ 27.619010][ T4179] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.619010][ T4179] [ 27.619028][ T4179] EXT4-fs (loop0): Total free blocks count 0 [ 27.619037][ T4179] EXT4-fs (loop0): Free/Dirty block details [ 27.619050][ T4179] EXT4-fs (loop0): free_blocks=0 [ 27.619061][ T4179] EXT4-fs (loop0): dirty_blocks=3 [ 27.619069][ T4179] EXT4-fs (loop0): Block reservation details [ 27.619076][ T4179] EXT4-fs (loop0): i_reserved_data_blocks=3 [ 27.632226][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 27.632976][ T6664] JBD2: Ignoring recovery information on journal [ 27.646025][ T6664] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 27.729250][ T6536] ocfs2: Unmounting device (7,2) on (node local) [ 27.739136][ T6654] bcachefs (loop3): starting version 1.13: inode_has_child_snapshots opts=compression=gzip [ 27.739166][ T6654] features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 27.739193][ T6654] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 27.739251][ T6654] bcachefs (loop3): recovering from clean shutdown, journal seq 8 [ 27.739286][ T6654] bcachefs (loop3): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.28: inode_has_case_insensitive [ 27.739286][ T6654] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes [ 27.786717][ T6654] bcachefs (loop3): error reading btree root btree=accounting level=0: btree_node_read_error, fixing [ 27.786881][ T6654] bcachefs (loop3): check_topology... done [ 27.790750][ T6654] bcachefs (loop3): accounting_read... done [ 27.824689][ T6654] bcachefs (loop3): alloc_read... done [ 27.826423][ T6654] bcachefs (loop3): snapshots_read... done [ 27.830375][ T6654] bcachefs (loop3): check_allocations... [ 27.832873][ T6654] bcachefs (loop3): bucket 0:78 gen 0 has wrong data_type: got btree, should be need_discard, fixing [ 27.832929][ T6654] bcachefs (loop3): bucket 0:78 gen 0 data type need_discard has wrong dirty_sectors: got 64, should be 0, fixing [ 27.891764][ T6687] loop2: detected capacity change from 0 to 4096 [ 27.923244][ T6654] done [ 27.928541][ T6689] loop1: detected capacity change from 0 to 40427 [ 27.930765][ T6654] bcachefs (loop3): going read-write [ 27.931601][ T6689] F2FS-fs (loop1): invalid crc value [ 27.933663][ T6687] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 27.939234][ T6687] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 27.954555][ T6654] bcachefs (loop3): journal_replay... [ 27.959441][ T6689] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 27.962219][ T6689] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 27.974632][ T6536] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 27.997956][ T6654] done [ 27.998849][ T6654] bcachefs (loop3): check_lrus... done [ 27.999364][ T6654] bcachefs (loop3): check_backpointers_to_extents... done [ 28.004147][ T6654] bcachefs (loop3): check_extents_to_backpointers... [ 28.007455][ T6539] syz-executor: attempt to access beyond end of device [ 28.007455][ T6539] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 28.007753][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 28.007762][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 28.007767][ T6539] Call trace: [ 28.007769][ T6539] show_stack+0x2c/0x3c (C) [ 28.007781][ T6539] __dump_stack+0x30/0x40 [ 28.007786][ T6539] dump_stack_lvl+0xd8/0x12c [ 28.007792][ T6539] dump_stack+0x1c/0x28 [ 28.007796][ T6539] f2fs_handle_critical_error+0x34c/0x4b8 [ 28.007803][ T6539] f2fs_stop_checkpoint+0x5c/0x70 [ 28.007809][ T6539] f2fs_write_end_io+0x768/0xa70 [ 28.007815][ T6539] bio_endio+0x858/0x894 [ 28.007822][ T6539] submit_bio_noacct+0x158/0x177c [ 28.007828][ T6539] submit_bio+0x3b4/0x550 [ 28.007833][ T6539] f2fs_submit_write_bio+0x13c/0x324 [ 28.007839][ T6539] __submit_merged_bio+0x254/0x704 [ 28.007844][ T6539] __submit_merged_write_cond+0x23c/0x4ac [ 28.007850][ T6539] f2fs_write_data_pages+0x1d28/0x2634 [ 28.007856][ T6539] do_writepages+0x270/0x468 [ 28.007864][ T6539] filemap_fdatawrite+0x14c/0x1f4 [ 28.007871][ T6539] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 28.007876][ T6539] f2fs_write_checkpoint+0x690/0x16a0 [ 28.007881][ T6539] kill_f2fs_super+0x21c/0x584 [ 28.007887][ T6539] deactivate_locked_super+0xc4/0x12c [ 28.007895][ T6539] deactivate_super+0xe0/0x100 [ 28.007901][ T6539] cleanup_mnt+0x31c/0x3ac [ 28.007906][ T6539] __cleanup_mnt+0x20/0x30 [ 28.007911][ T6539] task_work_run+0x1dc/0x260 [ 28.007917][ T6539] exit_to_user_mode_loop+0xfc/0x168 [ 28.007923][ T6539] el0_svc+0x170/0x254 [ 28.007931][ T6539] el0t_64_sync_handler+0x84/0x12c [ 28.007937][ T6539] el0t_64_sync+0x198/0x19c [ 28.007944][ T6539] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 28.013641][ T6654] done [ 28.018569][ T6654] bcachefs (loop3): check_inodes... done [ 28.020985][ T6654] bcachefs (loop3): resume_logged_ops... done [ 28.023723][ T6654] bcachefs (loop3): delete_dead_inodes... done [ 28.033026][ T6654] bcachefs (loop3): Fixed errors, running fsck a second time to verify fs is clean [ 28.033041][ T6654] bcachefs (loop3): check_extents_to_backpointers... [ 28.033530][ T6654] bcachefs (loop3): scanning for missing backpointers in 1/512 buckets [ 28.048787][ T6654] done [ 28.052046][ T6654] bcachefs (loop3): check_inodes... done [ 28.053256][ T6654] bcachefs (loop3): resume_logged_ops... done [ 28.054714][ T6654] bcachefs (loop3): delete_dead_inodes... done [ 28.056228][ T6654] bcachefs (loop3): done starting filesystem [ 28.068139][ T6702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 28.068335][ T6702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 28.112872][ T6654] bcachefs (loop3): requested incompat feature 1.16: reflink_p_may_update_opts currently not enabled, allowed up to 1.16: reflink_p_may_update_opts [ 28.112872][ T6654] set version_upgrade=incompat to enable [ 28.147235][ T6704] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 28.211063][ T6706] cgroup: fork rejected by pids controller in /syz1 [ 28.347190][ T6528] bcachefs (loop3): shutting down [ 28.347247][ T6528] bcachefs (loop3): going read-only [ 28.347368][ T6528] bcachefs (loop3): finished waiting for writes to stop [ 28.361745][ T6528] bcachefs (loop3): flushing journal and stopping allocators, journal seq 21 [ 28.366027][ T6528] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 22 [ 28.370292][ T6528] bcachefs (loop3): clean shutdown complete, journal seq 23 [ 28.370743][ T6528] bcachefs (loop3): marking filesystem clean [ 28.386480][ T6528] bcachefs (loop3): shutdown complete [ 28.478837][ T6727] netlink: 20 bytes leftover after parsing attributes in process `syz.4.29'. [ 28.478963][ T6727] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 28.532356][ T6729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 28.532536][ T6729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 28.634127][ T6735] loop2: detected capacity change from 0 to 512 [ 28.669293][ T6735] EXT4-fs (loop2): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 28.720605][ T6744] loop0: detected capacity change from 0 to 4096 [ 28.738903][ T6745] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 28.747148][ T6744] NILFS error (device loop0): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=4096, inode=0, rec_len=0, name_len=0 [ 28.747949][ T6744] Remounting filesystem read-only [ 28.747956][ T6744] NILFS error (device loop0): nilfs_readdir: bad page in #2 [ 28.748266][ T6744] NILFS error (device loop0): nilfs_find_entry: dir 2 size 34359742464 exceeds block count 1 [ 28.879134][ T6759] loop0: detected capacity change from 0 to 256 [ 28.897612][ T6759] syz.0.43: attempt to access beyond end of device [ 28.897612][ T6759] loop0: rw=2049, sector=256, nr_sectors = 100 limit=256 [ 28.933316][ T6761] loop0: detected capacity change from 0 to 4096 [ 29.209553][ T6536] EXT4-fs (loop2): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 29.210426][ T6537] Bluetooth: hci1: command tx timeout [ 29.210452][ T6537] Bluetooth: hci2: command tx timeout [ 29.210472][ T6537] Bluetooth: hci4: command tx timeout [ 29.210504][ T6537] Bluetooth: hci0: command tx timeout [ 29.279935][ T6640] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 29.291918][ T6778] loop2: detected capacity change from 0 to 512 [ 29.294512][ T6778] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 29.296481][ T6778] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 29.296499][ T6778] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 29.301660][ T6778] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 29.303448][ T6778] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 29.303475][ T6778] System zones: 0-2, 18-18, 34-35 [ 29.304712][ T6778] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 29.314753][ T6536] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 29.392611][ T6789] loop2: detected capacity change from 0 to 64 [ 29.431141][ T6640] usb 1-1: Using ep0 maxpacket: 32 [ 29.436311][ T6640] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 29.436354][ T6640] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 29.436368][ T6640] usb 1-1: Product: syz [ 29.436380][ T6640] usb 1-1: Manufacturer: syz [ 29.436391][ T6640] usb 1-1: SerialNumber: syz [ 29.447460][ T6791] netlink: 24 bytes leftover after parsing attributes in process `syz.3.23'. [ 29.448219][ T6640] usb 1-1: config 0 descriptor?? [ 29.455916][ T6640] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 29.686340][ T6804] loop3: detected capacity change from 0 to 40427 [ 29.687760][ T6804] F2FS-fs (loop3): Fix alignment : internally, start(4096) end(16896) block(12288) [ 29.690397][ T6804] F2FS-fs (loop3): Image doesn't support compression [ 29.693677][ T6804] F2FS-fs (loop3): invalid crc value [ 29.706427][ T6804] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 29.706658][ T6804] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 29.796412][ T6640] gspca_stk1135: reg_w 0x0 err -71 [ 29.797447][ T6640] gspca_stk1135: serial bus timeout: status=0x00 [ 29.797452][ T6640] gspca_stk1135: Sensor write failed [ 29.797460][ T6640] gspca_stk1135: serial bus timeout: status=0x00 [ 29.797464][ T6640] gspca_stk1135: Sensor write failed [ 29.797472][ T6640] gspca_stk1135: serial bus timeout: status=0x00 [ 29.797475][ T6640] gspca_stk1135: Sensor read failed [ 29.797482][ T6640] gspca_stk1135: serial bus timeout: status=0x00 [ 29.797485][ T6640] gspca_stk1135: Sensor read failed [ 29.797488][ T6640] gspca_stk1135: Detected sensor type unknown (0x0) [ 29.797497][ T6640] gspca_stk1135: serial bus timeout: status=0x00 [ 29.797503][ T6640] gspca_stk1135: Sensor read failed [ 29.797511][ T6640] gspca_stk1135: serial bus timeout: status=0x00 [ 29.797515][ T6640] gspca_stk1135: Sensor read failed [ 29.797523][ T6640] gspca_stk1135: serial bus timeout: status=0x00 [ 29.797526][ T6640] gspca_stk1135: Sensor write failed [ 29.797533][ T6640] gspca_stk1135: serial bus timeout: status=0x00 [ 29.797537][ T6640] gspca_stk1135: Sensor write failed [ 29.797566][ T6640] stk1135 1-1:0.0: probe with driver stk1135 failed with error -71 [ 29.806056][ T6640] usb 1-1: USB disconnect, device number 2 [ 29.956333][ T6817] loop0: detected capacity change from 0 to 40427 [ 29.958639][ T6817] F2FS-fs (loop0): invalid crc value [ 29.975119][ T6817] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 29.978085][ T6817] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 29.995732][ T6527] syz-executor: attempt to access beyond end of device [ 29.995732][ T6527] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 29.995787][ T6527] CPU: 0 UID: 0 PID: 6527 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 29.995801][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 29.995808][ T6527] Call trace: [ 29.995812][ T6527] show_stack+0x2c/0x3c (C) [ 29.995825][ T6527] __dump_stack+0x30/0x40 [ 29.995832][ T6527] dump_stack_lvl+0xd8/0x12c [ 29.995837][ T6527] dump_stack+0x1c/0x28 [ 29.995841][ T6527] f2fs_handle_critical_error+0x34c/0x4b8 [ 29.995849][ T6527] f2fs_stop_checkpoint+0x5c/0x70 [ 29.995854][ T6527] f2fs_write_end_io+0x768/0xa70 [ 29.995860][ T6527] bio_endio+0x858/0x894 [ 29.995868][ T6527] submit_bio_noacct+0x158/0x177c [ 29.995873][ T6527] submit_bio+0x3b4/0x550 [ 29.995878][ T6527] f2fs_submit_write_bio+0x13c/0x324 [ 29.995884][ T6527] __submit_merged_bio+0x254/0x704 [ 29.995890][ T6527] __submit_merged_write_cond+0x23c/0x4ac [ 29.995895][ T6527] f2fs_write_data_pages+0x1d28/0x2634 [ 29.995902][ T6527] do_writepages+0x270/0x468 [ 29.995909][ T6527] filemap_fdatawrite+0x14c/0x1f4 [ 29.995916][ T6527] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 29.995921][ T6527] f2fs_write_checkpoint+0x690/0x16a0 [ 29.995926][ T6527] kill_f2fs_super+0x21c/0x584 [ 29.995932][ T6527] deactivate_locked_super+0xc4/0x12c [ 29.995939][ T6527] deactivate_super+0xe0/0x100 [ 29.995945][ T6527] cleanup_mnt+0x31c/0x3ac [ 29.995951][ T6527] __cleanup_mnt+0x20/0x30 [ 29.995955][ T6527] task_work_run+0x1dc/0x260 [ 29.995962][ T6527] exit_to_user_mode_loop+0xfc/0x168 [ 29.995968][ T6527] el0_svc+0x170/0x254 [ 29.995975][ T6527] el0t_64_sync_handler+0x84/0x12c [ 29.995981][ T6527] el0t_64_sync+0x198/0x19c [ 29.997196][ T6527] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 30.216189][ T6828] loop4: detected capacity change from 0 to 65536 [ 30.224798][ T6828] XFS (loop4): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 30.228837][ T6839] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 30.229099][ T6839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.74'. [ 30.229192][ T6839] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 30.244939][ T6828] XFS (loop4): Ending clean mount [ 30.261618][ T6839] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 30.283251][ T6843] loop0: detected capacity change from 0 to 64 [ 30.291551][ T6843] hfs: unable to change iocharset [ 30.313728][ T6828] XFS (loop4): User initiated shutdown received. [ 30.313871][ T6828] XFS (loop4): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x10c/0x15c (fs/xfs/xfs_fsops.c:466). Shutting down filesystem. [ 30.313902][ T6828] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 30.326260][ T6533] XFS (loop4): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 30.349019][ T6845] syz.0.76 uses obsolete (PF_INET,SOCK_PACKET) [ 30.478958][ T6849] loop0: detected capacity change from 0 to 32768 [ 30.510725][ T6849] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 30.538115][ T6849] XFS (loop0): Ending clean mount [ 30.542178][ T6849] XFS (loop0): Quotacheck needed: Please wait. [ 30.551166][ T6849] XFS (loop0): Quotacheck: Done. [ 30.562162][ T6530] Bluetooth: hci2: Malformed LE Event: 0x02 [ 30.585045][ T6527] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 30.590529][ T6537] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 30.592828][ T6537] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 30.596657][ T6537] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 30.602156][ T6537] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 30.602660][ T6537] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 30.654170][ T4888] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 30.715576][ T6879] loop3: detected capacity change from 0 to 16 [ 30.720867][ T6879] erofs (device loop3): mounted with root inode @ nid 36. [ 30.744618][ T6884] netlink: 16 bytes leftover after parsing attributes in process `syz.4.89'. [ 30.752474][ T6884] netlink: 16 bytes leftover after parsing attributes in process `syz.4.89'. [ 30.775793][ T6867] chnl_net:caif_netlink_parms(): no params data found [ 30.835158][ T6897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 30.835339][ T6897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 30.849409][ T6895] loop4: detected capacity change from 0 to 256 [ 30.858729][ T6895] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 30.860886][ T6899] netlink: 44 bytes leftover after parsing attributes in process `syz.3.94'. [ 30.860924][ T6899] netlink: 44 bytes leftover after parsing attributes in process `syz.3.94'. [ 30.882473][ T6867] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.884560][ T6867] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.884665][ T6867] bridge_slave_0: entered allmulticast mode [ 30.885181][ T6867] bridge_slave_0: entered promiscuous mode [ 30.894452][ T6867] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.894526][ T6867] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.894645][ T6867] bridge_slave_1: entered allmulticast mode [ 30.895081][ T6867] bridge_slave_1: entered promiscuous mode [ 30.919645][ T6867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.923262][ T6867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.934891][ T6907] loop3: detected capacity change from 0 to 2048 [ 30.943264][ T6907] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 30.950996][ T6907] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 30.953605][ T6867] team0: Port device team_slave_0 added [ 30.955658][ T6867] team0: Port device team_slave_1 added [ 30.968980][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.972872][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.977114][ T6867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.979729][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.981425][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.981464][ T6867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.017802][ T6867] hsr_slave_0: entered promiscuous mode [ 31.019210][ T6867] hsr_slave_1: entered promiscuous mode [ 31.022661][ T6867] debugfs: 'hsr0' already exists in 'hsr' [ 31.023767][ T6867] Cannot create hsr debugfs directory [ 31.039882][ T4888] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 31.048574][ T6530] Bluetooth: Unexpected continuation frame (len 67) [ 31.057251][ T6913] loop3: detected capacity change from 0 to 128 [ 31.062984][ T6913] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 31.064078][ T6913] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 31.089566][ T4888] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 31.135253][ T4888] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 31.155069][ T6919] netlink: 16 bytes leftover after parsing attributes in process `syz.3.102'. [ 31.265080][ T6924] loop3: detected capacity change from 0 to 32768 [ 31.265493][ T6924] btrfs: Deprecated parameter 'usebackuproot' [ 31.265564][ T6924] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 31.269036][ T6924] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.104 (6924) [ 31.279208][ T6924] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 31.279280][ T6924] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 31.291675][ T6537] Bluetooth: hci4: command tx timeout [ 31.291717][ T6537] Bluetooth: hci2: command tx timeout [ 31.291747][ T6537] Bluetooth: hci1: command tx timeout [ 31.291822][ T6530] Bluetooth: hci0: command tx timeout [ 31.347266][ T4117] BTRFS warning (device loop3): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x32f839c6 level 0 [ 31.347517][ T6924] BTRFS warning (device loop3): couldn't read tree root [ 31.347534][ T6924] BTRFS warning (device loop3): try to load backup roots slot 1 [ 31.349994][ T4888] bridge_slave_1: left allmulticast mode [ 31.350245][ T4888] bridge_slave_1: left promiscuous mode [ 31.350766][ T4888] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.358571][ T41] BTRFS warning (device loop3): checksum verify failed on logical 5316608 mirror 1 wanted 0x5387c9d6 found 0xc5289bf1 level 0 [ 31.358698][ T6924] BTRFS error (device loop3): failed to load root extent [ 31.358718][ T6924] BTRFS warning (device loop3): try to load backup roots slot 2 [ 31.361035][ T4826] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 31.361086][ T6924] BTRFS warning (device loop3): couldn't read tree root [ 31.361104][ T6924] BTRFS warning (device loop3): try to load backup roots slot 3 [ 31.367596][ T6924] BTRFS info (device loop3): rebuilding free space tree [ 31.377529][ T6924] BTRFS info (device loop3): checking UUID tree [ 31.378735][ T6924] BTRFS info (device loop3): allowing degraded mounts [ 31.378778][ T6924] BTRFS info (device loop3): enabling ssd optimizations [ 31.378795][ T6924] BTRFS info (device loop3): enabling free space tree [ 31.378810][ T6924] BTRFS info (device loop3): force clearing of disk cache [ 31.378823][ T6924] BTRFS info (device loop3): trying to use backup root at mount time [ 31.378845][ T6924] BTRFS info (device loop3): use zlib compression, level 3 [ 31.392430][ T4888] bridge_slave_0: left allmulticast mode [ 31.392469][ T4888] bridge_slave_0: left promiscuous mode [ 31.392609][ T4888] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.397770][ T6944] loop2: detected capacity change from 0 to 64 [ 31.428847][ T6528] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 31.531271][ T6950] loop2: detected capacity change from 0 to 256 [ 31.699456][ T6963] loop2: detected capacity change from 0 to 40427 [ 31.706422][ T6963] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 31.706472][ T6963] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 31.711727][ T6963] F2FS-fs (loop2): invalid crc value [ 31.712809][ T6965] loop0: detected capacity change from 0 to 24 [ 31.715675][ T6965] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 31.723671][ T6965] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 31.724800][ T6963] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 31.726525][ T6963] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 31.726537][ T6963] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 31.738098][ T6965] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 31.831245][ T4888] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 31.856950][ T4888] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 31.872189][ T4888] bond0 (unregistering): Released all slaves [ 32.063700][ T6985] loop2: detected capacity change from 0 to 32768 [ 32.065542][ T6985] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.119 (6985) [ 32.072044][ T6985] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 32.072120][ T6985] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 32.105053][ T6999] loop3: detected capacity change from 0 to 2048 [ 32.147198][ T6985] BTRFS info (device loop2): rebuilding free space tree [ 32.151851][ T6985] BTRFS info (device loop2): disabling free space tree [ 32.151894][ T6985] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 32.151917][ T6985] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 32.157965][ T6985] BTRFS info (device loop2): enabling ssd optimizations [ 32.157976][ T6985] BTRFS info (device loop2): force clearing of disk cache [ 32.157982][ T6985] BTRFS info (device loop2): enabling auto defrag [ 32.157988][ T6985] BTRFS info (device loop2): doing ref verification [ 32.160992][ T6999] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.172154][ T6999] EXT4-fs (loop3): shut down requested (0) [ 32.255805][ T6536] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 32.304377][ T6528] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.366486][ T7042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 32.368588][ T7042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 32.468695][ T7049] netlink: 8 bytes leftover after parsing attributes in process `syz.4.135'. [ 32.514076][ T6867] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 32.517836][ T6867] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 32.520877][ T6867] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 32.523101][ T6867] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 32.563764][ T7056] loop0: detected capacity change from 0 to 32768 [ 32.566892][ T7056] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.138 (7056) [ 32.573886][ T7056] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 32.573949][ T7056] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 32.611956][ T4888] hsr_slave_0: left promiscuous mode [ 32.613319][ T4888] hsr_slave_1: left promiscuous mode [ 32.613607][ T4888] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 32.613624][ T4888] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 32.632323][ T4888] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 32.632356][ T4888] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 32.650281][ T6535] Bluetooth: hci3: command tx timeout [ 32.661742][ T4888] veth1_macvtap: left promiscuous mode [ 32.661817][ T4888] veth0_macvtap: left promiscuous mode [ 32.661904][ T4888] veth1_vlan: left promiscuous mode [ 32.661956][ T4888] veth0_vlan: left promiscuous mode [ 32.668658][ T7082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 32.668831][ T7082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 32.695192][ T7056] BTRFS info (device loop0): enabling ssd optimizations [ 32.695222][ T7056] BTRFS info (device loop0): enabling free space tree [ 32.712526][ T7088] loop4: detected capacity change from 0 to 64 [ 32.832870][ T7091] loop4: detected capacity change from 0 to 40427 [ 32.833481][ T7091] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 32.833517][ T7091] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 32.839009][ T7091] F2FS-fs (loop4): invalid crc value [ 32.853515][ T7091] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 32.857165][ T7091] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 32.857194][ T7091] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 33.116004][ T4888] team0 (unregistering): Port device team_slave_1 removed [ 33.144954][ T4888] team0 (unregistering): Port device team_slave_0 removed [ 33.156926][ T7106] loop4: detected capacity change from 0 to 4096 [ 33.167470][ T7106] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 33.192348][ T7106] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 33.195037][ T7106] ntfs3(loop4): Failed to initialize $Extend/$Reparse. [ 33.369888][ T6535] Bluetooth: hci0: command tx timeout [ 33.369926][ T6535] Bluetooth: hci1: command tx timeout [ 33.369954][ T6535] Bluetooth: hci2: command tx timeout [ 33.369972][ T6535] Bluetooth: hci4: command tx timeout [ 33.442314][ T6527] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 33.478780][ T6867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.492953][ T6867] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.497915][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.497954][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.502042][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.502082][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.512063][ T6867] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 33.513897][ T6867] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.526947][ T7115] loop3: detected capacity change from 0 to 256 [ 33.571527][ T7115] FAT-fs (loop3): Directory bread(block 64) failed [ 33.571567][ T7115] FAT-fs (loop3): Directory bread(block 65) failed [ 33.571592][ T7115] FAT-fs (loop3): Directory bread(block 66) failed [ 33.571605][ T7115] FAT-fs (loop3): Directory bread(block 67) failed [ 33.571626][ T7115] FAT-fs (loop3): Directory bread(block 68) failed [ 33.571637][ T7115] FAT-fs (loop3): Directory bread(block 69) failed [ 33.571657][ T7115] FAT-fs (loop3): Directory bread(block 70) failed [ 33.571668][ T7115] FAT-fs (loop3): Directory bread(block 71) failed [ 33.571687][ T7115] FAT-fs (loop3): Directory bread(block 72) failed [ 33.571697][ T7115] FAT-fs (loop3): Directory bread(block 73) failed [ 33.659311][ T6867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.669100][ T6867] veth0_vlan: entered promiscuous mode [ 33.676154][ T6867] veth1_vlan: entered promiscuous mode [ 33.698352][ T7097] Set syz1 is full, maxelem 65536 reached [ 33.742717][ T6867] veth0_macvtap: entered promiscuous mode [ 33.743652][ T6867] veth1_macvtap: entered promiscuous mode [ 33.746476][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.778634][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.836221][ T1931] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.837633][ T1931] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.838025][ T1931] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.838397][ T1931] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.893421][ T7147] loop0: detected capacity change from 0 to 1024 [ 33.893794][ T7147] ext2: Unknown parameter 'audit' [ 33.911452][ T7147] sp0: Synchronizing with TNC [ 33.915707][ T7149] loop3: detected capacity change from 0 to 256 [ 33.916182][ T7149] vfat: Unknown parameter 'sho…tname' [ 33.934250][ T1931] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.934281][ T1931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.029418][ T4888] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.029444][ T4888] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.044274][ T7161] netlink: 'syz.3.166': attribute type 3 has an invalid length. [ 34.044309][ T7161] netlink: 32 bytes leftover after parsing attributes in process `syz.3.166'. [ 34.111886][ T7170] binder: 7168:7170 ioctl 4018620d 0 returned -22 [ 34.129400][ T7170] binder: 7168:7170 ioctl 4018620d 0 returned -22 [ 34.129609][ T7170] binder: 7168:7170 Acquire 1 refcount change on invalid ref 0 ret -22 [ 34.129700][ T7170] binder: 7168:7170 got transaction to invalid handle, 1 [ 34.129740][ T7170] binder: 7168:7170 cannot find target node [ 34.129746][ T7170] binder: 7168:7170 transaction call to 0:0 failed 1/29201/-22, code 0 size 112-0 line 3151 [ 34.130195][ T6589] binder: undelivered TRANSACTION_ERROR: 29201 [ 34.249534][ T7187] loop3: detected capacity change from 0 to 64 [ 34.273001][ T7187] hfs: request for non-existent node 131072 in B*Tree [ 34.279966][ T7187] hfs: request for non-existent node 131072 in B*Tree [ 34.32968 ** replaying previous printk message ** [ 34.329689][ T7201] ------------[ cut here ]------------ [ 34.329719][ T7201] verifier bug: not inlined functions bpf_probe_read_user#112 is missing func(1) [ 34.329962][ T7201] WARNING: CPU: 0 PID: 7201 at kernel/bpf/verifier.c:22840 bpf_check+0x1559c/0x15d8c [ 34.334647][ T7201] Modules linked in: [ 34.335293][ T7201] CPU: 0 UID: 0 PID: 7201 Comm: syz.2.182 Not tainted syzkaller #0 PREEMPT [ 34.336675][ T7201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 34.338297][ T7201] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 34.339578][ T7201] pc : bpf_check+0x1559c/0x15d8c [ 34.340345][ T7201] lr : bpf_check+0x1559c/0x15d8c [ 34.341122][ T7201] sp : ffff8000a2787480 [ 34.341711][ T7201] x29: ffff8000a2787980 x28: dfff800000000000 x27: 0000000000000006 [ 34.342867][ T7201] x26: 1ffff00012fa7c13 x25: ffff800097d3e09c x24: ffff0000da570008 [ 34.344068][ T7201] x23: ffff800097d3e098 x22: ffff80008b154800 x21: ffff800092e12000 [ 34.345281][ T7201] x20: ffff800097d3e09c x19: 1ffff00012fa7c13 x18: 1fffe00033797688 [ 34.346522][ T7201] x17: ffff80008f7de000 x16: ffff80008b0155d8 x15: 0000000000000001 [ 34.347685][ T7201] x14: 1fffe0003379a100 x13: 0000000000000000 x12: 0000000000000000 [ 34.348959][ T7201] x11: 0000000000080000 x10: 0000000000000003 x9 : 75b1e3db623d2900 [ 34.350254][ T7201] x8 : 75b1e3db623d2900 x7 : ffff800080490a90 x6 : 0000000000000000 [ 34.351469][ T7201] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 34.352678][ T7201] x2 : ffff8000a2787040 x1 : ffff80008b668440 x0 : 0000000000000001 [ 34.353846][ T7201] Call trace: [ 34.354317][ T7201] bpf_check+0x1559c/0x15d8c (P) [ 34.355058][ T7201] bpf_prog_load+0xec8/0x13fc [ 34.355769][ T7201] __sys_bpf+0x450/0x628 [ 34.356381][ T7201] __arm64_sys_bpf+0x80/0x98 [ 34.357054][ T7201] invoke_syscall+0x98/0x2b8 [ 34.357729][ T7201] el0_svc_common+0x130/0x23c [ 34.358463][ T7201] do_el0_svc+0x48/0x58 [ 34.359138][ T7201] el0_svc+0x5c/0x254 [ 34.359753][ T7201] el0t_64_sync_handler+0x84/0x12c [ 34.360536][ T7201] el0t_64_sync+0x198/0x19c [ 34.361200][ T7201] irq event stamp: 240 [ 34.361843][ T7201] hardirqs last enabled at (239): [] finish_lock_switch+0xb0/0x1c0 ** replaying previous printk message ** [ 34.362111][ T7202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 34.365316][ T7201] hardirqs last disabled at (240): [] el1_brk64+0x20/0x54 ** replaying previous printk message ** [ 34.365512][ T7202] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.368534][ T7201] softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 [ 34.369943][ T7201] softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 [ 34.371397][ T7201] ---[ end trace 0000000000000000 ]--- [ 34.729922][ T6537] Bluetooth: hci3: command tx timeout [ 36.819904][ T6537] Bluetooth: hci3: command tx timeout [ 38.895415][ T6537] Bluetooth: hci3: command tx timeout